Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BLS24] Fp24 tower #83

Merged
merged 6 commits into from
Dec 1, 2021
Merged

[BLS24] Fp24 tower #83

merged 6 commits into from
Dec 1, 2021

Conversation

yelhousni
Copy link
Collaborator

@yelhousni yelhousni commented Oct 18, 2021
edited
Loading

[ready to merge]

Currently, Fp24 is implemented as a tower Fp->Fp2->Fp4->Fp8->Fp24. The initial choice of this was to allow XTR-based compression of GT elements (which we haven't implemented yet). On the application side, we don't need the compression now, but maybe we would if we decide to implement Inner Pairing Product Argument (IPPA). This PR experiment with another choice of tower Fp->Fp2->Fp4->Fp12->Fp24. On the one hand, this has the advantage of faster inversion and conjugation as Fp24 would be a quadratic extension field. On the other hand, the q^4-th power Frobenius (FrobeniusQuad()) is slower as we don't use Fp8 elements anymore (on which FrobeniusQuad() acts as Conjugate()). The overall speedup in pairing is negligible as these operations are not very significant. However, as we are trying to speedup inverses in Fp (#80), it might be interesting to switch to this tower.

Bench:

benchmark                         old tower ns/op     new tower ns/op     delta
BenchmarkE24Add-2                 110           107           -2.73%
BenchmarkE24Sub-2                 103           101           -1.94%
BenchmarkE24Mul-2                 6827          6759          -1.00%
BenchmarkE24Square-2              4730          4713          -0.36%
BenchmarkE24Inverse-2             16465         14751         -10.41%
BenchmarkE24Expt-2                103156        102664        -0.48%
BenchmarkE24Conjugate-2           76.2          38.8          -49.08%
BenchmarkE24Frobenius-2           641           641           +0.00%
BenchmarkE24FrobeniusSquare-2     600           604           +0.67%
BenchmarkE24FrobeniusQuad-2       504           569           +12.90%

@gbotrel
Copy link
Collaborator

gbotrel commented Nov 30, 2021

@yelhousni you need that one for this: Consensys/gnark#185 right?

I did not merge it since it starts with
"[to discuss]
do not merge yet"

@yelhousni
Copy link
Collaborator Author

@yelhousni you need that one for this: ConsenSys/gnark#185 right?

Yes. Actually, ConsenSys/gnark#185 uses the other tower option (the one already merged to develop) but we are likely to merge this PR #83 as it results in fewer constraints in gnark (for inverse and full-sparse mul). I still have few tests to do in gnark.

@gbotrel gbotrel merged commit 48d9efc into develop Dec 1, 2021
@gbotrel gbotrel deleted the experiment/BLS24 branch December 1, 2021 23:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gbotrel gbotrel Awaiting requested review from gbotrel

@ThomasPiellard ThomasPiellard Awaiting requested review from ThomasPiellard

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@yelhousni @gbotrel