From c0857984d0d318eaba594be06e9179166f7fe8ca Mon Sep 17 00:00:00 2001 From: Jonathan Wang <31040440+jonathanpwang@users.noreply.github.com> Date: Fri, 1 Sep 2023 15:37:46 -0700 Subject: [PATCH] feat(msm): start running sum from `max_bits` The summation by parts at the end of each pippenger bucket is doing an addition with identity unnecessarily for unused bits --- halo2_proofs/src/arithmetic.rs | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/halo2_proofs/src/arithmetic.rs b/halo2_proofs/src/arithmetic.rs index 161f37569f..9c7242a36a 100644 --- a/halo2_proofs/src/arithmetic.rs +++ b/halo2_proofs/src/arithmetic.rs @@ -60,7 +60,7 @@ fn multiexp_serial(coeffs: &[C::Scalar], bases: &[C], acc: &mut tmp as usize } - let segments = (256 / c) + 1; + let segments = (C::Scalar::NUM_BITS as usize + c - 1) / c; // this can be optimized let mut coeffs_in_segments = Vec::with_capacity(segments); @@ -125,8 +125,10 @@ fn multiexp_serial(coeffs: &[C::Scalar], bases: &[C], acc: &mut let mut buckets: Vec> = vec![Bucket::None; (1 << c) - 1]; + let mut max_bits = 0; for (coeff, base) in coeffs_seg.into_iter().zip(bases.iter()) { if coeff != 0 { + max_bits = cmp::max(max_bits, coeff); buckets[coeff - 1].add_assign(base); } } @@ -136,7 +138,7 @@ fn multiexp_serial(coeffs: &[C::Scalar], bases: &[C], acc: &mut // (a) + b + // ((a) + b) + c let mut running_sum = C::Curve::identity(); - for exp in buckets.into_iter().rev() { + for exp in buckets.into_iter().take(max_bits).rev() { running_sum = exp.add(running_sum); *acc = *acc + &running_sum; }