Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Speedup proof verification using batched inverse. #190

Merged
merged 1 commit into from
May 4, 2023
Merged

Speedup proof verification using batched inverse. #190

merged 1 commit into from
May 4, 2023

Conversation

armfazh
Copy link
Contributor

@armfazh armfazh commented Apr 17, 2023
edited
Loading

Uses batch inverse function to save some cycles during verification.
This was derived while working on zkDilithium as part of ia.cr/2023/414.

code old new
rescue 0.9 ms 0.6 ms
vdf 2.0 ms 1.8 ms
mulfib 0.8 ms 0.7 ms

irakliyk
irakliyk requested changes Apr 25, 2023
View reviewed changes
Copy link
Collaborator

@irakliyk irakliyk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you very much! This is great! I left a couple of comments regarding updating the inline comments to mention the new approach - but other than that, all looks good.

verifier/src/composer.rs
Comment on lines 111 to 112
// compute T'_i(x) = (T_i(x) - T_i(z)) / (x - z), multiply it by a composition
// coefficient, and add the result to T(x)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wonder if these comments need to be complemented. Conceptually, this is still what's happening, but the actual code below is different. It would probably be good to leave comments somewhere explaining the approach.

verifier/src/composer.rs
Comment on lines 119 to 120
// compute T''_i(x) = (T_i(x) - T_i(z * g)) / (x - z * g), multiply it by a
// composition coefficient, and add the result to T(x)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Similar comment regarding comments.

verifier/src/composer.rs

// compute z^m
let num_evaluation_columns = ood_evaluations.len() as u32;
let z_m = self.z[0].exp_vartime(num_evaluation_columns.into());

for (query_values, &x) in queried_evaluations.rows().zip(&self.x_coordinates) {
let mut composition = E::ZERO;
let mut composition_num = E::ZERO;
let mut composition_den = E::ONE;
for (i, &evaluation) in query_values.iter().enumerate() {
// compute H'_i(x) = (H_i(x) - H_i(z^m)) / (x - z^m)
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Similar comment regarding comments.

irakliyk
irakliyk approved these changes May 4, 2023
View reviewed changes
Copy link
Collaborator

@irakliyk irakliyk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll merge as is, and we can update the comments in subsequent commits.

@irakliyk irakliyk merged commit ec4ce7a into facebook:main May 4, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@irakliyk irakliyk irakliyk approved these changes

Assignees
No one assigned
Labels
cla signed
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@armfazh @irakliyk @facebook-github-bot