| Commit message (Collapse) | Author | Age |
| |
|
|
|
|
|
|
|
|
| |
This closes #146 and makes `make quick` faster.
The changes were generated by adding [Global Set Suggest Proof Using.]
to GlobalSettings.v, and then following [the instructions for a script I
wrote](https://github.com/JasonGross/coq-tools#proof-using-helper).
|
| |
|
| |
|
|
|
|
| |
separately
|
|
|
|
| |
in GF25519Bounded
|
|
|
|
| |
This way we will have a faster build of reification things
|
|
|
|
| |
properly account for the case when which [n] and [pred n] are BOTH out of bounds in my statement of initial bounds)
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
return None if input is greater than modulus
|
| |
|
| |
|
| |
|
|
|
|
| |
implementations of [mul] and [pow] so bounds can be threaded through
|
| |
|
| |
|
|
|
|
| |
cleaning up freeze-related organization and definitions along the way
|
|
|
|
| |
for instantiating it in GF25519 (needed for equality comparison in sqrt_5mod8)
|
|
|
|
| |
same typeclass.
|
| |
|
|
|
|
| |
actually is a multiple of the modulus. This allows for proving the Proper properties of [sub] based on its correctness proof alone, which has the modulus multiple correctness as a precondition.
|
|
|
|
| |
implementation, and pushed that up through Specific.
|
| |
|
|
|
|
| |
ModularBaseSystemField.v
|
|
|
|
| |
field proof through GF1305.v as a proof of concept; working towards deleting that ModularBaseSystemField.v
|
|\ |
|
| |
| |
| |
| | |
Further optimization, including the unrolling of the entire loop, can be done in Specific/ once limb widths of both ModularBaseSystem format and wire format are known.
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
After | File Name | Before || Change
------------------------------------------------------------------------------------
2m21.44s | Total | 2m18.90s || +0m02.54s
------------------------------------------------------------------------------------
0m35.19s | CompleteEdwardsCurve/ExtendedCoordinates | 0m34.60s || +0m00.58s
0m17.20s | ModularArithmetic/ModularBaseSystemProofs | 0m16.72s || +0m00.48s
0m15.34s | CompleteEdwardsCurve/CompleteEdwardsCurveTheorems | 0m15.21s || +0m00.12s
0m14.89s | Specific/GF25519 | 0m14.38s || +0m00.50s
0m14.03s | Experiments/SpecEd25519 | 0m13.67s || +0m00.35s
0m08.57s | ModularArithmetic/Pow2BaseProofs | 0m08.67s || -0m00.09s
0m04.32s | Testbit | 0m04.28s || +0m00.04s
0m03.73s | BaseSystemProofs | 0m03.75s || -0m00.02s
0m03.30s | Experiments/SpecificCurve25519 | 0m03.24s || +0m00.05s
0m02.92s | Util/ListUtil | 0m02.98s || -0m00.06s
0m02.15s | Specific/GF1305 | 0m02.11s || +0m00.04s
0m02.11s | ModularArithmetic/ModularBaseSystemOpt | 0m02.16s || -0m00.05s
0m01.77s | Experiments/EdDSARefinement | 0m01.76s || +0m00.01s
0m01.67s | ModularArithmetic/BarrettReduction/ZBounded | 0m01.64s || +0m00.03s
0m01.54s | Encoding/PointEncodingPre | 0m01.50s || +0m00.04s
0m01.52s | Util/Tuple | 0m01.31s || +0m00.20s
0m01.20s | BaseSystem | 0m01.19s || +0m00.01s
0m01.19s | ModularArithmetic/ExtendedBaseVector | 0m01.17s || +0m00.02s
0m00.97s | ModularArithmetic/ModularBaseSystemField | 0m00.90s || +0m00.06s
0m00.93s | Experiments/DerivationsOptionRectLetInEncoding | 0m00.88s || +0m00.05s
0m00.84s | ModularArithmetic/ModularBaseSystemListProofs | 0m00.87s || -0m00.03s
0m00.82s | ModularArithmetic/Montgomery/ZBounded | 0m00.83s || -0m00.01s
0m00.68s | ModularArithmetic/ExtPow2BaseMulProofs | 0m00.64s || +0m00.04s
0m00.67s | Encoding/ModularWordEncodingTheorems | 0m00.61s || +0m00.06s
0m00.64s | Util/AdditionChainExponentiation | 0m00.68s || -0m00.04s
0m00.64s | ModularArithmetic/ModularBaseSystem | 0m00.57s || +0m00.07s
0m00.62s | Spec/EdDSA | 0m00.58s || +0m00.04s
0m00.61s | ModularArithmetic/ModularBaseSystemList | 0m00.62s || -0m00.01s
0m00.56s | ModularArithmetic/PseudoMersenneBaseParamProofs | 0m00.57s || -0m00.00s
0m00.43s | ModularArithmetic/Pow2Base | 0m00.42s || +0m00.01s
0m00.40s | ModularArithmetic/PseudoMersenneBaseParams | 0m00.39s || +0m00.01s
|
|
|
|
| |
Specific.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
By using reflection, we can speed up the overall build time by about
half a minute. By fully reducing [base_from_limb_widths] once we plug
in arguments, and not before, we can get about another half-minute in
8.5pl2 (and a great deal more in 8.6, where vm_compute no longer is
slow; see https://coq.inria.fr/bugs/show_bug.cgi?id=5004).
Times in 8.5pl2:
After | File Name | Before || Change
---------------------------------------------------------------------------
0m27.80s | Total | 1m19.59s || -0m51.78s
---------------------------------------------------------------------------
0m04.71s | Experiments/SpecificCurve25519 | 0m26.78s || -0m22.07s
0m17.13s | Specific/GF25519 | 0m39.10s || -0m21.97s
0m02.27s | Specific/GF1305 | 0m09.02s || -0m06.75s
0m02.75s | ModularArithmetic/ModularBaseSystemOpt | 0m03.77s || -0m01.02s
0m00.95s | ModularArithmetic/ModularBaseSystemField | 0m00.93s || +0m00.01s
|
| |
|
|\ |
|
| |
| |
| |
| | |
change through the pipeline. Also began the process of redoing canonicalization proofs, attempting to put the messy case analysis in theorem statements rather than separate lemmas.
|
|/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I do hereby revoke the privilege of [intuition] to grab random hints
from random databases. This privilege is reserved for
[debug_intuition], which comes with a warning about not being used in
production code. This tactic is useful in conjunction with `Print Hint
*`, to discover what hint databases the hints were grabbed from.
(Suggestions for renaming [debug_intuition] welcome.)
Any file using [intuition] must [Require Export
Crypto.Util.FixCoqMistakes.]. It's possible we could lift this
restriction by compiling [FixCoqMistakes] separately, and passing along
`-require FixCoqMistakes` to Coq. Should we do this?
After | File Name | Before || Change
------------------------------------------------------------------------------------
3m29.54s | Total | 4m33.13s || -1m03.59s
------------------------------------------------------------------------------------
0m03.75s | BaseSystemProofs | 0m43.84s || -0m40.09s
0m42.57s | CompleteEdwardsCurve/ExtendedCoordinates | 0m34.48s || +0m08.09s
0m03.04s | Util/ListUtil | 0m11.18s || -0m08.14s
0m01.62s | ModularArithmetic/PrimeFieldTheorems | 0m09.53s || -0m07.90s
0m00.87s | Util/NumTheoryUtil | 0m07.61s || -0m06.74s
0m01.61s | Encoding/PointEncodingPre | 0m06.93s || -0m05.31s
0m51.95s | Specific/GF25519 | 0m47.52s || +0m04.42s
0m12.30s | Experiments/SpecEd25519 | 0m11.29s || +0m01.01s
0m09.22s | Specific/GF1305 | 0m08.17s || +0m01.05s
0m03.48s | CompleteEdwardsCurve/Pre | 0m04.77s || -0m01.28s
0m02.70s | Assembly/State | 0m04.09s || -0m01.38s
0m01.55s | ModularArithmetic/ModularArithmeticTheorems | 0m02.93s || -0m01.38s
0m01.16s | Assembly/Pseudize | 0m02.34s || -0m01.17s
0m15.67s | CompleteEdwardsCurve/CompleteEdwardsCurveTheorems | 0m16.37s || -0m00.70s
0m06.02s | Algebra | 0m06.67s || -0m00.65s
0m05.90s | Experiments/GenericFieldPow | 0m06.68s || -0m00.77s
0m04.65s | WeierstrassCurve/Pre | 0m05.27s || -0m00.61s
0m03.93s | ModularArithmetic/Pow2BaseProofs | 0m03.94s || -0m00.00s
0m03.70s | ModularArithmetic/Tutorial | 0m03.85s || -0m00.14s
0m02.83s | ModularArithmetic/ModularBaseSystemOpt | 0m02.84s || -0m00.00s
0m02.74s | Experiments/EdDSARefinement | 0m01.80s || +0m00.94s
0m02.35s | Util/ZUtil | 0m02.51s || -0m00.15s
0m01.86s | Assembly/Wordize | 0m02.32s || -0m00.45s
0m01.23s | ModularArithmetic/ExtendedBaseVector | 0m01.20s || +0m00.03s
0m01.21s | BaseSystem | 0m01.63s || -0m00.41s
0m01.03s | Experiments/SpecificCurve25519 | 0m00.98s || +0m00.05s
0m01.01s | ModularArithmetic/ModularBaseSystemProofs | 0m01.11s || -0m00.10s
0m00.95s | ModularArithmetic/BarrettReduction/Z | 0m01.38s || -0m00.42s
0m00.92s | Experiments/DerivationsOptionRectLetInEncoding | 0m01.81s || -0m00.89s
0m00.85s | ModularArithmetic/ModularBaseSystemField | 0m00.86s || -0m00.01s
0m00.82s | ModularArithmetic/ModularBaseSystemListProofs | 0m00.79s || +0m00.02s
0m00.80s | Assembly/QhasmEvalCommon | 0m00.93s || -0m00.13s
0m00.73s | Spec/EdDSA | 0m00.59s || +0m00.14s
0m00.72s | Util/Tuple | 0m00.71s || +0m00.01s
0m00.70s | Util/IterAssocOp | 0m00.72s || -0m00.02s
0m00.67s | Encoding/ModularWordEncodingTheorems | 0m00.71s || -0m00.03s
0m00.66s | Assembly/Pipeline | 0m00.64s || +0m00.02s
0m00.65s | Testbit | 0m00.65s || +0m00.00s
0m00.65s | Assembly/PseudoConversion | 0m00.65s || +0m00.00s
0m00.64s | Util/AdditionChainExponentiation | 0m00.63s || +0m00.01s
0m00.63s | ModularArithmetic/ExtPow2BaseMulProofs | 0m00.64s || -0m00.01s
0m00.63s | Assembly/Pseudo | 0m00.65s || -0m00.02s
0m00.62s | ModularArithmetic/ModularBaseSystem | 0m00.57s || +0m00.05s
0m00.61s | ModularArithmetic/ModularBaseSystemList | 0m00.57s || +0m00.04s
0m00.60s | Encoding/ModularWordEncodingPre | 0m00.69s || -0m00.08s
0m00.60s | ModularArithmetic/PseudoMersenneBaseParamProofs | 0m00.59s || +0m00.01s
0m00.56s | Assembly/StringConversion | 0m00.56s || +0m00.00s
0m00.54s | Spec/ModularWordEncoding | 0m00.61s || -0m00.06s
0m00.54s | Assembly/QhasmUtil | 0m00.46s || +0m00.08s
0m00.52s | Assembly/Qhasm | 0m00.53s || -0m00.01s
0m00.48s | Assembly/AlmostQhasm | 0m00.52s || -0m00.04s
0m00.48s | ModularArithmetic/Pre | 0m00.48s || +0m00.00s
0m00.46s | Assembly/Vectorize | 0m00.72s || -0m00.25s
0m00.45s | Spec/WeierstrassCurve | 0m00.44s || +0m00.01s
0m00.44s | Assembly/AlmostConversion | 0m00.44s || +0m00.00s
0m00.43s | ModularArithmetic/Pow2Base | 0m00.51s || -0m00.08s
0m00.42s | ModularArithmetic/PseudoMersenneBaseParams | 0m00.38s || +0m00.03s
0m00.41s | Spec/CompleteEdwardsCurve | 0m00.43s || -0m00.02s
0m00.34s | Spec/ModularArithmetic | 0m00.36s || -0m00.01s
0m00.03s | Util/FixCoqMistakes | N/A || +0m00.03s
0m00.02s | Util/Notations | 0m00.04s || -0m00.02s
0m00.02s | Util/Tactics | 0m00.02s || +0m00.00s
|
| |
|
|
|
|
| |
not perform reduction
|
| |
|
|
|
|
| |
organization of reasoning.
|
|\ |
|
| |
| |
| |
| | |
ModularBaseSystem is fully defined, rather than after ModularBaseSystemOpt
|
|/ |
|
| |
|
|
|
|
|
|
| |
Also make much of the remaining code outside of Pow2BaseProofs
independent of the precise definition of carry_simple. (We use [Local
Opaque] to enforce this modularity.
|
|
|
|
|
|
|
|
|
| |
* Move some definitions to Pow2Base
These definitions don't depend on PseudoMersenneBaseParams, only on
limb_widths, and we'll want them for BarrettReduction / P256.
* Fix for Coq 8.4
|
|
|
|
| |
ModularBaseSystemInterface using some placeholder operations.
|
|
|
|
|
|
|
|
| |
Also use [ZUtil.Z.pow2_mod]. This lets us remove the dependency of
ModularBaseSystem on ModularArithmetic.PseudoMersenneBaseParamProofs.
This is a small part of reorganizing and factoring ModularBaseSystem for
use with Barrett reduction.
|