optimizations.md


1
2
3
4
5
6
7
8
9
10
11

 Category              |  Name                                        |  Status                                                                                                                 |  Lemma(s)                                                                                                                                                                                                                                  |  Description                                                                                                                                                                                                                                     | 
|-----------------------|----------------------------------------------|-------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| 
| Field Arithmetic      |  Unsaturated limbs/delayed carrying          |  Implemented                                                                                                            |  [ModularBaseSystemProofs.v#L347](https://github.com/mit-plv/fiat-crypto/blob/master/src/ModularArithmetic/ModularBaseSystemProofs.v#L347)                                                                                                 |  Represent field elements using more machine words than strictly necessary in order to delay carrying (for example, represent a 255-bit number using 51 bits per 64-bit word)                                                                    | 
| Field Arithmetic      |  Division-free Modular Reduction             |  Implemented                                                                                                            |  [PseudoMersenneBaseParamProofs.v#L41](https://github.com/mit-plv/fiat-crypto/blob/master/src/ModularArithmetic/PseudoMersenneBaseParamProofs.v#L41)                                                                                       |  Reduce $x$ modulo $2^k-c$ by splitting $x$ into $a$ and $b$ such that $a + 2^k * b = x$, then returning $a + c * b$                                                                                                                             | 
| Field Arithmetic      |  Inverse square root                         |  Not Implemented                                                                                                        |  n/a, Compute $\frac{1}{\sqrt{x}}$ rather than $\sqrt{x}$. Then, for example, in order to compute $\sqrt{\frac{x}{y}}$, compute $x * \frac{1}{\sqrt{xy}}$ rather than doing two expensive square root computations                         |                                                                                                                                                                                                                                                  | 
| Field Arithmetic      |  Hex Exponentiation                          |  Not Implemented                                                                                                        |  n/a, TODO                                                                                                                                                                                                                                 |                                                                                                                                                                                                                                                  | 
| Field Arithmetic      |  Addition Chain Exponentiation               |  Implemented                                                                                                            |  [AdditionChainExponentiation.v#L53](https://github.com/mit-plv/fiat-crypto/blob/master/src/Util/AdditionChainExponentiation.v#L53)                                                                                                        |  https://en.wikipedia.org/wiki/Addition-chain_exponentiation                                                                                                                                                                                     | 
| Field Arithmetic      |  Precomputed Tables                          |  Not Implemented                                                                                                        |  n/a, TODO                                                                                                                                                                                                                                 |                                                                                                                                                                                                                                                  | 
| Elliptic Curve Points |  Extended Coordinates                        |  Implemented                                                                                                            |  [ExtendedCoordinates.v#L258](https://github.com/mit-plv/fiat-crypto/blob/master/src/CompleteEdwardsCurve/ExtendedCoordinates.v#L258)                                                                                                      |  http://hyperelliptic.org/EFD/g1p/auto-edwards.html                                                                                                                                                                                              | 
| Elliptic Curve Points |  Point Compression                           |  Implemented                                                                                                            |  [PointEncodingPre.v#L313](https://github.com/mit-plv/fiat-crypto/blob/master/src/Encoding/PointEncodingPre.v#L313) and [PointEncodingPre.v#L412](https://github.com/mit-plv/fiat-crypto/blob/master/src/Encoding/PointEncodingPre.v#L412) |  Instead of transmitting $(x,y)$ to transmit a point, transmit $y$ and a bit representing the sign of $x$. Decode $x$ by solving the curve equation for $x^2$, taking the square root, and picking the square root with the appropriate sign bit | 
| Low-Level             |  Use Varied-size Registers, Half-Implemented |  [MapCastWithCastOp.v#L116](https://github.com/mit-plv/fiat-crypto/blob/master/src/Reflection/MapCastWithCastOp.v#L116) |  Rather than using the largest available integer size (e.g., `uint32_t` on x86_32, `uint64_t` on x86_64) for all operations, pick the smallest integer size which is guaranteed to fit the result for each arithmetic operation separately |                                                                                                                                                                                                                                                  |