-
Notifications
You must be signed in to change notification settings - Fork 226
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
std::verify_proof has gates overhead due to slices #5660
Comments
I think this is because we have to make a new array constant to copy an array into a slice. Since both are immutable, this shouldn't be needed however. We could fix this I think if array & slice constants had the same type, and slices are just treated as structs containing an array and a length instead. That way both constants would have the same type and we could reuse the existing one. |
Yep I think in this specific case we can just switch the blackbox to arrays since it's very weird that a user would be programatically manipulating the length of the verify proof inputs (since they have to be fixed lengths imposed by the proving system / circuit being verified) but this conversion is probably happening in other contexts too |
# Description ## Problem\* Resolves #5660 ## Summary\* Switches verify proof to arrays ## Additional Context ## Documentation\* Check one: - [ ] No documentation needed. - [x] Documentation included in this PR. - [ ] **[For Experimental Features]** Documentation to be submitted in a separate PR. # PR Checklist\* - [x] I have tested the changes locally. - [x] I have formatted the changes with [Prettier](https://prettier.io/) and/or `cargo fmt` on default settings.
Aim
Verify proofs in circuits with large amounts of public inputs:
Expected Behavior
Verify proof should not have overhead due to slices, especially in trivial cases where we just convert arrays to slices without touching them
Bug
Noir generates two ROM arrays for each of these conversions to slice, and then reads from the array. In an example with 3k public inputs, we have a slice overhead of 13k gates due to the ROM ops with 6k rom reads.
See this simplified example:
To Reproduce
Workaround
None
Workaround Description
No response
Additional Context
No response
Project Impact
Nice-to-have
Blocker Context
The cost of recursive aggregation with ultraplonk is much higher, but in ClientIVC for aztec the slice conversion can become a relevant cost
Nargo Version
No response
NoirJS Version
No response
Proving Backend Tooling & Version
No response
Would you like to submit a PR for this Issue?
None
Support Needs
No response
The text was updated successfully, but these errors were encountered: