From d27dd92af9f12c7127a66e069215b4a2c5f46355 Mon Sep 17 00:00:00 2001 From: wborgeaud Date: Mon, 9 Aug 2021 13:08:09 +0200 Subject: [PATCH] Some more optimization --- src/fri/recursive_verifier.rs | 15 +++++++++++++-- src/gadgets/polynomial.rs | 24 +++++++----------------- src/gates/insertion.rs | 14 ++++++++++---- src/plonk/plonk_common.rs | 11 ++++++----- 4 files changed, 36 insertions(+), 28 deletions(-) diff --git a/src/fri/recursive_verifier.rs b/src/fri/recursive_verifier.rs index d771e884..5eb95a34 100644 --- a/src/fri/recursive_verifier.rs +++ b/src/fri/recursive_verifier.rs @@ -195,6 +195,7 @@ impl, const D: usize> CircuitBuilder { assert!(D > 1, "Not implemented for D=1."); let config = self.config.clone(); let degree_log = proof.evals_proofs[0].1.siblings.len() - config.rate_bits; + let one = self.one_extension(); let subgroup_x = self.convert_to_ext(subgroup_x); let vanish_zeta = self.sub_extension(subgroup_x, zeta); let mut alpha = ReducingFactorTarget::new(alpha); @@ -245,8 +246,18 @@ impl, const D: usize> CircuitBuilder { ], subgroup_x, ); - let zs_numerator = self.sub_extension(zs_composition_eval, interpol_val); - let vanish_zeta_right = self.sub_extension(subgroup_x, zeta_right); + let tmp = self.double_arithmetic_extension( + F::ONE, + F::NEG_ONE, + one, + zs_composition_eval, + interpol_val, + one, + subgroup_x, + zeta_right, + ); + let zs_numerator = tmp.0; + let vanish_zeta_right = tmp.1; let zs_denominator = self.mul_extension(vanish_zeta, vanish_zeta_right); // This division is safe because the denominator will be nonzero unless zeta is in the // codeword domain, which occurs with negligible probability given a large extension field. diff --git a/src/gadgets/polynomial.rs b/src/gadgets/polynomial.rs index 089046e6..3d371c53 100644 --- a/src/gadgets/polynomial.rs +++ b/src/gadgets/polynomial.rs @@ -2,6 +2,7 @@ use crate::field::extension_field::target::{ExtensionAlgebraTarget, ExtensionTar use crate::field::extension_field::Extendable; use crate::iop::target::Target; use crate::plonk::circuit_builder::CircuitBuilder; +use crate::util::reducing::ReducingFactorTarget; pub struct PolynomialCoeffsExtTarget(pub Vec>); @@ -15,12 +16,9 @@ impl PolynomialCoeffsExtTarget { builder: &mut CircuitBuilder, point: Target, ) -> ExtensionTarget { - let mut acc = builder.zero_extension(); - for &c in self.0.iter().rev() { - let tmp = builder.scalar_mul_ext(point, acc); - acc = builder.add_extension(tmp, c); - } - acc + let point = builder.convert_to_ext(point); + let mut point = ReducingFactorTarget::new(point); + point.reduce(&self.0, builder) } pub fn eval>( @@ -28,12 +26,8 @@ impl PolynomialCoeffsExtTarget { builder: &mut CircuitBuilder, point: ExtensionTarget, ) -> ExtensionTarget { - let mut acc = builder.zero_extension(); - for &c in self.0.iter().rev() { - let tmp = builder.mul_extension(point, acc); - acc = builder.add_extension(tmp, c); - } - acc + let mut point = ReducingFactorTarget::new(point); + point.reduce(&self.0, builder) } } @@ -50,10 +44,7 @@ impl PolynomialCoeffsExtAlgebraTarget { { let mut acc = builder.zero_ext_algebra(); for &c in self.0.iter().rev() { - // let tmp = builder.scalar_mul_ext_algebra(point, acc); - // acc = builder.add_ext_algebra(tmp, c); acc = builder.scalar_mul_add_ext_algebra(point, acc, c); - // acc = builder.add_ext_algebra(tmp, c); } acc } @@ -68,8 +59,7 @@ impl PolynomialCoeffsExtAlgebraTarget { { let mut acc = builder.zero_ext_algebra(); for &c in self.0.iter().rev() { - let tmp = builder.mul_ext_algebra(point, acc); - acc = builder.add_ext_algebra(tmp, c); + acc = builder.mul_add_ext_algebra(point, acc, c); } acc } diff --git a/src/gates/insertion.rs b/src/gates/insertion.rs index 2dd5bee8..a793463e 100644 --- a/src/gates/insertion.rs +++ b/src/gates/insertion.rs @@ -187,14 +187,20 @@ impl, const D: usize> Gate for InsertionGate { let mut new_item = builder.scalar_mul_ext_algebra(insert_here, element_to_insert); if r > 0 { - let to_add = builder.scalar_mul_ext_algebra(already_inserted, list_items[r - 1]); - new_item = builder.add_ext_algebra(new_item, to_add); + new_item = builder.scalar_mul_add_ext_algebra( + already_inserted, + list_items[r - 1], + new_item, + ); } already_inserted = builder.add_extension(already_inserted, insert_here); if r < self.vec_size { let not_already_inserted = builder.sub_extension(one, already_inserted); - let to_add = builder.scalar_mul_ext_algebra(not_already_inserted, list_items[r]); - new_item = builder.add_ext_algebra(new_item, to_add); + new_item = builder.scalar_mul_add_ext_algebra( + not_already_inserted, + list_items[r], + new_item, + ); } // Output constraint. diff --git a/src/plonk/plonk_common.rs b/src/plonk/plonk_common.rs index fb083764..05812688 100644 --- a/src/plonk/plonk_common.rs +++ b/src/plonk/plonk_common.rs @@ -1,5 +1,7 @@ use std::borrow::Borrow; +use num::Integer; + use crate::field::extension_field::target::ExtensionTarget; use crate::field::extension_field::Extendable; use crate::field::field_types::Field; @@ -7,6 +9,7 @@ use crate::fri::commitment::SALT_SIZE; use crate::iop::target::Target; use crate::plonk::circuit_builder::CircuitBuilder; use crate::polynomial::polynomial::PolynomialCoeffs; +use crate::util::reducing::ReducingFactorTarget; /// Holds the Merkle tree index and blinding flag of a set of polynomials used in FRI. #[derive(Debug, Copy, Clone)] @@ -181,11 +184,9 @@ pub(crate) fn reduce_with_powers_ext_recursive, const D: usize> terms: &[ExtensionTarget], alpha: Target, ) -> ExtensionTarget { - let mut sum = builder.zero_extension(); - for &term in terms.iter().rev() { - sum = builder.scalar_mul_add_extension(alpha, sum, term); - } - sum + let alpha = builder.convert_to_ext(alpha); + let mut alpha = ReducingFactorTarget::new(alpha); + alpha.reduce(terms, builder) } /// Reduce a sequence of field elements by the given coefficients.