Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: field/goldilocks (more efficient 1-limb modulus arith) #177

Merged
merged 20 commits into from
May 10, 2022
Merged

feat: field/goldilocks (more efficient 1-limb modulus arith) #177

merged 20 commits into from
May 10, 2022

Conversation

gbotrel
Copy link
Collaborator

@gbotrel gbotrel commented Apr 29, 2022
edited
Loading

This PR adds field/goldilocks (q = 0xffffffff00000001) .

Mostly tunes the code generation for field arithmetic to produce more efficient code when len(modulus) == 1 limb; no assembly is generated (it would be counter productive) and no "goldilocks" specific tricks are used.

plonky2 paper mentions some "arithmetic tricks" that makes modular reduction efficient. In practice, perf is in the same range than the CIOS Montgomery reduction for 1-liimb.

closes #174

@gbotrel gbotrel requested a review from Tabaie April 29, 2022 18:18
@gbotrel gbotrel mentioned this pull request May 3, 2022
Closed
Tabaie
Tabaie requested changes May 3, 2022
View reviewed changes
field/generator/generator.go Outdated Show resolved Hide resolved
field/internal/templates/element/mul_cios.go Show resolved Hide resolved
field/internal/templates/element/inverse.go Outdated Show resolved Hide resolved
field/internal/templates/element/inverse.go Outdated Show resolved Hide resolved
field/internal/templates/element/base.go Outdated Show resolved Hide resolved
field/internal/templates/element/base.go

{{ template "reduce" .}}
{{ template "reduce" .}}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should reduce be in an else clause? There's no situation where we would need two reductions. Does it matter?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't understand the two reductions part / does it matter --> both code path must exist at the template level, when all bits are set and you have a carry to the last addition, then you need to reduce, but if not, you still need to check that z < q.

@gbotrel gbotrel linked an issue May 4, 2022 that may be closed by this pull request
field arithmetic should handle 1-limb modulus #174
Closed
@gbotrel gbotrel merged commit 7cf9daf into develop May 10, 2022
@gbotrel gbotrel deleted the feat/goldilocks branch May 10, 2022 00:44
@gbotrel gbotrel mentioned this pull request Aug 3, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Tabaie Tabaie Tabaie approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

field arithmetic should handle 1-limb modulus
2 participants
@gbotrel @Tabaie