arnaucube
/
go-circom-prover-verifier
mirror of https://github.com/arnaucube/go-circom-prover-verifier.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
53 Commits
16 Branches
2 Tags
4.5 MiB
 
Branch: feature/tables
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'feature/tables'
${ noResults }
go-circom-prover-verifier/tables.md

1.6 KiB
Raw Permalink Blame History

Tables Pre-calculation

The most time consuming part of a ZKSnark proof calculation is the scalar multiplication of elliptic curve points. Direct mechanism accumulates each multiplication. However, prover only needs the total accumulation.

There are two potential improvements to the naive approach:

  1. Apply Strauss-Shamir method (https://stackoverflow.com/questions/50993471/ec-scalar-multiplication-with-strauss-shamir-method).
  2. Leave the doubling operation for the last step

Both options can be combined.

In the following table, we show the results of using the naive method, Srauss-Shamir and Strauss-Shamir + No doubling. These last two options are repeated for different table grouping order.

There are 5000 G1 Elliptical Curve Points, and the scalars are 254 bits (BN256 curve).

There may be some concern on the additional size of the tables since they need to be loaded into a smartphone during the proof, and the time required to load these tables may exceed the benefits. If this is a problem, another althernative is to compute the tables during the proof itself. Depending on the Group Size, timing may be better than the naive approach.

Algorithm GS / Time
Naive 6.63s
Strauss 13.16s 9.033s
Strauss + Table Computation 16.13s 11.32s
No Doubling 3.74s 3.00s
No Doubling + Table Computation 6.83s 5.1s