silentpayments: add benchmarks for scanning

Add a benchmark for a full transaction scan and for scanning a single
output. Only benchmarks for scanning are added as this is the most
performance critical portion of the protocol.

Author: josibake

src/bench.c

@@ -32,6 +32,10 @@ static void help(int default_iters) {
     printf("    - ElligatorSwift (optional module)\n");
 #endif
 
+#ifdef ENABLE_MODULE_SILENTPAYMENTS
+    printf("    - Silent payments (optional module)\n");
+#endif
+
     printf("\n");
     printf("The default number of iterations for each benchmark is %d. This can be\n", default_iters);
     printf("customized using the SECP256K1_BENCH_ITERS environment variable.\n");
@@ -68,6 +72,10 @@ static void help(int default_iters) {
     printf("    ellswift_ecdh     : ECDH on ElligatorSwift keys\n");
 #endif
 
+#ifdef ENABLE_MODULE_SILENTPAYMENTS
+    printf("    silentpayments    : Silent payments recipient scanning\n");
+#endif
+
     printf("\n");
 }
 
@@ -170,6 +178,10 @@ static void bench_keygen_run(void *arg, int iters) {
 # include "modules/ellswift/bench_impl.h"
 #endif
 
+#ifdef ENABLE_MODULE_SILENTPAYMENTS
+# include "modules/silentpayments/bench_impl.h"
+#endif
+
 int main(int argc, char** argv) {
     int i;
     secp256k1_pubkey pubkey;
@@ -184,7 +196,7 @@ int main(int argc, char** argv) {
     char* valid_args[] = {"ecdsa", "verify", "ecdsa_verify", "sign", "ecdsa_sign", "ecdh", "recover",
                          "ecdsa_recover", "schnorrsig", "schnorrsig_verify", "schnorrsig_sign", "ec",
                          "keygen", "ec_keygen", "ellswift", "encode", "ellswift_encode", "decode",
-                         "ellswift_decode", "ellswift_keygen", "ellswift_ecdh"};
+                         "ellswift_decode", "ellswift_keygen", "ellswift_ecdh", "silentpayments"};
     size_t valid_args_size = sizeof(valid_args)/sizeof(valid_args[0]);
     int invalid_args = have_invalid_args(argc, argv, valid_args, valid_args_size);
 
@@ -236,6 +248,14 @@ int main(int argc, char** argv) {
     }
 #endif
 
+#ifndef ENABLE_MODULE_SILENTPAYMENTS
+    if (have_flag(argc, argv, "silentpayments")) {
+        fprintf(stderr, "./bench: silentpayments module not enabled.\n");
+        fprintf(stderr, "Use ./configure --enable-module-silentpayments.\n\n");
+        return 1;
+    }
+#endif
+
     /* ECDSA benchmark */
     data.ctx = secp256k1_context_create(SECP256K1_CONTEXT_NONE);
 
@@ -280,5 +300,11 @@ int main(int argc, char** argv) {
     run_ellswift_bench(iters, argc, argv);
 #endif
 
+#ifdef ENABLE_MODULE_SILENTPAYMENTS
+    /* SilentPayments benchmarks */
+    run_silentpayments_bench(iters, argc, argv);
+#endif
+
+
     return EXIT_SUCCESS;
 }

src/modules/silentpayments/Makefile.am.include

@@ -1,2 +1,3 @@
 include_HEADERS += include/secp256k1_silentpayments.h
 noinst_HEADERS += src/modules/silentpayments/main_impl.h
+noinst_HEADERS += src/modules/silentpayments/bench_impl.h

src/modules/silentpayments/bench_impl.h

@@ -0,0 +1,156 @@
+/***********************************************************************
+ * Copyright (c) 2024 josibake                                         *
+ * Distributed under the MIT software license, see the accompanying    *
+ * file COPYING or https://www.opensource.org/licenses/mit-license.php.*
+ ***********************************************************************/
+
+#ifndef SECP256K1_MODULE_SILENTPAYMENTS_BENCH_H
+#define SECP256K1_MODULE_SILENTPAYMENTS_BENCH_H
+
+#include "../../../include/secp256k1_silentpayments.h"
+
+typedef struct {
+    secp256k1_context *ctx;
+    secp256k1_pubkey spend_pubkey;
+    unsigned char scan_key[32];
+    unsigned char input_pubkey33[33];
+    secp256k1_xonly_pubkey tx_outputs[2];
+    secp256k1_xonly_pubkey tx_inputs[2];
+    secp256k1_silentpayments_found_output found_outputs[2];
+    unsigned char scalar[32];
+    unsigned char smallest_outpoint[36];
+} bench_silentpayments_data;
+
+/* we need a non-null pointer for the cache */
+static int noop;
+void* label_cache = &noop;
+const unsigned char* label_lookup(const unsigned char* key, const void* cache_ptr) {
+    (void)key;
+    (void)cache_ptr;
+    return NULL;
+}
+
+static void bench_silentpayments_scan_setup(void* arg) {
+    int i;
+    bench_silentpayments_data *data = (bench_silentpayments_data*)arg;
+    const unsigned char tx_outputs[2][32] = {
+        {0x84,0x17,0x92,0xc3,0x3c,0x9d,0xc6,0x19,0x3e,0x76,0x74,0x41,0x34,0x12,0x5d,0x40,0xad,0xd8,0xf2,0xf4,0xa9,0x64,0x75,0xf2,0x8b,0xa1,0x50,0xbe,0x03,0x2d,0x64,0xe8},
+        {0x2e,0x84,0x7b,0xb0,0x1d,0x1b,0x49,0x1d,0xa5,0x12,0xdd,0xd7,0x60,0xb8,0x50,0x96,0x17,0xee,0x38,0x05,0x70,0x03,0xd6,0x11,0x5d,0x00,0xba,0x56,0x24,0x51,0x32,0x3a},
+    };
+    const unsigned char static_tx_input[32] = {
+        0xf2,0x07,0x16,0x2b,0x1a,0x7a,0xbc,0x51,
+        0xc4,0x20,0x17,0xbe,0xf0,0x55,0xe9,0xec,
+        0x1e,0xfc,0x3d,0x35,0x67,0xcb,0x72,0x03,
+        0x57,0xe2,0xb8,0x43,0x25,0xdb,0x33,0xac
+    };
+    const unsigned char smallest_outpoint[36] = {
+        0x16, 0x9e, 0x1e, 0x83, 0xe9, 0x30, 0x85, 0x33, 0x91,
+        0xbc, 0x6f, 0x35, 0xf6, 0x05, 0xc6, 0x75, 0x4c, 0xfe,
+        0xad, 0x57, 0xcf, 0x83, 0x87, 0x63, 0x9d, 0x3b, 0x40,
+        0x96, 0xc5, 0x4f, 0x18, 0xf4, 0x00, 0x00, 0x00, 0x00,
+    };
+    const unsigned char spend_pubkey[33] = {
+        0x02,0xee,0x97,0xdf,0x83,0xb2,0x54,0x6a,
+        0xf5,0xa7,0xd0,0x62,0x15,0xd9,0x8b,0xcb,
+        0x63,0x7f,0xe0,0x5d,0xd0,0xfa,0x37,0x3b,
+        0xd8,0x20,0xe6,0x64,0xd3,0x72,0xde,0x9a,0x01
+    };
+    const unsigned char scan_key[32] = {
+        0xa8,0x90,0x54,0xc9,0x5b,0xe3,0xc3,0x01,
+        0x56,0x65,0x74,0xf2,0xaa,0x93,0xad,0xe0,
+        0x51,0x85,0x09,0x03,0xa6,0x9c,0xbd,0xd1,
+        0xd4,0x7e,0xae,0x26,0x3d,0x7b,0xc0,0x31
+    };
+    secp256k1_keypair input_keypair;
+    secp256k1_pubkey input_pubkey;
+    size_t pubkeylen = 33;
+
+    for (i = 0; i < 32; i++) {
+        data->scalar[i] = i + 1;
+    }
+    for (i = 0; i < 2; i++) {
+        CHECK(secp256k1_xonly_pubkey_parse(data->ctx, &data->tx_outputs[i], tx_outputs[i]));
+    }
+    /* Create the first input public key from the scalar.
+     * This input is also used to create the serialized public data object for the light client
+     */
+    CHECK(secp256k1_keypair_create(data->ctx, &input_keypair, data->scalar));
+    CHECK(secp256k1_keypair_pub(data->ctx, &input_pubkey, &input_keypair));
+    CHECK(secp256k1_ec_pubkey_serialize(data->ctx, data->input_pubkey33, &pubkeylen, &input_pubkey, SECP256K1_EC_COMPRESSED));
+    /* Create the input public keys for the full scan */
+    CHECK(secp256k1_keypair_xonly_pub(data->ctx, &data->tx_inputs[0], NULL, &input_keypair));
+    CHECK(secp256k1_xonly_pubkey_parse(data->ctx, &data->tx_inputs[1], static_tx_input));
+    CHECK(secp256k1_ec_pubkey_parse(data->ctx, &data->spend_pubkey, spend_pubkey, pubkeylen));
+    memcpy(data->scan_key, scan_key, 32);
+    memcpy(data->smallest_outpoint, smallest_outpoint, 36);
+}
+
+static void bench_silentpayments_output_scan(void* arg, int iters) {
+    int i, k = 0;
+    bench_silentpayments_data *data = (bench_silentpayments_data*)arg;
+    secp256k1_silentpayments_recipient_public_data public_data;
+
+    for (i = 0; i < iters; i++) {
+        unsigned char shared_secret[33];
+        secp256k1_xonly_pubkey xonly_output;
+        CHECK(secp256k1_silentpayments_recipient_public_data_parse(data->ctx, &public_data, data->input_pubkey33));
+        CHECK(secp256k1_silentpayments_recipient_create_shared_secret(data->ctx,
+            shared_secret,
+            data->scan_key,
+            &public_data
+        ));
+        CHECK(secp256k1_silentpayments_recipient_create_output_pubkey(data->ctx,
+            &xonly_output,
+            shared_secret,
+            &data->spend_pubkey,
+            k
+        ));
+    }
+}
+
+static void bench_silentpayments_full_tx_scan(void* arg, int iters) {
+    int i;
+    size_t n_found = 0;
+    secp256k1_silentpayments_found_output *found_output_ptrs[2];
+    const secp256k1_xonly_pubkey *tx_output_ptrs[2];
+    const secp256k1_xonly_pubkey *tx_input_ptrs[2];
+    bench_silentpayments_data *data = (bench_silentpayments_data*)arg;
+    secp256k1_silentpayments_recipient_public_data public_data;
+
+    for (i = 0; i < 2; i++) {
+        found_output_ptrs[i] = &data->found_outputs[i];
+        tx_output_ptrs[i] = &data->tx_outputs[i];
+        tx_input_ptrs[i] = &data->tx_inputs[i];
+    }
+    for (i = 0; i < iters; i++) {
+        CHECK(secp256k1_silentpayments_recipient_public_data_create(data->ctx,
+            &public_data,
+            data->smallest_outpoint,
+            tx_input_ptrs, 2,
+            NULL, 0
+        ));
+        CHECK(secp256k1_silentpayments_recipient_scan_outputs(data->ctx,
+            found_output_ptrs, &n_found,
+            tx_output_ptrs, 2,
+            data->scan_key,
+            &public_data,
+            &data->spend_pubkey,
+            label_lookup, label_cache)
+        );
+    }
+}
+
+static void run_silentpayments_bench(int iters, int argc, char** argv) {
+    bench_silentpayments_data data;
+    int d = argc == 1;
+
+    /* create a context with no capabilities */
+    data.ctx = secp256k1_context_create(SECP256K1_FLAGS_TYPE_CONTEXT);
+
+    if (d || have_flag(argc, argv, "silentpayments")) run_benchmark("silentpayments_full_tx_scan", bench_silentpayments_full_tx_scan, bench_silentpayments_scan_setup, NULL, &data, 10, iters);
+    if (d || have_flag(argc, argv, "silentpayments")) run_benchmark("silentpayments_output_scan", bench_silentpayments_output_scan, bench_silentpayments_scan_setup, NULL, &data, 10, iters);
+
+    secp256k1_context_destroy(data.ctx);
+}
+
+#endif /* SECP256K1_MODULE_SILENTPAYMENTS_BENCH_H */