Added a description file

prover/gextra.go

@@ -4,7 +4,6 @@ import (
         "math/big"
 	bn256 "github.com/ethereum/go-ethereum/crypto/bn256/cloudflare"
 	cryptoConstants "github.com/iden3/go-iden3-crypto/constants"
-        //"fmt"
 )
 
 type TableG1 struct{

prover/gextra_test.go

@@ -11,7 +11,7 @@ import (
 )
 
 const (
-       N = 5000
+       N = 50000
 )
 
 func randomBigIntArray(n int) []*big.Int{

prover/tables.md

@@ -0,0 +1,25 @@
+# Tables Pre-calculation
+The most time consuming part of a ZKSnark proof calculation is the scalar multiplication of elliptic curve points. Direct mechanism accumulates each multiplication. However, prover only needs the total accumulation.
+
+There are two potential improvements to the naive approach:
+
+1. Apply Strauss-Shamir method (https://stackoverflow.com/questions/50993471/ec-scalar-multiplication-with-strauss-shamir-method).
+2. Leave the doubling operation for the last step
+
+Both options can be combined. 
+
+In the following table, we show the results of using the naive method, Srauss-Shamir and Strauss-Shamir + No doubling. These last two options are repeated for different table grouping order.
+
+There are 5000 G1 Elliptical Curve Points, and the scalars are 254 bits (BN256 curve). 
+
+There may be some concern on the additional size of the tables since they need to be loaded into a smartphone during the proof, and the time required to load these tables may exceed the benefits. If this is a problem, another althernative is to compute the tables during the proof itself. Depending on the Group Size, timing may be better than the naive approach.
+
+
+| Algorithm | GS / Time |
+|---|---|---|
+| Naive | 6.63s | | | | | | | |
+| Strauss |  13.16s | 9.033s | 6.95s | 5.61s | 4.91s | 4.26s | 3.88s | 3.54 s | 1.44 s |
+| Strauss + Table Computation | 16.13s | 11.32s | 8.47s | 7.10s | 6.2s | 5.94s | 6.01s | 6.69s |
+| No Doubling | 3.74s | 3.00s | 2.38s | 1.96s | 1.79s | 1.54s | 1.50s | 1.44s|
+| No Doubling + Table Computation  | 6.83s | 5.1s | 4.16s | 3.52s| 3.22s | 3.21s | 3.57s | 4.56s |
+

tables.md

@@ -0,0 +1,25 @@
+# Tables Pre-calculation
+The most time consuming part of a ZKSnark proof calculation is the scalar multiplication of elliptic curve points. Direct mechanism accumulates each multiplication. However, prover only needs the total accumulation.
+
+There are two potential improvements to the naive approach:
+
+1. Apply Strauss-Shamir method (https://stackoverflow.com/questions/50993471/ec-scalar-multiplication-with-strauss-shamir-method).
+2. Leave the doubling operation for the last step
+
+Both options can be combined. 
+
+In the following table, we show the results of using the naive method, Srauss-Shamir and Strauss-Shamir + No doubling. These last two options are repeated for different table grouping order.
+
+There are 5000 G1 Elliptical Curve Points, and the scalars are 254 bits (BN256 curve). 
+
+There may be some concern on the additional size of the tables since they need to be loaded into a smartphone during the proof, and the time required to load these tables may exceed the benefits. If this is a problem, another althernative is to compute the tables during the proof itself. Depending on the Group Size, timing may be better than the naive approach.
+
+
+| Algorithm | GS / Time |
+|---|---|---|
+| Naive | 6.63s | | | | | | | |
+| Strauss |  13.16s | 9.033s | 6.95s | 5.61s | 4.91s | 4.26s | 3.88s | 3.54 s | 1.44 s |
+| Strauss + Table Computation | 16.13s | 11.32s | 8.47s | 7.10s | 6.2s | 5.94s | 6.01s | 6.69s |
+| No Doubling | 3.74s | 3.00s | 2.38s | 1.96s | 1.79s | 1.54s | 1.50s | 1.44s|
+| No Doubling + Table Computation  | 6.83s | 5.1s | 4.16s | 3.52s| 3.22s | 3.21s | 3.57s | 4.56s |
+