Reorder R1CS constraints + CompactPolynomial refactor #561
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
moodlezoup
force-pushed
the
feat/compact-polys
branch
from
3b03d67 to
36ed25c
Compare
sagar-a16z
reviewed
Jan 14, 2025
| Large(usize), | ||
| } | ||
|
|
||
| impl MsmType { |
There was a problem hiding this comment.
I thought having this around made it easier to read/maintain.
There was a problem hiding this comment.
I removed it because it gets weird with CompactPolynomial –– the Medium size straddles the u8 and u16 size
moodlezoup
force-pushed
the
feat/compact-polys
branch
from
4993457 to
08a2e79
Compare
moodlezoup
force-pushed
the
feat/compact-polys
branch
2 times, most recently
from
b20cc1e to
8bca301
Compare
moodlezoup
force-pushed
the
feat/compact-polys
branch
from
8bca301 to
c691c63
Compare
moodlezoup
commented
Jan 15, 2025
Comment on lines
-89
to
-96
| fn batch_prove( | ||
| setup: &Self::Setup, | ||
| polynomials: &[&DensePolynomial<Self::Field>], | ||
| opening_point: &[Self::Field], | ||
| openings: &[Self::Field], | ||
| batch_type: BatchType, | ||
| transcript: &mut ProofTranscript, | ||
| ) -> Self::BatchedProof; |
There was a problem hiding this comment.
Deleting batch_prove and batch_verify from trait because we now use the batched opening proof protocol in opening_proof.rs instead
moodlezoup
force-pushed
the
feat/compact-polys
branch
from
53fe211 to
b72983c
Compare
moodlezoup
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This is a stack of two separate changes:
The main observation behind the optimizations/refactor is that most of Jolt's polynomials have small (relative to a 256-bit field) coefficients. Before, ~all polynomials were represented by the
DensePolynomialstruct, which uses a field element per coefficient. With this PR we introduce theCompactPolynomialstruct, which instead uses Rust's primitive integer types (u8,u16, etc.) to represent coefficients.This reduces prover memory usage and leads to some speed improvements as well. Note that once a CompactPolynomial is bound, its coefficients will need to be represented as field elements (but there will be half as many as there are unbound coefficients).
A side effect of representing coefficients as primitive integers is that we need some tricks to avoid spending too much time converting the coefficients to Montgomery form when doing (field) arithmetic with them. These new tricks are described in the changes to
ark.rsThe final main change in this PR is the introduction of
SpartanInterleavedPolynomial, which is used to represent the Az, Bz, and Cz polynomials used in the first Spartan sumcheck. The R1CS reordering changes slowed down the computation of Az, Bz, and Cz; theSpartanInterleavedPolynomialrefactor brings the time back to parity with main. The polynomial implementation itself is sort of a combination of the oldSparsePolynomialand theSparseInterleavedPolynomialused sparse grand products.