feat: Parallel random blinder poly impl (privacy-scaling-explorations…

…#152) * feat: Parallelize `commit` blinder poly generator method Solves the concerns raised in privacy-scaling-explorations#151 related to the performance of the random poly generator inside of `commit`. Resolves: privacy-scaling-explorations#151 * chore: add `from_evals` for Polynomial * chore: add benches for commit_zk serial vs par * fix: Correct thread_seeds iter size * fix: Clippy * chore: apply review suggestions * fix: Inconsisten num of Scalars generated parallely This fix from @ed255 fixes an error on the code proposal which was rounding the num of Scalars to be generated and so, was producing failures. Co-authored-by: Edu <eduardsanou@posteo.net> * remove: legacy comments & code --------- Co-authored-by: Edu <eduardsanou@posteo.net>
CeciliaZ030 · Feb 28, 2023 · 4d93d01 · 4d93d01
1 parent afe4ef4
commit 4d93d01
Show file tree

Hide file tree

Showing 3 changed files with 99 additions and 6 deletions.
diff --git a/halo2_proofs/Cargo.toml b/halo2_proofs/Cargo.toml
@@ -27,6 +27,10 @@ rustdoc-args = ["--cfg", "docsrs", "--html-in-header", "katex-header.html"]
 name = "arithmetic"
 harness = false
 
+[[bench]]
+name = "commit_zk"
+harness = false
+
 [[bench]]
 name = "hashtocurve"
 harness = false
@@ -53,6 +57,7 @@ rand_core = { version = "0.6", default-features = false }
 tracing = "0.1"
 blake2b_simd = "1"
 sha3 = "0.9.1"
+rand_chacha = "0.3"
 
 # Developer tooling dependencies
 plotters = { version = "0.3.0", optional = true }

diff --git a/halo2_proofs/benches/commit_zk.rs b/halo2_proofs/benches/commit_zk.rs
@@ -0,0 +1,65 @@
+extern crate criterion;
+
+use criterion::{criterion_group, criterion_main, BenchmarkId, Criterion};
+use group::ff::Field;
+use halo2_proofs::*;
+use halo2curves::pasta::pallas::Scalar;
+use rand_chacha::rand_core::RngCore;
+use rand_chacha::ChaCha20Rng;
+use rand_core::SeedableRng;
+use rayon::{current_num_threads, prelude::*};
+
+fn rand_poly_serial(mut rng: ChaCha20Rng, domain: usize) -> Vec<Scalar> {
+    // Sample a random polynomial of degree n - 1
+    let mut random_poly = vec![Scalar::zero(); 1 << domain];
+    for coeff in random_poly.iter_mut() {
+        *coeff = Scalar::random(&mut rng);
+    }
+
+    random_poly
+}
+
+fn rand_poly_par(mut rng: ChaCha20Rng, domain: usize) -> Vec<Scalar> {
+    // Sample a random polynomial of degree n - 1
+    let n_threads = current_num_threads();
+    let n = 1usize << domain;
+    let n_chunks = n_threads + if n % n_threads != 0 { 1 } else { 0 };
+    let mut rand_vec = vec![Scalar::zero(); n];
+
+    let mut thread_seeds: Vec<ChaCha20Rng> = (0..n_chunks)
+        .into_iter()
+        .map(|_| {
+            let mut seed = [0u8; 32];
+            rng.fill_bytes(&mut seed);
+            ChaCha20Rng::from_seed(seed)
+        })
+        .collect();
+
+    thread_seeds
+        .par_iter_mut()
+        .zip_eq(rand_vec.par_chunks_mut(n / n_threads))
+        .for_each(|(mut rng, chunk)| chunk.iter_mut().for_each(|v| *v = Scalar::random(&mut rng)));
+
+    rand_vec
+}
+
+fn bench_commit(c: &mut Criterion) {
+    let mut group = c.benchmark_group("Blinder_poly");
+    let rand = ChaCha20Rng::from_seed([1u8; 32]);
+    for i in [
+        18usize, 19usize, 20usize, 21usize, 22usize, 23usize, 24usize, 25usize,
+    ]
+    .iter()
+    {
+        group.bench_with_input(BenchmarkId::new("serial", i), i, |b, i| {
+            b.iter(|| rand_poly_serial(rand.clone(), *i))
+        });
+        group.bench_with_input(BenchmarkId::new("parallel", i), i, |b, i| {
+            b.iter(|| rand_poly_par(rand.clone(), *i))
+        });
+    }
+    group.finish();
+}
+
+criterion_group!(benches, bench_commit);
+criterion_main!(benches);
diff --git a/halo2_proofs/src/plonk/vanishing/prover.rs b/halo2_proofs/src/plonk/vanishing/prover.rs
@@ -1,8 +1,10 @@
 use std::iter;
 
-use ff::Field;
+use ff::{Field, PrimeField};
 use group::Curve;
-use rand_core::RngCore;
+use rand_chacha::ChaCha20Rng;
+use rand_core::{RngCore, SeedableRng};
+use rayon::{current_num_threads, prelude::*};
 
 use super::Argument;
 use crate::{
@@ -47,10 +49,31 @@ impl<C: CurveAffine> Argument<C> {
         transcript: &mut T,
     ) -> Result<Committed<C>, Error> {
         // Sample a random polynomial of degree n - 1
-        let mut random_poly = domain.empty_coeff();
-        for coeff in random_poly.iter_mut() {
-            *coeff = C::Scalar::random(&mut rng);
-        }
+        let n_threads = current_num_threads();
+        let n = 1usize << domain.k() as usize;
+        let n_chunks = n_threads + if n % n_threads != 0 { 1 } else { 0 };
+        let mut rand_vec = vec![C::Scalar::zero(); n];
+
+        let mut thread_seeds: Vec<ChaCha20Rng> = (0..n_chunks)
+            .into_iter()
+            .map(|_| {
+                let mut seed = [0u8; 32];
+                rng.fill_bytes(&mut seed);
+                ChaCha20Rng::from_seed(seed)
+            })
+            .collect();
+
+        thread_seeds
+            .par_iter_mut()
+            .zip_eq(rand_vec.par_chunks_mut(n / n_threads))
+            .for_each(|(mut rng, chunk)| {
+                chunk
+                    .iter_mut()
+                    .for_each(|v| *v = C::Scalar::random(&mut rng))
+            });
+
+        let random_poly: Polynomial<C::Scalar, Coeff> = domain.coeff_from_vec(rand_vec);
+
         // Sample a random blinding factor
         let random_blind = Blind(C::Scalar::random(rng));