feat: range proof performance and notation fixes #103
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
There was a problem hiding this comment.
@AaronFeickert, thanks for adding the performance discussion and other refinements.
The only outstanding question is the relative proving time between BP and BP+. Initial benchmarks showed that BP+ is 30% more expensive on average. I quote the previous version of the RFC:
#### BP vs. BP+ (creation)
BP+ creation is 30% slower than BP.
| Size | BP Med (ms) | BP+ Med (ms) | Diff Med (%) |
|------|-------------|--------------|--------------|
| 1 | 16.29 | 21.24 | 130% |
| 2 | 31.63 | 41.08 | 130% |
| 4 | 60.47 | 80.46 | 133% |
| 8 | 119.18 | 156.56 | 131% |
| 16 | 240.18 | 306.03 | 127% |
| 32 | 460.67 | 598.57 | 130% |
| | | Average | 130% |
|
Should proving complexity be considered important enough to include? They're often given much less weight since they're typically one-off operations whose complexity is irrelevant to verifiers. A one-time increase of a few milliseconds (to a prover) doesn't matter in the same way that a million increases of a few milliseconds (to a verifier) would be. |
|
I think it is important to add something, yes. It can always be put into context, as you pointed out. I would imagine that on some devices proving time would matter, like on a mobile phone when transactions are created. |
CjS77
pushed a commit
that referenced
this pull request
Sep 14, 2023
Description --- Adds a brief note about range proof proving efficiency. Adds rough benchmarks against Bulletproofs. Motivation and Context --- It was [suggested](#103 (comment)) to add information about proving efficiency to range proof [RFC-0181](https://rfc.tari.com/RFC-0181_BulletproofsPlus.html). Quantifying proving efficiency is more subtle than verification efficiency, since proof generation doesn't reduce to a multiscalar multiplication operation and requires a variable number of rounds. Instead of bogging down the RFC with a long list of group element operation counts, this PR adds a more general note. Informal benchmark comparing the [Tari implementation](https://github.com/tari-project/bulletproofs-plus) to the [corresponding Bulletproofs fork](https://github.com/tari-project/bulletproofs) are included. How Has This Been Tested? --- The changes build and appear to render correctly.
CjS77
pushed a commit
that referenced
this pull request
Dec 19, 2023
Description --- Adds a brief note about range proof proving efficiency. Adds rough benchmarks against Bulletproofs. Motivation and Context --- It was [suggested](#103 (comment)) to add information about proving efficiency to range proof [RFC-0181](https://rfc.tari.com/RFC-0181_BulletproofsPlus.html). Quantifying proving efficiency is more subtle than verification efficiency, since proof generation doesn't reduce to a multiscalar multiplication operation and requires a variable number of rounds. Instead of bogging down the RFC with a long list of group element operation counts, this PR adds a more general note. Informal benchmark comparing the [Tari implementation](https://github.com/tari-project/bulletproofs-plus) to the [corresponding Bulletproofs fork](https://github.com/tari-project/bulletproofs) are included. How Has This Been Tested? --- The changes build and appear to render correctly.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Updates range proof RFC-0181 to add comparative performance data and improve notation.
Closes #102.
Motivation and Context
An earlier PR removed outdated benchmark data, but it was suggested to include reasonable comparative performance data against Bulletproofs. This data has been added for both proof size and verification complexity.
Some notation was incomplete or incorrect. In particular, sum and index bounds were left implicit in many places, and indexing relating to mask recovery was incorrect. Both of these have been addressed.
How Has This Been Tested?
The changes build and appear to render correctly.