Implement independent MODNUM concept (#56)

* Move Monty functions to modnum directory.

* Initial support for a modnum concept.

Author: unzvfu

bench/bench.cu

@@ -5,6 +5,7 @@
 #include "fixnum/warp_fixnum.cu"
 #include "array/fixnum_array.h"
 #include "functions/modexp.cu"
+#include "modnum/monty_mul.cu"
 
 using namespace std;
 using namespace cuFIXNUM;
@@ -39,8 +40,9 @@ struct sqr_wide {
 template< typename fixnum >
 struct my_modexp {
     __device__ void operator()(fixnum &z, fixnum x) {
+        typedef modnum_monty_cios<fixnum> modnum;
+        modexp<modnum> me(x, x);
         fixnum zz;
-        modexp<fixnum> me(x, x);
         me(zz, x);
         z = zz;
     };

src/functions/chinese.cu

@@ -2,6 +2,7 @@
 
 #include "functions/quorem_preinv.cu"
 #include "functions/multi_modexp.cu"
+#include "modnum/monty_mul.cu"
 
 namespace cuFIXNUM {
 
@@ -25,6 +26,8 @@ __device__
 chinese<fixnum>::chinese(fixnum p_, fixnum q_)
     : p(p_), q(q_), mod_q(q)
 {
+    typedef modnum_monty_cios<fixnum> modnum;
+
     // TODO: q is now stored here and in mod_q; need to work out how
     // to share q between them.  Probably best just to provide quorem_preinv
     // with an accessor to the divisor.
@@ -33,7 +36,7 @@ chinese<fixnum>::chinese(fixnum p_, fixnum q_)
     // Use a^(q-2) = 1 (mod q)
     fixnum qm2, two = fixnum::two();
     fixnum::sub(qm2, q, two);
-    multi_modexp<fixnum> minv(q);
+    multi_modexp<modnum> minv(q);
     minv(c, p, qm2);
 }
 

src/functions/modexp.cu

@@ -1,12 +1,13 @@
 #pragma once
 
 #include "functions/internal/modexp_impl.cu"
-#include "functions/monty_mul.cu"
+#include "modnum/monty_mul.cu"
 
 namespace cuFIXNUM {
 
-template< typename fixnum >
+template< typename modnum_tp >
 class modexp {
+    typedef typename modnum_tp::fixnum fixnum;
     typedef typename fixnum::digit digit;
 
     // Decomposition of the exponent for use in the constant-width sliding-window
@@ -17,9 +18,7 @@ class modexp {
     int exp_wins_len;
     int window_size;
 
-    // TODO: Generalise modexp so that it can work with any modular
-    // multiplication algorithm.
-    const monty_mul<fixnum> monty;
+    const modnum_tp modnum;
 
     // Helper functions for decomposing the exponent into windows.
     __device__ uint32_t
@@ -44,9 +43,9 @@ public:
 };
 
 
-template< typename fixnum >
+template< typename modnum_tp >
 __device__ uint32_t
-modexp<fixnum>::scan_nonzero_window(int &hi_idx, fixnum &n, int max_window_bits) {
+modexp<modnum_tp>::scan_nonzero_window(int &hi_idx, fixnum &n, int max_window_bits) {
     uint32_t bits_remaining = hi_idx + 1, win_bits;
     digit w, lsd = fixnum::bottom_digit(n);
 
@@ -59,19 +58,19 @@ modexp<fixnum>::scan_nonzero_window(int &hi_idx, fixnum &n, int max_window_bits)
 }
 
 
-template< typename fixnum >
+template< typename modnum_tp >
 __device__ int
-modexp<fixnum>::scan_zero_window(int &hi_idx, fixnum &n) {
+modexp<modnum_tp>::scan_zero_window(int &hi_idx, fixnum &n) {
     int nzeros = fixnum::two_valuation(n);
     fixnum::rshift(n, n, nzeros);
     hi_idx -= nzeros;
     return nzeros;
 }
 
 
-template< typename fixnum >
+template< typename modnum_tp >
 __device__ uint32_t
-modexp<fixnum>::scan_window(int &hi_idx, fixnum &n, int max_window_bits) {
+modexp<modnum_tp>::scan_window(int &hi_idx, fixnum &n, int max_window_bits) {
     int nzeros;
     uint32_t window;
     nzeros = scan_zero_window(hi_idx, n);
@@ -82,10 +81,10 @@ modexp<fixnum>::scan_window(int &hi_idx, fixnum &n, int max_window_bits) {
 }
 
 
-template< typename fixnum >
+template< typename modnum_tp >
 __device__
-modexp<fixnum>::modexp(fixnum mod, fixnum exp)
-    : monty(mod)
+modexp<modnum_tp>::modexp(fixnum mod, fixnum exp)
+    : modnum(mod)
 {
     // sliding window decomposition
     int hi_idx;
@@ -115,18 +114,18 @@ modexp<fixnum>::modexp(fixnum mod, fixnum exp)
 }
 
 
-template< typename fixnum >
+template< typename modnum_tp >
 __device__
-modexp<fixnum>::~modexp()
+modexp<modnum_tp>::~modexp()
 {
     if (fixnum::layout::laneIdx() == 0)
         free(exp_wins);
 }
 
 
-template< typename fixnum >
+template< typename modnum_tp >
 __device__ void
-modexp<fixnum>::operator()(fixnum &z, fixnum x) const
+modexp<modnum_tp>::operator()(fixnum &z, fixnum x) const
 {
     static constexpr int WINDOW_MAX_BITS = 16;
     static constexpr int WINDOW_LEN_MASK = (1UL << WINDOW_MAX_BITS) - 1UL;
@@ -143,7 +142,7 @@ modexp<fixnum>::operator()(fixnum &z, fixnum x) const
         //z = fixnum::one();
         // TODO: This complicated way of producing a 1 is to
         // accommodate the possibility that monty.is_valid is false.
-        monty.from_monty(z, monty.one());
+        modnum.from_modnum(z, modnum.one());
         return;
     }
 
@@ -152,13 +151,13 @@ modexp<fixnum>::operator()(fixnum &z, fixnum x) const
     int window_max = 1U << window_size;
     /* G[t] = z^(2t + 1) t >= 0 (odd powers of z) */
     fixnum G[WINDOW_MAX_VAL_REDUCED / 2];
-    monty.to_monty(z, x);
+    modnum.to_modnum(z, x);
     G[0] = z;
     if (window_size > 1) {
-        monty(z, z);
+        modnum.sqr(z, z);
         for (int t = 1; t < window_max / 2; ++t) {
             G[t] = G[t - 1];
-            monty(G[t], G[t], z);
+            modnum.mul(G[t], G[t], z);
         }
     }
 
@@ -171,22 +170,22 @@ modexp<fixnum>::operator()(fixnum &z, fixnum x) const
 
     z = G[e / 2];
     while (two_val-- > 0)
-        monty(z, z);
+        modnum.sqr(z, z);
 
     while (windows >= exp_wins) {
         two_val = window_size;
         while (two_val-- > 0)
-            monty(z, z);
+            modnum.sqr(z, z);
 
         win = *windows--;
         two_val = win & WINDOW_LEN_MASK;
         e = win >> WINDOW_MAX_BITS;
 
-        monty(z, z, G[e / 2]);
+        modnum.mul(z, z, G[e / 2]);
         while (two_val-- > 0)
-            monty(z, z);
+            modnum.sqr(z, z);
     }
-    monty.from_monty(z, z);
+    modnum.from_modnum(z, z);
 }
 
 } // End namespace cuFIXNUM

src/functions/multi_modexp.cu

@@ -1,24 +1,26 @@
 #pragma once
 
 #include "functions/internal/modexp_impl.cu"
-#include "functions/monty_mul.cu"
+#include "modnum/monty_mul.cu"
 
 namespace cuFIXNUM {
 
 template<
-    typename fixnum,
-    int WINDOW_SIZE = internal::bytes_to_k_ary_window_size(fixnum::BYTES) >
+    typename modnum_tp,
+    int WINDOW_SIZE = internal::bytes_to_k_ary_window_size(modnum_tp::fixnum::BYTES) >
 class multi_modexp {
-    static_assert(WINDOW_SIZE >= 1 && WINDOW_SIZE < fixnum::digit::BITS,
+    static_assert(WINDOW_SIZE >= 1 && WINDOW_SIZE < modnum_tp::fixnum::digit::BITS,
         "Invalid window size.");
 
     // TODO: Generalise multi_modexp so that it can work with any modular
     // multiplication algorithm.
-    const monty_mul<fixnum> monty;
+    const modnum_tp modnum;
 
 public:
+    typedef typename modnum_tp::fixnum fixnum;
+
     __device__ multi_modexp(fixnum mod)
-    : monty(mod) { }
+    : modnum(mod) { }
 
     __device__ void operator()(fixnum &z, fixnum x, fixnum e) const;
 };
@@ -54,11 +56,11 @@ public:
  * 14.83] since there the number of squarings depends on the 2-adic valuation of
  * the window value.
  */
-template< typename fixnum, int WINDOW_SIZE >
+template< typename modnum_tp, int WINDOW_SIZE >
 __device__ void
-multi_modexp<fixnum, WINDOW_SIZE>::operator()(fixnum &z, fixnum x, fixnum e) const
+multi_modexp<modnum_tp, WINDOW_SIZE>::operator()(fixnum &z, fixnum x, fixnum e) const
 {
-    typedef typename fixnum::digit digit;
+    typedef typename modnum_tp::fixnum::digit digit;
     static constexpr int WIDTH = fixnum::SLOT_WIDTH;
 
     // Window decomposition: digit::BITS = q * WINDOW_SIZE + r.
@@ -67,11 +69,11 @@ multi_modexp<fixnum, WINDOW_SIZE>::operator()(fixnum &z, fixnum x, fixnum e) con
 
     /* G[t] = z^t, t >= 0 */
     fixnum G[WINDOW_MAX];
-    monty.to_monty(z, x);
-    G[0] = monty.one();
+    modnum.to_modnum(z, x);
+    G[0] = modnum.one();
     for (int t = 1; t < WINDOW_MAX; ++t) {
         G[t] = G[t - 1];
-        monty(G[t], G[t], z);
+        modnum.mul(G[t], G[t], z);
     }
 
     z = G[0];
@@ -87,22 +89,22 @@ multi_modexp<fixnum, WINDOW_SIZE>::operator()(fixnum &z, fixnum x, fixnum e) con
             // statements manually.  Idem for the remainder below.
             // Investigate how this is even possible!
             for (int k = 0; k < WINDOW_SIZE; ++k)
-                monty(z, z);
+                modnum.sqr(z, z);
             digit fj;
             // win = (f >> j) & WINDOW_MAIN_MASK;
             digit::rshift(fj, f, j);
             digit::rem_2exp(win, fj, WINDOW_SIZE);
-            monty(z, z, G[win]);
+            modnum.mul(z, z, G[win]);
         }
 
         // Remainder
         for (int k = 0; k < WINDOW_REM_BITS; ++k)
-            monty(z, z);
+            modnum.sqr(z, z);
         //win = f & WINDOW_REM_MASK;
         digit::rem_2exp(win, f, WINDOW_REM_BITS);
-        monty(z, z, G[win]);
+        modnum.mul(z, z, G[win]);
     }
-    monty.from_monty(z, z);
+    modnum.from_modnum(z, z);
 }
 
 } // End namespace cuFIXNUM

src/functions/paillier_decrypt.cu

@@ -4,6 +4,7 @@
 #include "functions/divexact.cu"
 #include "functions/chinese.cu"
 #include "functions/multi_modexp.cu"
+#include "modnum/monty_mul.cu"
 
 namespace cuFIXNUM {
 
@@ -90,7 +91,8 @@ private:
     quorem_preinv<fixnum> mod_p2;
 
     // Modexp for x |--> x^(p - 1) (mod p^2)
-    modexp<fixnum> pow;
+    typedef modnum_monty_cios<fixnum> modnum;
+    modexp<modnum> pow;
 
     // TODO: It is flipping stupid that these are necessary.
     __device__ fixnum square(fixnum p) {
@@ -135,7 +137,7 @@ paillier_decrypt_mod<fixnum>::paillier_decrypt_mod(fixnum p, fixnum n)
     // Use a^(p-2) = 1 (mod p)
     fixnum pm2;
     fixnum::sub(pm2, p, fixnum::two());
-    multi_modexp<fixnum> minv(p);
+    multi_modexp<modnum> minv(p);
     minv(h, t, pm2);
 }
 

src/functions/paillier_encrypt.cu

@@ -2,6 +2,7 @@
 
 #include "functions/quorem_preinv.cu"
 #include "functions/multi_modexp.cu"
+#include "modnum/monty_mul.cu"
 
 namespace cuFIXNUM {
 
@@ -27,9 +28,11 @@ public:
     }
 
 private:
+    typedef modnum_monty_cios<fixnum> modnum;
+
     fixnum n;
     fixnum n_sqr;
-    modexp<fixnum> pow;
+    modexp<modnum> pow;
     quorem_preinv<fixnum> mod_n2;
 
     // TODO: It is flipping stupid that this is necessary.