-
Notifications
You must be signed in to change notification settings - Fork 265
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add the relaxed NAF #302
Add the relaxed NAF #302
Conversation
Is this used anywhere? (Eg: for faster scalar muls?) |
I originally planned to use it for Poseidon. Unfortunately, for essentially all the prime numbers being considered, NAF is not better than the original form, because when NAF is better, it needs to use "inverse", and "inverse" here is costly, which requires 3 constraints to compute (it is needed to be compatible with the case that
Maybe it would be more useful for EC scalar mul, in which "inverse" (aka negative) is cheap. |
On a separate note, should we rename |
Yeah, |
@weikengchen what's the status of this PR? |
I should be able to revisit this PR today or tomorrow. |
571a897
to
a7b829c
Compare
a7b829c
to
3414022
Compare
The PR is ready to go. @Pratyush please take a look |
let vec = find_relaxed_naf(&[12u64]); | ||
assert_eq!(vec.len(), 4); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Maybe we can add here find_naf(&12u64])
which has a shorter length?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes. Added. It has a slightly longer len---5.
Description
This PR adds the relaxed NAF, which differs from the original
find_wnaf
(should befind_naf
?) by allowing the top 2 bits to be both nonzeros. This can, in some cases, reduce the overhead.The algorithm is indeed quite simple. The only case when the standard NAF may be suboptimal (note: NAF is optimal for hamming weight, but not the length + the hamming weight) is when the NAF ends with "-1 0 1", which can be systematically changed into "1 1". There are no other cases.
Before we can merge this PR, please make sure that all the following items have been
checked off. If any of the checklist items are not applicable, please leave them but
write a little note why.
Pending
section inCHANGELOG.md
Files changed
in the Github PR explorer