Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Optimization of G2 subgroup check using NAF representation #266

Draft
wants to merge 4 commits into
base: main
Choose a base branch
from
Draft

Optimization of G2 subgroup check using NAF representation #266

wants to merge 4 commits into from

Conversation

IAvecilla
Copy link
Contributor

@IAvecilla IAvecilla commented Apr 20, 2024
edited
Loading

This closes #237.

@IAvecilla
Copy link
Contributor Author

The table below presents the gas usage reports for the ecpairing precompile, comparing its performance between the main branch and a proposed optimization branch.

Test/Branch main g2_subgroup_naf
ecpairing_empty_data 65473 65001
ecpairing_empty_data_insufficient_gas 65473 65001
ecpairing_one_point_insufficient_gas 3144003 3160241
ecpairing_one_point_fail 3144003 3160241
ecpairing_fuzz_negative_1 3143457 3159695
ecpairing_one_point_with_g1_zero 1631296 1646358
ecpairing_one_point_with_g2_zero 1410436 1409952
ecpairing_fuzz_negative_2 3364750 3396534
ecpairing_fuzz_negative_3 4879761 4912721
ecpairing_fuzz_negative_4 3143457 3160116
ecpairing_three_point_fail_1 6616353 6666035
ecpairing_three_point_match_1 4880704 4913664
ecpairing_two_point_fail_1 4879539 4912499
ecpairing_two_point_fail_2 4879413 4912373
ecpairing_two_point_match_1 4879611 4912571
ecpairing_fuzz_negative_5 11824649 11924497
ecpairing_two_point_oog 4879611 4912571
ecpairing_two_point_match_2 4879611 4912571
ecpairing_two_point_match_3 4879959 4912919
ecpairing_two_point_match_4 4880115 4913075
ecpairing_two_point_match_5 1631885 1646947
ecpairing_two_points_with_one_g2_zero 3144592 3160830
ecpairing_fuzz_positive_1 4879000 4913000
ecpairing_fuzz_positive_2 1411000 1411000
ecpairing_fuzz_positive_3 2074194 2120348
ecpairing_fuzz_positive_4 8351577 8417981
ecpairing_fuzz_positive_5 10087461 10170587

As observed, there appears to be a slight regression in performance with these changes compared to the implementation of the g2IsInsubgroup function in the main branch.

chfast
chfast reviewed Jun 11, 2024
View reviewed changes
precompiles/EcPairing.yul
// naf digit = -1
if and(naf, 2) {
let pn00, pn01, pn10, pn11, pn20, pn21 := g2JacobianNeg(p00, p01, p10, p11, p20, p21)
q00, q01, q10, q11, q20, q21 := g2JacobianAdd(q00, q01, q10, q11, q20, q21, pn00, pn01, pn10, pn11, pn20, pn21)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You may have better performance if iterating X_NAF from MSB to LSB. Then you add either constant P or constant -P and the later can be computed once.

Here is snippet from wikipedia:

   let bits = bit_representation(s) # the vector of bits (from LSB to MSB) representing s
   let i = length(bits) - 2
   let res = P
   while (i >= 0): # traversing from second MSB to LSB
       res = res + res # double
       if bits[i] == 1:            
           res = res + P # add
       i = i - 1
   return res

precompiles/EcPairing.yul
function X_NAF() -> ret {
// NAF in binary form
// 010000000100010000100001000100100000010001001000100010000100000001000001000100010010000100000100000000010001000000001000000001
ret := 21356084665891114007971320526050427393
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is correct.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@chfast chfast chfast left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Potential G2 subgroup check optimization using NAF representation
3 participants
@IAvecilla @chfast @jrchatruc