optimizations

Author: driemworks

Cargo.toml

@@ -11,9 +11,10 @@ license = "Apache-2.0"
 
 [profile.release]
 opt-level = 3
-lto = "thin"
+lto = "fat"
 incremental = true
 panic = 'abort'
+codegen-units = 1
 
 [profile.bench]
 opt-level = 3

timelock-ffi/src/lib.rs

@@ -348,7 +348,7 @@ pub unsafe extern "C" fn timelock_encrypt(
     };
 
     // Create identity
-    let timelock_identity = Identity::new(b"", identity_slice.to_vec());
+    let timelock_identity = Identity::new(b"", identity_slice.try_into().unwrap());
 
     // Perform encryption
     let ciphertext = match tle::<TinyBLS381, AESGCMBlockCipherProvider, OsRng>(

timelock/benches/tlock.rs

@@ -44,7 +44,7 @@ fn tlock_split(c: &mut Criterion) {
 	static KB: usize = 1024;
 	let s = <TinyBLS381 as EngineBLS>::Scalar::rand(&mut OsRng);
 	let p_pub = <TinyBLS381 as EngineBLS>::PublicKeyGroup::generator() * s;
-	let id = Identity::new(b"", b"test".to_vec());
+	let id = Identity::new(b"", &[1,2,3]);
 
 	// Benchmark encryption
 	let mut encrypt_group = c.benchmark_group("tlock_encrypt");

timelock/src/ibe/fullident.rs

@@ -14,28 +14,31 @@
  * limitations under the License.
  */
 
-use super::utils::{cross_product_32, h2, h3, h4};
+use super::utils::{cross_product_const, h2, h3, h4};
 use alloc::vec;
 use ark_ec::PrimeGroup;
 use ark_serialize::{CanonicalDeserialize, CanonicalSerialize};
 use ark_std::{ops::Mul, rand::Rng, vec::Vec};
 use serde::{Deserialize, Serialize};
 
-use crate::Message;
-
 use crate::engines::EngineBLS;
+use crate::{Hash, HASH_LENGTH, Message};
+
+/// Represents a serialized field element of a scalar field
+pub type SerializedFieldElement = [u8; 32];
 
 /// Represents a ciphertext in the BF-IBE FullIdent scheme
 #[derive(
 	Debug, Clone, PartialEq, CanonicalDeserialize, CanonicalSerialize, Serialize, Deserialize,
 )]
+#[repr(C)] // since we know the exact size at compile time
 pub struct Ciphertext<E: EngineBLS> {
 	/// U = rP
 	pub u: E::PublicKeyGroup,
 	/// V = sigma (+) H_2(g_id^r)
-	pub v: Vec<u8>,
+	pub v: Hash,
 	/// W = message (+) H_4(sigma)
-	pub w: Vec<u8>,
+	pub w: Hash,
 }
 
 #[derive(Debug, Clone, PartialEq)]
@@ -55,17 +58,10 @@ pub struct Input<E: EngineBLS> {
 }
 
 impl<E: EngineBLS> Input<E> {
-	pub fn new(data: Vec<u8>) -> Result<Self, InputError> {
-		if data.len() != E::SECRET_KEY_SIZE {
-			return Err(InputError::InvalidLength);
-		}
+	pub fn new(data: SerializedFieldElement) -> Result<Self, InputError> {
 		Ok(Self { data, _phantom: ark_std::marker::PhantomData })
 	}
 
-	pub fn from_array(data: [u8; 32]) -> Result<Self, InputError> {
-		Self::new(data.to_vec())
-	}
-
 	pub fn as_bytes(&self) -> &[u8] {
 		&self.data
 	}
@@ -77,10 +73,8 @@ pub struct Identity(pub Message);
 
 impl Identity {
 	/// construct a new identity from a string
-	pub fn new(ctx: &[u8], bytes: Vec<u8>) -> Self {
-		Self(
-			Message::new(ctx, &bytes)
-		)
+	pub fn new(ctx: &[u8], identity: &[u8]) -> Self {
+		Self(Message::new(ctx, &identity))
 	}
 
 	/// The IBE extract function on a given secret key
@@ -113,7 +107,7 @@ impl Identity {
 	{
 		let bytes = message.as_bytes();
 		// sigma <- {0, 1}^d
-		let mut sigma = vec![0u8;E::SECRET_KEY_SIZE];
+		let mut sigma = vec![0u8; E::SECRET_KEY_SIZE];
 		rng.fill_bytes(&mut sigma);
 		// r= H3(sigma, message)
 		let r: E::Scalar = h3::<E>(&sigma, bytes);
@@ -124,12 +118,12 @@ impl Identity {
 		let g_id = E::pairing(p_pub.mul(r), self.public::<E>());
 		// sigma (+) H2(e(P_pub, Q_id))
 		let v_rhs = h2(g_id);
-		let v_out = cross_product_32(&sigma, &v_rhs);
+		let v = cross_product_const::<HASH_LENGTH>(&sigma, &v_rhs);
 		// message (+) H4(sigma)
 		let w_rhs = h4(&sigma);
-		let w_out = cross_product_32(bytes, &w_rhs);
+		let w = cross_product_const::<HASH_LENGTH>(bytes, &w_rhs);
 		// (rP, sigma (+) H2(e(Q_id, P_pub)), message (+) H4(sigma))
-		Ciphertext::<E> { u, v: v_out.to_vec(), w: w_out.to_vec() }
+		Ciphertext::<E> { u, v, w }
 	}
 }
 
@@ -138,23 +132,21 @@ impl Identity {
 pub struct IBESecret<E: EngineBLS>(pub E::SignatureGroup);
 
 impl<E: EngineBLS> IBESecret<E> {
-	/// BF-IBE decryption of a 
-	/// * `ciphertext`: C = <U, V, W> 
+	/// BF-IBE decryption of a
+	/// * `ciphertext`: C = <U, V, W>
 	///
 	/// Attempts to decrypt under the given IBESecret (in G1)
-	pub fn decrypt(&self, ciphertext: &Ciphertext<E>) -> Result<Vec<u8>, IbeError> {
+	pub fn decrypt(&self, ciphertext: &Ciphertext<E>) -> Result<Hash, IbeError> {
 		// sigma = V (+) H2(e(d_id, U))
 		let sigma_rhs = h2(E::pairing(ciphertext.u, self.0));
-		let sigma = cross_product_32(&ciphertext.v, &sigma_rhs);
+		let sigma = cross_product_const::<HASH_LENGTH>(&ciphertext.v, &sigma_rhs);
 		// m = W (+) H4(sigma)
 		let m_rhs = h4(&sigma);
-		let m = cross_product_32(&ciphertext.w, &m_rhs);
+		let m = cross_product_const::<HASH_LENGTH>(&ciphertext.w, &m_rhs);
 		// check: U == rP
 		let p = E::PublicKeyGroup::generator();
 		let r = h3::<E>(&sigma, &m);
 		let u_check = p * r;
-
-		// TODO: timing attack? should do a constant-time check
 		if !u_check.eq(&ciphertext.u) {
 			return Err(IbeError::DecryptionFailed);
 		}
@@ -172,7 +164,7 @@ mod test {
 
 	// this enum represents the conditions or branches that I want to test
 	enum TestStatusReport {
-		DecryptionResult { data: Vec<u8>, verify: Vec<u8> },
+		DecryptionResult { data: [u8; 32], verify: Vec<u8> },
 		DecryptionFailure { error: IbeError },
 	}
 
@@ -198,10 +190,10 @@ mod test {
 
 		let p_pub = <<EB as EngineBLS>::PublicKeyGroup as PrimeGroup>::generator() * msk;
 
-		let mut ct = Ciphertext { u: EB::PublicKeyGroup::generator(), v: vec![], w: vec![] };
+		let mut ct = Ciphertext { u: EB::PublicKeyGroup::generator(), v: [0u8; 32], w: [0u8; 32] };
 
 		if !insert_bad_ciphertext {
-			ct = identity.encrypt(&Input::from_array(message).unwrap(), p_pub, &mut test_rng());
+			ct = identity.encrypt(&Input::new(message).unwrap(), p_pub, &mut test_rng());
 		}
 
 		match sk.decrypt(&ct) {
@@ -226,22 +218,21 @@ mod test {
 
 	#[test]
 	pub fn fullident_identity_construction_works() {
-		let id_string = b"example@test.com";
-		let identity = Identity::new(b"", id_string.to_vec());
-		let expected_message = Message::new(b"", id_string);
+
+		let identity = Identity::new(b"", &[1,2,3]);
+		let expected_message = Message::new(b"", &[1,2,3]);
 		assert_eq!(identity.0, expected_message);
 	}
 
 	#[test]
 	pub fn fullident_encrypt_and_decrypt() {
-		let id_string = b"example@test.com";
-		let identity = Identity::new(b"", id_string.to_vec());
+		let identity = Identity::new(b"", &[1,2,3]);
 		let message: [u8; 32] = [2; 32];
 
 		run_test::<TinyBLS381>(identity, message, false, false, &|status: TestStatusReport| {
 			match status {
 				TestStatusReport::DecryptionResult { data, verify } => {
-					assert_eq!(data, verify);
+					assert_eq!(data.to_vec(), verify);
 				},
 				_ => panic!("Decryption should work"),
 			}
@@ -250,8 +241,7 @@ mod test {
 
 	#[test]
 	pub fn fullident_decryption_fails_with_bad_ciphertext() {
-		let id_string = b"example@test.com";
-		let identity = Identity::new(b"", id_string.to_vec());
+		let identity = Identity::new(b"", &[1,2,3]);
 		let message: [u8; 32] = [2; 32];
 
 		run_test::<TinyBLS381>(identity, message, false, true, &|status: TestStatusReport| {
@@ -266,8 +256,7 @@ mod test {
 
 	#[test]
 	pub fn fullident_decryption_fails_with_bad_key() {
-		let id_string = b"example@test.com";
-		let identity = Identity::new(b"", id_string.to_vec());
+		let identity = Identity::new(b"", &[1,2,3]);
 		let message: [u8; 32] = [2; 32];
 
 		run_test::<TinyBLS381>(identity, message, true, false, &|status: TestStatusReport| {

timelock/src/ibe/utils.rs

@@ -15,7 +15,6 @@
  */
 
 use crate::engines::EngineBLS;
-use alloc::borrow::ToOwned;
 use ark_ff::PrimeField;
 use ark_serialize::CanonicalSerialize;
 use ark_std::vec::Vec;
@@ -28,13 +27,32 @@ pub fn sha256(b: &[u8]) -> Vec<u8> {
 	hasher.finalize().to_vec()
 }
 
-// TODO: can do this in place instead
-pub fn cross_product_32(a: &[u8], b: &[u8]) -> Vec<u8> {
-	let mut o = a.to_owned();
-	for (i, ri) in o.iter_mut().enumerate().take(32) {
-		*ri ^= b[i];
+#[inline(always)]
+pub fn cross_product_const<const N: usize>(a: &[u8], b: &[u8]) -> [u8; N] {
+	let mut result = [0u8; N];
+
+	// Process 8 bytes at a time using u64 for better performance
+	let chunks = N / 8;
+	let remainder = N % 8;
+
+	// Process full 8-byte chunks
+	for i in 0..chunks {
+		let start_idx = i * 8;
+		let end_idx = start_idx + 8;
+
+		let a_chunk = u64::from_ne_bytes(a[start_idx..end_idx].try_into().unwrap());
+		let b_chunk = u64::from_ne_bytes(b[start_idx..end_idx].try_into().unwrap());
+		let result_chunk = (a_chunk ^ b_chunk).to_ne_bytes();
+		result[start_idx..end_idx].copy_from_slice(&result_chunk);
 	}
-	o.to_vec()
+
+	// Handle remaining bytes
+	let remainder_start = chunks * 8;
+	for j in 0..remainder {
+		result[remainder_start + j] = a[remainder_start + j] ^ b[remainder_start + j];
+	}
+
+	result
 }
 
 /// a map from G -> {0, 1}^{32}

timelock/src/lib.rs

@@ -26,14 +26,17 @@ pub mod ibe;
 pub mod tlock;
 use crate::engines::EngineBLS;
 
+/// The length of hashes output from sha256
+const HASH_LENGTH: usize = 32;
+type Hash = [u8; HASH_LENGTH];
 // Adapted from: https://github.com/w3f/bls
 /// Internal message hash size.  
 ///
 /// We choose 256 bits here so that birthday bound attacks cannot
 /// find messages with the same hash.
 const MESSAGE_SIZE: usize = 32;
 
-type MessageDigest = [u8; MESSAGE_SIZE];
+pub type MessageDigest = [u8; MESSAGE_SIZE];
 /// Internal message hash type.  Short for frequent rehashing
 /// by `HashMap`, etc.
 #[derive(Debug, Clone, Hash, PartialEq, Eq, PartialOrd, Ord)]

timelock/src/tlock.rs

@@ -19,7 +19,6 @@ use crate::{
 	ibe::fullident::{Ciphertext as IBECiphertext, IBESecret, Identity, Input},
 };
 use ark_serialize::{CanonicalDeserialize, CanonicalSerialize};
-
 use ark_std::{
 	rand::{CryptoRng, Rng},
 	vec::Vec,
@@ -79,11 +78,12 @@ where
 	R: Rng + CryptoRng,
 {
 	// IBE encryption 'to the future'
-	let input = Input::from_array(secret_key).expect("The secret key has 32");
+	let input = Input::new(secret_key).expect("The secret key has 32 bytes.");
 	let header: IBECiphertext<E> = id.encrypt(&input, p_pub, &mut rng);
 	// encrypt arbitrary-length messages with a block cipher
 	let body =
 		S::encrypt(message, secret_key, &mut rng).map_err(|_| Error::MessageEncryptionError)?;
+
 	let mut message_bytes = Vec::new();
 	body.serialize_compressed(&mut message_bytes)
 		.expect("Encryption output must be serializable.");
@@ -145,7 +145,7 @@ mod test {
 		handler: &dyn Fn(TestStatusReport) -> (),
 	) {
 		let message = b"this is a test message".to_vec();
-		let id = Identity::new(b"", b"id".to_vec());
+		let id = Identity::new(b"", &message);
 		let sk = E::Scalar::rand(&mut OsRng);
 		let p_pub = E::PublicKeyGroup::generator() * sk;
 
@@ -286,7 +286,7 @@ mod test {
 			hasher.finalize().to_vec()
 		};
 
-		let identity = Identity::new(b"", message);
+		let identity = Identity::new(b"", &message);
 
 		let ct = tle::<TinyBLS381, AESGCMBlockCipherProvider, OsRng>(
 			pub_key, esk, plaintext, identity, OsRng,

wasm/src/js.rs

@@ -74,7 +74,7 @@ pub fn do_tle<E: EngineBLS>(
 
 	let id_bytes: Vec<u8> = serde_wasm_bindgen::from_value(id_js.clone())
 		.map_err(|_| JsError::new("could not decode id"))?;
-	let identity = Identity::new(b"", id_bytes);
+	let identity = Identity::new(b"", &id_bytes);
 	let message_bytes: Vec<u8> = serde_wasm_bindgen::from_value(message_js.clone())
 		.map_err(|_| JsError::new("could not decode message"))?;
 
@@ -204,7 +204,7 @@ mod test {
 
 		let msk: <E as EngineBLS>::Scalar =
 			convert_from_bytes::<<E as EngineBLS>::Scalar, 32>(&sk.clone()).unwrap();
-		let identity = Identity::new(b"", identity_vec);
+		let identity = Identity::new(b"", &identity_vec);
 
 		let sig: E::SignatureGroup = identity.extract::<E>(msk).0;
 		let mut sig_bytes: Vec<_> = Vec::new();
@@ -213,7 +213,7 @@ mod test {
 			sig.serialize_compressed(&mut sig_bytes).unwrap();
 		} else {
 			let bad_ident_vec = b"bad_ident".to_vec();
-			let bad_ident = Identity::new(b"", bad_ident_vec);
+			let bad_ident = Identity::new(b"", &bad_ident_vec);
 			let bad_sig: E::SignatureGroup = bad_ident.extract::<E>(msk).0;
 			let bad_sig_vec = vec![bad_sig];
 			bad_sig_vec.serialize_compressed(&mut sig_bytes).unwrap();
@@ -258,7 +258,7 @@ mod test {
 
 	pub fn can_encrypt_decrypt<E: EngineBLS>() {
 		let message: Vec<u8> = b"this is a test message".to_vec();
-		let id: Vec<u8> = b"testing purposes".to_vec();
+		let id: Vec<u8> = b"testing purposes!!!!!!!!!!!!!!!!!".to_vec();
 		setup_test::<E>(id, message.clone(), true, true, &|status: TestStatusReport| match status {
 			TestStatusReport::EncryptSuccess { ciphertext } => {
 				let ciphertext_convert: Vec<u8> =
@@ -281,8 +281,8 @@ mod test {
 	}
 
 	pub fn can_encrypt_decrypt_early<E: EngineBLS>() {
-		let message: Vec<u8> = b"this is a test message".to_vec();
-		let id: Vec<u8> = b"testing purposes".to_vec();
+		let message: Vec<u8> = b"this is a test message0".to_vec();
+		let id: Vec<u8> = b"testing purposes!!!!!!!!!!!!!!!!!".to_vec();
 		setup_test::<E>(
 			id,
 			message.clone(),