-
Notifications
You must be signed in to change notification settings - Fork 10
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Introduce a new CachedMask for BDN #61
Conversation
CountEnabled and IndexOfNthEnabled are both O(n) in the size of the mask, making this loop n^2. The BLS operations still tend to be the slow part, but the n^2 factor will start to show up with thousands of keys.
Co-authored-by: AnomalRoil <AnomalRoil@users.noreply.github.com>
f8fb3b4
to
8fd7d55
Compare
Benchmark: For 3000 keys (our use-case), this is 88x faster assuming the mask is cached. |
Well, that's 88x faster purely for aggregating public keys. For validating an aggregate signature with 3000 signers, it's 58x faster. |
This new mask will pre-compute reusable values, speeding up repeated verification and aggregation of aggregate signatures (mostly the former).
c96a0e4
to
07398f9
Compare
// 2. Pre-computes the terms for public key aggregation. Once the CachedMask has been instantiated, | ||
// distinct sets of public keys can be aggregated by simply summing the cached terms, ~2 orders | ||
// of magnitude faster than aggregating from scratch. | ||
func NewCachedMask(mask Mask) (*CachedMask, error) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Happy to bikeshed on the name. Maybe just callit BDNMask
?
@@ -165,25 +162,23 @@ func (scheme *Scheme) AggregateSignatures(sigs [][]byte, mask *sign.Mask) (kyber | |||
// AggregatePublicKeys aggregates a set of public keys (similarly to | |||
// AggregateSignatures for signatures) using the hash function | |||
// H: keyGroup -> R with R = {1, ..., 2^128}. | |||
func (scheme *Scheme) AggregatePublicKeys(mask *sign.Mask) (kyber.Point, error) { | |||
coefs, err := hashPointToR(mask.Publics()) | |||
func (scheme *Scheme) AggregatePublicKeys(mask Mask) (kyber.Point, error) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is a breaking change for anyone abstracting over Scheme
using an interface (e.g., for testing). If that's going to be an issue, I can look into alternative APIs (e.g., adding additional methods, putting the methods on the CachedMask
, etc.
This new mask will pre-compute reusable values, speeding up repeated verification and aggregation of aggregate signatures (mostly the former).
Importantly, we noticed that F3 spends a lot of time multiplying public keys and coefficients:
kyber/sign/bdn/bdn.go
Line 184 in 94dae51
But, when we have a stable set of keys to draw from (which, IMO, is the usual case), we can pre-compute that product and save a bunch of time.
This PR is stacked on #60. Unfortunately, I can't change the base to that PR without making this PR against my fork, which kind of defeats the point. Only look at the top commit.
This is an early PR to get some quick feedback before I start writing tests.