Fix: Bandersnatch GLV scalar multiplication #1271
Open
+251
−150
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Fixes #268
Type of change
How has this been tested?
TestCurve
for Bandersnatch pass when usingscalarMulGLV
.How has this been benchmarked?
Bandersnatch
in R1CS:2-bit windowed double-and-add: 3,314
GLV: 2,735
Bandersnatch
in SCS:2-bit windowed double-and-add: 5,991
GLV: 6,077
So the GLV saves 579 r1cs but adds 86 scs, which is because of the non-native scalar decomposition check. In this PR we use GLV only if endomorphism + R1CS.
Checklist:
golangci-lint
does not output errors locally