Skip to content

perf: using non-native Eval for curve arithmetic #1331

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 16 commits into from
Dec 4, 2024
Merged

perf: using non-native Eval for curve arithmetic #1331

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
16 commits
Select commit Hold shift + click to select a range
727789f
perf(fields_bw6): replace Mul by Eval
yelhousni Nov 27, 2024
a11c4c7
perf(sw_bw6): replace Mul by Eval
yelhousni Nov 27, 2024
d053a87
perf(sw_emulated): use Eval for emulated curve arithmetic
yelhousni Nov 27, 2024
31d97c6
chore: update stats
yelhousni Nov 27, 2024
03b24ea
Merge branch 'master' into perf/bw6-eval
yelhousni Dec 2, 2024
0bfe951
fix: quotient size emulated mul
yelhousni Dec 2, 2024
ca7b720
refactor: use Mul instead of Eval
yelhousni Dec 2, 2024
b6f7bf0
perf(bw6): group membership using Eval
yelhousni Dec 2, 2024
1a9434b
chore: update stats
yelhousni Dec 2, 2024
b468fb0
refactor: apply review suggestions
yelhousni Dec 4, 2024
e992eec
refactor: apply review suggestions
yelhousni Dec 4, 2024
e09bde5
perf(bw6/pairing): more optims using Eval
yelhousni Dec 4, 2024
3ea964e
perf(sw_emulated): more optims using Eval
yelhousni Dec 4, 2024
abbc200
chore: update stats
yelhousni Dec 4, 2024
8d5e228
perf(bw6/pairing): use -slope in doubleAndAddStep
yelhousni Dec 4, 2024
cb21f45
chore: update stats
yelhousni Dec 4, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 8 additions & 8 deletions internal/stats/latest_stats.csv
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -195,56 +195,56 @@ pairing_bn254,bls24_315,plonk,0,0
pairing_bn254,bls24_317,plonk,0,0
pairing_bn254,bw6_761,plonk,0,0
pairing_bn254,bw6_633,plonk,0,0
pairing_bw6761,bn254,groth16,1794795,3003881
pairing_bw6761,bn254,groth16,1782130,2981326
pairing_bw6761,bls12_377,groth16,0,0
pairing_bw6761,bls12_381,groth16,0,0
pairing_bw6761,bls24_315,groth16,0,0
pairing_bw6761,bls24_317,groth16,0,0
pairing_bw6761,bw6_761,groth16,0,0
pairing_bw6761,bw6_633,groth16,0,0
pairing_bw6761,bn254,plonk,6779434,6155114
pairing_bw6761,bn254,plonk,6696994,6075840
pairing_bw6761,bls12_377,plonk,0,0
pairing_bw6761,bls12_381,plonk,0,0
pairing_bw6761,bls24_315,plonk,0,0
pairing_bw6761,bls24_317,plonk,0,0
pairing_bw6761,bw6_761,plonk,0,0
pairing_bw6761,bw6_633,plonk,0,0
scalar_mul_G1_bn254,bn254,groth16,69013,108022
scalar_mul_G1_bn254,bn254,groth16,59287,91432
scalar_mul_G1_bn254,bls12_377,groth16,0,0
scalar_mul_G1_bn254,bls12_381,groth16,0,0
scalar_mul_G1_bn254,bls24_315,groth16,0,0
scalar_mul_G1_bn254,bls24_317,groth16,0,0
scalar_mul_G1_bn254,bw6_761,groth16,0,0
scalar_mul_G1_bn254,bw6_633,groth16,0,0
scalar_mul_G1_bn254,bn254,plonk,260289,244439
scalar_mul_G1_bn254,bn254,plonk,220730,207236
scalar_mul_G1_bn254,bls12_377,plonk,0,0
scalar_mul_G1_bn254,bls12_381,plonk,0,0
scalar_mul_G1_bn254,bls24_315,plonk,0,0
scalar_mul_G1_bn254,bls24_317,plonk,0,0
scalar_mul_G1_bn254,bw6_761,plonk,0,0
scalar_mul_G1_bn254,bw6_633,plonk,0,0
scalar_mul_P256,bn254,groth16,93170,148354
scalar_mul_P256,bn254,groth16,78854,124732
scalar_mul_P256,bls12_377,groth16,0,0
scalar_mul_P256,bls12_381,groth16,0,0
scalar_mul_P256,bls24_315,groth16,0,0
scalar_mul_P256,bls24_317,groth16,0,0
scalar_mul_P256,bw6_761,groth16,0,0
scalar_mul_P256,bw6_633,groth16,0,0
scalar_mul_P256,bn254,plonk,355345,331788
scalar_mul_P256,bn254,plonk,294014,274427
scalar_mul_P256,bls12_377,plonk,0,0
scalar_mul_P256,bls12_381,plonk,0,0
scalar_mul_P256,bls24_315,plonk,0,0
scalar_mul_P256,bls24_317,plonk,0,0
scalar_mul_P256,bw6_761,plonk,0,0
scalar_mul_P256,bw6_633,plonk,0,0
scalar_mul_secp256k1,bn254,groth16,69860,109339
scalar_mul_secp256k1,bn254,groth16,60025,92562
scalar_mul_secp256k1,bls12_377,groth16,0,0
scalar_mul_secp256k1,bls12_381,groth16,0,0
scalar_mul_secp256k1,bls24_315,groth16,0,0
scalar_mul_secp256k1,bls24_317,groth16,0,0
scalar_mul_secp256k1,bw6_761,groth16,0,0
scalar_mul_secp256k1,bw6_633,groth16,0,0
scalar_mul_secp256k1,bn254,plonk,263180,247131
scalar_mul_secp256k1,bn254,plonk,223490,209823
scalar_mul_secp256k1,bls12_377,plonk,0,0
scalar_mul_secp256k1,bls12_381,plonk,0,0
scalar_mul_secp256k1,bls24_315,plonk,0,0
Expand Down
18 changes: 0 additions & 18 deletions std/algebra/emulated/fields_bw6761/e6.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -136,24 +136,6 @@ func (e Ext6) Double(x *E6) *E6 {
}
}

func (e Ext6) MulByElement(x *E6, y *baseEl) *E6 {
a0 := e.fp.Mul(&x.A0, y)
a1 := e.fp.Mul(&x.A1, y)
a2 := e.fp.Mul(&x.A2, y)
a3 := e.fp.Mul(&x.A3, y)
a4 := e.fp.Mul(&x.A4, y)
a5 := e.fp.Mul(&x.A5, y)
z := &E6{
A0: *a0,
A1: *a1,
A2: *a2,
A3: *a3,
A4: *a4,
A5: *a5,
}
return z
}

func (e Ext6) MulByConstElement(x *E6, y *big.Int) *E6 {
a0 := e.fp.MulConst(&x.A0, y)
a1 := e.fp.MulConst(&x.A1, y)
Expand Down
2 changes: 1 addition & 1 deletion std/algebra/emulated/fields_bw6761/e6_pairing.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -253,7 +253,7 @@ func (e Ext6) mul023by023Direct(d0, d1, c0, c1 *baseEl) [5]*baseEl {
// c3 = d0 + c0
z3 := e.fp.Add(d0, c0)
// c4 = d1c1
z4 := e.fp.Eval([][]*baseEl{{d1, c1}}, []int{1})
z4 := e.fp.Mul(d1, c1)
// c5 = d1 + c1,
z5 := e.fp.Add(d1, c1)

Expand Down
48 changes: 16 additions & 32 deletions std/algebra/emulated/sw_bw6761/g1.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -72,14 +72,11 @@ func (g1 *G1) double(p *G1Affine) *G1Affine {
λ := g1.curveF.Div(xx3a, y1)

// xr = λ²-2p.x
x1 := g1.curveF.MulConst(&p.X, big.NewInt(2))
λλ := g1.curveF.Mul(λ, λ)
xr := g1.curveF.Sub(λλ, x1)
mone := g1.curveF.NewElement(-1)
xr := g1.curveF.Eval([][]*baseEl{{λ, λ}, {mone, &p.X}}, []int{1, 2})

// yr = λ(p-xr) - p.y
pxrx := g1.curveF.Sub(&p.X, xr)
λpxrx := g1.curveF.Mul(λ, pxrx)
yr := g1.curveF.Sub(λpxrx, &p.Y)
// yr = λ(p.x-xr) - p.y
yr := g1.curveF.Eval([][]*baseEl{{λ, &p.X}, {mone, λ, xr}, {mone, &p.Y}}, []int{1, 1, 1})

return &G1Affine{
X: *xr,
Expand All @@ -102,14 +99,11 @@ func (g1 G1) add(p, q *G1Affine) *G1Affine {
λ := g1.curveF.Div(qypy, qxpx)

// xr = λ²-p.x-q.x
λλ := g1.curveF.Mul(λ, λ)
qxpx = g1.curveF.Add(&p.X, &q.X)
xr := g1.curveF.Sub(λλ, qxpx)
mone := g1.curveF.NewElement(-1)
xr := g1.curveF.Eval([][]*baseEl{{λ, λ}, {mone, &p.X}, {mone, &q.X}}, []int{1, 1, 1})

// p.y = λ(p.x-r.x) - p.y
pxrx := g1.curveF.Sub(&p.X, xr)
λpxrx := g1.curveF.Mul(λ, pxrx)
yr := g1.curveF.Sub(λpxrx, &p.Y)
yr := g1.curveF.Eval([][]*baseEl{{λ, &p.X}, {mone, λ, xr}, {mone, &p.Y}}, []int{1, 1, 1})

return &G1Affine{
X: *xr,
Expand Down Expand Up @@ -138,10 +132,9 @@ func (g1 G1) doubleAndAdd(p, q *G1Affine) *G1Affine {
xqxp := g1.curveF.Sub(&q.X, &p.X)
λ1 := g1.curveF.Div(yqyp, xqxp)

// compute x1 = λ1²-p.x-q.x
λ1λ1 := g1.curveF.Mul(λ1, λ1)
xqxp = g1.curveF.Add(&p.X, &q.X)
x2 := g1.curveF.Sub(λ1λ1, xqxp)
// compute x2 = λ1²-p.x-q.x
mone := g1.curveF.NewElement(-1)
x2 := g1.curveF.Eval([][]*baseEl{{λ1, λ1}, {mone, &p.X}, {mone, &q.X}}, []int{1, 1, 1})

// omit y1 computation
// compute λ1 = -λ1-1*p.y/(x1-p.x)
Expand All @@ -152,14 +145,10 @@ func (g1 G1) doubleAndAdd(p, q *G1Affine) *G1Affine {
λ2 = g1.curveF.Neg(λ2)

// compute x3 =λ2²-p.x-x3
λ2λ2 := g1.curveF.Mul(λ2, λ2)
x3 := g1.curveF.Sub(λ2λ2, &p.X)
x3 = g1.curveF.Sub(x3, x2)
x3 := g1.curveF.Eval([][]*baseEl{{λ2, λ2}, {mone, &p.X}, {mone, x2}}, []int{1, 1, 1})

// compute y3 = λ2*(p.x - x3)-p.y
y3 := g1.curveF.Sub(&p.X, x3)
y3 = g1.curveF.Mul(λ2, y3)
y3 = g1.curveF.Sub(y3, &p.Y)
y3 := g1.curveF.Eval([][]*baseEl{{λ2, &p.X}, {mone, λ2, x3}, {mone, &p.Y}}, []int{1, 1, 1})

return &G1Affine{
X: *x3,
Expand All @@ -176,9 +165,8 @@ func (g1 G1) triple(p *G1Affine) *G1Affine {
λ1 := g1.curveF.Div(xx, y2)

// xr = λ²-2p.x
x2 := g1.curveF.MulConst(&p.X, big.NewInt(2))
λ1λ1 := g1.curveF.Mul(λ1, λ1)
x2 = g1.curveF.Sub(λ1λ1, x2)
mone := g1.curveF.NewElement(-1)
x2 := g1.curveF.Eval([][]*baseEl{{λ1, λ1}, {mone, &p.X}}, []int{1, 2})

// omit y2 computation, and
// compute λ2 = 2p.y/(x2 − p.x) − λ1.
Expand All @@ -187,14 +175,10 @@ func (g1 G1) triple(p *G1Affine) *G1Affine {
λ2 = g1.curveF.Sub(λ2, λ1)

// xr = λ²-p.x-x2
λ2λ2 := g1.curveF.Mul(λ2, λ2)
qxrx := g1.curveF.Add(x2, &p.X)
xr := g1.curveF.Sub(λ2λ2, qxrx)
xr := g1.curveF.Eval([][]*baseEl{{λ2, λ2}, {mone, &p.X}, {mone, x2}}, []int{1, 1, 1})

// yr = λ(p.x-xr) - p.y
pxrx := g1.curveF.Sub(&p.X, xr)
λ2pxrx := g1.curveF.Mul(λ2, pxrx)
yr := g1.curveF.Sub(λ2pxrx, &p.Y)
yr := g1.curveF.Eval([][]*baseEl{{λ2, &p.X}, {mone, λ2, xr}, {mone, &p.Y}}, []int{1, 1, 1})

return &G1Affine{
X: *xr,
Expand Down
46 changes: 15 additions & 31 deletions std/algebra/emulated/sw_bw6761/g2.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -110,14 +110,11 @@ func (g2 G2) add(p, q *G2Affine) *G2Affine {
λ := g2.curveF.Div(qypy, qxpx)

// xr = λ²-p.x-q.x
λλ := g2.curveF.Mul(λ, λ)
qxpx = g2.curveF.Add(&p.P.X, &q.P.X)
xr := g2.curveF.Sub(λλ, qxpx)
mone := g2.curveF.NewElement(-1)
xr := g2.curveF.Eval([][]*baseEl{{λ, λ}, {mone, &p.P.X}, {mone, &q.P.X}}, []int{1, 1, 1})

// p.y = λ(p.x-r.x) - p.y
pxrx := g2.curveF.Sub(&p.P.X, xr)
λpxrx := g2.curveF.Mul(λ, pxrx)
yr := g2.curveF.Sub(λpxrx, &p.P.Y)
yr := g2.curveF.Eval([][]*baseEl{{λ, &p.P.X}, {mone, λ, xr}, {mone, &p.P.Y}}, []int{1, 1, 1})

return &G2Affine{
P: g2AffP{
Expand Down Expand Up @@ -151,14 +148,11 @@ func (g2 *G2) double(p *G2Affine) *G2Affine {
λ := g2.curveF.Div(xx3a, y2)

// xr = λ²-2p.x
x2 := g2.curveF.MulConst(&p.P.X, big.NewInt(2))
λλ := g2.curveF.Mul(λ, λ)
xr := g2.curveF.Sub(λλ, x2)
mone := g2.curveF.NewElement(-1)
xr := g2.curveF.Eval([][]*baseEl{{λ, λ}, {mone, &p.P.X}}, []int{1, 2})

// yr = λ(p-xr) - p.y
pxrx := g2.curveF.Sub(&p.P.X, xr)
λpxrx := g2.curveF.Mul(λ, pxrx)
yr := g2.curveF.Sub(λpxrx, &p.P.Y)
// yr = λ(p.x-xr) - p.y
yr := g2.curveF.Eval([][]*baseEl{{λ, &p.P.X}, {mone, λ, xr}, {mone, &p.P.Y}}, []int{1, 1, 1})

return &G2Affine{
P: g2AffP{
Expand All @@ -184,9 +178,8 @@ func (g2 G2) doubleAndAdd(p, q *G2Affine) *G2Affine {
λ1 := g2.curveF.Div(yqyp, xqxp)

// compute x2 = λ1²-p.x-q.x
λ1λ1 := g2.curveF.Mul(λ1, λ1)
xqxp = g2.curveF.Add(&p.P.X, &q.P.X)
x2 := g2.curveF.Sub(λ1λ1, xqxp)
mone := g2.curveF.NewElement(-1)
x2 := g2.curveF.Eval([][]*baseEl{{λ1, λ1}, {mone, &p.P.X}, {mone, &q.P.X}}, []int{1, 1, 1})

// omit y2 computation
// compute λ2 = -λ1-2*p.y/(x2-p.x)
Expand All @@ -197,14 +190,10 @@ func (g2 G2) doubleAndAdd(p, q *G2Affine) *G2Affine {
λ2 = g2.curveF.Neg(λ2)

// compute x3 =λ2²-p.x-x3
λ2λ2 := g2.curveF.Mul(λ2, λ2)
x3 := g2.curveF.Sub(λ2λ2, &p.P.X)
x3 = g2.curveF.Sub(x3, x2)
x3 := g2.curveF.Eval([][]*baseEl{{λ2, λ2}, {mone, &p.P.X}, {mone, x2}}, []int{1, 1, 1})

// compute y3 = λ2*(p.x - x3)-p.y
y3 := g2.curveF.Sub(&p.P.X, x3)
y3 = g2.curveF.Mul(λ2, y3)
y3 = g2.curveF.Sub(y3, &p.P.Y)
y3 := g2.curveF.Eval([][]*baseEl{{λ2, &p.P.X}, {mone, λ2, x3}, {mone, &p.P.Y}}, []int{1, 1, 1})

return &G2Affine{
P: g2AffP{
Expand All @@ -223,9 +212,8 @@ func (g2 G2) triple(p *G2Affine) *G2Affine {
λ1 := g2.curveF.Div(xx, y2)

// xr = λ²-2p.x
x2 := g2.curveF.MulConst(&p.P.X, big.NewInt(2))
λ1λ1 := g2.curveF.Mul(λ1, λ1)
x2 = g2.curveF.Sub(λ1λ1, x2)
mone := g2.curveF.NewElement(-1)
x2 := g2.curveF.Eval([][]*baseEl{{λ1, λ1}, {mone, &p.P.X}}, []int{1, 2})

// omit y2 computation, and
// compute λ2 = 2p.y/(x2 − p.x) − λ1.
Expand All @@ -234,14 +222,10 @@ func (g2 G2) triple(p *G2Affine) *G2Affine {
λ2 = g2.curveF.Sub(λ2, λ1)

// xr = λ²-p.x-x2
λ2λ2 := g2.curveF.Mul(λ2, λ2)
qxrx := g2.curveF.Add(x2, &p.P.X)
xr := g2.curveF.Sub(λ2λ2, qxrx)
xr := g2.curveF.Eval([][]*baseEl{{λ2, λ2}, {mone, &p.P.X}, {mone, x2}}, []int{1, 1, 1})

// yr = λ(p.x-xr) - p.y
pxrx := g2.curveF.Sub(&p.P.X, xr)
λ2pxrx := g2.curveF.Mul(λ2, pxrx)
yr := g2.curveF.Sub(λ2pxrx, &p.P.Y)
yr := g2.curveF.Eval([][]*baseEl{{λ2, &p.P.X}, {mone, λ2, xr}, {mone, &p.P.Y}}, []int{1, 1, 1})

return &G2Affine{
P: g2AffP{
Expand Down
Loading
Loading