From 7762e4c3760c9dd7e4e71ef87e603a3cf7167488 Mon Sep 17 00:00:00 2001
From: pons <pons@esrf.fr>
Date: Thu, 23 Apr 2020 08:36:12 +0200
Subject: [PATCH] Seep up Kangaroo creation

---
 Kangaroo.cpp         | 91 ++++++++++++++++++++++++++++++++++++----
 SECPK1/SECP256K1.cpp | 99 ++++++++++++++++++++++++++++++++++++++++++--
 SECPK1/SECP256k1.h   |  5 ++-
 VC_CUDA10/in.txt     | 21 ++--------
 4 files changed, 184 insertions(+), 32 deletions(-)

diff --git a/Kangaroo.cpp b/Kangaroo.cpp
index f636864..1285a78 100644
--- a/Kangaroo.cpp
+++ b/Kangaroo.cpp
@@ -154,6 +154,43 @@ void Kangaroo::Check(std::vector<int> gpuId,std::vector<int> gridSize) {
   jumpModulo = 128;
   rangePower = 256;
 
+  double t0;
+  double t1;
+  int nbKey = 16384;
+  vector<Point> pts1;
+  vector<Point> pts2;
+  vector<Int> priv;
+
+  for(int i=0;i<nbKey;i++) {
+    Int rnd;
+    rnd.Rand(256);
+    priv.push_back(rnd);
+  }
+
+  t0 = Timer::get_tick();
+  for(int i = 0; i<nbKey; i++)
+    pts1.push_back( secp->ComputePublicKey(&priv[i]) );
+  t1 = Timer::get_tick();
+  ::printf("ComputePublicKey %d : %.3f KKey/s\n",nbKey,(double)nbKey/((t1-t0)*1000.0));
+
+  t0 = Timer::get_tick();
+  pts2 = secp->ComputePublicKeys(priv);
+  t1 = Timer::get_tick();
+  ::printf("ComputePublicKeys %d : %.3f KKey/s\n",nbKey,(double)nbKey / ((t1 - t0)*1000.0));
+
+  bool ok = true;
+  int i = 0;
+  for(;ok && i<nbKey;) {
+    ok = pts1[i].equals(pts2[i]);
+    if(ok) i++;
+  }
+
+  if(!ok) {
+    ::printf("ComputePublicKeys wrong at %d\n",i);
+    ::printf("%s\n",pts1[i].toString().c_str());
+    ::printf("%s\n",pts2[i].toString().c_str());
+  }
+
 #ifdef WITHGPU
 
   // Check gpu
@@ -450,26 +487,62 @@ void Kangaroo::SolveKeyGPU(TH_PARAM *ph) {
     ::printf("SolveKeyGPU Thread GPU#%d: creating kangaroos...\n",ph->gpuId);
   }
 
+  double t0 = Timer::get_tick();
+
   // Create Kangaroos
-  uint64_t nbKangaroo = gpu->GetNbThread() * GPU_GRP_SIZE;
+  uint64_t nbThread = gpu->GetNbThread();
+  uint64_t nbKangaroo = nbThread * GPU_GRP_SIZE;
   px = new Int[nbKangaroo];
   py = new Int[nbKangaroo];
   d = new Int[nbKangaroo];
+  Point rgP = secp->ComputePublicKey(&rangeStart);
+
+  int k = 0;
+  for(uint64_t i = 0; i<nbThread; i++) {
+
+    vector<Int> pk;
+    vector<Point> S;
+    vector<Point> Sp;
+    pk.reserve(GPU_GRP_SIZE);
+    S.reserve(GPU_GRP_SIZE);
+    Sp.reserve(GPU_GRP_SIZE);
+
+    // Choose random starting distance
+    LOCK(ghMutex);
+    for(uint64_t j = 0; j<GPU_GRP_SIZE; j++) {
+      d[i*GPU_GRP_SIZE + j].Rand(rangePower);
+      pk.push_back(d[i*GPU_GRP_SIZE + j]);
+    }
+    UNLOCK(ghMutex);
+
+    // Compute starting pos
+    S = secp->ComputePublicKeys(pk);
+
+    for(uint64_t j = 0; j<GPU_GRP_SIZE; j++) {
+      if(j % 2 == TAME) {
+        Sp.push_back(rgP);
+      } else {
+        Sp.push_back(keyToSearch);
+      }
+    }
+
+    S = secp->AddDirect(Sp,S);
+
+    for(uint64_t j = 0; j<GPU_GRP_SIZE; j++) {
+      px[i*GPU_GRP_SIZE + j].Set(&S[j].x);
+      py[i*GPU_GRP_SIZE + j].Set(&S[j].y);
+    }
 
-  for(int j = 0; j<nbKangaroo; j++) {
-    KANGAROO *K = Create(j % 2);
-    px[j].Set(&K->pos.x);
-    py[j].Set(&K->pos.y);
-    d[j].Set(&K->distance);
-    free(K);
   }
 
   gpu->SetParams(dMask,jumpModulo);
   gpu->SetKangaroos(px,py,d);
   gpu->callKernel();
 
+  double t1 = Timer::get_tick();
+
   if(keyIdx == 0)
-    ::printf("SolveKeyGPU Thread GPU#%d: 2^%.2f kangaroos\n",ph->gpuId,log2((double)nbKangaroo));
+    ::printf("SolveKeyGPU Thread GPU#%d: 2^%.2f kangaroos in %.1fms\n",ph->gpuId,log2((double)nbKangaroo),(t1-t0)*1000.0);
 
   ph->hasStarted = true;
 
@@ -607,7 +680,7 @@ KANGAROO *Kangaroo::Create(int type,bool lock) {
   if( type==TAME ) {
 
     Int pk(&k->distance);
-    pk.Add(&rangeStart);
+    pk.ModAddK1order(&rangeStart);
     k->pos = secp->ComputePublicKey(&pk);
     k->type = TAME;
 
diff --git a/SECPK1/SECP256K1.cpp b/SECPK1/SECP256K1.cpp
index e0d558b..0ef0e2d 100644
--- a/SECPK1/SECP256K1.cpp
+++ b/SECPK1/SECP256K1.cpp
@@ -16,6 +16,7 @@
 */
 
 #include "SECP256k1.h"
+#include "IntGroup.h"
 #include <string.h>
 
 Secp256K1::Secp256K1() {
@@ -55,7 +56,7 @@ void Secp256K1::Init() {
 Secp256K1::~Secp256K1() {
 }
 
-Point Secp256K1::ComputePublicKey(Int *privKey) {
+Point Secp256K1::ComputePublicKey(Int *privKey,bool reduce) {
 
   int i = 0;
   uint8_t b;
@@ -68,8 +69,11 @@ Point Secp256K1::ComputePublicKey(Int *privKey) {
     if(b)
       break;
   }
-  Q = GTable[256 * i + (b-1)];
-  i++;
+
+  if(i<32) {
+    Q = GTable[256 * i + (b-1)];
+    i++;
+  }
 
   for(; i < 32; i++) {
     b = privKey->GetByte(i);
@@ -77,11 +81,38 @@ Point Secp256K1::ComputePublicKey(Int *privKey) {
       Q = Add2(Q, GTable[256 * i + (b-1)]);
   }
 
-  Q.Reduce();
+  if(reduce) Q.Reduce();
   return Q;
 
 }
 
+std::vector<Point> Secp256K1::ComputePublicKeys(std::vector<Int> &privKeys) {
+
+  std::vector<Point> pts;
+  IntGroup grp((int)privKeys.size());
+  Int *inv = new Int[privKeys.size()];
+  pts.reserve(privKeys.size());
+
+  for(int i=0;i<privKeys.size();i++) {
+    Point P = ComputePublicKey(&privKeys[i],false);
+    inv[i].Set(&P.z);
+    pts.push_back(P);
+  }
+
+  grp.Set(inv);
+  grp.ModInv();
+
+  for(int i = 0; i<privKeys.size(); i++) {
+    pts[i].x.ModMulK1(inv + i);
+    pts[i].y.ModMulK1(inv + i);
+    pts[i].z.SetInt32(1);
+  }
+
+  delete inv;
+  return pts;
+
+}
+
 Point Secp256K1::NextKey(Point &key) {
   // Input key must be reduced and different from G
   // in order to use AddDirect
@@ -231,6 +262,66 @@ Point Secp256K1::AddDirect(Point &p1,Point &p2) {
 
 }
 
+std::vector<Point> Secp256K1::AddDirect(std::vector<Point> &p1,std::vector<Point> &p2) {
+
+  if(p1.size()!=p2.size()) {
+    // Fatal error
+    ::printf("Secp256K1::AddDirect: vectors have not the same size\n");
+    exit(-1);
+  }
+
+  // Accept p1=0
+
+  int size = (int)p1.size();
+
+  std::vector<Point> pts;
+  IntGroup grp(size);
+  Int *dx = new Int[size];
+  pts.reserve(size);
+
+  Int _s;
+  Int _p;
+  Int dy;
+  Point r;
+
+  // Compute DX
+  for(int i=0;i<size;i++) {
+    dx[i].ModSub(&p2[i].x,&p1[i].x);
+  }
+  grp.Set(dx);
+  grp.ModInv();
+
+  for(int i = 0; i<size; i++) {
+
+    if(p1[i].x.IsZero()) {
+
+      pts.push_back(p2[i]);
+
+    } else {
+
+      dy.ModSub(&p2[i].y,&p1[i].y);
+      _s.ModMulK1(&dy,&dx[i]);     // s = (p2.y-p1.y)*inverse(p2.x-p1.x);
+
+      _p.ModSquareK1(&_s);       // _p = pow2(s)
+
+      r.x.ModSub(&_p,&p1[i].x);
+      r.x.ModSub(&p2[i].x);       // rx = pow2(s) - p1.x - p2.x;
+
+      r.y.ModSub(&p2[i].x,&r.x);
+      r.y.ModMulK1(&_s);
+      r.y.ModSub(&p2[i].y);       // ry = - p2.y - s*(ret.x-p2.x);  
+
+      pts.push_back(r);
+
+    }
+
+  }
+
+  delete dx;
+  return pts;
+
+}
+
 Point Secp256K1::Add2(Point &p1, Point &p2) {
 
   // P2.z = 1
diff --git a/SECPK1/SECP256k1.h b/SECPK1/SECP256k1.h
index c95fd14..4fff57a 100644
--- a/SECPK1/SECP256k1.h
+++ b/SECPK1/SECP256k1.h
@@ -29,7 +29,8 @@ class Secp256K1 {
   Secp256K1();
   ~Secp256K1();
   void  Init();
-  Point ComputePublicKey(Int *privKey);
+  Point ComputePublicKey(Int *privKey,bool reduce=true);
+  std::vector<Point> ComputePublicKeys(std::vector<Int> &privKeys);
   Point NextKey(Point &key);
   bool  EC(Point &p);
 
@@ -42,6 +43,8 @@ class Secp256K1 {
   Point Double(Point &p);
   Point DoubleDirect(Point &p);
 
+  std::vector<Point> AddDirect(std::vector<Point> &p1,std::vector<Point> &p2);
+
   Point G;                 // Generator
   Int   order;             // Curve order
 
diff --git a/VC_CUDA10/in.txt b/VC_CUDA10/in.txt
index 0028c13..0c57d9a 100644
--- a/VC_CUDA10/in.txt
+++ b/VC_CUDA10/in.txt
@@ -1,18 +1,3 @@
-49dccfd96dc5df56487436f5a1b18c4f5d34f65ddb48cb5e0000000000000000
-49dccfd96dc5df56487436f5a1b18c4f5d34f65ddb48cb5effffffffffffffff
-0459A3BFDAD718C9D3FAC7C187F1139F0815AC5D923910D516E186AFDA28B221DC994327554CED887AAE5D211A2407CDD025CFC3779ECB9C9D7F2F1A1DDF3E9FF8
-04A50FBBB20757CC0E9C41C49DD9DF261646EE7936272F3F68C740C9DA50D42BCD3E48440249D6BC78BC928AA52B1921E9690EBA823CBC7F3AF54B3707E6A73F34
-0404A49211C0FE07C9F7C94695996F8826E09545375A3CF9677F2D780A3EB70DE3BD05357CAF8340CB041B1D46C5BB6B88CD9859A083B0804EF63D498B29D31DD1
-040B39E3F26AF294502A5BE708BB87AEDD9F895868011E60C1D2ABFCA202CD7A4D1D18283AF49556CF33E1EA71A16B2D0E31EE7179D88BE7F6AA0A7C5498E5D97F
-04837A31977A73A630C436E680915934A58B8C76EB9B57A42C3C717689BE8C0493E46726DE04352832790FD1C99D9DDC2EE8A96E50CAD4DCC3AF1BFB82D51F2494
-040ECDB6359D41D2FD37628C718DDA9BE30E65801A88A00C3C5BDF36E7EE6ADBBAD71A2A535FCB54D56913E7F37D8103BA33ED6441D019D0922AC363FCC792C29A
-0422DD52FCFA3A4384F0AFF199D019E481D335923D8C00BADAD42FFFC80AF8FCF038F139D652842243FC841E7C5B3E477D901F88C5AB0B88EE13D80080E413F2ED
-04DB4F1B249406B8BD662F78CBA46F5E90E20FE27FC69D0FBAA2F06E6E50E536695DF83B68FD0F396BB9BFCF6D4FE312F32A43CF3FA1FE0F81DF70C877593B64E0
-043BD0330D7381917F8860F1949ACBCCFDC7863422EEE2B6DB7EDD551850196687528B6D2BC0AA7A5855D168B26C6BAF9DDCD04B585D42C7B9913F60421716D37A
-04332A02CA42C481EAADB7ADB97DF89033B23EA291FDA809BEA3CE5C3B73B20C49C410D1AD42A9247EB8FF217935C9E28411A08B325FBF28CC2AF8182CE2B5CE38
-04513981849DE1A1327DEF34B51F5011C5070603CA22E6D868263CB7C908525F0C19EBA6BD2A8DCF651E4342512EDEACB6EA22DA323A194E25C6A1614ABD259BC0
-04D4E6FA664BD75A508C0FF0ED6F2C52DA2ADD7C3F954D9C346D24318DBD2ECFC6805511F46262E10A25F252FD525AF1CBCC46016B6CD0A7705037364309198DA1
-0456B468963752924DBF56112633DC57F07C512E3671A16CD7375C58469164599D1E04011D3E9004466C814B144A9BCB7E47D5BACA1B90DA0C4752603781BF5873
-04D5BE7C653773CEE06A238020E953CFCD0F22BE2D045C6E5B4388A3F11B4586CBB4B177DFFD111F6A15A453009B568E95798B0227B60D8BEAC98AF671F31B0E2B
-04B1985389D8AB680DEDD67BBA7CA781D1A9E6E5974AAD2E70518125BAD5783EB5355F46E927A030DB14CF8D3940C1BED7FB80624B32B349AB5A05226AF15A2228
-0455B95BEF84A6045A505D015EF15E136E0A31CC2AA00FA4BCA62E5DF215EE981B3B4D6BCE33718DC6CF59F28B550648D7E8B2796AC36F25FF0C01F8BC42A16FD9
\ No newline at end of file
+25FEEE926526B0B4F0085358DF14702F7F6F04E8EC2200000000000000000000
+25FEEE926526B0B4F0085358DF14702F7F6F04E8EC22FFFFFFFFFFFFFFFFFFFF
+02E9CE716922FFB1CC2306E55D4E5A4F4A9B9D050E4ABB3EB95B246E7998A2508D
\ No newline at end of file