perf(2-chains): apply fast path for constScalarMul edge cases

Consensys · Jan 29, 2024 · f3c3eeb · f3c3eeb
1 parent 831264f
commit f3c3eeb
Show file tree

Hide file tree

Showing 4 changed files with 25 additions and 53 deletions.
diff --git a/std/algebra/native/sw_bls12377/g1.go b/std/algebra/native/sw_bls12377/g1.go
@@ -315,6 +315,11 @@ func (P *G1Affine) constScalarMul(api frontend.API, Q G1Affine, s *big.Int, opts
 	if err != nil {
 		panic(err)
 	}
+	if s.BitLen() == 0 {
+		P.X = 0
+		P.Y = 0
+		return P
+	}
 	// see the comments in varScalarMul. However, two-bit lookup is cheaper if
 	// bits are constant and here it makes sense to use the table in the main
 	// loop.
@@ -323,15 +328,7 @@ func (P *G1Affine) constScalarMul(api frontend.API, Q G1Affine, s *big.Int, opts
 	s.Mod(s, cc.fr)
 	cc.phi1(api, &phiQ, &Q)
 
-	var k [2]big.Int
-	// if s=0, assign dummy 1s to k[0] and k[1]
-	if s.BitLen() == 0 {
-		k[0].SetInt64(1)
-		k[1].SetInt64(1)
-	} else {
-		k = ecc.SplitScalar(s, cc.glvBasis)
-	}
-
+	k := ecc.SplitScalar(s, cc.glvBasis)
 	if k[0].Sign() == -1 {
 		k[0].Neg(&k[0])
 		Q.Neg(api, Q)
@@ -399,12 +396,6 @@ func (P *G1Affine) constScalarMul(api frontend.API, Q G1Affine, s *big.Int, opts
 	Acc.Select(api, k[1].Bit(0), Acc, negPhiQ)
 	P.X, P.Y = Acc.X, Acc.Y
 
-	// if s=0, return P=(0,0)
-	if s.BitLen() == 0 {
-		P.X = 0
-		P.Y = 0
-	}
-
 	return P
 }
 

diff --git a/std/algebra/native/sw_bls12377/g2.go b/std/algebra/native/sw_bls12377/g2.go
@@ -325,6 +325,12 @@ func (P *g2AffP) constScalarMul(api frontend.API, Q g2AffP, s *big.Int, opts ...
 	if err != nil {
 		panic(err)
 	}
+	if s.BitLen() == 0 {
+		zero := fields_bls12377.E2{A0: 0, A1: 0}
+		P.X = zero
+		P.Y = zero
+		return P
+	}
 	// see the comments in varScalarMul. However, two-bit lookup is cheaper if
 	// bits are constant and here it makes sense to use the table in the main
 	// loop.
@@ -333,15 +339,7 @@ func (P *g2AffP) constScalarMul(api frontend.API, Q g2AffP, s *big.Int, opts ...
 	s.Mod(s, cc.fr)
 	cc.phi2(api, &phiQ, &Q)
 
-	var k [2]big.Int
-	// if s=0, assign dummy 1s to k[0] and k[1]
-	if s.BitLen() == 0 {
-		k[0].SetInt64(1)
-		k[1].SetInt64(1)
-	} else {
-		k = ecc.SplitScalar(s, cc.glvBasis)
-	}
-
+	k := ecc.SplitScalar(s, cc.glvBasis)
 	if k[0].Sign() == -1 {
 		k[0].Neg(&k[0])
 		Q.Neg(api, Q)
@@ -409,13 +407,6 @@ func (P *g2AffP) constScalarMul(api frontend.API, Q g2AffP, s *big.Int, opts ...
 	Acc.Select(api, k[1].Bit(0), Acc, negPhiQ)
 	P.X, P.Y = Acc.X, Acc.Y
 
-	// if s=0, return P=(0,0)
-	zero := fields_bls12377.E2{A0: 0, A1: 0}
-	if s.BitLen() == 0 {
-		P.X = zero
-		P.Y = zero
-	}
-
 	return P
 }
 

diff --git a/std/algebra/native/sw_bls24315/g1.go b/std/algebra/native/sw_bls24315/g1.go
@@ -314,6 +314,11 @@ func (P *G1Affine) constScalarMul(api frontend.API, Q G1Affine, s *big.Int, opts
 	if err != nil {
 		panic(err)
 	}
+	if s.BitLen() == 0 {
+		P.X = 0
+		P.Y = 0
+		return P
+	}
 	// see the comments in varScalarMul. However, two-bit lookup is cheaper if
 	// bits are constant and here it makes sense to use the table in the main
 	// loop.
@@ -322,15 +327,7 @@ func (P *G1Affine) constScalarMul(api frontend.API, Q G1Affine, s *big.Int, opts
 	s.Mod(s, cc.fr)
 	cc.phi1(api, &phiQ, &Q)
 
-	var k [2]big.Int
-	// if s=0, assign dummy 1s to k[0] and k[1]
-	if s.BitLen() == 0 {
-		k[0].SetInt64(1)
-		k[1].SetInt64(1)
-	} else {
-		k = ecc.SplitScalar(s, cc.glvBasis)
-	}
-
+	k := ecc.SplitScalar(s, cc.glvBasis)
 	if k[0].Sign() == -1 {
 		k[0].Neg(&k[0])
 		Q.Neg(api, Q)
@@ -398,12 +395,6 @@ func (P *G1Affine) constScalarMul(api frontend.API, Q G1Affine, s *big.Int, opts
 	Acc.Select(api, k[1].Bit(0), Acc, negPhiQ)
 	P.X, P.Y = Acc.X, Acc.Y
 
-	// if s=0, return P=(0,0)
-	if s.BitLen() == 0 {
-		P.X = 0
-		P.Y = 0
-	}
-
 	return P
 }
 

diff --git a/std/algebra/native/sw_bls24315/g2.go b/std/algebra/native/sw_bls24315/g2.go
@@ -325,6 +325,12 @@ func (P *g2AffP) constScalarMul(api frontend.API, Q g2AffP, s *big.Int, opts ...
 	if err != nil {
 		panic(err)
 	}
+	if s.BitLen() == 0 {
+		zero := fields_bls24315.E4{B0: fields_bls24315.E2{A0: 0, A1: 0}, B1: fields_bls24315.E2{A0: 0, A1: 0}}
+		P.X = zero
+		P.Y = zero
+		return P
+	}
 	// see the comments in varScalarMul. However, two-bit lookup is cheaper if
 	// bits are constant and here it makes sense to use the table in the main
 	// loop.
@@ -409,13 +415,6 @@ func (P *g2AffP) constScalarMul(api frontend.API, Q g2AffP, s *big.Int, opts ...
 	Acc.Select(api, k[1].Bit(0), Acc, negPhiQ)
 	P.X, P.Y = Acc.X, Acc.Y
 
-	// if s=0, return P=(0,0)
-	zero := fields_bls24315.E4{B0: fields_bls24315.E2{A0: 0, A1: 0}, B1: fields_bls24315.E2{A0: 0, A1: 0}}
-	if s.BitLen() == 0 {
-		P.X = zero
-		P.Y = zero
-	}
-
 	return P
 }