This repository requires:
- To build the proofs and almost-C-like outputs: Coq 8.7 (tested with 8.7.0)
To build (if your COQPATH variable is empty):
make
To build:
export COQPATH="$(pwd)/coqprime${COQPATH:+:}$COQPATH"
make
To build a representative subset, instead of make
, run
make selected-specific-display non-specific
The core library (target nonautogenerated-specific-display non-specific
) is expected to build within about one hour (in serial, on a particularly fast machine), within about 3.5--4 GB of RAM, plus an additional 1-5 minutes to run coqdep
on all of our files. Of the additional curves, 90% finish within 5 minutes per file, and 99% finish within 15 minutes per file (though some take upwards of 50 GB of RAM). These 99% of curves together take about 60 hours.
- To build the C outputs: Python (2 or 3)
To build:
make c
or, for a representative subset,
make selected-c
- To build and run the binaries, gcc (7.1.2; or 7.1.1 with
-fno-peephole2
) or clang of a new enough version to support the appropriate compiler intrinsics.
To build and run:
make test bench
or, for a representative subset,
make selected-test selected-bench
To add a new prime, add a new line to primes.txt
with your prime. Then run
./generate_parameters.py; ./src/Specific/remake_curves.sh
You will see a bunch of lines starting with git add
; any .v
files that show up in these lines must be added to _CoqProject
. (If you are working in the git repository, you may simply run the git add
lines, and then run make update-_CoqProject
.) Note that the directory structure involves a textual representation of your prime, call it ${REPRESENTATION_OF_YOUR_PRIME}
. To build, you can run
make src/Specific/{montgomery,solinas}{32,64}_${REPRESENTATION_OF_YOUR_PRIME}/fibe
This will build all the necessary .vo
and .c
files, as well as the fibe
binary, which is automatically run when you make bench
or make test
.
Specifications live in src/Spec
, e.g., src/Spec/Ed25519.v
.
Some selected cuve-level proofs live in
src/Curves/Edwards/AffineProofs.v
,src/Curves/Edwards/XYZT/Basic.v
,src/Curves/Montgomery/AffineProofs.v
,src/Curves/Montgomery/XZProofs.v
.
Generic mathematical optimization strategies live in src/Arithmetic
.
Good examples include
src/Arithmetic/Core.v
,src/Arithmetic/Karatsuba.v
,src/Arithmetic/Saturated/Core.v
,src/Arithmetic/BarrettReduction/HAC.v
,src/Arithmetic/MontgomeryReduction/Definition.v
,src/Arithmetic/MontgomeryReduction/WordByWord/Abstract/Definition.v
.
The idea of the synthesis process is demoed in src/Demo.v
.
- The curve-non-specific synthesis framework lives in
src/Compilers/Z/Bounds/Pipeline
. - The API for the reflective simplification and bounds analysis pipeline is in
src/Compilers/Z/Bounds/Pipeline.v
. - The definition of the pipeline and the correctness proof are in
src/Compilers/Z/Bounds/Pipeline/Definition.v
. - Generic reflective syntax trees are defined in
src/Compilers/Syntax.v
; the specialization to the arithmetic operations on Z that we use occurs insrc/Compilers/Z/Syntax.v
. - The trusted pretty-printer lives in
src/Compilers/Z/CNotations.v
andsrc/Compilers/Z/HexNotationConstants.v
, which were generated by the couple-hundred-line Python scripts in a comment near the top of each file. - The core of the bounds-analysis transformation lives in
src/Compilers/Z/Bounds/Interpretation.v
; the corresponding proofs live insrc/Compilers/Z/Bounds/InterpretationLemmas
, and the instantation of the bounds-analysis transformation with the core lives insrc/Compilers/Z/Bounds/MapCastByDeBruijn.v
.
The curve-specific synthesis framework lives in src/Specific/Framework
.
- The input
.json
files live insrc/Specific/CurveParameters
, and the processor for those files lives insrc/Specific/Framework/make_curve.py
. - The record of curve specific parameters is defined in
src/Specific/Framework/RawCurveParameters.v
, and defaults are filled insrc/Specific/Framework/CurveParameters.v
. - The tactics that specialize the various arithmetic optimizations to specific curves live in
src/Specific/Framework/ArithmeticSynthesis
, e.g.,src/Specific/Framework/ArithmeticSynthesis/Montgomery.v
. - The script at
src/Specific/Framework/ArithmeticSynthesis/remake_packages.py
processes these files to add relevant boilerplate, and gets run after significantly changing an optimization, or after adding a new optimization. - The synthesis tactics are assembled in
src/Specific/Framework/SynthesisFramework.v
.
Note that magic¹ is used to create identifiers refering to the curve-specific parameters, from tactics, so that they can be used in other curve-specific files.
The c output lives in the various subfolders of src/Specific
. For example, C-like code for X25519 multiplication on 64-bit machines lives in src/Specific/X25519/C64/femulDisplay.log
, which is generated from src/Specific/X25519/C64/femulDisplay.v
, which in turn uses synthesis run in src/Specific/X25519/C64/femul.v
. The c
target turns this into src/Specific/X25519/C64/femul.c
.
¹ This magic comes in the form of calls to transparent_abstract
, packaged up in some tactics in src/Util/Tactics/CacheTerm.v
.