Fix 50% perf regression (2x with GCC) on binary GCD based inversion (#135)

* Fix 50% perf regresion Revert part of #95, fix #134

* Deactivate inversion via addition chain for BW6-761. 2x slower than Euclid
This commit is contained in:
Mamy Ratsimbazafy 2021-01-23 21:44:22 +01:00 committed by GitHub
parent 82819b1b10
commit 5b1d280486
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 30 additions and 15 deletions

View File

@ -246,16 +246,22 @@ func cadd*(a: var Limbs, b: Limbs, ctl: SecretBool): Carry =
## The carry is always computed whether ctl is true or false ## The carry is always computed whether ctl is true or false
## ##
## Time and memory accesses are the same whether a copy occurs or not ## Time and memory accesses are the same whether a copy occurs or not
var t = a result = Carry(0)
result = t.add(b) var sum: SecretWord
a.ccopy(t, ctl) for i in 0 ..< a.len:
addC(result, sum, a[i], b[i], result)
ctl.ccopy(a[i], sum)
func cadd*(a: var Limbs, w: SecretWord, ctl: SecretBool): Carry = func cadd*(a: var Limbs, w: SecretWord, ctl: SecretBool): Borrow =
## Limbs conditional addition, sub a number that fits in a word ## Limbs conditional addition, sub a number that fits in a word
## Returns the borrow ## Returns the borrow
var t = a result = Carry(0)
result = t.add(w) var diff: SecretWord
a.ccopy(t, ctl) addC(result, diff, a[0], w, result)
ctl.ccopy(a[0], diff)
for i in 1 ..< a.len:
addC(result, diff, a[i], Zero, result)
ctl.ccopy(a[i], diff)
func csub*(a: var Limbs, b: Limbs, ctl: SecretBool): Borrow = func csub*(a: var Limbs, b: Limbs, ctl: SecretBool): Borrow =
## Limbs conditional substraction ## Limbs conditional substraction
@ -266,16 +272,22 @@ func csub*(a: var Limbs, b: Limbs, ctl: SecretBool): Borrow =
## The borrow is always computed whether ctl is true or false ## The borrow is always computed whether ctl is true or false
## ##
## Time and memory accesses are the same whether a copy occurs or not ## Time and memory accesses are the same whether a copy occurs or not
var t = a result = Borrow(0)
result = t.sub(b) var diff: SecretWord
a.ccopy(t, ctl) for i in 0 ..< a.len:
subB(result, diff, a[i], b[i], result)
ctl.ccopy(a[i], diff)
func csub*(a: var Limbs, w: SecretWord, ctl: SecretBool): Borrow = func csub*(a: var Limbs, w: SecretWord, ctl: SecretBool): Borrow =
## Limbs conditional substraction, sub a number that fits in a word ## Limbs conditional substraction, sub a number that fits in a word
## Returns the borrow ## Returns the borrow
var t = a result = Borrow(0)
result = t.sub(w) var diff: SecretWord
a.ccopy(t, ctl) subB(result, diff, a[0], w, result)
ctl.ccopy(a[0], diff)
for i in 1 ..< a.len:
subB(result, diff, a[i], Zero, result)
ctl.ccopy(a[i], diff)
func cneg*(a: var Limbs, ctl: CTBool) = func cneg*(a: var Limbs, ctl: CTBool) =
## Conditional negation. ## Conditional negation.

View File

@ -26,8 +26,11 @@ export
func hasInversionAddchain*(C: static Curve): static bool = func hasInversionAddchain*(C: static Curve): static bool =
# TODO: For now we don't activate the addition chains # TODO: For now we don't activate the addition chains
# for Secp256k1 # for Secp256k1
# Performance is slower than GCD # Performance is slower than GCD (to investigate)
when C in {BN254_Nogami, BN254_Snarks, BLS12_377, BLS12_381, BW6_761}: # For BW6-761 the addition chain is over 2x slower than Euclid-based inversion
# due to multiplication being so costly with 12 limbs (grows quadratically)
# while Euclid costs grows linearly.
when C in {BN254_Nogami, BN254_Snarks, BLS12_377, BLS12_381}:
true true
else: else:
false false