Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Faster multiexps #12

Open
swasilyev opened this issue Jan 28, 2022 · 0 comments
Open

Faster multiexps #12

swasilyev opened this issue Jan 28, 2022 · 0 comments
Assignees
@swasilyev

Comments

@swasilyev
Copy link
Collaborator

swasilyev commented Jan 28, 2022
edited
Loading

  1. Generating KZG setup is a very special example of fixed-base multiexp: the single fixed base is multiplied by a series of scalars. Currently ark_ec::msm::FixedBase is used. How optimal is that?
    • Yao's algorithm is designed to compute powers of a single base.
    • Bernstein claims, section 7, that single-base Pippenger is optimal
    • Gnark has a special routine exactly for this single-base multiexp
      Actually this case is of lesser importance because parameters used in practice are created in this form once. After they are updated that is another problem.
  2. URS updates (those performed by a single party, not SRS updates during the 2nd phase of the MPC) seem no different from the next case. Proving validity of an update efficiently might be more challenging.
  3. Currently ark_ec::msm::VariableBase is used for computing KZG commitments. In most cases prover works with the same URS, so can afford some precomputations. How advantageous can it be. Interesting multiexp implementations i'm aware of:

https://eprint.iacr.org/2012/549.pdf is another popular paper on the topic
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@swasilyev swasilyev

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@swasilyev