From c728423902a173a695c93cafc5b80e5612b7c2b2 Mon Sep 17 00:00:00 2001 From: Al-Kindi-0 <82364884+Al-Kindi-0@users.noreply.github.com> Date: Thu, 8 Dec 2022 11:41:23 +0100 Subject: [PATCH] doc: benchmark hash functions doc: benchmark hash functions fix nits fix: misc. nits fix: nits and link fix additional nits fix: nits --- README.md | 8 ++++---- benches/README.md | 52 +++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 56 insertions(+), 4 deletions(-) create mode 100644 benches/README.md diff --git a/README.md b/README.md index b2edddd..1527df0 100644 --- a/README.md +++ b/README.md @@ -2,24 +2,24 @@ This crate contains cryptographic primitives used in Polygon Miden. ## Hash -[Hash module](./src/hash) provides a set of cryptographic hash functions which are used by Miden VM and Miden Rollup. Currently, these functions are: +[Hash module](./src/hash) provides a set of cryptographic hash functions which are used by the Miden VM and the Miden rollup. Currently, these functions are: * [BLAKE3](https://github.com/BLAKE3-team/BLAKE3) hash function with 256-bit, 192-bit, or 160-bit output. The 192-bit and 160-bit outputs are obtained by truncating the 256-bit output of the standard BLAKE3. * [RPO](https://eprint.iacr.org/2022/1577) hash function with 256-bit output. This hash function is an algebraic hash function suitable for recursive STARKs. ## Merkle -[Merkle module](./src/merkle/) provides a set of data structures related to Merkle tree. All these data structures are implemented using RPO hash function described above. The data structure are: +[Merkle module](./src/merkle/) provides a set of data structures related to Merkle trees. All these data structures are implemented using the RPO hash function described above. The data structures are: * `MerkleTree`: a regular fully-balanced binary Merkle tree. The depth of this tree can be at most 64. * `MerklePathSet`: a collection of Merkle authentication paths all resolving to the same root. The length of the paths can be at most 64. ## Crate features -This carate can be compiled with the following features: +This crate can be compiled with the following features: * `std` - enabled by default and relies on the Rust standard library. * `no_std` does not rely on the Rust standard library and enables compilation to WebAssembly. -Both of these features imply use of [alloc](https://doc.rust-lang.org/alloc/) to support heap-allocated collections. +Both of these features imply the use of [alloc](https://doc.rust-lang.org/alloc/) to support heap-allocated collections. To compile with `no_std`, disable default features via `--no-default-features` flag. diff --git a/benches/README.md b/benches/README.md new file mode 100644 index 0000000..859ad73 --- /dev/null +++ b/benches/README.md @@ -0,0 +1,52 @@ +# Miden VM Hash Functions +In the Miden VM, we make use of different hash functions. Some of these are "traditional" hash functions, like `BLAKE3`, which are optimized for out-of-STARK performance, while others are algebraic hash functions, like `Rescue Prime`, and are more optimized for a better performance inside the STARK. In what follows, we benchmark several such hash functions and compare against other constructions that are used by other proving systems. More precisely, we benchmark: + +* **Rescue Prime:** +As specified [here](https://eprint.iacr.org/2020/1143) and implemented [here](https://github.com/novifinancial/winterfell/blob/46dce1adf0/crypto/src/hash/rescue/rp64_256/mod.rs). + +* **Rescue Prime Optimized:** +As specified [here](https://eprint.iacr.org/2022/1577) and implemented in this crate. + +* **BLAKE3:** +As specified [here](https://github.com/BLAKE3-team/BLAKE3-specs/blob/master/blake3.pdf) and implemented in this crate. + +* **SHA3:** +As specified [here](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf) and implemented [here](https://github.com/novifinancial/winterfell/blob/46dce1adf0/crypto/src/hash/sha/mod.rs). + +* **Poseidon:** +As specified [here](https://eprint.iacr.org/2019/458.pdf) and implemented (in pure Rust, without vectorized instructions) [here](https://github.com/mir-protocol/plonky2/blob/main/plonky2/src/hash/poseidon_goldilocks.rs). + +## Comparison and Instructions + +### Comparison +We benchmark the above hash functions using two scenarios. The first is a 2-to-1 $(a,b)\mapsto h(a,b)$ hashing where both $a$, $b$ and $h(a,b)$ are the digests corresponding to each of the hash functions. +The second scenario is that of sequential hashing where we take a sequence of length $100$ field elements and hash these to produce a single digest. The digests are $4$ field elements (i.e. 256-bit) for Poseidon, Rescue Prime and RPO, and an array `[u8;32]` for SHA3 and BLAKE3. + +#### Scenario 1: 2-to-1 hashing `h(a,b)` + +| Function | BLAKE3 | SHA3 | Poseidon | Rp64_256 | RPO_256 | +| ----------------- | ------ | --------| --------- | --------- | ------- | +| Apple M1 Pro | 80 ns | 245 ns | 1.3 us | 9.1 us | 5.4 us | +| Apple M2 | 76 ns | 233 ns | 1.2 us | 7.9 us | 5.0 us | +| AMD Ryzen 9 5950X | 64 ns | 273 ns | 1.2 us | 9.1 us | 5.5 us | + +#### Scenario 2: Sequential hashing of 100 elements `h([a_0,...,a_99])` + +| Function | BLAKE3 | SHA3 | Poseidon | Rp64_256 | RPO_256 | +| ----------------- | -------| ------- | --------- | --------- | ------- | +| Apple M1 Pro | 1.1 us | 1.5 us | 17.3 us | 118 us | 70 us | +| Apple M2 | 1.0 us | 1.5 us | 15.5 us | 103 us | 65 us | +| AMD Ryzen 9 5950X | 0.8 us | 1.7 us | 15.7 us | 120 us | 72 us | + +### Instructions +Before you can run the benchmarks, you'll need to make sure you have Rust [installed](https://www.rust-lang.org/tools/install). After that, to run the benchmarks for RPO and BLAKE3, clone the current repository, and from the root directory of the repo run the following: + + ``` + cargo bench --bench hash + ``` + +To run the benchmarks for Rescue Prime, Poseidon and SHA3, clone the following [repository](https://github.com/Dominik1999/winterfell.git) as above, then checkout the `hash-functions-benches` branch, and from the root directory of the repo run the following: + +``` +cargo bench --bench hash +``` \ No newline at end of file