Skip to content

crypto: Precompute Miller-loop lines for G2 generator in KZG verify#1549

Merged
chfast merged 1 commit into
masterfrom
crypto/kzg-precompute-g2-gen
May 27, 2026
Merged

crypto: Precompute Miller-loop lines for G2 generator in KZG verify#1549
chfast merged 1 commit into
masterfrom
crypto/kzg-precompute-g2-gen

Conversation

@chfast
Copy link
Copy Markdown
Member

@chfast chfast commented May 27, 2026

It turned out the blst_aggregated_in_g1 doesn't use precomputed lines for G2 generator point. Do it ourselves.

@chfast
crypto: Precompute Miller-loop lines for G2 generator in KZG verify
2049ccb 
The KZG point-evaluation precompile verifies

    e(C + [z]·π - [y]·G1, [1]₂) =? e(π, [s]₂)

The right side already uses blst_miller_loop_lines with precomputed
lines for [s]₂. The left side used blst_aggregated_in_g1, which is
a convenience wrapper that calls miller_loop_n(&BLS12_381_G2, sig, 1)
on the fly — no precomputed lines.

Precompute the 68 vec384fp6 Miller-loop lines for the G2 generator
[1]₂ (the same way [s]₂ was done) and route the left pairing through
blst_miller_loop_lines too. Adds ~19.6 KiB of static data.

Both line tables now live in kzg_precomputed_lines.{hpp,cpp} (renamed
from kzg_setup_g2_1_lines.{hpp,cpp}). Each table has a runtime equality
test (memcmp against blst_precompute_lines output) in
test/unittests/precompiles_kzg_test.cpp.

Bench follow-up (TODO from the previous KZG joint-MSM commit refers
to this: ~18% extra win reported by erigontech/go-eth-kzg PR #131).
@chfast
Copy link
Copy Markdown
Member Author

chfast commented May 27, 2026 

                                                           │ /proc/self/fd/11 │          /proc/self/fd/16          │
                                                           │      gas/s       │    gas/s     vs base               │
precompile<PrecompileId::point_evaluation,_evmone_blst>-14        54.25M ± 1%   58.62M ± 0%  +8.06% (p=0.000 n=11)

@chfast chfast requested a review from Copilot May 27, 2026 06:24
Copilot AI reviewed May 27, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR precomputes and uses Miller-loop lines for the BLS12-381 G2 generator in KZG proof verification, replacing the previous runtime generator-side pairing helper with the same precomputed-lines path already used for the trusted setup G2 point.

Changes:

  • Adds g2_gen_lines() alongside the existing KZG setup line accessor.
  • Updates KZG pairing verification to use blst_miller_loop_lines() for both sides.
  • Adds a unit test validating the new G2 generator precomputed table against blst_precompute_lines().

Reviewed changes

Copilot reviewed 5 out of 5 changed files in this pull request and generated no comments.

Show a summary per file
File Description
lib/evmone_precompiles/kzg.cpp Uses precomputed G2 generator Miller-loop lines during KZG pairing verification.
lib/evmone_precompiles/kzg_precomputed_lines.hpp Declares the new g2_gen_lines() accessor.
lib/evmone_precompiles/kzg_precomputed_lines.cpp Adds the generated G2 generator line table and accessor implementation.
lib/evmone_precompiles/CMakeLists.txt Updates target sources to the renamed precomputed-lines files.
test/unittests/precompiles_kzg_test.cpp Adds coverage that verifies the G2 generator precomputed table.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@codecov
Copy link
Copy Markdown

codecov Bot commented May 27, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 96.97%. Comparing base (ba23ad1) to head (2049ccb).

Additional details and impacted files 
@@           Coverage Diff           @@
##           master    #1549   +/-   ##
=======================================
  Coverage   96.97%   96.97%           
=======================================
  Files         163      163           
  Lines       14444    14449    +5     
  Branches     3382     3383    +1     
=======================================
+ Hits        14007    14012    +5     
  Misses        307      307           
  Partials      130      130
Flag Coverage Δ
eest-develop 91.93% <100.00%> (+<0.01%) ⬆️
eest-develop-gmp 26.50% <33.33%> (-0.01%) ⬇️
eest-legacy 17.56% <0.00%> (-0.01%) ⬇️
eest-libsecp256k1 28.14% <33.33%> (-0.01%) ⬇️
eest-stable 91.86% <100.00%> (+<0.01%) ⬆️
evmone-unittests 92.64% <100.00%> (+<0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Components Coverage Δ
core 96.01% <100.00%> (+<0.01%) ⬆️
tooling 86.71% <ø> (ø)
tests 99.79% <100.00%> (+<0.01%) ⬆️
Files with missing lines Coverage Δ
lib/evmone_precompiles/kzg.cpp 100.00% <100.00%> (ø)
lib/evmone_precompiles/kzg_precomputed_lines.cpp 100.00% <100.00%> (ø)
test/unittests/precompiles_kzg_test.cpp 100.00% <100.00%> (ø)
🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@chfast chfast merged commit 4f68675 into master May 27, 2026
24 checks passed
@chfast chfast deleted the crypto/kzg-precompute-g2-gen branch May 27, 2026 06:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@chfast