Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Sonic KZG10 can merge some pairing operations before pairing #85

Open
4 tasks
weikengchen opened this issue Aug 4, 2021 · 0 comments
Open
4 tasks

Sonic KZG10 can merge some pairing operations before pairing #85

weikengchen opened this issue Aug 4, 2021 · 0 comments
Labels
D-easy Difficulty: easy P-medium Priority: medium T-performance Type: performance improvements

Comments

@weikengchen
Copy link
Member

weikengchen commented Aug 4, 2021
edited
Loading

Summary

In Aleo, we notice that Sonic/AuroraLight KZG10 has space for optimization in the pairing equation check.
https://github.com/arkworks-rs/poly-commit/blob/master/src/sonic_pc/mod.rs#L106

Problem Definition

Currently, when Sonic handle k combined comms, it provides k+2 entries to the Millier loop.

         for (degree_bound, comm) in combined_comms.into_iter() {
            let shift_power = if let Some(degree_bound) = degree_bound {
                vk.get_shift_power(degree_bound)
                    .ok_or(Error::UnsupportedDegreeBound(degree_bound))?
            } else {
                vk.prepared_h.clone()
            };

            g1_projective_elems.push(comm);
            g2_prepared_elems.push(shift_power);
        }

        g1_projective_elems.push(-combined_adjusted_witness);
        g2_prepared_elems.push(vk.prepared_h.clone());

        g1_projective_elems.push(-combined_witness);
        g2_prepared_elems.push(vk.prepared_beta_h.clone());

However, indeed you can reduce it to l+2 where l is the number of combined comms that require a degree bound. Basically, all the entries where the second term is prepared_h can be put together.

Proposal

Sum the combined comms that do not require a degree bound first and then combine it with the existing entry about witness, on prepared_h.

For Admin Use

  • Not duplicate issue
  • Appropriate labels applied
  • Appropriate contributors tagged
  • Contributor assigned/self-assigned
@weikengchen weikengchen added T-feature Type: new features help wanted D-easy Difficulty: easy labels Aug 4, 2021
@weikengchen weikengchen mentioned this issue Aug 4, 2021
Merged
@Pratyush Pratyush added P-medium Priority: medium T-performance Type: performance improvements and removed help wanted T-feature Type: new features labels Sep 9, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
D-easy Difficulty: easy P-medium Priority: medium T-performance Type: performance improvements
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Pratyush @weikengchen