Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Expose Pippenger multiplication for combining multiple sigs of same msg #178

Merged
merged 4 commits into from
Aug 12, 2024

Conversation

etan-status
Copy link
Contributor

In many use cases, there are multiple signatures of the same message, e.g., Ethereum attestations often share the signed AttestationData.

For that situation, blst started exposing Pippenger multiplication to accelerate this use case. Multiscalar multiplication is much faster than individual scalar multiplication of each signature / pubkey.

Further optimizations may be achieved with parallel tiling, see the Rust binding code in the npoints >= 32 situation:

Likewise, multiple pubkeys / signatures may be loaded simultaneously using the new blst APIs.

We don't do either of these additional optimizations as our architecture does not readily support them. Pippenger multiplication alone already offers a significant speedup until prioritizing further optimizations.

------------------------------------------------------------------------------------------------------------------------------------
BLS verif of 6 msgs by 6 pubkeys                                                117.232 ops/s      8530098 ns/op     20471994 cycles
BLS verif of 6 sigs of same msg by 6 pubkeys (with blinding)                    553.186 ops/s      1807711 ns/op      4338371 cycles
BLS verif of 6 sigs of same msg by 6 pubkeys                                    724.279 ops/s      1380683 ns/op      3313617 cycles
------------------------------------------------------------------------------------------------------------------------------------
BLS verif of 60 msgs by 60 pubkeys                                               11.131 ops/s     89839743 ns/op    215615251 cycles
BLS verif of 60 sigs of same msg by 60 pubkeys (with blinding)                  238.059 ops/s      4200634 ns/op     10081380 cycles
BLS verif of 60 sigs of same msg by 60 pubkeys                                  680.634 ops/s      1469219 ns/op      3526031 cycles
------------------------------------------------------------------------------------------------------------------------------------
BLS verif of 180 msgs by 180 pubkeys                                              3.887 ops/s    257298895 ns/op    617517127 cycles
BLS verif of 180 sigs of same msg by 180 pubkeys (with blinding)                166.340 ops/s      6011785 ns/op     14428186 cycles
BLS verif of 180 sigs of same msg by 180 pubkeys                                536.938 ops/s      1862413 ns/op      4469689 cycles
------------------------------------------------------------------------------------------------------------------------------------

In many use cases, there are multiple signatures of the same message,
e.g., Ethereum attestations often share the signed `AttestationData`.

For that situation, `blst` started exposing Pippenger multiplication
to accelerate this use case. Multiscalar multiplication is much faster
than individual scalar multiplication of each signature / pubkey.

Further optimizations may be achieved with parallel tiling, see the Rust
binding code in the `npoints >= 32` situation:

- https://github.com/supranational/blst/blob/v0.3.13/bindings/rust/src/pippenger.rs

Likewise, multiple pubkeys / signatures may be loaded simultaneously
using the new `blst` APIs.

We don't do either of these additional optimizations as our architecture
does not readily support them. Pippenger multiplication alone already
offers a significant speedup until prioritizing further optimizations.

```
------------------------------------------------------------------------------------------------------------------------------------
BLS verif of 6 msgs by 6 pubkeys                                                117.232 ops/s      8530098 ns/op     20471994 cycles
BLS verif of 6 sigs of same msg by 6 pubkeys (with blinding)                    553.186 ops/s      1807711 ns/op      4338371 cycles
BLS verif of 6 sigs of same msg by 6 pubkeys                                    724.279 ops/s      1380683 ns/op      3313617 cycles
------------------------------------------------------------------------------------------------------------------------------------
BLS verif of 60 msgs by 60 pubkeys                                               11.131 ops/s     89839743 ns/op    215615251 cycles
BLS verif of 60 sigs of same msg by 60 pubkeys (with blinding)                  238.059 ops/s      4200634 ns/op     10081380 cycles
BLS verif of 60 sigs of same msg by 60 pubkeys                                  680.634 ops/s      1469219 ns/op      3526031 cycles
------------------------------------------------------------------------------------------------------------------------------------
BLS verif of 180 msgs by 180 pubkeys                                              3.887 ops/s    257298895 ns/op    617517127 cycles
BLS verif of 180 sigs of same msg by 180 pubkeys (with blinding)                166.340 ops/s      6011785 ns/op     14428186 cycles
BLS verif of 180 sigs of same msg by 180 pubkeys                                536.938 ops/s      1862413 ns/op      4469689 cycles
------------------------------------------------------------------------------------------------------------------------------------
```
@tersec tersec merged commit d5d595a into master Aug 12, 2024
15 checks passed
@tersec tersec deleted the dev/etan/bv-pippenger branch August 12, 2024 02:19
etan-status added a commit to status-im/nim-kzg4844 that referenced this pull request Aug 16, 2024
When both `nim-kzg4844` and `nim-blscurve` are used, have to ensure that
APIs related to Pippenger multiplication are patched consistently across
both libraries.

- status-im/nim-blscurve#178
etan-status added a commit to status-im/nim-kzg4844 that referenced this pull request Aug 16, 2024
When both `nim-kzg4844` and `nim-blscurve` are used, have to ensure that
APIs related to Pippenger multiplication are patched consistently across
both libraries.

- status-im/nim-blscurve#178
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants