-
Notifications
You must be signed in to change notification settings - Fork 144
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Booth encoding #106
Booth encoding #106
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
To give more context:
NAF (what most pippenger/bucket implementation use) provides 2 things:
- signed digit recoding so the number of buckets (and memory consumption) is reduced by half
- minimizing the number of additions in the double-and-add algorithm.
But with MSM, for large windows for example 16, the chances of having no addition when input is random is extremely low, unless we have special cases like privacy-scaling-explorations/halo2#202 where all bits are zero.
Now the main issue is that for this benefit, NAF requires preprocessing, which requires extra storage and is also less friendly to GPUs. Booth encoding only provides the first part and can be computed on-the-fly.
Implementation
In Constantine:
- selecting a window https://github.com/mratsim/constantine/blob/8367d7d/constantine/math/arithmetic/bigints.nim#L357-L374
- Booth encoding: https://github.com/mratsim/constantine/blob/8367d7d/constantine/math/arithmetic/bigints.nim#L792-L818
In BLST:
- https://github.com/supranational/blst/blob/badb7f9/src/ec_mult.h#L11-L56
- Formal implementation and verification: https://github.com/GaloisInc/BLST-Verification/blob/f7c50e4/proof/ec_mult.saw#L86-L105
Litterature
Booth and bit pair encoding.pdf
Booth encoding.pdf
a3f15e4
* booth encoding baseline * working msm with booth encoding * tidy * apply suggestions & remove leftovers
Booth encoding is implemented in line with incremental suggetions of halo2/#187. This is basically signed digit encoding but without preprocessing and extra memory requirements. And signed digit encoding helps us to reduce number of buckets to nearly half. Below there are benchmark results whihc are run on M1 machine. This PR also moves original msm implementation under mod test to keep it as baseline implementation for benchmarking and testing purposes.