-
Notifications
You must be signed in to change notification settings - Fork 17
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: range proof performance and notation fixes #103
feat: range proof performance and notation fixes #103
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@AaronFeickert, thanks for adding the performance discussion and other refinements.
The only outstanding question is the relative proving time between BP and BP+. Initial benchmarks showed that BP+ is 30% more expensive on average. I quote the previous version of the RFC:
#### BP vs. BP+ (creation)
BP+ creation is 30% slower than BP.
| Size | BP Med (ms) | BP+ Med (ms) | Diff Med (%) |
|------|-------------|--------------|--------------|
| 1 | 16.29 | 21.24 | 130% |
| 2 | 31.63 | 41.08 | 130% |
| 4 | 60.47 | 80.46 | 133% |
| 8 | 119.18 | 156.56 | 131% |
| 16 | 240.18 | 306.03 | 127% |
| 32 | 460.67 | 598.57 | 130% |
| | | Average | 130% |
Should proving complexity be considered important enough to include? They're often given much less weight since they're typically one-off operations whose complexity is irrelevant to verifiers. A one-time increase of a few milliseconds (to a prover) doesn't matter in the same way that a million increases of a few milliseconds (to a verifier) would be. |
I think it is important to add something, yes. It can always be put into context, as you pointed out. I would imagine that on some devices proving time would matter, like on a mobile phone when transactions are created. |
Description --- Adds a brief note about range proof proving efficiency. Adds rough benchmarks against Bulletproofs. Motivation and Context --- It was [suggested](#103 (comment)) to add information about proving efficiency to range proof [RFC-0181](https://rfc.tari.com/RFC-0181_BulletproofsPlus.html). Quantifying proving efficiency is more subtle than verification efficiency, since proof generation doesn't reduce to a multiscalar multiplication operation and requires a variable number of rounds. Instead of bogging down the RFC with a long list of group element operation counts, this PR adds a more general note. Informal benchmark comparing the [Tari implementation](https://github.com/tari-project/bulletproofs-plus) to the [corresponding Bulletproofs fork](https://github.com/tari-project/bulletproofs) are included. How Has This Been Tested? --- The changes build and appear to render correctly.
Description --- Adds a brief note about range proof proving efficiency. Adds rough benchmarks against Bulletproofs. Motivation and Context --- It was [suggested](#103 (comment)) to add information about proving efficiency to range proof [RFC-0181](https://rfc.tari.com/RFC-0181_BulletproofsPlus.html). Quantifying proving efficiency is more subtle than verification efficiency, since proof generation doesn't reduce to a multiscalar multiplication operation and requires a variable number of rounds. Instead of bogging down the RFC with a long list of group element operation counts, this PR adds a more general note. Informal benchmark comparing the [Tari implementation](https://github.com/tari-project/bulletproofs-plus) to the [corresponding Bulletproofs fork](https://github.com/tari-project/bulletproofs) are included. How Has This Been Tested? --- The changes build and appear to render correctly.
Description
Updates range proof RFC-0181 to add comparative performance data and improve notation.
Closes #102.
Motivation and Context
An earlier PR removed outdated benchmark data, but it was suggested to include reasonable comparative performance data against Bulletproofs. This data has been added for both proof size and verification complexity.
Some notation was incomplete or incorrect. In particular, sum and index bounds were left implicit in many places, and indexing relating to mask recovery was incorrect. Both of these have been addressed.
How Has This Been Tested?
The changes build and appear to render correctly.