use gmp2 for faster arithmetic

Author: tomato42

.travis.yml

@@ -4,6 +4,12 @@ dist: trusty
 sudo: false
 language: python
 cache: pip
+addons:
+  apt_packages:
+      # needed for gmpy2
+      - libgmp-dev
+      - libmpfr-dev
+      - libmpc-dev
 before_cache:
   - rm -f $HOME/.cache/pip/log/debug.log
 # place the slowest (instrumental and py2.6) first
@@ -17,6 +23,8 @@ matrix:
         env: TOX_ENV=py27
       - python: 2.7
         env: TOX_ENV=py27_old_six
+      - python: 2.7
+        env: TOX_ENV=gmppy27
       - python: 3.3
         env: TOX_ENV=py33
       - python: 3.4
@@ -33,6 +41,10 @@ matrix:
         env: TOX_ENV=py38
         dist: xenial
         sudo: true
+      - python: 3.8
+        env: TOX_ENV=gmppy38
+        dist: xenial
+        sudo: true
       - python: nightly
         env: TOX_ENV=py
         dist: xenial
@@ -75,11 +87,12 @@ install:
       else
         travis_retry pip install -r build-requirements.txt;
       fi
+  - if [[ $TOX_ENV =~ gmp ]]; then travis_retry pip install gmpy2; fi
   - if [[ $INSTRUMENTAL ]]; then travis_retry pip install instrumental; fi
   - pip list
 script:
   - if [[ $TOX_ENV ]]; then tox -e $TOX_ENV; fi
-  - tox -e speed
+  - if [[ $TOX_ENV =~ gmp ]]; then tox -e speedgmp2; else tox -e speed; fi
   - |
       if [[ $INSTRUMENTAL && $TRAVIS_PULL_REQUEST != "false" ]]; then
         git checkout $PR_FIRST^

README.md

@@ -32,7 +32,11 @@ curves over prime fields.
 
 This library uses only Python and the 'six' package. It is compatible with
 Python 2.6, 2.7 and 3.3+. It also supports execution on the alternative
-implementations like pypy and pypy3
+implementations like pypy and pypy3.
+
+If `gmpy2` is installed, it will be used for faster arithmetic.
+`gmpy2` can be installed after this library is installed, `python-ecdsa` will
+detect presence of `gmpy2` on start-up and use it automatically.
 
 To run the OpenSSL compatibility tests, the 'openssl' tool must be in your
 `PATH`. This release has been tested successfully against OpenSSL 0.9.8o,
@@ -67,10 +71,29 @@ On an Intel Core i7 4790K @ 4.0GHz I'm getting the following performance:
  BRAINPOOLP384r1:     96   0.00112s    892.44   0.00119s    841.48   0.00229s    436.71
  BRAINPOOLP512r1:    128   0.00214s    467.05   0.00226s    441.64   0.00422s    237.13
 ```
+To test performance with `gmpy2` loaded, use `tox -e speedgmp2`.
+On the same machine I'm getting the following performance with `gmpy2`:
+```
+                  siglen    keygen   keygen/s      sign     sign/s    verify   verify/s
+        NIST192p:     48   0.00016s   6180.12   0.00017s   5846.30   0.00033s   3029.51
+        NIST224p:     56   0.00021s   4861.86   0.00021s   4662.63   0.00042s   2366.47
+        NIST256p:     64   0.00023s   4343.93   0.00024s   4152.79   0.00047s   2148.83
+        NIST384p:     96   0.00040s   2507.97   0.00041s   2435.99   0.00079s   1260.01
+        NIST521p:    132   0.00088s   1135.13   0.00089s   1121.94   0.00139s    721.07
+       SECP256k1:     64   0.00023s   4360.83   0.00024s   4147.61   0.00044s   2254.53
+ BRAINPOOLP160r1:     40   0.00014s   7261.37   0.00015s   6824.47   0.00031s   3248.21
+ BRAINPOOLP192r1:     48   0.00016s   6219.18   0.00017s   5862.93   0.00034s   2933.74
+ BRAINPOOLP224r1:     56   0.00021s   4876.48   0.00022s   4640.40   0.00041s   2413.48
+ BRAINPOOLP256r1:     64   0.00023s   4397.89   0.00024s   4178.48   0.00044s   2272.76
+ BRAINPOOLP320r1:     80   0.00031s   3246.64   0.00032s   3138.38   0.00063s   1593.14
+ BRAINPOOLP384r1:     96   0.00040s   2491.04   0.00041s   2421.67   0.00079s   1262.64
+ BRAINPOOLP512r1:    128   0.00062s   1618.30   0.00063s   1577.42   0.00125s    799.29
+```
 
 For comparison, a highly optimised implementation (including curve-specific
-assembly) like OpenSSL provides following performance numbers on the same
-machine. Run `openssl speed ecdsa` to reproduce it:
+assembly for some curves), like the one in OpenSSL, provides following
+performance numbers on the same machine.
+Run `openssl speed ecdsa` to reproduce it:
 ```
                               sign    verify    sign/s verify/s
  192 bits ecdsa (nistp192)   0.0002s   0.0002s   4785.6   5380.7

src/ecdsa/ellipticcurve.py

@@ -35,25 +35,50 @@
 
 from __future__ import division
 
+try:
+    from gmpy2 import mpz
+    GMPY2=True
+except ImportError:
+    GMPY2=False
+
 from six import python_2_unicode_compatible
 from . import numbertheory
 
+
 @python_2_unicode_compatible
 class CurveFp(object):
   """Elliptic Curve over the field of integers modulo a prime."""
-  def __init__(self, p, a, b, h=None):
-    """
-    The curve of points satisfying y^2 = x^3 + a*x + b (mod p).
-
-    h is an integer that is the cofactor of the elliptic curve domain
-    parameters; it is the number of points satisfying the elliptic curve
-    equation divided by the order of the base point. It is used for selection
-    of efficient algorithm for public point verification.
-    """
-    self.__p = p
-    self.__a = a
-    self.__b = b
-    self.__h = h
+
+  if GMPY2:
+      def __init__(self, p, a, b, h=None):
+        """
+        The curve of points satisfying y^2 = x^3 + a*x + b (mod p).
+
+        h is an integer that is the cofactor of the elliptic curve domain
+        parameters; it is the number of points satisfying the elliptic curve
+        equation divided by the order of the base point. It is used for selection
+        of efficient algorithm for public point verification.
+        """
+        self.__p = mpz(p)
+        self.__a = mpz(a)
+        self.__b = mpz(b)
+        # h is not used in calculations and it can be None, so don't use
+        # gmpy with it
+        self.__h = h
+  else:
+      def __init__(self, p, a, b, h=None):
+        """
+        The curve of points satisfying y^2 = x^3 + a*x + b (mod p).
+
+        h is an integer that is the cofactor of the elliptic curve domain
+        parameters; it is the number of points satisfying the elliptic curve
+        equation divided by the order of the base point. It is used for selection
+        of efficient algorithm for public point verification.
+        """
+        self.__p = p
+        self.__a = a
+        self.__b = b
+        self.__h = h
 
   def __eq__(self, other):
     if isinstance(other, CurveFp):    
@@ -112,10 +137,16 @@ def __init__(self, curve, x, y, z, order=None, generator=False):
         cause to precompute multiplication table for it
       """
       self.__curve = curve
-      self.__x = x
-      self.__y = y
-      self.__z = z
-      self.__order = order
+      if GMPY2:
+          self.__x = mpz(x)
+          self.__y = mpz(y)
+          self.__z = mpz(z)
+          self.__order = order and mpz(order)
+      else:
+          self.__x = x
+          self.__y = y
+          self.__z = z
+          self.__order = order
       self.__precompute=[]
       if generator:
           assert order
@@ -542,9 +573,14 @@ class Point(object):
   def __init__(self, curve, x, y, order=None):
     """curve, x, y, order; order (optional) is the order of this point."""
     self.__curve = curve
-    self.__x = x
-    self.__y = y
-    self.__order = order
+    if GMPY2:
+        self.__x = x and mpz(x)
+        self.__y = y and mpz(y)
+        self.__order = order and mpz(order)
+    else:
+        self.__x = x
+        self.__y = y
+        self.__order = order
     # self.curve is allowed to be None only for INFINITY:
     if self.__curve:
       assert self.__curve.contains_point(x, y)

src/ecdsa/numbertheory.py

@@ -17,6 +17,11 @@
     xrange
 except NameError:
     xrange = range
+try:
+    from gmpy2 import powmod
+    GMPY2=True
+except ImportError:
+    GMPY2=False
 
 import math
 import warnings
@@ -201,19 +206,26 @@ def square_root_mod_prime(a, p):
   raise RuntimeError("No b found.")
 
 
-def inverse_mod(a, m):
-    """Inverse of a mod m."""
+if GMPY2:
+    def inverse_mod(a, m):
+        """Inverse of a mod m."""
+        if a == 0:
+            return 0
+        return powmod(a, -1, m)
+else:
+    def inverse_mod(a, m):
+        """Inverse of a mod m."""
 
-    if a == 0:
-        return 0
+        if a == 0:
+            return 0
 
-    lm, hm = 1, 0
-    low, high = a % m, m
-    while low > 1:
-        r = high // low
-        lm, low, hm, high = hm - lm * r, high - low * r, lm, low
+        lm, hm = 1, 0
+        low, high = a % m, m
+        while low > 1:
+            r = high // low
+            lm, low, hm, high = hm - lm * r, high - low * r, lm, low
 
-    return lm % m
+        return lm % m
 
 
 try:

src/ecdsa/test_ecdsa.py

@@ -417,7 +417,7 @@ def st_random_gen_key_msg_nonce(draw):
     name = draw(st.sampled_from(sorted(name_gen.keys())))
     note("Generator used: {0}".format(name))
     generator = name_gen[name]
-    order = generator.order()
+    order = int(generator.order())
 
     key = draw(st.integers(min_value=1, max_value=order))
     msg = draw(st.integers(min_value=1, max_value=order))

src/ecdsa/test_jacobi.py

@@ -14,16 +14,16 @@
 class TestJacobi(unittest.TestCase):
     def test___init__(self):
         curve = object()
-        x = object()
-        y = object()
+        x = 2
+        y = 3
         z = 1
-        order = object()
+        order = 4
         pj = PointJacobi(curve, x, y, z, order)
 
-        self.assertIs(pj.order(), order)
+        self.assertEqual(pj.order(), order)
         self.assertIs(pj.curve(), curve)
-        self.assertIs(pj.x(), x)
-        self.assertIs(pj.y(), y)
+        self.assertEqual(pj.x(), x)
+        self.assertEqual(pj.y(), y)
 
     def test_add_with_different_curves(self):
         p_a = PointJacobi.from_affine(generator_256)
@@ -179,7 +179,7 @@ def test_compare_double_with_multiply(self):
         self.assertEqual(dbl, mlpl)
 
     @settings(max_examples=10)
-    @given(st.integers(min_value=0, max_value=generator_256.order()))
+    @given(st.integers(min_value=0, max_value=int(generator_256.order())))
     def test_multiplications(self, mul):
         pj = PointJacobi.from_affine(generator_256)
         pw = pj.to_affine() * mul
@@ -190,9 +190,9 @@ def test_multiplications(self, mul):
         self.assertEqual(pj, pw)
 
     @settings(max_examples=10)
-    @given(st.integers(min_value=0, max_value=generator_256.order()))
+    @given(st.integers(min_value=0, max_value=int(generator_256.order())))
     @example(0)
-    @example(generator_256.order())
+    @example(int(generator_256.order()))
     def test_precompute(self, mul):
         precomp = PointJacobi.from_affine(generator_256, True)
         pj = PointJacobi.from_affine(generator_256)
@@ -203,8 +203,8 @@ def test_precompute(self, mul):
         self.assertEqual(a, b)
 
     @settings(max_examples=10)
-    @given(st.integers(min_value=1, max_value=generator_256.order()),
-           st.integers(min_value=1, max_value=generator_256.order()))
+    @given(st.integers(min_value=1, max_value=int(generator_256.order())),
+           st.integers(min_value=1, max_value=int(generator_256.order())))
     @example(3, 3)
     def test_add_scaled_points(self, a_mul, b_mul):
         j_g = PointJacobi.from_affine(generator_256)
@@ -216,9 +216,9 @@ def test_add_scaled_points(self, a_mul, b_mul):
         self.assertEqual(c, j_g * (a_mul + b_mul))
 
     @settings(max_examples=10)
-    @given(st.integers(min_value=1, max_value=generator_256.order()),
-           st.integers(min_value=1, max_value=generator_256.order()),
-           st.integers(min_value=1, max_value=curve_256.p()-1))
+    @given(st.integers(min_value=1, max_value=int(generator_256.order())),
+           st.integers(min_value=1, max_value=int(generator_256.order())),
+           st.integers(min_value=1, max_value=int(curve_256.p()-1)))
     def test_add_one_scaled_point(self, a_mul, b_mul, new_z):
         j_g = PointJacobi.from_affine(generator_256)
         a = PointJacobi.from_affine(j_g * a_mul)
@@ -238,13 +238,13 @@ def test_add_one_scaled_point(self, a_mul, b_mul, new_z):
         self.assertEqual(c, j_g * (a_mul + b_mul))
 
     @settings(max_examples=10)
-    @given(st.integers(min_value=1, max_value=generator_256.order()),
-           st.integers(min_value=1, max_value=generator_256.order()),
-           st.integers(min_value=1, max_value=curve_256.p()-1))
+    @given(st.integers(min_value=1, max_value=int(generator_256.order())),
+           st.integers(min_value=1, max_value=int(generator_256.order())),
+           st.integers(min_value=1, max_value=int(curve_256.p()-1)))
     @example(1, 1, 1)
     @example(3, 3, 3)
-    @example(2, generator_256.order()-2, 1)
-    @example(2, generator_256.order()-2, 3)
+    @example(2, int(generator_256.order()-2), 1)
+    @example(2, int(generator_256.order()-2), 3)
     def test_add_same_scale_points(self, a_mul, b_mul, new_z):
         j_g = PointJacobi.from_affine(generator_256)
         a = PointJacobi.from_affine(j_g * a_mul)
@@ -266,14 +266,14 @@ def test_add_same_scale_points(self, a_mul, b_mul, new_z):
         self.assertEqual(c, j_g * (a_mul + b_mul))
 
     @settings(max_examples=14)
-    @given(st.integers(min_value=1, max_value=generator_256.order()),
-           st.integers(min_value=1, max_value=generator_256.order()),
-           st.lists(st.integers(min_value=1, max_value=curve_256.p()-1),
+    @given(st.integers(min_value=1, max_value=int(generator_256.order())),
+           st.integers(min_value=1, max_value=int(generator_256.order())),
+           st.lists(st.integers(min_value=1, max_value=int(curve_256.p()-1)),
                     min_size=2, max_size=2, unique=True))
     @example(2, 2, [2, 1])
     @example(2, 2, [2, 3])
-    @example(2, generator_256.order()-2, [2, 3])
-    @example(2, generator_256.order()-2, [2, 1])
+    @example(2, int(generator_256.order()-2), [2, 3])
+    @example(2, int(generator_256.order()-2), [2, 1])
     def test_add_different_scale_points(self, a_mul, b_mul, new_z):
         j_g = PointJacobi.from_affine(generator_256)
         a = PointJacobi.from_affine(j_g * a_mul)

src/ecdsa/test_malformed_sigs.py

@@ -144,7 +144,7 @@ def st_random_der_ecdsa_sig_value(draw):
     """
     name, verifying_key, _ = draw(st.sampled_from(keys_and_sigs))
     note("Configuration: {0}".format(name))
-    order = verifying_key.curve.order
+    order = int(verifying_key.curve.order)
 
     # the encode_integer doesn't suport negative numbers, would be nice
     # to generate them too, but we have coverage for remove_integer()