You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Modern polynomial IOPs (Interactive Oracle Proofs) try to commit to only small values.
This is especially important for proving hash functions implemented via a bit-based approach (for xor/shift/rotate/...) vs lookup based approach. In that case, many scalars will be just 1.
One such optimization is to not double if the miniMSM coefs are all 0:
## Apply a mini-Multi-Scalar-Multiplication on [bitIndex, bitIndex+window)
## slice of all (coef, point) pairs
var windowSum{.noInit.}: typeof(r)
windowSum.bucketAccumReduce(
buckets, bitIndex, miniMsmKind, c,
coefs, points, N)
# 3. Mini-MSM on the slice [bitIndex, bitIndex+window)
r ~+= windowSum
when miniMsmKind != kBottomWindow:
for _ in0..< c:
r.double()
The bucketAccumReduce function for example might probably be modified to return if there is at-least a non-zero coefficient found so we do a single pass over the data.
The text was updated successfully, but these errors were encountered:
Modern polynomial IOPs (Interactive Oracle Proofs) try to commit to only small values.
This is especially important for proving hash functions implemented via a bit-based approach (for xor/shift/rotate/...) vs lookup based approach. In that case, many scalars will be just 1.
One such optimization is to not double if the miniMSM coefs are all 0:
constantine/constantine/math/elliptic/ec_multi_scalar_mul.nim
Lines 237 to 254 in dcc9310
The bucketAccumReduce function for example might probably be modified to return if there is at-least a non-zero coefficient found so we do a single pass over the data.
The text was updated successfully, but these errors were encountered: