Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

core/vm, crypto/bn256: switch over to cloudflare library #16203

Merged
merged 4 commits into from
Mar 5, 2018

Conversation

karalabe
Copy link
Member

@karalabe karalabe commented Feb 27, 2018

This PR switches over our bn256 implementation from the legacy one from the Go crypto libs to an optimized one from Cloudflare.

Only amd64 is switched for now, since the Cloudflare library is currently missing the pure Go implementations of the Montgomery arithmetics. We can either keep it as is, or do a complete switch over when those methods are done too.

The numbers speak for themselves:

benchmark                                                           old ns/op     new ns/op     delta
BenchmarkPrecompiledBn256Add/chfast1-Gas=500-8                      40623         15617         -61.56%
BenchmarkPrecompiledBn256Add/chfast2-Gas=500-8                      43234         15678         -63.74%
BenchmarkPrecompiledBn256Add/cdetrio1-Gas=500-8                     1713          1150          -32.87%
BenchmarkPrecompiledBn256Add/cdetrio2-Gas=500-8                     1744          1206          -30.85%
BenchmarkPrecompiledBn256Add/cdetrio3-Gas=500-8                     1788          1194          -33.22%
BenchmarkPrecompiledBn256Add/cdetrio4-Gas=500-8                     1834          1287          -29.83%
BenchmarkPrecompiledBn256Add/cdetrio5-Gas=500-8                     1690          1179          -30.24%
BenchmarkPrecompiledBn256Add/cdetrio6-Gas=500-8                     1891          1520          -19.62%
BenchmarkPrecompiledBn256Add/cdetrio7-Gas=500-8                     1906          1605          -15.79%
BenchmarkPrecompiledBn256Add/cdetrio8-Gas=500-8                     1938          1596          -17.65%
BenchmarkPrecompiledBn256Add/cdetrio9-Gas=500-8                     1888          1520          -19.49%
BenchmarkPrecompiledBn256Add/cdetrio10-Gas=500-8                    1924          1547          -19.59%
BenchmarkPrecompiledBn256Add/cdetrio11-Gas=500-8                    7788          15989         +105.30%
BenchmarkPrecompiledBn256Add/cdetrio12-Gas=500-8                    7708          16444         +113.34%
BenchmarkPrecompiledBn256Add/cdetrio13-Gas=500-8                    41501         15710         -62.15%
BenchmarkPrecompiledBn256Add/cdetrio14-Gas=500-8                    7982          2265          -71.62%
BenchmarkPrecompiledBn256ScalarMul/chfast1-Gas=40000-8              500984        53631         -89.29%
BenchmarkPrecompiledBn256ScalarMul/chfast2-Gas=40000-8              2023476       181793        -91.02%
BenchmarkPrecompiledBn256ScalarMul/chfast3-Gas=40000-8              1992901       185778        -90.68%
BenchmarkPrecompiledBn256ScalarMul/cdetrio1-Gas=40000-8             3149056       269549        -91.44%
BenchmarkPrecompiledBn256ScalarMul/cdetrio6-Gas=40000-8             3082008       285537        -90.74%
BenchmarkPrecompiledBn256ScalarMul/cdetrio11-Gas=40000-8            3244112       284201        -91.24%
BenchmarkPrecompiledBn256Pairing/jeff1-Gas=260000-8                 21546192      3657435       -83.03%
BenchmarkPrecompiledBn256Pairing/jeff2-Gas=260000-8                 21613716      3601799       -83.34%
BenchmarkPrecompiledBn256Pairing/jeff3-Gas=260000-8                 21852891      3782695       -82.69%
BenchmarkPrecompiledBn256Pairing/jeff4-Gas=340000-8                 27219272      4916754       -81.94%
BenchmarkPrecompiledBn256Pairing/jeff5-Gas=340000-8                 27710506      4828358       -82.58%
BenchmarkPrecompiledBn256Pairing/jeff6-Gas=260000-8                 21430090      3610365       -83.15%
BenchmarkPrecompiledBn256Pairing/empty_data-Gas=100000-8            1866736       1204914       -35.45%
BenchmarkPrecompiledBn256Pairing/one_point-Gas=180000-8             14826080      2400148       -83.81%
BenchmarkPrecompiledBn256Pairing/two_point_match_2-Gas=260000-8     12992812      3620667       -72.13%
BenchmarkPrecompiledBn256Pairing/two_point_match_3-Gas=260000-8     20693274      3606990       -82.57%
BenchmarkPrecompiledBn256Pairing/two_point_match_4-Gas=260000-8     20737192      3620692       -82.54%
BenchmarkPrecompiledBn256Pairing/ten_point_match_1-Gas=900000-8     55797165      13377560      -76.02%
BenchmarkPrecompiledBn256Pairing/ten_point_match_2-Gas=900000-8     70033805      13458465      -80.78%
BenchmarkPrecompiledBn256Pairing/ten_point_match_3-Gas=260000-8     21560618      3749917       -82.61%
benchmark                                                           old allocs     new allocs     delta
BenchmarkPrecompiledBn256Add/chfast1-Gas=500-8                      111            16             -85.59%
BenchmarkPrecompiledBn256Add/chfast2-Gas=500-8                      111            16             -85.59%
BenchmarkPrecompiledBn256Add/cdetrio1-Gas=500-8                     28             11             -60.71%
BenchmarkPrecompiledBn256Add/cdetrio2-Gas=500-8                     29             12             -58.62%
BenchmarkPrecompiledBn256Add/cdetrio3-Gas=500-8                     29             12             -58.62%
BenchmarkPrecompiledBn256Add/cdetrio4-Gas=500-8                     30             13             -56.67%
BenchmarkPrecompiledBn256Add/cdetrio5-Gas=500-8                     28             11             -60.71%
BenchmarkPrecompiledBn256Add/cdetrio6-Gas=500-8                     34             11             -67.65%
BenchmarkPrecompiledBn256Add/cdetrio7-Gas=500-8                     34             11             -67.65%
BenchmarkPrecompiledBn256Add/cdetrio8-Gas=500-8                     35             12             -65.71%
BenchmarkPrecompiledBn256Add/cdetrio9-Gas=500-8                     34             11             -67.65%
BenchmarkPrecompiledBn256Add/cdetrio10-Gas=500-8                    34             11             -67.65%
BenchmarkPrecompiledBn256Add/cdetrio11-Gas=500-8                    97             16             -83.51%
BenchmarkPrecompiledBn256Add/cdetrio12-Gas=500-8                    97             16             -83.51%
BenchmarkPrecompiledBn256Add/cdetrio13-Gas=500-8                    111            16             -85.59%
BenchmarkPrecompiledBn256Add/cdetrio14-Gas=500-8                    79             15             -81.01%
BenchmarkPrecompiledBn256ScalarMul/chfast1-Gas=40000-8              1675           13             -99.22%
BenchmarkPrecompiledBn256ScalarMul/chfast2-Gas=40000-8              6616           13             -99.80%
BenchmarkPrecompiledBn256ScalarMul/chfast3-Gas=40000-8              6590           13             -99.80%
BenchmarkPrecompiledBn256ScalarMul/cdetrio1-Gas=40000-8             10646          13             -99.88%
BenchmarkPrecompiledBn256ScalarMul/cdetrio6-Gas=40000-8             10621          13             -99.88%
BenchmarkPrecompiledBn256ScalarMul/cdetrio11-Gas=40000-8            10632          13             -99.88%
BenchmarkPrecompiledBn256Pairing/jeff1-Gas=260000-8                 57649          980            -98.30%
BenchmarkPrecompiledBn256Pairing/jeff2-Gas=260000-8                 57697          980            -98.30%
BenchmarkPrecompiledBn256Pairing/jeff3-Gas=260000-8                 57649          980            -98.30%
BenchmarkPrecompiledBn256Pairing/jeff4-Gas=340000-8                 73670          1458           -98.02%
BenchmarkPrecompiledBn256Pairing/jeff5-Gas=340000-8                 73651          1458           -98.02%
BenchmarkPrecompiledBn256Pairing/jeff6-Gas=260000-8                 57652          979            -98.30%
BenchmarkPrecompiledBn256Pairing/empty_data-Gas=100000-8            11444          24             -99.79%
BenchmarkPrecompiledBn256Pairing/one_point-Gas=180000-8             41236          501            -98.79%
BenchmarkPrecompiledBn256Pairing/two_point_match_2-Gas=260000-8     42678          980            -97.70%
BenchmarkPrecompiledBn256Pairing/two_point_match_3-Gas=260000-8     57200          980            -98.29%
BenchmarkPrecompiledBn256Pairing/two_point_match_4-Gas=260000-8     57218          980            -98.29%
BenchmarkPrecompiledBn256Pairing/ten_point_match_1-Gas=900000-8     166872         4794           -97.13%
BenchmarkPrecompiledBn256Pairing/ten_point_match_2-Gas=900000-8     183120         4794           -97.38%
BenchmarkPrecompiledBn256Pairing/ten_point_match_3-Gas=260000-8     57218          980            -98.29%
benchmark                                                           old bytes     new bytes     delta
BenchmarkPrecompiledBn256Add/chfast1-Gas=500-8                      7242          784           -89.17%
BenchmarkPrecompiledBn256Add/chfast2-Gas=500-8                      7258          784           -89.20%
BenchmarkPrecompiledBn256Add/cdetrio1-Gas=500-8                     1056          624           -40.91%
BenchmarkPrecompiledBn256Add/cdetrio2-Gas=500-8                     1120          688           -38.57%
BenchmarkPrecompiledBn256Add/cdetrio3-Gas=500-8                     1120          688           -38.57%
BenchmarkPrecompiledBn256Add/cdetrio4-Gas=500-8                     1184          752           -36.49%
BenchmarkPrecompiledBn256Add/cdetrio5-Gas=500-8                     1056          624           -40.91%
BenchmarkPrecompiledBn256Add/cdetrio6-Gas=500-8                     1312          624           -52.44%
BenchmarkPrecompiledBn256Add/cdetrio7-Gas=500-8                     1312          624           -52.44%
BenchmarkPrecompiledBn256Add/cdetrio8-Gas=500-8                     1376          688           -50.00%
BenchmarkPrecompiledBn256Add/cdetrio9-Gas=500-8                     1312          624           -52.44%
BenchmarkPrecompiledBn256Add/cdetrio10-Gas=500-8                    1312          624           -52.44%
BenchmarkPrecompiledBn256Add/cdetrio11-Gas=500-8                    4425          784           -82.28%
BenchmarkPrecompiledBn256Add/cdetrio12-Gas=500-8                    4425          784           -82.28%
BenchmarkPrecompiledBn256Add/cdetrio13-Gas=500-8                    7258          784           -89.20%
BenchmarkPrecompiledBn256Add/cdetrio14-Gas=500-8                    4617          752           -83.71%
BenchmarkPrecompiledBn256ScalarMul/chfast1-Gas=40000-8              154577        648           -99.58%
BenchmarkPrecompiledBn256ScalarMul/chfast2-Gas=40000-8              620314        648           -99.90%
BenchmarkPrecompiledBn256ScalarMul/chfast3-Gas=40000-8              618207        648           -99.90%
BenchmarkPrecompiledBn256ScalarMul/cdetrio1-Gas=40000-8             991382        648           -99.93%
BenchmarkPrecompiledBn256ScalarMul/cdetrio6-Gas=40000-8             989721        648           -99.93%
BenchmarkPrecompiledBn256ScalarMul/cdetrio11-Gas=40000-8            990473        648           -99.93%
BenchmarkPrecompiledBn256Pairing/jeff1-Gas=260000-8                 3654796       103952        -97.16%
BenchmarkPrecompiledBn256Pairing/jeff2-Gas=260000-8                 3661029       103952        -97.16%
BenchmarkPrecompiledBn256Pairing/jeff3-Gas=260000-8                 3655395       103952        -97.16%
BenchmarkPrecompiledBn256Pairing/jeff4-Gas=340000-8                 4727285       152576        -96.77%
BenchmarkPrecompiledBn256Pairing/jeff5-Gas=340000-8                 4724338       152576        -96.77%
BenchmarkPrecompiledBn256Pairing/jeff6-Gas=260000-8                 3654892       103920        -97.16%
BenchmarkPrecompiledBn256Pairing/empty_data-Gas=100000-8            215208        6784          -96.85%
BenchmarkPrecompiledBn256Pairing/one_point-Gas=180000-8             2461539       55328         -97.75%
BenchmarkPrecompiledBn256Pairing/two_point_match_2-Gas=260000-8     2106352       103952        -95.06%
BenchmarkPrecompiledBn256Pairing/two_point_match_3-Gas=260000-8     3526109       103952        -97.05%
BenchmarkPrecompiledBn256Pairing/two_point_match_4-Gas=260000-8     3528730       103952        -97.05%
BenchmarkPrecompiledBn256Pairing/ten_point_match_1-Gas=900000-8     9603924       492880        -94.87%
BenchmarkPrecompiledBn256Pairing/ten_point_match_2-Gas=900000-8     11531116      492880        -95.73%
BenchmarkPrecompiledBn256Pairing/ten_point_match_3-Gas=260000-8     3528715       103952        -97.05%

@karalabe karalabe added this to the 1.8.2 milestone Feb 27, 2018
@karalabe karalabe requested review from fjl, holiman and nagydani February 27, 2018 13:26
@fjl
Copy link
Contributor

fjl commented Feb 27, 2018

It doesn't build on Go 1.7.

@karalabe
Copy link
Member Author

karalabe commented Feb 27, 2018

Let's drop support for Go 1.7. It's ancient and we wanted to start stop supporting it (to allow using 1.8 features).

@karalabe karalabe force-pushed the bn256-optimizations branch from f35236e to 231a8e2 Compare March 1, 2018 10:33
}

func (c *curvePoint) String() string {
c.MakeAffine()
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This modifies c. I don't like it that printing a variable modifies it. I suggest :

func (c *curvePoint) String() string {
	d := &curvePoint{}
	d.Set(c)
	d.MakeAffine()
	x, y := &gfP{}, &gfP{}
	montDecode(x, &d.x)
	montDecode(y, &d.y)
	return "(" + x.String() + ", " + y.String() + ")"
}

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is what both the Google and Cloudflare code does. I'd rather not screw around with modifying the internals of a crypto library we don't understand.


// IsOnCurve returns true iff c is on the curve.
func (c *curvePoint) IsOnCurve() bool {
c.MakeAffine()
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This also modifies the curve c. It us sysed from bn256.go:Unmarshal. Is this correct, in all cases?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is what both the Google and Cloudflare code does. I'd rather not screw around with modifying the internals of a crypto library we don't understand.

@karalabe karalabe merged commit bd6879a into ethereum:master Mar 5, 2018
@ValarDragon
Copy link

Why is the lattice branch of https://github.com/cloudflare/bn256/tree/lattices not used, since it speeds up arithmetic on the individual curves.

@holiman
Copy link
Contributor

holiman commented Mar 11, 2018

@ValarDragon because it's not implemented for our particular curve (...yet..)

@shamatar
Copy link

Is there an operation (scalar multiplication and point addition) reduction planned after these speed ups?

Also, this “lattice” branch mentioned above should have brought further speed up of non-pairing ops, @karalabe what was a reason not to use it at the first place?

@karalabe
Copy link
Member Author

Is there an operation (scalar multiplication and point addition) reduction planned after these speed ups?

We'll evaluate the speed with the new code and compared to the other clients too. Would be nice, yes.

Also, this “lattice” branch mentioned above should have brought further speed up of non-pairing ops, @karalabe what was a reason not to use it at the first place?

It needs special curve parameter calculations that need a cryptographer who can actually do it :) We have it since then, but hit a few snags. It may be included in the next release.

@shamatar
Copy link

Hello @karalabe

Are those parameters actually endomorphism parameters?

Sincerely, Alex

prestonvanloon pushed a commit to prestonvanloon/go-ethereum that referenced this pull request Apr 2, 2018
)

* core/vm, crypto/bn256: switch over to cloudflare library

* crypto/bn256: unmarshal constraint + start pure go impl

* crypto/bn256: combo cloudflare and google lib

* travis: drop 386 test job
mariameda pushed a commit to NiluPlatform/go-nilu that referenced this pull request Aug 23, 2018
)

* core/vm, crypto/bn256: switch over to cloudflare library

* crypto/bn256: unmarshal constraint + start pure go impl

* crypto/bn256: combo cloudflare and google lib

* travis: drop 386 test job
}

// u is the BN parameter that determines the prime: 1868033³.
var u = bigFromBase10("4965661367192848881")
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

May I know why those value of constant variables are not same as the cloudflare/google branch, for example, var u = bigFromBase10("6518589491078791937"). Based on the comment of this line, 1868033³ also equal to 6518589491078791937, not 4965661367192848881

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants