-
Notifications
You must be signed in to change notification settings - Fork 41
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Slow comitment to polynomial with blst_from_scratch #202
Comments
The function of interest is We discovered some time ago that when committing to polynomials of degree 2^15, the parallelized Variable Base Multiscalar Multiplication approach is much faster than the Pippenger's algorithm, and due to a deadline, we only let arkworks and zkcrypto implement it. What we can try to do is port this algorithm that was originally written by ZEXE (now Arkworks?) authors from zkcrypto to blst-from-scratch and mcl (we'll need it for EIP-4844 anyway): Though, I doubt we'll see any improvement for polynomials with degrees up to 8. |
We should try to port MSM to |
@nazar-pc just to be sure - do your polynomials have only 2^3 coefficients? Those optimizations usually start to show great results on a much higher scale. At the scale 2^3 speed is already µs (except verification which is slightly slower) so you likely will not notice the difference unless you have a special case. |
The benchmark was using |
Worth to check this paper. They claim 78% speed over |
@dariolina, you can take a look at ^ when you have time |
Thank you! I have also found this paper that claims 3-20% speedup over |
I found out that there already exists a Pippenger's implementation for supranational/blst rust binding, which appears to use buckets (a large grid for storing the results) and a thread pool for parallelization. Implemented it via d365801 which achieved the following results:
However, our |
For the use case I have in mind single-core performance would be more important. |
@belijzajac > great work! This seems related to the small samples. Both tests that crashed for us are because of this. Could you try to reproduce such issue in blst tests? So then we could submit to blst folks. @nazar-pc there is interesting situation with parallel vs non-parallel. We probably should stick to this concept: Non-parallel - means strictly single thread, no parallelism neither at cryptographic algorithms, neither in blobs batching. Parallel - means max parallelism, so parallelism would be used both at cryptographic algorithms and in order to parallelize blobs batching. This is a simple to understand approach, but because of parallel overhead there could be not the best results for some setups. |
I have migrated code from using https://github.com/dusk-network/plonk to
blst_from_scratch
and noticed improved performance except for committing to polynomial.Before:
After:
It is ~2x slower with
blst_from_scratch
, though I am not yet sure where slowness comes from.I'm committing to polynomial with 8 coefficients, while
FsKZGSettings
was initialized with scale of10
.The text was updated successfully, but these errors were encountered: