Skip to content

Commit 5463c70

Browse files
author
Evgenii Popov
committed
Huge increase of performance in signing / verifying WITHOUT timing variations introduced by previous solution (PR dchest#134) that could leak information about secret keys
PR makes: signing ~2 times faster on m4 max (~ same performance as previous solution) verifying ~40+ times faster (~20+ times faster than previous solution) On M4 Max (MBP Nov 2024), Node.js v8.8.1:
1 parent cb40b07 commit 5463c70

File tree

2 files changed

+9
-9
lines changed

2 files changed

+9
-9
lines changed

nacl-fast.js

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -8,11 +8,11 @@
88
// See for details: http://tweetnacl.cr.yp.to/
99

1010
function gf() {
11-
return [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0];
11+
return new Uint32Array(16);
1212
}
1313

1414
function gfi(init) {
15-
var r = [], i = 0;
15+
var r = new Uint32Array(16), i = 0;
1616
for ( ; i < init.length; i++) r[i] = init[i];
1717
for ( ; i < 16; i++) r[i] = 0;
1818
return r;
@@ -1328,7 +1328,7 @@ function pow2523(o, i) {
13281328

13291329
function crypto_scalarmult(q, n, p) {
13301330
var z = new Uint8Array(32);
1331-
var x = [] /* 80 */, r, i;
1331+
var x = new Uint32Array(80), r, i;
13321332
var a = gf(), b = gf(), c = gf(),
13331333
d = gf(), e = gf(), f = gf();
13341334
for (i = 0; i < 31; i++) z[i] = n[i];
@@ -1366,13 +1366,13 @@ function crypto_scalarmult(q, n, p) {
13661366
sel25519(c,d,r);
13671367
}
13681368

1369-
var x32 = []; /* 48 */
1369+
var x32 = new Uint32Array(48);
13701370
for (i = 0; i < 16; i++) {
13711371
x32[i] = c[i];
13721372
x32[i+16] = b[i];
13731373
x32[i+32] = d[i];
13741374
}
1375-
var x16 = []; /* 64 */
1375+
var x16 = new Uint32Array(64);
13761376
for (i = 0; i < 16; i++) {
13771377
x16[i] = a[i];
13781378
x16[i+16] = c[i];
@@ -1944,7 +1944,7 @@ function crypto_sign_keypair(pk, sk, seeded) {
19441944
return 0;
19451945
}
19461946

1947-
var L = [0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, 0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x10];
1947+
var L = new Uint32Array([0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, 0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x10]);
19481948

19491949
function modL(r, x) {
19501950
var carry, i, j, k;
@@ -1972,7 +1972,7 @@ function modL(r, x) {
19721972
}
19731973

19741974
function reduce(r) {
1975-
var x = [] /* 64 */, i;
1975+
var x = new Uint32Array(64), i;
19761976
for (i = 0; i < 64; i++) x[i] = r[i];
19771977
for (i = 0; i < 64; i++) r[i] = 0;
19781978
modL(r, x);
@@ -1981,7 +1981,7 @@ function reduce(r) {
19811981
// Note: difference from C - smlen returned, not passed as argument.
19821982
function crypto_sign(sm, m, n, sk) {
19831983
var d = new Uint8Array(64), h = new Uint8Array(64), r = new Uint8Array(64);
1984-
var i, j, x = [] /* 64 */;
1984+
var i, j, x = new Uint32Array(64);
19851985
var p = [gf(), gf(), gf(), gf()];
19861986

19871987
crypto_hash(d, sk, 32);

0 commit comments

Comments
 (0)