pairing
pairing copied to clipboard
Published
20 hours ago •
matter-labs
matter-labs
Implements support MNT4 and MNT6 (753 bits)
Implements support for MNT4 and MNT6
Changes
- Two engines for MNT4 and MNT6
- The testing include the full algebraic test suite (engine, groups and fields)
- The random generator is functional for G2 elements
- A checked specification for both curves
- Some fixes for benchmarks
Benchmarks
(Obtained on a Dell XPS 15 with an Intel Core i7 processor)
test mnt4_753::bench_pairing_final_exponentiation ... bench: 998,891 ns/iter (+/- 61,095)
test mnt4_753::bench_pairing_full ... bench: 1,745,460 ns/iter (+/- 30,674)
test mnt4_753::bench_pairing_g1_preparation ... bench: 14 ns/iter (+/- 0)
test mnt4_753::bench_pairing_g2_preparation ... bench: 189,141 ns/iter (+/- 10,490)
test mnt4_753::bench_pairing_miller_loop ... bench: 535,895 ns/iter (+/- 18,953)
test mnt4_753::ec::g1::bench_g1_add_assign ... bench: 550 ns/iter (+/- 28)
test mnt4_753::ec::g1::bench_g1_add_assign_mixed ... bench: 439 ns/iter (+/- 33)
test mnt4_753::ec::g1::bench_g1_mul_assign ... bench: 159,584 ns/iter (+/- 9,957)
test mnt4_753::ec::g2::bench_g2_add_assign ... bench: 4,081 ns/iter (+/- 122)
test mnt4_753::ec::g2::bench_g2_add_assign_mixed ... bench: 2,851 ns/iter (+/- 5)
test mnt4_753::ec::g2::bench_g2_mul_assign ... bench: 860,419 ns/iter (+/- 91,518)
test mnt4_753::fq2::bench_fq2_add_assign ... bench: 44 ns/iter (+/- 1)
test mnt4_753::fq2::bench_fq2_inverse ... bench: 40,781 ns/iter (+/- 3,122)
test mnt4_753::fq2::bench_fq2_mul_assign ... bench: 1,130 ns/iter (+/- 80)
test mnt4_753::fq2::bench_fq2_sqrt ... bench: 1,103,130 ns/iter (+/- 353,512)
test mnt4_753::fq2::bench_fq2_squaring ... bench: 927 ns/iter (+/- 28)
test mnt4_753::fq2::bench_fq2_sub_assign ... bench: 46 ns/iter (+/- 1)
test mnt4_753::fq4::bench_fq4_add_assign ... bench: 85 ns/iter (+/- 1)
test mnt4_753::fq4::bench_fq4_inverse ... bench: 42,007 ns/iter (+/- 8,622)
test mnt4_753::fq4::bench_fq4_mul_assign ... bench: 3,482 ns/iter (+/- 130)
test mnt4_753::fq4::bench_fq4_squaring ... bench: 3,280 ns/iter (+/- 213)
test mnt4_753::fq4::bench_fq4_sub_assign ... bench: 85 ns/iter (+/- 8)
test mnt4_753::fq::bench_fq_add_assign ... bench: 21 ns/iter (+/- 0)
test mnt4_753::fq::bench_fq_from_repr ... bench: 252 ns/iter (+/- 14)
test mnt4_753::fq::bench_fq_into_repr ... bench: 137 ns/iter (+/- 4)
test mnt4_753::fq::bench_fq_inverse ... bench: 34,657 ns/iter (+/- 3,041)
test mnt4_753::fq::bench_fq_mul_assign ... bench: 230 ns/iter (+/- 4)
test mnt4_753::fq::bench_fq_negate ... bench: 20 ns/iter (+/- 0)
test mnt4_753::fq::bench_fq_repr_add_nocarry ... bench: 13 ns/iter (+/- 0)
test mnt4_753::fq::bench_fq_repr_div2 ... bench: 10 ns/iter (+/- 0)
test mnt4_753::fq::bench_fq_repr_mul2 ... bench: 15 ns/iter (+/- 3)
test mnt4_753::fq::bench_fq_repr_num_bits ... bench: 4 ns/iter (+/- 0)
test mnt4_753::fq::bench_fq_repr_sub_noborrow ... bench: 18 ns/iter (+/- 0)
test mnt4_753::fq::bench_fq_sqrt ... bench: 788,760 ns/iter (+/- 39,088)
test mnt4_753::fq::bench_fq_square ... bench: 217 ns/iter (+/- 3)
test mnt4_753::fq::bench_fq_sub_assign ... bench: 23 ns/iter (+/- 11)
test mnt4_753::fr::bench_fr_add_assign ... bench: 20 ns/iter (+/- 0)
test mnt4_753::fr::bench_fr_from_repr ... bench: 261 ns/iter (+/- 6)
test mnt4_753::fr::bench_fr_into_repr ... bench: 140 ns/iter (+/- 11)
test mnt4_753::fr::bench_fr_inverse ... bench: 39,230 ns/iter (+/- 1,348)
test mnt4_753::fr::bench_fr_mul_assign ... bench: 327 ns/iter (+/- 13)
test mnt4_753::fr::bench_fr_negate ... bench: 29 ns/iter (+/- 0)
test mnt4_753::fr::bench_fr_repr_add_nocarry ... bench: 22 ns/iter (+/- 0)
test mnt4_753::fr::bench_fr_repr_div2 ... bench: 15 ns/iter (+/- 8)
test mnt4_753::fr::bench_fr_repr_mul2 ... bench: 27 ns/iter (+/- 0)
test mnt4_753::fr::bench_fr_repr_num_bits ... bench: 8 ns/iter (+/- 0)
test mnt4_753::fr::bench_fr_repr_sub_noborrow ... bench: 31 ns/iter (+/- 7)
test mnt4_753::fr::bench_fr_sqrt ... bench: 937,621 ns/iter (+/- 42,484)
test mnt4_753::fr::bench_fr_square ... bench: 248 ns/iter (+/- 0)
test mnt4_753::fr::bench_fr_sub_assign ... bench: 25 ns/iter (+/- 6)
test mnt6_753::bench_pairing_final_exponentiation ... bench: 1,099,490 ns/iter (+/- 5,732)
test mnt6_753::bench_pairing_full ... bench: 2,058,537 ns/iter (+/- 272,484)
test mnt6_753::bench_pairing_g1_preparation ... bench: 16 ns/iter (+/- 0)
test mnt6_753::bench_pairing_g2_preparation ... bench: 200,764 ns/iter (+/- 869)
test mnt6_753::bench_pairing_miller_loop ... bench: 571,110 ns/iter (+/- 22,497)
test mnt6_753::ec::g1::bench_g1_add_assign ... bench: 596 ns/iter (+/- 23)
test mnt6_753::ec::g1::bench_g1_add_assign_mixed ... bench: 471 ns/iter (+/- 7)
test mnt6_753::ec::g1::bench_g1_mul_assign ... bench: 154,415 ns/iter (+/- 5,627)
test mnt6_753::ec::g2::bench_g2_add_assign ... bench: 4,068 ns/iter (+/- 70)
test mnt6_753::ec::g2::bench_g2_add_assign_mixed ... bench: 2,863 ns/iter (+/- 50)
test mnt6_753::ec::g2::bench_g2_mul_assign ... bench: 947,165 ns/iter (+/- 32,786)
test mnt6_753::fq3::bench_fq3_add_assign ... bench: 71 ns/iter (+/- 4)
test mnt6_753::fq3::bench_fq3_inverse ... bench: 43,361 ns/iter (+/- 1,424)
test mnt6_753::fq3::bench_fq3_mul_assign ... bench: 2,502 ns/iter (+/- 303)
test mnt6_753::fq3::bench_fq3_sqrt ... bench: 3,778,068 ns/iter (+/- 2,954,122)
test mnt6_753::fq3::bench_fq3_squaring ... bench: 2,241 ns/iter (+/- 528)
test mnt6_753::fq3::bench_fq3_sub_assign ... bench: 89 ns/iter (+/- 60)
test mnt6_753::fq6::bench_fq6_add_assign ... bench: 166 ns/iter (+/- 22)
test mnt6_753::fq6::bench_fq6_inverse ... bench: 60,423 ns/iter (+/- 7,811)
test mnt6_753::fq6::bench_fq6_mul_assign ... bench: 8,605 ns/iter (+/- 890)
test mnt6_753::fq6::bench_fq6_squaring ... bench: 6,418 ns/iter (+/- 1,696)
test mnt6_753::fq6::bench_fq6_sub_assign ... bench: 152 ns/iter (+/- 22)
test mnt6_753::fq::bench_fq_add_assign ... bench: 22 ns/iter (+/- 5)
test mnt6_753::fq::bench_fq_from_repr ... bench: 352 ns/iter (+/- 228)
test mnt6_753::fq::bench_fq_into_repr ... bench: 168 ns/iter (+/- 13)
test mnt6_753::fq::bench_fq_inverse ... bench: 45,217 ns/iter (+/- 10,955)
test mnt6_753::fq::bench_fq_mul_assign ... bench: 315 ns/iter (+/- 86)
test mnt6_753::fq::bench_fq_negate ... bench: 25 ns/iter (+/- 1)
test mnt6_753::fq::bench_fq_repr_add_nocarry ... bench: 19 ns/iter (+/- 5)
test mnt6_753::fq::bench_fq_repr_div2 ... bench: 13 ns/iter (+/- 1)
test mnt6_753::fq::bench_fq_repr_mul2 ... bench: 20 ns/iter (+/- 3)
test mnt6_753::fq::bench_fq_repr_num_bits ... bench: 5 ns/iter (+/- 1)
test mnt6_753::fq::bench_fq_repr_sub_noborrow ... bench: 19 ns/iter (+/- 0)
test mnt6_753::fq::bench_fq_sqrt ... bench: 817,132 ns/iter (+/- 226,900)
test mnt6_753::fq::bench_fq_square ... bench: 232 ns/iter (+/- 35)
test mnt6_753::fq::bench_fq_sub_assign ... bench: 24 ns/iter (+/- 2)
test mnt6_753::fr::bench_fr_add_assign ... bench: 21 ns/iter (+/- 0)
test mnt6_753::fr::bench_fr_from_repr ... bench: 268 ns/iter (+/- 8)
test mnt6_753::fr::bench_fr_into_repr ... bench: 145 ns/iter (+/- 1)
test mnt6_753::fr::bench_fr_inverse ... bench: 42,182 ns/iter (+/- 2,082)
test mnt6_753::fr::bench_fr_mul_assign ... bench: 320 ns/iter (+/- 60)
test mnt6_753::fr::bench_fr_negate ... bench: 26 ns/iter (+/- 11)
test mnt6_753::fr::bench_fr_repr_add_nocarry ... bench: 18 ns/iter (+/- 6)
test mnt6_753::fr::bench_fr_repr_div2 ... bench: 10 ns/iter (+/- 0)
test mnt6_753::fr::bench_fr_repr_mul2 ... bench: 15 ns/iter (+/- 1)
test mnt6_753::fr::bench_fr_repr_num_bits ... bench: 4 ns/iter (+/- 0)
test mnt6_753::fr::bench_fr_repr_sub_noborrow ... bench: 17 ns/iter (+/- 0)
test mnt6_753::fr::bench_fr_sqrt ... bench: 778,973 ns/iter (+/- 46,712)
test mnt6_753::fr::bench_fr_square ... bench: 215 ns/iter (+/- 123)
test mnt6_753::fr::bench_fr_sub_assign ... bench: 19 ns/iter (+/- 6)
Notes
For some reason, bellman crashes when using any of these on a tiny circuit with a thread has overflowed its stack error. Those crashes happens during the proving time are most likely related to an incompatibility with the current implementation of bellman and 768 bits integers.
