Skip to content

Commit

Permalink
perf: using non-native Eval for curve arithmetic (#1331)
Browse files Browse the repository at this point in the history
  • Loading branch information
@yelhousni
yelhousni authored Dec 4, 2024
1 parent 92b9823 commit 1ef9953
Show file tree
Hide file tree
Showing 8 changed files with 84 additions and 221 deletions.
16 changes: 8 additions & 8 deletions internal/stats/latest_stats.csv
View file
Original file line number Diff line number Diff line change
Expand Up @@ -195,56 +195,56 @@ pairing_bn254,bls24_315,plonk,0,0
pairing_bn254,bls24_317,plonk,0,0
pairing_bn254,bw6_761,plonk,0,0
pairing_bn254,bw6_633,plonk,0,0
pairing_bw6761,bn254,groth16,1794795,3003881
pairing_bw6761,bn254,groth16,1782130,2981326
pairing_bw6761,bls12_377,groth16,0,0
pairing_bw6761,bls12_381,groth16,0,0
pairing_bw6761,bls24_315,groth16,0,0
pairing_bw6761,bls24_317,groth16,0,0
pairing_bw6761,bw6_761,groth16,0,0
pairing_bw6761,bw6_633,groth16,0,0
pairing_bw6761,bn254,plonk,6779434,6155114
pairing_bw6761,bn254,plonk,6696994,6075840
pairing_bw6761,bls12_377,plonk,0,0
pairing_bw6761,bls12_381,plonk,0,0
pairing_bw6761,bls24_315,plonk,0,0
pairing_bw6761,bls24_317,plonk,0,0
pairing_bw6761,bw6_761,plonk,0,0
pairing_bw6761,bw6_633,plonk,0,0
scalar_mul_G1_bn254,bn254,groth16,69013,108022
scalar_mul_G1_bn254,bn254,groth16,59287,91432
scalar_mul_G1_bn254,bls12_377,groth16,0,0
scalar_mul_G1_bn254,bls12_381,groth16,0,0
scalar_mul_G1_bn254,bls24_315,groth16,0,0
scalar_mul_G1_bn254,bls24_317,groth16,0,0
scalar_mul_G1_bn254,bw6_761,groth16,0,0
scalar_mul_G1_bn254,bw6_633,groth16,0,0
scalar_mul_G1_bn254,bn254,plonk,260289,244439
scalar_mul_G1_bn254,bn254,plonk,220730,207236
scalar_mul_G1_bn254,bls12_377,plonk,0,0
scalar_mul_G1_bn254,bls12_381,plonk,0,0
scalar_mul_G1_bn254,bls24_315,plonk,0,0
scalar_mul_G1_bn254,bls24_317,plonk,0,0
scalar_mul_G1_bn254,bw6_761,plonk,0,0
scalar_mul_G1_bn254,bw6_633,plonk,0,0
scalar_mul_P256,bn254,groth16,93170,148354
scalar_mul_P256,bn254,groth16,78854,124732
scalar_mul_P256,bls12_377,groth16,0,0
scalar_mul_P256,bls12_381,groth16,0,0
scalar_mul_P256,bls24_315,groth16,0,0
scalar_mul_P256,bls24_317,groth16,0,0
scalar_mul_P256,bw6_761,groth16,0,0
scalar_mul_P256,bw6_633,groth16,0,0
scalar_mul_P256,bn254,plonk,355345,331788
scalar_mul_P256,bn254,plonk,294014,274427
scalar_mul_P256,bls12_377,plonk,0,0
scalar_mul_P256,bls12_381,plonk,0,0
scalar_mul_P256,bls24_315,plonk,0,0
scalar_mul_P256,bls24_317,plonk,0,0
scalar_mul_P256,bw6_761,plonk,0,0
scalar_mul_P256,bw6_633,plonk,0,0
scalar_mul_secp256k1,bn254,groth16,69860,109339
scalar_mul_secp256k1,bn254,groth16,60025,92562
scalar_mul_secp256k1,bls12_377,groth16,0,0
scalar_mul_secp256k1,bls12_381,groth16,0,0
scalar_mul_secp256k1,bls24_315,groth16,0,0
scalar_mul_secp256k1,bls24_317,groth16,0,0
scalar_mul_secp256k1,bw6_761,groth16,0,0
scalar_mul_secp256k1,bw6_633,groth16,0,0
scalar_mul_secp256k1,bn254,plonk,263180,247131
scalar_mul_secp256k1,bn254,plonk,223490,209823
scalar_mul_secp256k1,bls12_377,plonk,0,0
scalar_mul_secp256k1,bls12_381,plonk,0,0
scalar_mul_secp256k1,bls24_315,plonk,0,0
Expand Down
18 changes: 0 additions & 18 deletions std/algebra/emulated/fields_bw6761/e6.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -136,24 +136,6 @@ func (e Ext6) Double(x *E6) *E6 {
}
}

func (e Ext6) MulByElement(x *E6, y *baseEl) *E6 {
a0 := e.fp.Mul(&x.A0, y)
a1 := e.fp.Mul(&x.A1, y)
a2 := e.fp.Mul(&x.A2, y)
a3 := e.fp.Mul(&x.A3, y)
a4 := e.fp.Mul(&x.A4, y)
a5 := e.fp.Mul(&x.A5, y)
z := &E6{
A0: *a0,
A1: *a1,
A2: *a2,
A3: *a3,
A4: *a4,
A5: *a5,
}
return z
}

func (e Ext6) MulByConstElement(x *E6, y *big.Int) *E6 {
a0 := e.fp.MulConst(&x.A0, y)
a1 := e.fp.MulConst(&x.A1, y)
Expand Down
2 changes: 1 addition & 1 deletion std/algebra/emulated/fields_bw6761/e6_pairing.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -253,7 +253,7 @@ func (e Ext6) mul023by023Direct(d0, d1, c0, c1 *baseEl) [5]*baseEl {
// c3 = d0 + c0
z3 := e.fp.Add(d0, c0)
// c4 = d1c1
z4 := e.fp.Eval([][]*baseEl{{d1, c1}}, []int{1})
z4 := e.fp.Mul(d1, c1)
// c5 = d1 + c1,
z5 := e.fp.Add(d1, c1)

Expand Down
48 changes: 16 additions & 32 deletions std/algebra/emulated/sw_bw6761/g1.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -72,14 +72,11 @@ func (g1 *G1) double(p *G1Affine) *G1Affine {
λ := g1.curveF.Div(xx3a, y1)

// xr = λ²-2p.x
x1 := g1.curveF.MulConst(&p.X, big.NewInt(2))
λλ := g1.curveF.Mul(λ, λ)
xr := g1.curveF.Sub(λλ, x1)
mone := g1.curveF.NewElement(-1)
xr := g1.curveF.Eval([][]*baseEl{{λ, λ}, {mone, &p.X}}, []int{1, 2})

// yr = λ(p-xr) - p.y
pxrx := g1.curveF.Sub(&p.X, xr)
λpxrx := g1.curveF.Mul(λ, pxrx)
yr := g1.curveF.Sub(λpxrx, &p.Y)
// yr = λ(p.x-xr) - p.y
yr := g1.curveF.Eval([][]*baseEl{{λ, &p.X}, {mone, λ, xr}, {mone, &p.Y}}, []int{1, 1, 1})

return &G1Affine{
X: *xr,
Expand All @@ -102,14 +99,11 @@ func (g1 G1) add(p, q *G1Affine) *G1Affine {
λ := g1.curveF.Div(qypy, qxpx)

// xr = λ²-p.x-q.x
λλ := g1.curveF.Mul(λ, λ)
qxpx = g1.curveF.Add(&p.X, &q.X)
xr := g1.curveF.Sub(λλ, qxpx)
mone := g1.curveF.NewElement(-1)
xr := g1.curveF.Eval([][]*baseEl{{λ, λ}, {mone, &p.X}, {mone, &q.X}}, []int{1, 1, 1})

// p.y = λ(p.x-r.x) - p.y
pxrx := g1.curveF.Sub(&p.X, xr)
λpxrx := g1.curveF.Mul(λ, pxrx)
yr := g1.curveF.Sub(λpxrx, &p.Y)
yr := g1.curveF.Eval([][]*baseEl{{λ, &p.X}, {mone, λ, xr}, {mone, &p.Y}}, []int{1, 1, 1})

return &G1Affine{
X: *xr,
Expand Down Expand Up @@ -138,10 +132,9 @@ func (g1 G1) doubleAndAdd(p, q *G1Affine) *G1Affine {
xqxp := g1.curveF.Sub(&q.X, &p.X)
λ1 := g1.curveF.Div(yqyp, xqxp)

// compute x1 = λ1²-p.x-q.x
λ1λ1 := g1.curveF.Mul(λ1, λ1)
xqxp = g1.curveF.Add(&p.X, &q.X)
x2 := g1.curveF.Sub(λ1λ1, xqxp)
// compute x2 = λ1²-p.x-q.x
mone := g1.curveF.NewElement(-1)
x2 := g1.curveF.Eval([][]*baseEl{{λ1, λ1}, {mone, &p.X}, {mone, &q.X}}, []int{1, 1, 1})

// omit y1 computation
// compute λ1 = -λ1-1*p.y/(x1-p.x)
Expand All @@ -152,14 +145,10 @@ func (g1 G1) doubleAndAdd(p, q *G1Affine) *G1Affine {
λ2 = g1.curveF.Neg(λ2)

// compute x3 =λ2²-p.x-x3
λ2λ2 := g1.curveF.Mul(λ2, λ2)
x3 := g1.curveF.Sub(λ2λ2, &p.X)
x3 = g1.curveF.Sub(x3, x2)
x3 := g1.curveF.Eval([][]*baseEl{{λ2, λ2}, {mone, &p.X}, {mone, x2}}, []int{1, 1, 1})

// compute y3 = λ2*(p.x - x3)-p.y
y3 := g1.curveF.Sub(&p.X, x3)
y3 = g1.curveF.Mul(λ2, y3)
y3 = g1.curveF.Sub(y3, &p.Y)
y3 := g1.curveF.Eval([][]*baseEl{{λ2, &p.X}, {mone, λ2, x3}, {mone, &p.Y}}, []int{1, 1, 1})

return &G1Affine{
X: *x3,
Expand All @@ -176,9 +165,8 @@ func (g1 G1) triple(p *G1Affine) *G1Affine {
λ1 := g1.curveF.Div(xx, y2)

// xr = λ²-2p.x
x2 := g1.curveF.MulConst(&p.X, big.NewInt(2))
λ1λ1 := g1.curveF.Mul(λ1, λ1)
x2 = g1.curveF.Sub(λ1λ1, x2)
mone := g1.curveF.NewElement(-1)
x2 := g1.curveF.Eval([][]*baseEl{{λ1, λ1}, {mone, &p.X}}, []int{1, 2})

// omit y2 computation, and
// compute λ2 = 2p.y/(x2 − p.x) − λ1.
Expand All @@ -187,14 +175,10 @@ func (g1 G1) triple(p *G1Affine) *G1Affine {
λ2 = g1.curveF.Sub(λ2, λ1)

// xr = λ²-p.x-x2
λ2λ2 := g1.curveF.Mul(λ2, λ2)
qxrx := g1.curveF.Add(x2, &p.X)
xr := g1.curveF.Sub(λ2λ2, qxrx)
xr := g1.curveF.Eval([][]*baseEl{{λ2, λ2}, {mone, &p.X}, {mone, x2}}, []int{1, 1, 1})

// yr = λ(p.x-xr) - p.y
pxrx := g1.curveF.Sub(&p.X, xr)
λ2pxrx := g1.curveF.Mul(λ2, pxrx)
yr := g1.curveF.Sub(λ2pxrx, &p.Y)
yr := g1.curveF.Eval([][]*baseEl{{λ2, &p.X}, {mone, λ2, xr}, {mone, &p.Y}}, []int{1, 1, 1})

return &G1Affine{
X: *xr,
Expand Down
46 changes: 15 additions & 31 deletions std/algebra/emulated/sw_bw6761/g2.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -110,14 +110,11 @@ func (g2 G2) add(p, q *G2Affine) *G2Affine {
λ := g2.curveF.Div(qypy, qxpx)

// xr = λ²-p.x-q.x
λλ := g2.curveF.Mul(λ, λ)
qxpx = g2.curveF.Add(&p.P.X, &q.P.X)
xr := g2.curveF.Sub(λλ, qxpx)
mone := g2.curveF.NewElement(-1)
xr := g2.curveF.Eval([][]*baseEl{{λ, λ}, {mone, &p.P.X}, {mone, &q.P.X}}, []int{1, 1, 1})

// p.y = λ(p.x-r.x) - p.y
pxrx := g2.curveF.Sub(&p.P.X, xr)
λpxrx := g2.curveF.Mul(λ, pxrx)
yr := g2.curveF.Sub(λpxrx, &p.P.Y)
yr := g2.curveF.Eval([][]*baseEl{{λ, &p.P.X}, {mone, λ, xr}, {mone, &p.P.Y}}, []int{1, 1, 1})

return &G2Affine{
P: g2AffP{
Expand Down Expand Up @@ -151,14 +148,11 @@ func (g2 *G2) double(p *G2Affine) *G2Affine {
λ := g2.curveF.Div(xx3a, y2)

// xr = λ²-2p.x
x2 := g2.curveF.MulConst(&p.P.X, big.NewInt(2))
λλ := g2.curveF.Mul(λ, λ)
xr := g2.curveF.Sub(λλ, x2)
mone := g2.curveF.NewElement(-1)
xr := g2.curveF.Eval([][]*baseEl{{λ, λ}, {mone, &p.P.X}}, []int{1, 2})

// yr = λ(p-xr) - p.y
pxrx := g2.curveF.Sub(&p.P.X, xr)
λpxrx := g2.curveF.Mul(λ, pxrx)
yr := g2.curveF.Sub(λpxrx, &p.P.Y)
// yr = λ(p.x-xr) - p.y
yr := g2.curveF.Eval([][]*baseEl{{λ, &p.P.X}, {mone, λ, xr}, {mone, &p.P.Y}}, []int{1, 1, 1})

return &G2Affine{
P: g2AffP{
Expand All @@ -184,9 +178,8 @@ func (g2 G2) doubleAndAdd(p, q *G2Affine) *G2Affine {
λ1 := g2.curveF.Div(yqyp, xqxp)

// compute x2 = λ1²-p.x-q.x
λ1λ1 := g2.curveF.Mul(λ1, λ1)
xqxp = g2.curveF.Add(&p.P.X, &q.P.X)
x2 := g2.curveF.Sub(λ1λ1, xqxp)
mone := g2.curveF.NewElement(-1)
x2 := g2.curveF.Eval([][]*baseEl{{λ1, λ1}, {mone, &p.P.X}, {mone, &q.P.X}}, []int{1, 1, 1})

// omit y2 computation
// compute λ2 = -λ1-2*p.y/(x2-p.x)
Expand All @@ -197,14 +190,10 @@ func (g2 G2) doubleAndAdd(p, q *G2Affine) *G2Affine {
λ2 = g2.curveF.Neg(λ2)

// compute x3 =λ2²-p.x-x3
λ2λ2 := g2.curveF.Mul(λ2, λ2)
x3 := g2.curveF.Sub(λ2λ2, &p.P.X)
x3 = g2.curveF.Sub(x3, x2)
x3 := g2.curveF.Eval([][]*baseEl{{λ2, λ2}, {mone, &p.P.X}, {mone, x2}}, []int{1, 1, 1})

// compute y3 = λ2*(p.x - x3)-p.y
y3 := g2.curveF.Sub(&p.P.X, x3)
y3 = g2.curveF.Mul(λ2, y3)
y3 = g2.curveF.Sub(y3, &p.P.Y)
y3 := g2.curveF.Eval([][]*baseEl{{λ2, &p.P.X}, {mone, λ2, x3}, {mone, &p.P.Y}}, []int{1, 1, 1})

return &G2Affine{
P: g2AffP{
Expand All @@ -223,9 +212,8 @@ func (g2 G2) triple(p *G2Affine) *G2Affine {
λ1 := g2.curveF.Div(xx, y2)

// xr = λ²-2p.x
x2 := g2.curveF.MulConst(&p.P.X, big.NewInt(2))
λ1λ1 := g2.curveF.Mul(λ1, λ1)
x2 = g2.curveF.Sub(λ1λ1, x2)
mone := g2.curveF.NewElement(-1)
x2 := g2.curveF.Eval([][]*baseEl{{λ1, λ1}, {mone, &p.P.X}}, []int{1, 2})

// omit y2 computation, and
// compute λ2 = 2p.y/(x2 − p.x) − λ1.
Expand All @@ -234,14 +222,10 @@ func (g2 G2) triple(p *G2Affine) *G2Affine {
λ2 = g2.curveF.Sub(λ2, λ1)

// xr = λ²-p.x-x2
λ2λ2 := g2.curveF.Mul(λ2, λ2)
qxrx := g2.curveF.Add(x2, &p.P.X)
xr := g2.curveF.Sub(λ2λ2, qxrx)
xr := g2.curveF.Eval([][]*baseEl{{λ2, λ2}, {mone, &p.P.X}, {mone, x2}}, []int{1, 1, 1})

// yr = λ(p.x-xr) - p.y
pxrx := g2.curveF.Sub(&p.P.X, xr)
λ2pxrx := g2.curveF.Mul(λ2, pxrx)
yr := g2.curveF.Sub(λ2pxrx, &p.P.Y)
yr := g2.curveF.Eval([][]*baseEl{{λ2, &p.P.X}, {mone, λ2, xr}, {mone, &p.P.Y}}, []int{1, 1, 1})

return &G2Affine{
P: g2AffP{
Expand Down
Loading

0 comments on commit 1ef9953

Please sign in to comment.