Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Low-level refactoring #175

Merged
merged 15 commits into from Feb 13, 2022
Merged

Low-level refactoring #175

merged 15 commits into from Feb 13, 2022

Conversation

mratsim
Copy link
Owner

@mratsim mratsim commented Feb 13, 2022
edited

This refactors the low-level Montgomery rperesentation:

  • Fix the ADX autodetection Buggy ADX detection #174, this brings over 30% perf boost
    • Before
      image
    • After:
      image
  • Use the convention "operation_domain" like addmod and mulmont.
  • Add a specific fromMont conversion with x86 assembly and MULX/ADCX/ADOX to speedup by 2x conversion to/from the Montgomery domain

Performance currently sits at:

  • 475µs for pairings, 157µs for hashToG2 (Both are needed for BLS verification)
  • 60µs for scalar mul on G1 (BLS: Pubkey on G2 and Signature on G1)
  • 107µs for scalar mul on G2 (BLS: Pubkey on G1 and Signature on G2) like Ethereum

image

Unfortunately 2 low-level optimizations failed and were stashed.

  1. Trying to prefetch data from inputs in Montgomery multiplication by rolling working set of registers and preloading them with the next inputs a couple iterations in advance. Unsure if the memory load didn't have enough execution port next to a MULX/ADCX/ADOX cycle or an issue with filling the instruction cache.
  2. Trying to skip the final substraction in addition chains to accelerate square root which is a bottleneck in hashToG2 and point deserialization.

@mratsim
Add specific fromMont conversion routine. Rename montyResidue to getMont
f53ae84
@mratsim
missed test file
5d09a63
@mratsim
Add x86_64 ASM for fromMont
f13343e
@mratsim
Add x86_64 MULX/ADCX/ADOX for fromMont
3521779
@mratsim
rework Montgomery Multiplication with prefetch/latency hiding techniques
3c3d32d
@mratsim
Fix ADX autodetection, closes #174. Rollback faster mul_mont attempt,…
d20807c 
… no improvement and debug pain.
@mratsim
finalSub in fromMont & adx_bmi -> adx
0ef1889
@mratsim
Some {.noInit.} to avoid Nim zeroMem (which should be optimized away …
6e936e5 
…but who knows)
@mratsim
Uniformize name 'op+domain': mulmod - mulmont
2b2b32f
@mratsim
Fix asm codegen bug "0x0000555555565930 <+896>: sbb 0x20(%r8),%r8" wi…
7ba1557 
…th Clang in final substraction
@mratsim
Prepare for skipping final substraction
5679053
@mratsim
Don't forget to copy the result when we skip the final substraction
2d99788
@mratsim
Seems like we need to stash the idea of skipping the final substracti…
cd9f77d 
…on for now, needs bounds analysis https://eprint.iacr.org/2017/1057.pdf
@mratsim
fix condition for ASM 32-bit
d7c5362
@mratsim
Copy link
Owner Author

mratsim commented Feb 13, 2022

BLST, with Clang and --march=native to ensure ADX on the same machine:

image

image

@mratsim mratsim merged commit 14af7e8 into master Feb 13, 2022
@mratsim mratsim deleted the mont_repr_refactor branch February 13, 2022 23:17
@mratsim mratsim mentioned this pull request Feb 14, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@mratsim