diff --git a/Makefile.am b/Makefile.am index 65e87ea10..b86bf3f47 100644 --- a/Makefile.am +++ b/Makefile.am @@ -52,6 +52,7 @@ cpuminer_SOURCES = \ crypto/hash.c \ crypto/aesb.c \ lyra2/Lyra2.c lyra2/Sponge.c \ + lyra2/Lyra2-xzc.c \ yescrypt/yescrypt-common.c yescrypt/yescrypt-best.c \ yescrypt/sha256_Y.c \ algo/allium.c \ @@ -75,6 +76,7 @@ cpuminer_SOURCES = \ algo/luffa.c \ algo/lyra2re.c \ algo/lyra2rev2.c \ + algo/lyra2z.c \ algo/myr-groestl.c \ algo/keccak.c \ algo/pentablake.c \ diff --git a/algo/lyra2z.c b/algo/lyra2z.c new file mode 100644 index 000000000..bb63ead33 --- /dev/null +++ b/algo/lyra2z.c @@ -0,0 +1,85 @@ +#include +//#include + +#include "sha3/sph_blake.h" + +#include "lyra2/Lyra2-xzc.h" + +#include "miner.h" + +void lyra2z_hash(uint64_t* wholeMatrix, void *state, const void *input) +{ +#ifdef VERBOSE_HASH_TIMING + struct timespec spec; + clock_gettime(CLOCK_REALTIME, &spec); + double start = spec.tv_sec + spec.tv_nsec / 1.0e9; +#endif + + sph_blake256_context ctx_blake; + + uint32_t hashA[8], hashB[8]; + + sph_blake256_init(&ctx_blake); + sph_blake256(&ctx_blake, input, 80); + sph_blake256_close(&ctx_blake, hashA); + +// LYRA2(0, hashB, 32, hashA, 32, hashA, 32, 2, 8, 8); + + //LYRA2(wholeMatrix, hashB, 32, hashA, 32, hashA, 32, 8, 8, 8); + LYRA2_XZC(wholeMatrix, hashB, 32, hashA, 32, hashA, 32, 8, 8, 8); + +#ifdef VERBOSE_HASH_TIMING + if (hash[0] % 32 == 0) { + clock_gettime(CLOCK_REALTIME, &spec); + double end = spec.tv_sec + spec.tv_nsec / 1.0e9; + printf("Hash time: %f ms\n", (end - start) * 1000); + } +#endif + + memcpy(state, hashB, 32); +} + +int scanhash_lyra2z(int thr_id, struct work *work, uint32_t max_nonce, uint64_t *hashes_done) +{ + + size_t size = (int64_t) ((int64_t) 16 * 16 * 96); + //uint64_t *wholeMatrix = _mm_malloc(size, 64); + uint64_t _ALIGN(64) wholeMatrix[24580] = {0}; + + uint32_t _ALIGN(128) hash[8]; + uint32_t _ALIGN(128) endiandata[20]; + uint32_t *pdata = work->data; + uint32_t *ptarget = work->target; + + const uint32_t Htarg = ptarget[7]; + const uint32_t first_nonce = pdata[19]; + uint32_t nonce = first_nonce; + + if (opt_benchmark) + ptarget[7] = 0x0000ff; + + for (int i=0; i < 19; i++) { + be32enc(&endiandata[i], pdata[i]); + } + + do { + be32enc(&endiandata[19], nonce); + lyra2z_hash(wholeMatrix, hash, endiandata); +// lyra2z_hash(0, hash, endiandata); + + if (hash[7] <= Htarg && fulltest(hash, ptarget)) { + work_set_target_ratio(work, hash); + pdata[19] = nonce; + *hashes_done = pdata[19] - first_nonce; + //_mm_free(wholeMatrix); + return 1; + } + nonce++; + + } while (nonce < max_nonce && !work_restart[thr_id].restart); + + pdata[19] = nonce; + *hashes_done = pdata[19] - first_nonce + 1; + //_mm_free(wholeMatrix); + return 0; +} diff --git a/cpu-miner.c b/cpu-miner.c index 1e41e2adf..a203da458 100644 --- a/cpu-miner.c +++ b/cpu-miner.c @@ -102,6 +102,7 @@ enum algos { ALGO_LUFFA, /* Luffa (Joincoin, Doom) */ ALGO_LYRA2, /* Lyra2RE */ ALGO_LYRA2REV2, /* Lyra2REv2 (Vertcoin) */ + ALGO_LYRA2Z, /* Lyra2Z */ ALGO_MYR_GR, /* Myriad Groestl */ ALGO_NIST5, /* Nist5 */ ALGO_PENTABLAKE, /* Pentablake */ @@ -162,6 +163,7 @@ static const char *algo_names[] = { "luffa", "lyra2re", "lyra2rev2", + "lyra2z", "myr-gr", "nist5", "pentablake", @@ -320,6 +322,7 @@ Options:\n\ luffa Luffa\n\ lyra2re Lyra2RE\n\ lyra2rev2 Lyra2REv2 (Vertcoin)\n\ + lyra2z Lyra2z\n\ myr-gr Myriad-Groestl\n\ neoscrypt NeoScrypt(128, 2, 1)\n\ nist5 Nist5\n\ @@ -1828,6 +1831,7 @@ static void stratum_gen_work(struct stratum_ctx *sctx, struct work *work) break; case ALGO_KECCAK: case ALGO_LYRA2: + case ALGO_LYRA2Z: work_set_target(work, sctx->job.diff / (128.0 * opt_diff_factor)); break; default: @@ -2148,6 +2152,7 @@ static void *miner_thread(void *userdata) case ALGO_ALLIUM: case ALGO_LYRA2: case ALGO_LYRA2REV2: + case ALGO_LYRA2Z: case ALGO_TIMETRAVEL: case ALGO_BITCORE: case ALGO_XEVAN: @@ -2275,6 +2280,9 @@ static void *miner_thread(void *userdata) case ALGO_LYRA2REV2: rc = scanhash_lyra2rev2(thr_id, &work, max_nonce, &hashes_done); break; + case ALGO_LYRA2Z: + rc = scanhash_lyra2z(thr_id, &work, max_nonce, &hashes_done); + break; case ALGO_MYR_GR: rc = scanhash_myriad(thr_id, &work, max_nonce, &hashes_done); break; @@ -2892,6 +2900,8 @@ void parse_arg(int key, char *arg) i = opt_algo = ALGO_LYRA2; else if (!strcasecmp("lyra2v2", arg)) i = opt_algo = ALGO_LYRA2REV2; + else if (!strcasecmp("lyra2z", arg)) + i = opt_algo = ALGO_LYRA2Z; else if (!strcasecmp("scryptjane", arg)) i = opt_algo = ALGO_SCRYPTJANE; else if (!strcasecmp("sibcoin", arg)) diff --git a/cpuminer.vcxproj b/cpuminer.vcxproj index 2fa5dbfc0..175c1a6e7 100644 --- a/cpuminer.vcxproj +++ b/cpuminer.vcxproj @@ -166,6 +166,7 @@ + @@ -184,6 +185,7 @@ Full + @@ -399,4 +401,4 @@ - + \ No newline at end of file diff --git a/cpuminer.vcxproj.filters b/cpuminer.vcxproj.filters index 329a43077..11c8ed499 100644 --- a/cpuminer.vcxproj.filters +++ b/cpuminer.vcxproj.filters @@ -345,6 +345,12 @@ yescrypt + + algo + + + algo + @@ -611,4 +617,4 @@ res - + \ No newline at end of file diff --git a/lyra2/Lyra2-xzc.c b/lyra2/Lyra2-xzc.c new file mode 100644 index 000000000..a36fc4afe --- /dev/null +++ b/lyra2/Lyra2-xzc.c @@ -0,0 +1,197 @@ +/** + * Implementation of the Lyra2 Password Hashing Scheme (PHS). + * + * Author: The Lyra PHC team (http://www.lyra-kdf.net/) -- 2014. + * + * This software is hereby placed in the public domain. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR + * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE + * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, + * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#include +#include +#include +#include +//#include +//#include +#include "Lyra2-xzc.h" +#include "Sponge.h" + +/** + * Executes Lyra2 based on the G function from Blake2b. This version supports salts and passwords + * whose combined length is smaller than the size of the memory matrix, (i.e., (nRows x nCols x b) bits, + * where "b" is the underlying sponge's bitrate). In this implementation, the "basil" is composed by all + * integer parameters (treated as type "unsigned int") in the order they are provided, plus the value + * of nCols, (i.e., basil = kLen || pwdlen || saltlen || timeCost || nRows || nCols). + * + * @param K The derived key to be output by the algorithm + * @param kLen Desired key length + * @param pwd User password + * @param pwdlen Password length + * @param salt Salt + * @param saltlen Salt length + * @param timeCost Parameter to determine the processing time (T) + * @param nRows Number or rows of the memory matrix (R) + * @param nCols Number of columns of the memory matrix (C) + * + * @return 0 if the key is generated correctly; -1 if there is an error (usually due to lack of memory for allocation) + */ +int LYRA2_XZC(uint64_t* wholeMatrix, void *K, uint64_t kLen, const void *pwd, uint64_t pwdlen, const void *salt, uint64_t saltlen, uint64_t timeCost, uint64_t nRows, uint64_t nCols) { + + //============================= Basic variables ============================// + int64_t row = 2; //index of row to be processed + int64_t prev = 1; //index of prev (last row ever computed/modified) + int64_t rowa = 0; //index of row* (a previous row, deterministically picked during Setup and randomly picked while Wandering) + int64_t tau; //Time Loop iterator + int64_t step = 1; //Visitation step (used during Setup and Wandering phases) + int64_t window = 2; //Visitation window (used to define which rows can be revisited during Setup) + int64_t gap = 1; //Modifier to the step, assuming the values 1 or -1 + //==========================================================================/ + + //========== Initializing the Memory Matrix and pointers to it =============// + //Tries to allocate enough space for the whole memory matrix + + + const int64_t ROW_LEN_INT64 = BLOCK_LEN_INT64 * nCols; + const int64_t ROW_LEN_BYTES = ROW_LEN_INT64 * 8; + + if (wholeMatrix == NULL) { + return -1; + } + + //==========================================================================/ + + //============= Getting the password + salt + basil padded with 10*1 ===============// + //OBS.:The memory matrix will temporarily hold the password: not for saving memory, + //but this ensures that the password copied locally will be overwritten as soon as possible + + //First, we clean enough blocks for the password, salt, basil and padding + uint64_t nBlocksInput = ((saltlen + pwdlen + 6 * sizeof (uint64_t)) / BLOCK_LEN_BLAKE2_SAFE_BYTES) + 1; + byte *ptrByte = (byte*) wholeMatrix; + memset(ptrByte, 0, nBlocksInput * BLOCK_LEN_BLAKE2_SAFE_BYTES); + + //Prepends the password + memcpy(ptrByte, pwd, pwdlen); + ptrByte += pwdlen; + + //Concatenates the salt + memcpy(ptrByte, salt, saltlen); + ptrByte += saltlen; + + //Concatenates the basil: every integer passed as parameter, in the order they are provided by the interface + memcpy(ptrByte, &kLen, sizeof (uint64_t)); + ptrByte += sizeof (uint64_t); + memcpy(ptrByte, &pwdlen, sizeof (uint64_t)); + ptrByte += sizeof (uint64_t); + memcpy(ptrByte, &saltlen, sizeof (uint64_t)); + ptrByte += sizeof (uint64_t); + memcpy(ptrByte, &timeCost, sizeof (uint64_t)); + ptrByte += sizeof (uint64_t); + memcpy(ptrByte, &nRows, sizeof (uint64_t)); + ptrByte += sizeof (uint64_t); + memcpy(ptrByte, &nCols, sizeof (uint64_t)); + ptrByte += sizeof (uint64_t); + + //Now comes the padding + *ptrByte = 0x80; //first byte of padding: right after the password + ptrByte = (byte*) wholeMatrix; //resets the pointer to the start of the memory matrix + ptrByte += nBlocksInput * BLOCK_LEN_BLAKE2_SAFE_BYTES - 1; //sets the pointer to the correct position: end of incomplete block + *ptrByte ^= 0x01; //last byte of padding: at the end of the last incomplete block + //==========================================================================/ + + //======================= Initializing the Sponge State ====================// + //Sponge state: 16 uint64_t, BLOCK_LEN_INT64 words of them for the bitrate (b) and the remainder for the capacity (c) + //uint64_t *state = _mm_malloc(16 * sizeof (uint64_t), 32); + uint64_t *state = malloc(16 * sizeof (uint64_t) + sizeof(uint64_t) * 4); + if (state == NULL) { + return -1; + } + initState(state); + //==========================================================================/ + + //================================ Setup Phase =============================// + //Absorbing salt, password and basil: this is the only place in which the block length is hard-coded to 512 bits + uint64_t *ptrWord = wholeMatrix; + for (int i = 0; i < nBlocksInput; i++) { + absorbBlockBlake2Safe(state, ptrWord); //absorbs each block of pad(pwd || salt || basil) + ptrWord += BLOCK_LEN_BLAKE2_SAFE_INT64; //goes to next block of pad(pwd || salt || basil) + } + + //Initializes M[0] and M[1] + reducedSqueezeRow0(state, &wholeMatrix[0], nCols); //The locally copied password is most likely overwritten here + reducedDuplexRow1(state, &wholeMatrix[0], &wholeMatrix[ROW_LEN_INT64], nCols); + + do { + //M[row] = rand; //M[row*] = M[row*] XOR rotW(rand) + reducedDuplexRowSetup(state, &wholeMatrix[prev*ROW_LEN_INT64], &wholeMatrix[rowa*ROW_LEN_INT64], &wholeMatrix[row*ROW_LEN_INT64], nCols); + + //updates the value of row* (deterministically picked during Setup)) + rowa = (rowa + step) & (window - 1); + //update prev: it now points to the last row ever computed + prev = row; + //updates row: goes to the next row to be computed + row++; + + //Checks if all rows in the window where visited. + if (rowa == 0) { + step = window + gap; //changes the step: approximately doubles its value + window *= 2; //doubles the size of the re-visitation window + gap = -gap; //inverts the modifier to the step + } + + } while (row < nRows); + //==========================================================================/ + + //============================ Wandering Phase =============================// + row = 0; //Resets the visitation to the first row of the memory matrix + for (tau = 1; tau <= timeCost; tau++) { + //Step is approximately half the number of all rows of the memory matrix for an odd tau; otherwise, it is -1 + step = (tau % 2 == 0) ? -1 : nRows / 2 - 1; + do { + //Selects a pseudorandom index row* + //------------------------------------------------------------------------------------------ + //rowa = ((unsigned int)state[0]) & (nRows-1); //(USE THIS IF nRows IS A POWER OF 2) + rowa = ((uint64_t) (state[0])) % nRows; //(USE THIS FOR THE "GENERIC" CASE) + //------------------------------------------------------------------------------------------ + + //Performs a reduced-round duplexing operation over M[row*] XOR M[prev], updating both M[row*] and M[row] + reducedDuplexRow(state, &wholeMatrix[prev*ROW_LEN_INT64], &wholeMatrix[rowa*ROW_LEN_INT64], &wholeMatrix[row*ROW_LEN_INT64], nCols); + + //update prev: it now points to the last row ever computed + prev = row; + + //updates row: goes to the next row to be computed + //------------------------------------------------------------------------------------------ + //row = (row + step) & (nRows-1); //(USE THIS IF nRows IS A POWER OF 2) + row = (row + step) % nRows; //(USE THIS FOR THE "GENERIC" CASE) + //------------------------------------------------------------------------------------------ + + } while (row != 0); + } + //==========================================================================/ + + //============================ Wrap-up Phase ===============================// + //Absorbs the last block of the memory matrix + absorbBlock(state, &wholeMatrix[rowa*ROW_LEN_INT64]); + + //Squeezes the key + squeeze(state, K, kLen); + //==========================================================================/ + + //========================= Freeing the memory =============================// + //_mm_free(state); + free(state); + //==========================================================================/ + + return 0; +} + diff --git a/lyra2/Lyra2-xzc.h b/lyra2/Lyra2-xzc.h new file mode 100644 index 000000000..0b4593c83 --- /dev/null +++ b/lyra2/Lyra2-xzc.h @@ -0,0 +1,51 @@ +/** + * Header file for the Lyra2 Password Hashing Scheme (PHS). + * + * Author: The Lyra PHC team (http://www.lyra-kdf.net/) -- 2014. + * + * This software is hereby placed in the public domain. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS + * OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED + * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE + * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR + * BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + * WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE + * OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, + * EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + */ +#ifndef LYRA2_XZC_H_ +#define LYRA2_XZC_H_ + +#include + +typedef unsigned char byte; + +//Block length required so Blake2's Initialization Vector (IV) is not overwritten (THIS SHOULD NOT BE MODIFIED) +#define BLOCK_LEN_BLAKE2_SAFE_INT64 8 //512 bits (=64 bytes, =8 uint64_t) +#define BLOCK_LEN_BLAKE2_SAFE_BYTES (BLOCK_LEN_BLAKE2_SAFE_INT64 * 8) //same as above, in bytes + + +#ifdef BLOCK_LEN_BITS + #define BLOCK_LEN_INT64 (BLOCK_LEN_BITS/64) //Block length: 768 bits (=96 bytes, =12 uint64_t) + #define BLOCK_LEN_BYTES (BLOCK_LEN_BITS/8) //Block length, in bytes +#else //default block lenght: 768 bits + #define BLOCK_LEN_INT64 12 //Block length: 768 bits (=96 bytes, =12 uint64_t) + #define BLOCK_LEN_BYTES (BLOCK_LEN_INT64 * 8) //Block length, in bytes +#endif + +#ifdef __cplusplus +extern "C" { +#endif + + int LYRA2_XZC(uint64_t* matrix, void *K, uint64_t kLen, const void *pwd, uint64_t pwdlen, const void *salt, uint64_t saltlen, uint64_t timeCost, uint64_t nRows, uint64_t nCols); + +#ifdef __cplusplus +} + +#endif + +#endif /* LYRA2_XZC_H_ */ diff --git a/miner.h b/miner.h index bab7581fe..c0201bcce 100644 --- a/miner.h +++ b/miner.h @@ -219,6 +219,7 @@ int scanhash_jha(int thr_id, struct work *work, uint32_t max_nonce, uint64_t *ha int scanhash_lbry(int thr_id, struct work *work, uint32_t max_nonce, uint64_t *hashes_done); int scanhash_luffa(int thr_id, struct work *work, uint32_t max_nonce, uint64_t *hashes_done); int scanhash_lyra2(int thr_id, struct work *work, uint32_t max_nonce, uint64_t *hashes_done); +int scanhash_lyra2z(int thr_id, struct work *work, uint32_t max_nonce, uint64_t *hashes_done); int scanhash_lyra2rev2(int thr_id, struct work *work, uint32_t max_nonce, uint64_t *hashes_done); int scanhash_myriad(int thr_id, struct work *work, uint32_t max_nonce, uint64_t *hashes_done); int scanhash_neoscrypt(int thr_id, struct work *work, uint32_t max_nonce, uint64_t *hashes_done, uint32_t profile);