Skip to content

Commit

Permalink
using fast vartime invert for non-secret values to improve verificati…
Browse files Browse the repository at this point in the history 
…on time
  • Loading branch information
@olegfomenko
olegfomenko committed May 17, 2024
1 parent 238055a commit 4ea4054
Show file tree
Hide file tree
Showing 5 changed files with 23 additions and 16 deletions.
19 changes: 11 additions & 8 deletions macbook-m3-pro-36GB-bench-result.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,14 +6,17 @@ test tests::wnla_works ... ignored

test result: ok. 0 passed; 0 failed; 3 ignored; 0 measured; 0 filtered out; finished in 0.00s

prove time: [17.483 ms 17.568 ms 17.663 ms]
change: [+0.3062% +0.9068% +1.5902%] (p = 0.00 < 0.05)
prove time: [14.589 ms 14.643 ms 14.712 ms]
change: [-2.0559% -1.2499% -0.5348%] (p = 0.00 < 0.05)
Change within noise threshold.
Found 2 outliers among 100 measurements (2.00%)
1 (1.00%) high mild
1 (1.00%) high severe
Found 8 outliers among 100 measurements (8.00%)
3 (3.00%) high mild
5 (5.00%) high severe

verify time: [5.7575 ms 5.7969 ms 5.8373 ms]
change: [+0.3293% +1.1936% +2.1047%] (p = 0.01 < 0.05)
Change within noise threshold.
verify time: [3.7790 ms 3.7809 ms 3.7831 ms]
change: [-1.5729% -1.5166% -1.4506%] (p = 0.00 < 0.05)
Performance has improved.
Found 10 outliers among 100 measurements (10.00%)
6 (6.00%) high mild
4 (4.00%) high severe

11 changes: 6 additions & 5 deletions src/circuit.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
use std::ops::{Add, Mul, Sub};
use k256::{AffinePoint, ProjectivePoint, Scalar};
use k256::elliptic_curve::ops::Invert;
use k256::elliptic_curve::rand_core::{CryptoRng, RngCore};
use merlin::Transcript;
use serde::{Deserialize, Serialize};
Expand Down Expand Up @@ -186,11 +187,11 @@ impl<P> ArithmeticCircuit<P>
transcript::app_point(b"commitment_cs", &proof.c_s, t);

let tau = transcript::get_challenge(b"circuit_tau", t);
let tau_inv = tau.invert().unwrap();
let tau_inv = tau.invert_vartime().unwrap();
let tau2 = tau.mul(&tau);
let tau3 = tau2.mul(&tau);

let delta_inv = delta.invert().unwrap();
let delta_inv = delta.invert_vartime().unwrap();

let mut pn_tau = vector_mul_on_scalar(&c_nO, &tau3.mul(&delta_inv));
pn_tau = vector_sub(&pn_tau, &vector_mul_on_scalar(&c_nL, &tau2));
Expand Down Expand Up @@ -395,7 +396,7 @@ impl<P> ArithmeticCircuit<P>
let mut f_ = vec![Scalar::ZERO; 8];

let delta2 = delta.mul(&delta);
let delta_inv = delta.invert().unwrap();
let delta_inv = delta.invert_vartime().unwrap();

// -2
f_[0] = minus(&weight_vector_mul(&ns, &ns, &mu));
Expand Down Expand Up @@ -447,7 +448,7 @@ impl<P> ArithmeticCircuit<P>
// 6
f_[7] = minus(&vector_mul(&c_lO, &v_1).mul(&delta_inv).mul(&Scalar::from(2u32)));

let beta_inv = beta.invert().unwrap();
let beta_inv = beta.invert_vartime().unwrap();

let rs = vec![
f_[1].add(ro[1].mul(&delta).mul(&beta)),
Expand All @@ -467,7 +468,7 @@ impl<P> ArithmeticCircuit<P>
transcript::app_point(b"commitment_cs", &cs, t);

let tau = transcript::get_challenge(b"circuit_tau", t);
let tau_inv = tau.invert().unwrap();
let tau_inv = tau.invert_vartime().unwrap();
let tau2 = tau.mul(&tau);
let tau3 = tau2.mul(&tau);

Expand Down
3 changes: 2 additions & 1 deletion src/range_proof/reciprocal.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@
use std::ops::{Add, Mul};
use k256::{AffinePoint, ProjectivePoint, Scalar};
use k256::elliptic_curve::ops::Invert;
use k256::elliptic_curve::rand_core::{CryptoRng, RngCore};
use merlin::Transcript;
use serde::{Deserialize, Serialize};
Expand Down Expand Up @@ -177,7 +178,7 @@ impl ReciprocalRangeProofProtocol {

(0..dim_nm).for_each(|i|
(0..dim_no).for_each(|j|
W_l[i + 1][j + 2 * dim_nm] = minus(&(e.add(Scalar::from(j as u32)).invert().unwrap()))
W_l[i + 1][j + 2 * dim_nm] = minus(&(e.add(Scalar::from(j as u32)).invert_vartime().unwrap()))
)
);

Expand Down
3 changes: 2 additions & 1 deletion src/util.rs
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
use std::cmp::max;
use std::ops::{Add, Mul, Sub};
use k256::elliptic_curve::Field;
use k256::elliptic_curve::ops::Invert;
use k256::Scalar;

pub fn reduce<T>(v: &[T]) -> (Vec<T>, Vec<T>) where T: Copy {
Expand Down Expand Up @@ -115,7 +116,7 @@ pub fn vector_tensor_mul<'a, T>(a: &'a [T], b: &'a [Scalar]) -> Vec<T>
}

pub fn diag_inv(x: &Scalar, n: usize) -> Vec<Vec<Scalar>> {
let x_inv = x.invert().unwrap();
let x_inv = x.invert_vartime().unwrap();
let mut val = Scalar::ONE;

(0..n).map(|i|
Expand Down
3 changes: 2 additions & 1 deletion src/wnla.rs
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,7 @@
//! Definition and implementation of the Bulletproofs++ weight norm linear argument protocol.
use std::ops::{Add, Mul};
use k256::{AffinePoint, ProjectivePoint, Scalar};
use k256::elliptic_curve::ops::Invert;
use merlin::Transcript;
use serde::{Deserialize, Serialize};
use crate::transcript;
Expand Down Expand Up @@ -131,7 +132,7 @@ impl WeightNormLinearArgument {
};
}

let rho_inv = self.rho.invert().unwrap();
let rho_inv = self.rho.invert_vartime().unwrap();

let (c0, c1) = reduce(&self.c);
let (l0, l1) = reduce(&l);
Expand Down

0 comments on commit 4ea4054

Please sign in to comment.