feat: optimize computation of DEEP queries

chore: update changelog chore: address feedback Signed-off-by: Al-Kindi-0 <82364884+Al-Kindi-0@users.noreply.github.com>
0xPolygonMiden · Dec 19, 2024 · 23e6bd9 · 23e6bd9
1 parent b7ff6c8
commit 23e6bd9
Show file tree

Hide file tree

Showing 4 changed files with 92 additions and 60 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -12,6 +12,7 @@
 
 #### Enhancements
 - Added `miden_core::mast::MastForest::advice_map` to load it into the advice provider before the `MastForest` execution (#1574).
+- Optimized the computation of the DEEP queries in the recursive verifier (#1594).
 
 ## 0.11.0 (2024-11-04)
 

diff --git a/stdlib/asm/crypto/stark/constants.masm b/stdlib/asm/crypto/stark/constants.masm
@@ -97,6 +97,7 @@ const.TMP5=4294903319
 const.TMP6=4294903320
 const.TMP7=4294903321
 const.TMP8=4294903322
+const.TMP9=4294903323
 
 
 
@@ -135,6 +136,7 @@ const.TMP8=4294903322
 #   | TMP6                                     |       4294903320        |
 #   | TMP7                                     |       4294903321        |
 #   | TMP8                                     |       4294903322        |
+#   | TMP9                                     |       4294903323        |
 #   +------------------------------------------+-------------------------+
 
 # ACCESSORS
@@ -305,3 +307,7 @@ end
 export.tmp8
     push.TMP8
 end
+
+export.tmp9
+    push.TMP9
+end
diff --git a/stdlib/asm/crypto/stark/deep_queries.masm b/stdlib/asm/crypto/stark/deep_queries.masm
@@ -127,22 +127,23 @@ end
 #! Loads the next query rows in the main, auxiliary and constraint composition polynomials traces.
 #! It takes a pointer to the current random query index and returns that index.
 #!
-#! Input: [query_ptr, ...]
-#! Output: [index, query_ptr, ...]
+#! Input: [Y, query_ptr, ...]
+#! Output: [Y, Y, index, query_ptr, ...]
+#!
+#! where:
+#! - Y is a "garbage" word.
 #!
-#! Cycles: 219
+#! Cycles: 206
 proc.load_query_row
     # Main trace portion of the query
 
     ## Get the next query index
-    padw
     dup.4
     mem_loadw
-    swap
-    #=> [depth, index, y, y, query_ptr, ...]
+    #=> [index, depth, y, y, query_ptr, ...] where y are "garbage" values
 
     ## Get main trace commitment and use it to get the leaf
-    movup.3 movup.3
+    movdn.3 movdn.2
     push.0.0
     exec.constants::main_trace_com_ptr mem_loadw
     #=>[R, depth, index, query_ptr, ...]
@@ -273,50 +274,48 @@ proc.load_query_row
     assert_eq
     #=> [Y, ptr, y, y, y, depth, index, query_ptr, ...]
 
-    dropw dropw drop
-    #=> [index, query_ptr, ...]
+    drop
+    #=> [Y, Y, index, query_ptr, ...]
 end
 
 #! Takes a query index and computes x := offset * domain_gen^index. It also computes the denominators
 #! (x - z) and (x - gz).
 #!
-#! Input: [index, ...]
-#! Output: [Z, x, index, ...]  where Z := [-gz1, x -gz0, -z1, x - z0]
+#! Input: [Y, Y, index, ...]
+#! Output: [Z, Y, x, index, ...]  
+#!
+#! where:
+#! - Z := [-gz1, x -gz0, -z1, x - z0]
+#! - Y is a "garbage" word
 #!
-#! Cycles: 68
+#! Cycles: 58
 proc.compute_denominators
     # Compute x = offset * domain_gen^index
-    padw
     exec.constants::lde_size_ptr mem_loadw
-    #=> [lde_size, depth, domain_gen, 0, index, ...]
+    #=> [lde_size, depth, domain_gen, 0, Y, index, ...]
     movup.2
-    dup.4
+    dup.8
     exp.u32
     exec.constants::domain_offset mul
-    #=> [x, lde_size, depth, 0, index, ...]
+    #=> [x, lde_size, depth, 0, Y, index, ...]
 
     # Get z and gz from memory
     movdn.3
-    #=> [lde_size, depth, 0, x, index, ...]
+    #=> [lde_size, depth, 0, x, Y, index, ...]
     push.0
     exec.constants::tmp1 mem_loadw
-    #=> [gz1, gz0, z1, z0, x, index, ...]
+    #=> [-z0, -gz0, -gz1, -z1, x, Y, index, ...]
 
-    # Compute Z := [-z1, x - z0, -gz1, x -gz0]
-    neg
-    dup.4
-    movup.2
-    sub
-    #=> [x-gz0, -gz1, z1, z0, x, index, ...]
+    dup.4 add
+    #=> [x-z0, -gz0, -gz1, -z1, x, Y, index, ...]
     movdn.3
-    movdn.2
-    #=> [z1, z0, -gz1, x-gz0, x, index, ...]
-    neg
-    movdn.3
-    dup.4 swap
-    sub
-    movdn.3
-    #=> [Z, x, index, ...] where Z := [-gz1, x -gz0, -z1, x - z0]
+    #=> [-gz0, -gz1, -z1, x-z0, x, Y, index, ...]
+
+    movup.4 dup movdn.9
+    #=> [x, -gz0, -gz1, -z1, x-z0, Y, x, index, ...]
+
+    add swap
+    #=> [-gz1, x - gz0, -z1, x-z0, Y, x, index, ...]
 end
 
 #! Computes the random linear combination involving the main trace columns and accumulates
@@ -429,7 +428,7 @@ proc.combine_constraint_poly_columns
     dropw
     swapw
     exec.constants::tmp3 mem_loadw
-    #=> [Acc3, Acc2, y, y, y, y, Acc1`, Acc0`, ...]
+    #=> [Acc3, Acc2, y, y, y, y, Acc1`, Acc0`, ...] where y are "garbage" values
     movdn.5 movdn.5
     #=> [y, y, y, y, Acc3, Acc2, Acc1`, Acc0`, ...]
     dropw
@@ -466,12 +465,43 @@ end
 #! Compute the DEEP composition polynomial FRI queries.
 #!
 #! Input: [query_ptr, ...]
-#! Output: [...]
-#! Cycles: 6 + num_queries * 473
+#! Output: [query_ptr, ...]
+#! Cycles: 24 + num_queries * 445
 export.compute_deep_composition_polynomial_queries
+
+    # Get pointer to help test for the last query to be processed
     exec.constants::fri_com_ptr
     dup.1
-    #=>[query_ptr, query_end_ptr, ...]
+    # =>[query_ptr, query_end_ptr, query_ptr...]
+    # Store the pointers to:
+    # 1. random values for computing DEEP polynomial
+    # 2. OOD evaluation frame
+    # 3. trace row values for the current query
+    push.0
+    exec.constants::deep_rand_coef_ptr
+    exec.constants::ood_trace_ptr
+    exec.constants::current_trace_row_ptr
+    exec.constants::tmp9 mem_storew
+    # =>[Y, query_ptr, query_end_ptr, query_ptr, ...]
+
+    # Compute the negations of z and gz where z is the OOD point
+    # We do it here as this computation is common to all queries.
+    exec.constants::z_ptr mem_loadw
+    # => [zN_1, zN_0, z1, z0, query_ptr, query_end_ptr, query_ptr, ...]
+    drop drop
+    neg swap neg  
+    # => [-z0, -z1, query_ptr, query_end_ptr, query_ptr, ...]
+    dup.1 exec.constants::trace_domain_generator_ptr mem_load mul
+    # => [-gz1, -z0, -z1, query_ptr, query_end_ptr, query_ptr, ...]
+    swap
+    # => [-z0, -gz1, -z1, query_ptr, query_end_ptr, query_ptr, ...]
+    dup exec.constants::trace_domain_generator_ptr mem_load mul
+    # => [-gz0, -z0, -gz1, -z1, query_ptr, query_end_ptr, query_ptr, ...]
+    swap
+    # => [-z0, -gz0, -gz1, -z1, query_ptr, query_end_ptr, query_ptr, ...]
+    # Save to temporary location `tmp1` for later use when computing the denominators
+    exec.constants::tmp1 mem_storew
+    # => [Y, query_ptr, query_end_ptr, query_ptr, ...]
 
     push.1
     while.true
@@ -480,19 +510,18 @@ export.compute_deep_composition_polynomial_queries
         # Load the (main, aux, constraint)-traces rows associated with the current query and get
         # the index of the query.
         #
-        # Cycles: 219
+        # Cycles: 206
         exec.load_query_row
-        #=>[index, query_ptr, query_end_ptr, ...]
+        #=>[Y, Y, index, query_ptr, query_end_ptr, query_ptr, ...]
 
 
         # II)
         #
         # Compute x := offset * domain_gen^index and denominators (x - z) and (x - gz)
         #
-        # Cycles: 68
+        # Cycles: 58
         exec.compute_denominators
-        #=> [Z, x, index, query_ptr, query_end_ptr, ...] where Z := [-gz1, x - gz0, -z1, x - z0]
-
+        #=> [Z, Y, x, index, query_ptr, query_end_ptr, query_ptr, ...] where Z := [-gz1, x - gz0, -z1, x - z0]
 
         # III)
         #
@@ -503,40 +532,37 @@ export.compute_deep_composition_polynomial_queries
 
         ## a) Push pointers
         ##
-        ## Cycles: 4
-        push.0
-        exec.constants::deep_rand_coef_ptr
-        exec.constants::ood_trace_ptr
-        exec.constants::current_trace_row_ptr
-        #=> [P, Z, x, index, query_ptr, query_end_ptr, ...]
+        ## Cycles: 3
+        swapw exec.constants::tmp9 mem_loadw
+        #=> [P, Z, x, index, query_ptr, query_end_ptr, query_ptr, ...]
         # where P := [CURRENT_TRACE_ROW_PTR, OOD_TRACE_PTR, DEEP_RAND_CC_PTR, 0]
 
         ## b) Push the accumulators
         ##
         ## Cycles: 4
         padw
-        #=> [Acc, P, Z, x, index, query_ptr, query_end_ptr, ...]
+        #=> [Acc, P, Z, x, index, query_ptr, query_end_ptr, query_ptr, ...]
         #=> where Acc =: [Acc3, Acc2, Acc1, Acc0]
 
         ## c) This will be used to mstream the elements T_i(x)
         ##
         ## Cycles: 8
         padw padw
-        #=> [Y, Y, Acc, P, Z, x, index, query_ptr, query_end_ptr, ...]
+        #=> [Y, Y, Acc, P, Z, x, index, query_ptr, query_end_ptr, query_ptr, ...]
 
         ## d) Compute the random linear combination
         ##
         ## Cycles: 81 + 9 + 25 = 115
         exec.combine_main_trace_columns
         exec.combine_aux_trace_columns     
         exec.combine_constraint_poly_columns
-        #=> [Acc, Z, x, index, query_ptr, query_end_ptr, ...]
+        #=> [Acc, Z, x, index, query_ptr, query_end_ptr, query_ptr, ...]
 
         ## e) Divide by denominators and sum to get final result
         ##
         ## Cycles: 38
         exec.divide_by_denominators_and_sum
-        #=> [eval1, eval0, x, index, query_ptr, query_end_ptr, ...]
+        #=> [eval1, eval0, x, index, query_ptr, query_end_ptr, query_ptr, ...]
 
 
         # IV)
@@ -549,22 +575,21 @@ export.compute_deep_composition_polynomial_queries
         ## Cycles: 4
         movup.3 movup.3
         exec.constants::domain_offset_inv mul
-        #=> [poe, index, eval1, eval0, query_ptr, query_end_ptr, ...]
+        #=> [poe, index, eval1, eval0, query_ptr, query_end_ptr, query_ptr, ...]
 
         ## b) Store [eval0, eval1, index, poe]
         ##
         ## Cycles: 5
         dup.4 add.1 swap.5
         mem_storew
-        #=> [poe, index, eval1, eval0, query_ptr+1, query_end_ptr, ...]
+        #=> [poe, index, eval1, eval0, query_ptr+1, query_end_ptr, query_ptr, ...]
 
         ## c) Prepare stack for next iteration
         ##
-        ## Cycles: 8
-        dropw
-        dup.1 dup.1
+        ## Cycles: 4
+        dup.5 dup.5
         neq
         #=> [?, query_ptr+1, query_end_ptr, ...]
     end
-    drop drop
+    dropw drop drop
 end
diff --git a/stdlib/asm/crypto/stark/verifier.masm b/stdlib/asm/crypto/stark/verifier.masm
@@ -28,9 +28,9 @@ use.std::crypto::stark::constants
 #! Output: []
 #! Cycles:
 #!  1- Remainder codeword size 32:
-#!   4975 + num_queries * (40 + num_fri_layers * 76 + 26 + 473) + 83 * num_fri_layers + 10 * log(trace_length) + 1633
+#!   4985 + num_queries * (40 + num_fri_layers * 76 + 26 + 445) + 83 * num_fri_layers + 10 * log(trace_length) + 1633
 #!  2- Remainder codeword size 64:
-#!   4975 + num_queries * (40 + num_fri_layers * 76 + 26 + 473) + 83 * num_fri_layers + 10 * log(trace_length) + 3109
+#!   4985 + num_queries * (40 + num_fri_layers * 76 + 26 + 445) + 83 * num_fri_layers + 10 * log(trace_length) + 3109
 export.verify
 
     #==============================================================================================
@@ -221,7 +221,7 @@ export.verify
 
     # Compute deep compostion polynomial queries
     #
-    # Cycles: 14 + num_queries * 473
+    # Cycles: 24 + num_queries * 445
     #=> [query_ptr, ...]
     exec.deep_queries::compute_deep_composition_polynomial_queries
     #=> [query_ptr, ...]