Add ecmult_gen, ecmult_const and ecmult to benchmark

[jonasnick]

I was trying to determine the impact of ecmult_gen in schnorrsig signing and noticed that there is no way to bench this right now. The new benchmarks look like this:

$ ./bench_ecmult
ecmult_gen: min 20.9us / avg 21.2us / max 21.7us
ecmult_const: min 63.9us / avg 64.3us / max 64.8us
ecmult 1: min 49.4us / avg 49.7us / max 50.3us
ecmult 1g: min 39.8us / avg 40.0us / max 40.3us
ecmult 2g: min 27.2us / avg 27.3us / max 27.8us
ecmult_multi 1g: min 39.8us / avg 40.0us / max 40.2us
ecmult_multi 2g: min 27.2us / avg 27.4us / max 27.7us
ecmult_multi 3g: min 22.8us / avg 22.9us / max 23.1us
ecmult_multi 4g: min 20.6us / avg 20.8us / max 21.1us
ecmult_multi 5g: min 19.3us / avg 19.5us / max 19.7us

(Turns out ecmult_gen is 37% of the 55.8us that schnorrsig sign takes)

[real-or-random]

Approach ACK

[elichai]

where's this thing from?
I see it's also in bench_ecmult_setup but can't find the source of this

[jonasnick]

I think is this is just a standard integer hash function (akin to https://en.wikipedia.org/wiki/Universal_hashing#Hashing_integers) whose parameters sipa selected. But looking at it now it may be give poor results because POINTS is not prime.

[gmaxwell]

I don't think points needs to be prime, so long as the multipliers are coprime to it.

[jonasnick]

fwiw they're all coprime to POINTS.

[real-or-random]

Looks good otherwise

[real-or-random]

Suggested change

	static void bench_ecmult_1g(void* arg) {
	static void bench_ecmult_0g(void* arg) {

[real-or-random]

Suggested change

	static void bench_ecmult_1g_teardown(void* arg) {
	static void bench_ecmult_0g_teardown(void* arg) {

and so on..

[real-or-random]

1g

[jonasnick]

@real-or-random I don't think so (unless we change it for ecmult_multi) but it took me a while to figure this out again. I added a commit that printfs an explanation. It's not pretty, but less confusing.

[real-or-random]

@real-or-random I don't think so (unless we change it for ecmult_multi) but it took me a while to figure this out again. I added a commit that printfs and explanation. It's not pretty, but less confusing.

Certainly pretty enough for a benchmark. Can you squash?

[jonasnick]

squashed

[real-or-random]

ACK a419f3d I read the code and tried it

[jonasnick]

Rebased and added a --help command instead of printing an explanation of the output every time this is run.

[real-or-random]

simply call help here?

[jonasnick]

okay

[real-or-random]

Ah sorry, my suggestion was just to replace the entire else branch with help(), not to replace the --help by help. Feel free to change back, or to ignore.

[jonasnick]

Fixed

[real-or-random]

That line got lost, and this was what made the difference between simple and combined? I see you merged this into "simple combined" in the printfs. Was this change on purpose?

[jonasnick]

Good catch. I also forgot what the simple algorithm actually does. I fixed this and added an explanation to the help().

[jonasnick]

@real-or-random care to reACK :) ?

[real-or-random]

ACK ee83dbf

[jonasnick]

Rebased to let CI do its thing

[sipa]

While we're at it: are no-g variants not interesting?

[jonasnick]

Hm with-g seems more interesting (schnorrsig batch verify, taproot tweaks, pedersen commitments,...) but we could add a flag or something for no-g (preferably in a separate PR imho).

[real-or-random]

ACK 8f879c2

[elichai]

tACK 8f879c2

nit, It is a little confusing that the first 5 benchmarks are unrelated to the flag being passed (Maybe we want to move the "Using XXX algorithm" print to just before the relevant benchmarks?)

[real-or-random]

nit, It is a little confusing that the first 5 benchmarks are unrelated to the flag being passed (Maybe we want to move the "Using XXX algorithm" print to just before the relevant benchmarks?)

Indeed but this can be done in a separate PR, too.

Let me take the opportunity to merge this PR now that we have two ACKs.