polyval: implement powers-of-H for soft backend
#281
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
tarcieri
force-pushed
the
polyval/powers-of-h-for-soft-backend
branch
from
bb3ed65 to
853866a
Compare
Loops over the input blocks performing `karatsuba` using powers-of-H and accumulating a wide product (in normal and bit-reversed form), then performing a final `mont_reduce`. This avoids performing a `mont_reduce` on each block (although to be fair, it just performs shifts/XORs and is not nearly as expensive as the multiplications in `karatsuba`). It could perhaps be improved by splitting `karatsuba` into `karatsuba1`/`karatsuba2` like the other backends and skipping the recombination/product assembly steps. This uses `1` as `FieldElement::DEFAULT_PARALLELISM` (which it seems was mistakenly set to `8` before) so this functionality is not on-by-default. It seems like it will probably not be much of a win without additional work. Even if it's not though, all backends now have the same structure and `soft` is not a weird special case when used with `N > 1`. Also adds a proptest that whatever parallel backend is in use produces equivalent results to a pure Rust serial implementation, using the `FieldElement` type's public API (namely `Add` and `Mul`) via the newly added `hazmat` feature.
tarcieri
force-pushed
the
polyval/powers-of-h-for-soft-backend
branch
from
853866a to
3fca7ce
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Loops over the input blocks performing
karatsubausing powers-of-H and accumulating a wide product (in normal and bit-reversed form), then performing a finalmont_reduce.This avoids performing a
mont_reduceon each block (although to be fair, it just performs shifts/XORs and is not nearly as expensive as the multiplications inkaratsuba). It could perhaps be improved by splittingkaratsubaintokaratsuba1/karatsuba2like the other backends and skipping the recombination/product assembly steps.This uses
1asFieldElement::DEFAULT_PARALLELISM(which it seems was mistakenly set to8before) so this functionality is not on-by-default. It seems like it will probably not be much of a win without additional work.Even if it's not though, all backends now have the same structure and
softis not a weird special case when used withN > 1.Also adds a proptest that whatever parallel backend is in use produces equivalent results to a pure Rust serial implementation, using the
FieldElementtype's public API (namelyAddandMul) via the newly addedhazmatfeature.