Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

performance(PLONK): prove_by_steps vs prove #34

Closed
HAOYUatHZ opened this issue Nov 27, 2020 · 5 comments
Closed

performance(PLONK): prove_by_steps vs prove #34

HAOYUatHZ opened this issue Nov 27, 2020 · 5 comments

Comments

@HAOYUatHZ
Copy link

HAOYUatHZ commented Nov 27, 2020
edited

I wonder why in exit we use prove_by_steps (

bellman/src/plonk/mod.rs

Line 132 in f551a55

pub fn prove_by_steps<E: Engine, C: crate::Circuit<E>, T: Transcript<E::Fr>>(
) instead of prove (

bellman/src/plonk/mod.rs

Line 324 in f551a55

pub fn prove<E: Engine, C: crate::Circuit<E>, T: Transcript<E::Fr>>(
)?

Is it because prove_by_steps has a better performance?
@HAOYUatHZ HAOYUatHZ changed the title performance(PLONK): prove_by_step_ vs prove performance(PLONK): prove_by_steps vs prove Nov 27, 2020
@shamatar
Copy link
Member

The "prove" function requires an additional form of CRS for Kate commitment to be able to commit polynomials in a Lagrange form. This allows to eliminate an FFT that is beneficial on large circuits, but would require user to download two copies of CRS to make an exit proof (for which a circuit is kind of small). In any case both functions output the same proof on the same input parameters.

@HAOYUatHZ
Copy link
Author

I see.

Though we can get the Lagrange form by using

let worker = Worker::new();
let key_lagrange_form = Crs::<E, CrsForLagrangeForm>::from_powers(
    self.key_monomial_form.as_ref().expect("Setup should have universal setup struct"),
    self.setup_polynomials.n.next_power_of_two(),
    &worker,
);

but the from_powers actually requires an FFT.

So if calculating the Lagrange form by ourselves, the performance won't be different.

@HAOYUatHZ
Copy link
Author

Thx!

@shamatar
Copy link
Member

I see.

Though we can get the Lagrange form by using

let worker = Worker::new();
let key_lagrange_form = Crs::<E, CrsForLagrangeForm>::from_powers(
    self.key_monomial_form.as_ref().expect("Setup should have universal setup struct"),
    self.setup_polynomials.n.next_power_of_two(),
    &worker,
);

but the from_powers actually requires an FFT.

So if calculating the Lagrange form by ourselves, the performance won't be different.

Just for completeness, such transformation is costly (NlogN point multiplications, not just multiexponentiation)

@HAOYUatHZ
Copy link
Author

I see.
Though we can get the Lagrange form by using

let worker = Worker::new();
let key_lagrange_form = Crs::<E, CrsForLagrangeForm>::from_powers(
    self.key_monomial_form.as_ref().expect("Setup should have universal setup struct"),
    self.setup_polynomials.n.next_power_of_two(),
    &worker,
);

but the from_powers actually requires an FFT.
So if calculating the Lagrange form by ourselves, the performance won't be different.

Just for completeness, such transformation is costly (NlogN point multiplications, not just multiexponentiation)

I see. Thanks! @shamatar

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@shamatar @HAOYUatHZ