batch, extrakeys: Add benchmarks

This commit adds benchmarks for:
    1. Batch verifying Schnorr signatures
    2. Batch verifying tweaked pubkey checks
    3. Normal tweaked pubkey check in extrakeys module

For batch verify benchmark, the number of sigs (or checks) in the batch
varies from 1 to SECP256K1_BENCH_ITERS with a 20% increment.

Author: siv2r

src/bench.c

@@ -54,10 +54,20 @@ static void help(int default_iters) {
     printf("    ecdh              : ECDH key exchange algorithm\n");
 #endif
 
+#ifdef ENABLE_MODULE_EXTRAKEYS
+    printf("   tweak_add_check    : Checks if tweaked x-only pubkey is valid\n");
+# ifdef ENABLE_MODULE_BATCH
+    printf("   batch_tweak_checks : Batch verification of tweaked x-only pubkeys check\n");
+# endif
+#endif
+
 #ifdef ENABLE_MODULE_SCHNORRSIG
     printf("    schnorrsig        : all Schnorr signature algorithms (sign, verify)\n");
     printf("    schnorrsig_sign   : Schnorr sigining algorithm\n");
     printf("    schnorrsig_verify : Schnorr verification algorithm\n");
+#ifdef ENABLE_MODULE_BATCH
+    printf("    batch_schnorrsigs : Batch verification of Schnorr signatures\n");
+#endif
 #endif
 
 #ifdef ENABLE_MODULE_ELLSWIFT
@@ -162,6 +172,10 @@ static void bench_keygen_run(void *arg, int iters) {
 # include "modules/recovery/bench_impl.h"
 #endif
 
+#ifdef ENABLE_MODULE_EXTRAKEYS
+# include "modules/extrakeys/bench_impl.h"
+#endif
+
 #ifdef ENABLE_MODULE_SCHNORRSIG
 # include "modules/schnorrsig/bench_impl.h"
 #endif
@@ -182,7 +196,7 @@ int main(int argc, char** argv) {
 
     /* Check for invalid user arguments */
     char* valid_args[] = {"ecdsa", "verify", "ecdsa_verify", "sign", "ecdsa_sign", "ecdh", "recover",
-                         "ecdsa_recover", "schnorrsig", "schnorrsig_verify", "schnorrsig_sign", "ec",
+                         "ecdsa_recover", "extrakeys", "tweak_add_check", "schnorrsig", "schnorrsig_verify", "schnorrsig_sign", "batch", "batch_tweak_checks", "batch_schnorrsigs", "ec",
                          "keygen", "ec_keygen", "ellswift", "encode", "ellswift_encode", "decode",
                          "ellswift_decode", "ellswift_keygen", "ellswift_ecdh"};
     size_t valid_args_size = sizeof(valid_args)/sizeof(valid_args[0]);
@@ -219,13 +233,29 @@ int main(int argc, char** argv) {
 #endif
 
 #ifndef ENABLE_MODULE_SCHNORRSIG
-    if (have_flag(argc, argv, "schnorrsig") || have_flag(argc, argv, "schnorrsig_sign") || have_flag(argc, argv, "schnorrsig_verify")) {
+    if (have_flag(argc, argv, "schnorrsig") || have_flag(argc, argv, "schnorrsig_sign") || have_flag(argc, argv, "schnorrsig_verify") || have_flag(argc, argv, "batch_schnorrsigs")) {
         fprintf(stderr, "./bench: Schnorr signatures module not enabled.\n");
         fprintf(stderr, "Use ./configure --enable-module-schnorrsig.\n\n");
         return EXIT_FAILURE;
     }
 #endif
 
+#ifndef ENABLE_MODULE_EXTRAKEYS
+    if (have_flag(argc, argv, "extrakeys") || have_flag(argc, argv, "tweak_add_check") || have_flag(argc, argv, "batch_tweak_checks")) {
+        fprintf(stderr, "./bench: extrakeys module not enabled.\n");
+        fprintf(stderr, "Use ./configure --enable-module-extrakeys.\n\n");
+        return EXIT_FAILURE;
+    }
+#endif
+
+#ifndef ENABLE_MODULE_BATCH
+    if (have_flag(argc, argv, "batch") || have_flag(argc, argv, "batch_schnorrsigs") || have_flag(argc, argv, "batch_tweak_checks")) {
+        fprintf(stderr, "./bench: Batch module not enabled.\n");
+        fprintf(stderr, "Use ./configure --enable-module-batch --enable-experimental.\n\n");
+        return EXIT_FAILURE;
+    }
+#endif
+
 #ifndef ENABLE_MODULE_ELLSWIFT
     if (have_flag(argc, argv, "ellswift") || have_flag(argc, argv, "ellswift_encode") || have_flag(argc, argv, "ellswift_decode") ||
         have_flag(argc, argv, "encode") || have_flag(argc, argv, "decode") || have_flag(argc, argv, "ellswift_keygen") ||
@@ -270,6 +300,11 @@ int main(int argc, char** argv) {
     run_recovery_bench(iters, argc, argv);
 #endif
 
+#ifdef ENABLE_MODULE_EXTRAKEYS
+    /* Extrakeys benchmarks */
+    run_extrakeys_bench(iters, argc, argv);
+#endif
+
 #ifdef ENABLE_MODULE_SCHNORRSIG
     /* Schnorr signature benchmarks */
     run_schnorrsig_bench(iters, argc, argv);

src/bench.h

@@ -120,7 +120,7 @@ static void run_benchmark(char *name, void (*benchmark)(void*, int), void (*setu
         sum += total;
     }
     /* ',' is used as a column delimiter */
-    printf("%-30s, ", name);
+    printf("%-35s, ", name);
     print_number(min * FP_MULT / iter);
     printf("   , ");
     print_number(((sum * FP_MULT) / count) / iter);
@@ -181,7 +181,7 @@ static void print_output_table_header_row(void) {
     char* min_str = "    Min(us)    "; /* center alignment */
     char* avg_str = "    Avg(us)    ";
     char* max_str = "    Max(us)    ";
-    printf("%-30s,%-15s,%-15s,%-15s\n", bench_str, min_str, avg_str, max_str);
+    printf("%-35s,%-15s,%-15s,%-15s\n", bench_str, min_str, avg_str, max_str);
     printf("\n");
 }
 

src/modules/extrakeys/bench_impl.h

@@ -0,0 +1,139 @@
+
+#ifndef SECP256K1_MODULE_EXTRAKEYS_BENCH_H
+#define SECP256K1_MODULE_EXTRAKEYS_BENCH_H
+
+#include "../../../include/secp256k1_extrakeys.h"
+#ifdef ENABLE_MODULE_BATCH
+# include "../../../include/secp256k1_batch.h"
+# include "../../../include/secp256k1_tweak_check_batch.h"
+#endif
+
+typedef struct {
+    secp256k1_context *ctx;
+#ifdef ENABLE_MODULE_BATCH
+    secp256k1_batch *batch;
+    /* number of tweak checks to batch verify.
+     * it varies from 1 to iters with 20% increments */
+    int n;
+#endif
+
+    const secp256k1_keypair **keypairs;
+    const unsigned char **pks;
+    const unsigned char **tweaked_pks;
+    const int **tweaked_pk_parities;
+    const unsigned char **tweaks;
+} bench_tweak_check_data;
+
+static void bench_xonly_pubkey_tweak_add_check(void* arg, int iters) {
+    bench_tweak_check_data *data = (bench_tweak_check_data *)arg;
+    int i;
+
+    for (i = 0; i < iters; i++) {
+        secp256k1_xonly_pubkey pk;
+        CHECK(secp256k1_xonly_pubkey_parse(data->ctx, &pk, data->pks[i]) == 1);
+        CHECK(secp256k1_xonly_pubkey_tweak_add_check(data->ctx, data->tweaked_pks[i], *data->tweaked_pk_parities[i], &pk, data->tweaks[i]) == 1);
+    }
+}
+
+#ifdef ENABLE_MODULE_BATCH
+static void bench_xonly_pubkey_tweak_add_check_n(void* arg, int iters) {
+    bench_tweak_check_data *data = (bench_tweak_check_data *)arg;
+    int i, j;
+
+    for (j = 0; j < iters/data->n; j++) {
+        for (i = 0; i < data->n; i++) {
+            secp256k1_xonly_pubkey pk;
+            CHECK(secp256k1_xonly_pubkey_parse(data->ctx, &pk, data->pks[j+i]) == 1);
+            CHECK(secp256k1_batch_usable(data->ctx, data->batch) == 1);
+            CHECK(secp256k1_batch_add_xonlypub_tweak_check(data->ctx, data->batch, data->tweaked_pks[j+i], *data->tweaked_pk_parities[j+i], &pk, data->tweaks[j+i]) == 1);
+        }
+        CHECK(secp256k1_batch_verify(data->ctx, data->batch) == 1);
+    }
+}
+#endif
+
+static void run_extrakeys_bench(int iters, int argc, char** argv) {
+    int i;
+    bench_tweak_check_data data;
+    int d = argc == 1;
+
+    data.ctx = secp256k1_context_create(SECP256K1_CONTEXT_NONE);
+    data.keypairs = (const secp256k1_keypair **)malloc(iters * sizeof(secp256k1_keypair *));
+    data.pks = (const unsigned char **)malloc(iters * sizeof(unsigned char *));
+    data.tweaked_pks = (const unsigned char **)malloc(iters * sizeof(unsigned char *));
+    data.tweaked_pk_parities = (const int **)malloc(iters * sizeof(int *));
+    data.tweaks = (const unsigned char **)malloc(iters * sizeof(unsigned char *));
+#ifdef ENABLE_MODULE_BATCH
+    data.batch = secp256k1_batch_create(data.ctx, iters, NULL);
+    CHECK(data.batch != NULL);
+#endif
+
+    for (i = 0; i < iters; i++) {
+        unsigned char sk[32];
+        unsigned char *tweaked_pk_char = (unsigned char *)malloc(32);
+        int *tweaked_pk_parity = (int *)malloc(sizeof(int)); /*todo: use sizeof(*twk_parity) instead?*/
+        unsigned char *tweak = (unsigned char *)malloc(32);
+        secp256k1_keypair *keypair = (secp256k1_keypair *)malloc(sizeof(*keypair));
+        unsigned char *pk_char = (unsigned char *)malloc(32);
+        secp256k1_xonly_pubkey pk;
+        secp256k1_pubkey output_pk;
+        secp256k1_xonly_pubkey output_pk_xonly;
+        tweak[0] = sk[0] = i;
+        tweak[1] = sk[1] = i >> 8;
+        tweak[2] = sk[2] = i >> 16;
+        tweak[3] = sk[3] = i >> 24;
+        memset(&tweak[4], 't', 28);
+        memset(&sk[4], 's', 28);
+
+        data.keypairs[i] = keypair;
+        data.pks[i] = pk_char;
+        data.tweaked_pks[i] = tweaked_pk_char;
+        data.tweaked_pk_parities[i] = tweaked_pk_parity;
+        data.tweaks[i] = tweak;
+
+        CHECK(secp256k1_keypair_create(data.ctx, keypair, sk));
+        CHECK(secp256k1_keypair_xonly_pub(data.ctx, &pk, NULL, keypair));
+        CHECK(secp256k1_xonly_pubkey_tweak_add(data.ctx, &output_pk, &pk, tweak));
+        CHECK(secp256k1_xonly_pubkey_from_pubkey(data.ctx, &output_pk_xonly, tweaked_pk_parity, &output_pk));
+        CHECK(secp256k1_xonly_pubkey_serialize(data.ctx, tweaked_pk_char, &output_pk_xonly) == 1);
+        CHECK(secp256k1_xonly_pubkey_serialize(data.ctx, pk_char, &pk) == 1);
+    }
+
+    if (d || have_flag(argc, argv, "extrakeys") || have_flag(argc, argv, "tweak_add_check")) run_benchmark("tweak_add_check", bench_xonly_pubkey_tweak_add_check, NULL, NULL, (void *) &data, 10, iters);
+#ifdef ENABLE_MODULE_BATCH
+    if (d || have_flag(argc, argv, "extrakeys") || have_flag(argc, argv, "batch") || have_flag(argc, argv, "batch_tweak_checks")) {
+        for (i = 1; i <= iters; i = (int)(i*1.2 + 1)) {
+            char name[64];
+            int divisible_iters;
+            sprintf(name, "batchverify_tweak_checks_%d", (int) i);
+
+            data.n = i;
+            divisible_iters = iters - (iters % data.n);
+            run_benchmark(name, bench_xonly_pubkey_tweak_add_check_n, NULL, NULL, (void *) &data, 3, divisible_iters);
+            fflush(stdout);
+        }
+    }
+#endif
+
+    for (i = 0; i < iters; i++) {
+        free((void *)data.keypairs[i]);
+        free((void *)data.pks[i]);
+        free((void *)data.tweaked_pks[i]);
+        free((void *)data.tweaked_pk_parities[i]);
+        free((void *)data.tweaks[i]);
+    }
+
+    /* Casting to (void *) avoids a stupid warning in MSVC. */
+    free((void *)data.keypairs);
+    free((void *)data.pks);
+    free((void *)data.tweaked_pks);
+    free((void *)data.tweaked_pk_parities);
+    free((void *)data.tweaks);
+
+#ifdef ENABLE_MODULE_BATCH
+    secp256k1_batch_destroy(data.ctx, data.batch);
+#endif
+    secp256k1_context_destroy(data.ctx);
+}
+
+#endif /* SECP256K1_MODULE_EXTRAKEYS_BENCH_H */

src/modules/schnorrsig/bench_impl.h

@@ -8,12 +8,21 @@
 #define SECP256K1_MODULE_SCHNORRSIG_BENCH_H
 
 #include "../../../include/secp256k1_schnorrsig.h"
+#ifdef ENABLE_MODULE_BATCH
+# include "../../../include/secp256k1_batch.h"
+# include "../../../include/secp256k1_schnorrsig_batch.h"
+#endif
 
 #define MSGLEN 32
 
 typedef struct {
     secp256k1_context *ctx;
+#ifdef ENABLE_MODULE_BATCH
+    secp256k1_batch *batch;
+    /* number of signatures to batch verify.
+     * it varies from 1 to iters with 20% increments */
     int n;
+#endif
 
     const secp256k1_keypair **keypairs;
     const unsigned char **pk;
@@ -45,6 +54,23 @@ static void bench_schnorrsig_verify(void* arg, int iters) {
     }
 }
 
+#ifdef ENABLE_MODULE_BATCH
+static void bench_schnorrsig_verify_n(void* arg, int iters) {
+    bench_schnorrsig_data *data = (bench_schnorrsig_data *)arg;
+    int i, j;
+
+    for (j = 0; j < iters/data->n; j++) {
+        for (i = 0; i < data->n; i++) {
+            secp256k1_xonly_pubkey pk;
+            CHECK(secp256k1_xonly_pubkey_parse(data->ctx, &pk, data->pk[j+i]) == 1);
+            CHECK(secp256k1_batch_usable(data->ctx, data->batch) == 1);
+            CHECK(secp256k1_batch_add_schnorrsig(data->ctx, data->batch, data->sigs[j+i], data->msgs[j+i], MSGLEN, &pk) == 1);
+        }
+        CHECK(secp256k1_batch_verify(data->ctx, data->batch) == 1);
+    }
+}
+#endif
+
 static void run_schnorrsig_bench(int iters, int argc, char** argv) {
     int i;
     bench_schnorrsig_data data;
@@ -55,6 +81,10 @@ static void run_schnorrsig_bench(int iters, int argc, char** argv) {
     data.pk = (const unsigned char **)malloc(iters * sizeof(unsigned char *));
     data.msgs = (const unsigned char **)malloc(iters * sizeof(unsigned char *));
     data.sigs = (const unsigned char **)malloc(iters * sizeof(unsigned char *));
+#ifdef ENABLE_MODULE_BATCH
+    data.batch = secp256k1_batch_create(data.ctx, 2*iters, NULL);
+    CHECK(data.batch != NULL);
+#endif
 
     CHECK(MSGLEN >= 4);
     for (i = 0; i < iters; i++) {
@@ -84,6 +114,20 @@ static void run_schnorrsig_bench(int iters, int argc, char** argv) {
 
     if (d || have_flag(argc, argv, "schnorrsig") || have_flag(argc, argv, "sign") || have_flag(argc, argv, "schnorrsig_sign")) run_benchmark("schnorrsig_sign", bench_schnorrsig_sign, NULL, NULL, (void *) &data, 10, iters);
     if (d || have_flag(argc, argv, "schnorrsig") || have_flag(argc, argv, "verify") || have_flag(argc, argv, "schnorrsig_verify")) run_benchmark("schnorrsig_verify", bench_schnorrsig_verify, NULL, NULL, (void *) &data, 10, iters);
+#ifdef ENABLE_MODULE_BATCH
+    if (d || have_flag(argc, argv, "schnorrsig") || have_flag(argc, argv, "batch") || have_flag(argc, argv, "batch_schnorrsigs")) {
+        for (i = 1; i <= iters; i = (int)(i*1.2 + 1)) {
+            char name[64];
+            int divisible_iters;
+            sprintf(name, "batchverify_schnorrsigs_%d", (int) i);
+
+            data.n = i;
+            divisible_iters = iters - (iters % data.n);
+            run_benchmark(name, bench_schnorrsig_verify_n, NULL, NULL, (void *) &data, 3, divisible_iters);
+            fflush(stdout);
+        }
+    }
+#endif
 
     for (i = 0; i < iters; i++) {
         free((void *)data.keypairs[i]);
@@ -98,6 +142,9 @@ static void run_schnorrsig_bench(int iters, int argc, char** argv) {
     free((void *)data.msgs);
     free((void *)data.sigs);
 
+#ifdef ENABLE_MODULE_BATCH
+    secp256k1_batch_destroy(data.ctx, data.batch);
+#endif
     secp256k1_context_destroy(data.ctx);
 }