perf: use windowed method for bn254 small msm (#1046)

openvm-org · Dec 15, 2024 · 2088ad4 · 2088ad4
1 parent f8a9af6
commit 2088ad4
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 3 deletions.
diff --git a/extensions/ecc/guest/src/k256/mod.rs b/extensions/ecc/guest/src/k256/mod.rs
@@ -68,7 +68,7 @@ impl IntrinsicCurve for k256::Secp256k1 {
     {
         // heuristic
         if coeffs.len() < 25 {
-            let table = CachedMulTable::<k256::Secp256k1>::new_with_prime_order(bases, 4);
+            let table = CachedMulTable::<Self>::new_with_prime_order(bases, 4);
             table.windowed_mul(coeffs)
         } else {
             crate::msm(coeffs, bases)

diff --git a/extensions/pairing/guest/src/bn254/mod.rs b/extensions/pairing/guest/src/bn254/mod.rs
@@ -2,7 +2,10 @@ use core::ops::{Add, AddAssign, Neg};
 
 use openvm_algebra_guest::{Field, IntMod};
 use openvm_algebra_moduli_setup::moduli_declare;
-use openvm_ecc_guest::{weierstrass::IntrinsicCurve, CyclicGroup, Group};
+use openvm_ecc_guest::{
+    weierstrass::{CachedMulTable, IntrinsicCurve},
+    CyclicGroup, Group,
+};
 
 mod fp12;
 mod fp2;
@@ -146,7 +149,20 @@ impl IntrinsicCurve for Bn254 {
     type Scalar = Scalar;
     type Point = G1Affine;
 
-    // TODO: msm optimization
+    fn msm(coeffs: &[Self::Scalar], bases: &[Self::Point]) -> Self::Point
+    where
+        for<'a> &'a Self::Point: Add<&'a Self::Point, Output = Self::Point>,
+    {
+        // heuristic
+        if coeffs.len() < 25 {
+            // BN254(Fp) is of prime order by Weil conjecture:
+            // <https://hackmd.io/@jpw/bn254#Subgroup-check-for-mathbb-G_1>
+            let table = CachedMulTable::<Self>::new_with_prime_order(bases, 4);
+            table.windowed_mul(coeffs)
+        } else {
+            openvm_ecc_guest::msm(coeffs, bases)
+        }
+    }
 }
 
 impl PairingIntrinsics for Bn254 {