Use precomputation for default commitments

tari-project · Oct 11, 2022 · 7a03de0 · 7a03de0
1 parent 8b77df3
commit 7a03de0
Show file tree

Hide file tree

Showing 4 changed files with 75 additions and 5 deletions.
diff --git a/benches/commitment.rs b/benches/commitment.rs
@@ -0,0 +1,33 @@
+// Copyright 2019. The Tari Project
+// SPDX-License-Identifier: BSD-3-Clause
+
+use std::time::Duration;
+
+use criterion::{criterion_group, Criterion};
+use rand::thread_rng;
+use tari_crypto::{
+    commitment::HomomorphicCommitmentFactory,
+    keys::SecretKey,
+    ristretto::{
+        pedersen::commitment_factory::PedersenCommitmentFactory,
+        RistrettoSecretKey,
+    },
+};
+
+pub fn commit_default(c: &mut Criterion) {
+    let factory = PedersenCommitmentFactory::default();
+    let mut rng = thread_rng();
+
+    c.bench_function("commit_default key pair", |b| {
+        // Commitment value and mask
+        let v = RistrettoSecretKey::random(&mut rng);
+        let m = RistrettoSecretKey::random(&mut rng);
+        b.iter(|| factory.commit(&m, &v));
+    });
+}
+
+criterion_group!(
+name = commitment;
+config = Criterion::default().warm_up_time(Duration::from_millis(500));
+targets = commit_default
+);
diff --git a/benches/mod.rs b/benches/mod.rs
@@ -5,10 +5,12 @@
 
 use criterion::criterion_main;
 
+pub mod commitment;
 pub mod range_proof;
 pub mod signatures;
 
+use commitment::commitment;
 use range_proof::range_proofs;
 use signatures::signatures;
 
-criterion_main!(signatures, range_proofs);
+criterion_main!(commitment, signatures, range_proofs);
diff --git a/src/ristretto/constants.rs b/src/ristretto/constants.rs
@@ -4,7 +4,7 @@
 //! Constant [NUMS](https://tools.ietf.org/id/draft-black-numscurves-02.html) points for the Ristretto curve. There are 10 provided, but this library currently only
 //! uses the first
 
-use curve25519_dalek::ristretto::{CompressedRistretto, RistrettoPoint};
+use curve25519_dalek::ristretto::{CompressedRistretto, RistrettoPoint, RistrettoBasepointTable};
 
 /// These points on the Ristretto curve have been created by hashing domain separation labels with SHA512 and converting
 /// the hash output to a Ristretto generator point by using the byte string representation of the hash as input into the
@@ -62,17 +62,26 @@ lazy_static! {
         }
         arr
     };
+
+    /// Precomputation tables for the points
+    pub static ref RISTRETTO_NUMS_TABLES: Vec<RistrettoBasepointTable> = {
+        let mut arr = Vec::<RistrettoBasepointTable>::new();
+        for i in 0..10 {
+            arr.push(RistrettoBasepointTable::create(&RISTRETTO_NUMS_POINTS[i]));
+        }
+        arr
+    };
 }
 
 #[cfg(test)]
 mod test {
     use curve25519_dalek::{
         constants::{RISTRETTO_BASEPOINT_COMPRESSED, RISTRETTO_BASEPOINT_POINT},
-        ristretto::{CompressedRistretto, RistrettoPoint},
+        ristretto::{CompressedRistretto, RistrettoPoint}, scalar::Scalar, traits::Identity,
     };
     use sha2::{Digest, Sha512};
 
-    use crate::ristretto::constants::{RISTRETTO_NUMS_POINTS, RISTRETTO_NUMS_POINTS_COMPRESSED};
+    use crate::ristretto::constants::{RISTRETTO_NUMS_POINTS, RISTRETTO_NUMS_POINTS_COMPRESSED, RISTRETTO_NUMS_TABLES};
 
     /// Generate a set of NUMS points by hashing domain separation labels and converting the hash output to a Ristretto
     /// generator point. By using `RistrettoPoint::from_uniform_bytes`, the resulting point is a NUMS point if the input
@@ -116,4 +125,23 @@ mod test {
             }
         }
     }
+
+    /// Check that precomputation works as expected
+    #[test]
+    pub fn check_tables() {
+        let n = RISTRETTO_NUMS_POINTS.len();
+
+        // Assert we have all the values
+        assert_eq!(RISTRETTO_NUMS_TABLES.len(), n);
+
+        // Perform test multiplications
+        for i in 0..n {
+            // Check the special case of zero
+            assert_eq!(&RISTRETTO_NUMS_TABLES[i] * &Scalar::zero(), RistrettoPoint::identity());
+
+            for j in 0..15u8 {
+                assert_eq!(&RISTRETTO_NUMS_TABLES[i] * &Scalar::from(j), RISTRETTO_NUMS_POINTS[i] * Scalar::from(j));
+            }
+        }
+    }
 }
diff --git a/src/ristretto/pedersen/commitment_factory.rs b/src/ristretto/pedersen/commitment_factory.rs
@@ -4,13 +4,15 @@
 //! Pedersen commitment types and factories for Ristretto
 
 use curve25519_dalek::{
+    constants::RISTRETTO_BASEPOINT_TABLE,
     ristretto::RistrettoPoint,
     traits::{Identity, MultiscalarMul},
 };
 
 use crate::{
     commitment::{HomomorphicCommitment, HomomorphicCommitmentFactory},
     ristretto::{
+        constants::RISTRETTO_NUMS_TABLES,
         pedersen::{PedersenCommitment, RISTRETTO_PEDERSEN_G, RISTRETTO_PEDERSEN_H},
         RistrettoPublicKey,
         RistrettoSecretKey,
@@ -45,8 +47,13 @@ impl Default for PedersenCommitmentFactory {
 impl HomomorphicCommitmentFactory for PedersenCommitmentFactory {
     type P = RistrettoPublicKey;
 
+    #[allow(non_snake_case)]
     fn commit(&self, k: &RistrettoSecretKey, v: &RistrettoSecretKey) -> PedersenCommitment {
-        let c = RistrettoPoint::multiscalar_mul(&[v.0, k.0], &[self.H, self.G]);
+        // If we're using the default generators, speed it up using precomputation tables
+        let c = match (self.G, self.H) {
+            (G_val, H_val) if G_val == RISTRETTO_PEDERSEN_G && H_val == *RISTRETTO_PEDERSEN_H => &RISTRETTO_BASEPOINT_TABLE * &k.0 + &RISTRETTO_NUMS_TABLES[0] * &v.0,
+            _ => RistrettoPoint::multiscalar_mul(&[v.0, k.0], &[self.H, self.G]),
+        };
         HomomorphicCommitment(RistrettoPublicKey::new_from_pk(c))
     }