Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

engine-modexp bug fixes and performance improvements #809

Merged
merged 8 commits into from
Aug 1, 2023
Merged

engine-modexp bug fixes and performance improvements #809

merged 8 commits into from
Aug 1, 2023

Conversation

guidovranken
Copy link
Contributor

Description

This fixes the following issues with engine-modexp:

  • addition overflow in big_sq that would lead to incorrect output (and a crash in debug mode)
  • assert failure in sub_to_same_size that would lead to incorrect output
  • slow modular exponentiation with even modulus. The bottleneck was the routine were the inverse of A mod M was computed, where M is a power of two. This inversion function has been replaced with the algorithm found in this paper, which is much faster.

Performance / NEAR gas cost considerations

The performance of modular exponentiation with even modulus is improved. Performance remains the same for odd modulus.

Testing

Extensive fuzz testing, was was also the method used to detect the issues that this PR addresses.

How should this be reviewed

Additional information

@guidovranken
Fix addition overflows in big_sq
3b5946e
@guidovranken
Add test case for assert failure in sub_to_same_size
403f3a8
@guidovranken
Fix sub_to_same_size bug
6b902b0 
The main issue was that q_hat could exceed Word::MAX, so it needs
to be DoubleWord, not Word.

Additionally, the q_hat/r_hat adjustment loop has been replaced with
the canonical version from Knuth's algorithm, and some minor
optimizations around Word/DoubleWord casting are implemented.
@guidovranken
in_place_mul_sub optimization
96e85ed
@guidovranken
Fix for additional sub_to_same_size corner case
ceb27c8
@guidovranken
Implement faster inverse
21d76f4
@aleksuss aleksuss requested a review from birchmd July 30, 2023 09:07
@joshuajbouw
Copy link
Contributor

I believe the cargo fmt is failing due to the use of nightly cargo fmt check in the CI.

@aleksuss
Copy link
Member

@joshuajbouw no. We have pretty old nightly in our CI so it should be fixed, I guess.

@birchmd birchmd added this pull request to the merge queue Aug 1, 2023
Merged via the queue into aurora-is-near:develop with commit 4ecee7d Aug 1, 2023
18 checks passed
@birchmd birchmd mentioned this pull request Aug 2, 2023
Merged
github-merge-queue bot pushed a commit that referenced this pull request Aug 3, 2023
@birchmd
Fix(modexp): re-enable Aurora implementation (#811)
f7363cf 
## Description

With the improvements from #809 merged, we can start using the Aurora
implementation of modexp.

## Performance / NEAR gas cost considerations

There is a gas cost increase in one of the repro tests. This must mean
the `ibig` implementation of modexp is faster for the case used in that
transaction. But using the Aurora implementation of modexp is still an
improvement because the worst-case performance of the Aurora
implementation is better than `ibig`, as exemplified in the
`bench_modexp_standalone` test.

## Testing

Existing tests.
aleksuss pushed a commit that referenced this pull request Aug 10, 2023
@guidovranken @birchmd @aleksuss
engine-modexp bug fixes and performance improvements (#809)
74e2f21 
## Description

This fixes the following issues with `engine-modexp`:

- addition overflow in big_sq that would lead to incorrect output (and a
crash in debug mode)
- assert failure in sub_to_same_size that would lead to incorrect output
- slow modular exponentiation with even modulus. The bottleneck was the
routine were the inverse of A mod M was computed, where M is a power of
two. This inversion function has been replaced with the algorithm found
in [this paper](https://eprint.iacr.org/2017/411.pdf), which is much
faster.

## Performance / NEAR gas cost considerations

The performance of modular exponentiation with even modulus is improved.
Performance remains the same for odd modulus.

## Testing

Extensive fuzz testing, was was also the method used to detect the
issues that this PR addresses.

## How should this be reviewed

## Additional information

---------

Co-authored-by: Michael Birch <michael.birch@aurora.dev>
aleksuss pushed a commit that referenced this pull request Aug 10, 2023
@birchmd @aleksuss
Fix(modexp): re-enable Aurora implementation (#811)
f44914e 
## Description

With the improvements from #809 merged, we can start using the Aurora
implementation of modexp.

## Performance / NEAR gas cost considerations

There is a gas cost increase in one of the repro tests. This must mean
the `ibig` implementation of modexp is faster for the case used in that
transaction. But using the Aurora implementation of modexp is still an
improvement because the worst-case performance of the Aurora
implementation is better than `ibig`, as exemplified in the
`bench_modexp_standalone` test.

## Testing

Existing tests.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mrLSD mrLSD mrLSD approved these changes

@joshuajbouw joshuajbouw joshuajbouw approved these changes

@birchmd birchmd birchmd approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@guidovranken @joshuajbouw @aleksuss @mrLSD @birchmd