Skip to content

zkevm: amortized bn128_pairings #1656

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 8 commits into from
May 26, 2025
Merged

zkevm: amortized bn128_pairings #1656

merged 8 commits into from
May 26, 2025
+116 −5

Conversation

jsign
Copy link
Collaborator

@jsign jsign commented May 26, 2025
edited
Loading

This PR adds a new test to cover bn128_pairings but trying to amortize the base cost.

tests/zkevm/test_worst_compute.py::test_worst_precompile_fixed_cost[fork_Cancun-blockchain_test-bn128_one_pairing]-1    18246172460
tests/zkevm/test_worst_compute.py::test_amortized_bn128_pairings[fork_Cancun-blockchain_test]-1 18288797103
tests/zkevm/test_worst_compute.py::test_worst_precompile_fixed_cost[fork_Cancun-blockchain_test-bn128_two_pairings]-1   18686110369

Initially, I thought this amortized one had 8 billion cycles, but now I'm wondering if I missed one digit. These numbers make more sense.

@jsign jsign changed the title Jsign zkvm pim zkevm: amortized bn128_pairings May 26, 2025
@jsign jsign added feature:zkevm type:feat type: Feature scope:tests Scope: Changes EL client test cases in `./tests` labels May 26, 2025
jsign added 2 commits May 26, 2025 14:18
@jsign
zkevm: add optimized bn128 pairings
60ace5d 
Signed-off-by: Ignacio Hagopian <jsign.uy@gmail.com>
@jsign
keep original test too
771107c 
Signed-off-by: Ignacio Hagopian <jsign.uy@gmail.com>
@jsign jsign force-pushed the jsign-zkvm-pim branch from 890ee44 to 771107c Compare May 26, 2025 17:18
@jsign
add slow marker
95eeb28 
Signed-off-by: Ignacio Hagopian <jsign.uy@gmail.com>
@jsign jsign force-pushed the jsign-zkvm-pim branch from 6873d81 to 05bdacf Compare May 26, 2025 17:30
@jsign
add extra cases
7e5337d 
Signed-off-by: Ignacio Hagopian <jsign.uy@gmail.com>
@jsign jsign force-pushed the jsign-zkvm-pim branch from 05bdacf to 7e5337d Compare May 26, 2025 17:31
jsign
jsign commented May 26, 2025
View reviewed changes
tests/zkevm/test_worst_compute.py
Comment on lines +971 to +972
base_cost = 45_000
pairing_cost = 34_000
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LMK if these costs can be pulled from somewhere. If not, we can leave it this way.

tests/zkevm/test_worst_compute.py
tx = Transaction(
to=code_address,
gas_limit=env.gas_limit,
data=_generate_bn128_pairs(optimal_per_call_num_pairings, 42),
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Given the discovered optimal number of pairings per precompile call, generate the corresponding pairs with a fixed seed.

tests/zkevm/test_worst_compute.py
@@ -314,7 +312,20 @@ def test_worst_modexp(
"090689D0585FF075EC9E99AD690C3395BC4B313370B38EF355ACDADCD122975B",
"12C85EA5DB8C6DEB4AAB71808DCB408FE3D1E7690C43D37B4CE6CC0166FA7DAA",
],
id="bn128_pairing",
id="bn128_two_pairings",
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Leaving this test as two_pairings to cover the point multiplication of the pairing check.

tests/zkevm/test_worst_compute.py
"2BB8324AF6CFC93537A2AD1A445CFD0CA2A71ACD7AC41FADBF933C2A51BE344D",
"120A2A4CF30C1BF9845F20C6FE39E07EA2CCE61F0C9BB048165FE5E4DE877550",
],
id="bn128_one_pairing",
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Creating the case of one pairing, which maximizes the number of total final exponentiations in the block.

tests/zkevm/test_worst_compute.py

@pytest.mark.valid_from("Cancun")
@pytest.mark.slow()
def test_amortized_bn128_pairings(
Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is the new test that optimizes for number of miller loops. That is, amortize the base cost (final exponentiation) in as many miller loops as possible while keeping in check quadratic memory expansion costs.

jsign added 2 commits May 26, 2025 14:55
@jsign
add assertions
51e2a20 
Signed-off-by: Ignacio Hagopian <jsign.uy@gmail.com>
@jsign
fix lints
e449d79 
Signed-off-by: Ignacio Hagopian <jsign.uy@gmail.com>
@jsign jsign marked this pull request as ready for review May 26, 2025 18:54
@jsign jsign requested a review from chfast May 26, 2025 18:54
@jsign
Copy link
Collaborator Author

jsign commented May 26, 2025

Not sure why the coverage CI is failing.

@jsign
use state_test
4456cd2 
Signed-off-by: Ignacio Hagopian <jsign.uy@gmail.com>
marioevz
marioevz approved these changes May 26, 2025
View reviewed changes
Copy link
Member

@marioevz marioevz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I tried to see if we could optimize the loop to find the maximum number of pairings per call and tried to use binary search but I couldn't find a solution.

LGTM, thanks!

@marioevz marioevz merged commit 12bcc4b into main May 26, 2025
25 of 26 checks passed
@marioevz marioevz deleted the jsign-zkvm-pim branch May 26, 2025 23:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@marioevz marioevz marioevz approved these changes

@chfast chfast Awaiting requested review from chfast

Assignees
No one assigned
Labels
feature:zkevm scope:tests Scope: Changes EL client test cases in `./tests` type:feat type: Feature
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jsign @marioevz