Booth encoding#106
Merged
Merged
Conversation
han0110
reviewed
Nov 29, 2023
mratsim
approved these changes
Nov 29, 2023
mratsim
left a comment
mratsim
left a comment
Contributor
There was a problem hiding this comment.
LGTM
To give more context:
NAF (what most pippenger/bucket implementation use) provides 2 things:
- signed digit recoding so the number of buckets (and memory consumption) is reduced by half
- minimizing the number of additions in the double-and-add algorithm.
But with MSM, for large windows for example 16, the chances of having no addition when input is random is extremely low, unless we have special cases like privacy-ethereum/halo2#202 where all bits are zero.
Now the main issue is that for this benefit, NAF requires preprocessing, which requires extra storage and is also less friendly to GPUs. Booth encoding only provides the first part and can be computed on-the-fly.
Implementation
In Constantine:
- selecting a window https://github.com/mratsim/constantine/blob/8367d7d/constantine/math/arithmetic/bigints.nim#L357-L374
- Booth encoding: https://github.com/mratsim/constantine/blob/8367d7d/constantine/math/arithmetic/bigints.nim#L792-L818
In BLST:
- https://github.com/supranational/blst/blob/badb7f9/src/ec_mult.h#L11-L56
- Formal implementation and verification: https://github.com/GaloisInc/BLST-Verification/blob/f7c50e4/proof/ec_mult.saw#L86-L105
Litterature
Booth and bit pair encoding.pdf
Booth encoding.pdf
han0110
approved these changes
Nov 29, 2023
jonathanpwang
pushed a commit
to axiom-crypto/halo2curves
that referenced
this pull request
Nov 29, 2023
* booth encoding baseline * working msm with booth encoding * tidy * apply suggestions & remove leftovers
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Booth encoding is implemented in line with incremental suggetions of halo2/#187. This is basically signed digit encoding but without preprocessing and extra memory requirements. And signed digit encoding helps us to reduce number of buckets to nearly half. Below there are benchmark results whihc are run on M1 machine. This PR also moves original msm implementation under mod test to keep it as baseline implementation for benchmarking and testing purposes.