benjaminion · xrchz · Sep 15, 2022 · Sep 15, 2022 · Sep 15, 2022 · Sep 15, 2022
diff --git a/src/Makefile b/src/Makefile
@@ -1,6 +1,6 @@
 TESTS = bls12_381_test das_extension_test c_kzg_alloc_test fft_common_test fft_fr_test fft_g1_test \
 	fk20_proofs_test kzg_proofs_test poly_test recover_test utility_test zero_poly_test
-BENCH = fft_fr_bench fft_g1_bench recover_bench zero_poly_bench kzg_proofs_bench poly_bench
+BENCH = fft_fr_bench fft_g1_bench recover_bench zero_poly_bench kzg_proofs_bench poly_bench poly_barycentric_bench compute_proof_lagrange_bench
 TUNE = poly_mul_tune poly_div_tune
 LIB_SRC = bls12_381.c c_kzg_alloc.c das_extension.c fft_common.c fft_fr.c fft_g1.c fk20_proofs.c kzg_proofs.c poly.c recover.c utility.c zero_poly.c
 LIB_OBJ = $(LIB_SRC:.c=.o)

diff --git a/src/c_kzg.h b/src/c_kzg.h
@@ -86,14 +86,22 @@ typedef struct {
     uint64_t length; /**< One more than the polynomial's degree */
 } poly;
 
+typedef struct {
+    fr_t *values;    /**< `values[i]` is value of the polynomial at `ω^i`. */
+    uint64_t length; /**< One more than the polynomial's degree */
+} poly_l; // Lagrange form
+
 void eval_poly(fr_t *out, const poly *p, const fr_t *x);
+C_KZG_RET eval_poly_l(fr_t *out, const poly_l *p, const fr_t *x, const FFTSettings *fs);
 C_KZG_RET poly_inverse(poly *out, poly *b);
 C_KZG_RET poly_mul(poly *out, const poly *a, const poly *b);
 C_KZG_RET poly_mul_(poly *out, const poly *a, const poly *b, FFTSettings *fs);
 C_KZG_RET new_poly_div(poly *out, const poly *dividend, const poly *divisor);
 C_KZG_RET new_poly(poly *out, uint64_t length);
+C_KZG_RET new_poly_l(poly_l *out, uint64_t length);
 C_KZG_RET new_poly_with_coeffs(poly *out, const fr_t *coeffs, uint64_t length);
 void free_poly(poly *p);
+void free_poly_l(poly_l *p);
 
 //
 // kzg_proofs.c
@@ -107,12 +115,17 @@ void free_poly(poly *p);
 typedef struct {
     const FFTSettings *fs; /**< The corresponding settings for performing FFTs */
     g1_t *secret_g1;       /**< G1 group elements from the trusted setup */
+    g1_t *secret_g1_l;     /**< secret_g1 in Lagrange form */
     g2_t *secret_g2;       /**< G2 group elements from the trusted setup */
     uint64_t length;       /**< The number of elements in secret_g1 and secret_g2 */
 } KZGSettings;
 
+C_KZG_RET new_poly_l_from_poly(poly_l *out, const poly *in, const KZGSettings *ks);
+
 C_KZG_RET commit_to_poly(g1_t *out, const poly *p, const KZGSettings *ks);
+C_KZG_RET commit_to_poly_l(g1_t *out, const poly_l *p, const KZGSettings *ks);
 C_KZG_RET compute_proof_single(g1_t *out, const poly *p, const fr_t *x0, const KZGSettings *ks);
+C_KZG_RET compute_proof_single_l(g1_t *out, const poly_l *p, const fr_t *x0, const fr_t *y, const KZGSettings *ks);
 C_KZG_RET check_proof_single(bool *out, const g1_t *commitment, const g1_t *proof, const fr_t *x, fr_t *y,
                              const KZGSettings *ks);
 C_KZG_RET compute_proof_multi(g1_t *out, const poly *p, const fr_t *x0, uint64_t n, const KZGSettings *ks);

diff --git a/src/compute_proof_lagrange_bench.c b/src/compute_proof_lagrange_bench.c
@@ -0,0 +1,96 @@
+/*
+ * Copyright 2021 Benjamin Edgington
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include <stdlib.h> // malloc(), free(), atoi()
+#include <stdio.h>  // printf()
+#include <assert.h> // assert()
+#include <unistd.h> // EXIT_SUCCESS/FAILURE
+#include "bench_util.h"
+#include "test_util.h"
+#include "c_kzg.h"
+
+// Run the benchmark for `max_seconds` and return the time per iteration in nanoseconds.
+long run_bench(int scale, int max_seconds) {
+    timespec_t t0, t1;
+    unsigned long total_time = 0, nits = 0;
+    FFTSettings fs;
+    KZGSettings ks;
+
+    assert(C_KZG_OK == new_fft_settings(&fs, scale));
+
+    // Allocate on the heap to avoid stack overflow for large sizes
+    g1_t *s1 = malloc(fs.max_width * sizeof(g1_t));
+    g2_t *s2 = malloc(fs.max_width * sizeof(g2_t));
+
+    generate_trusted_setup(s1, s2, &secret, fs.max_width);
+    assert(C_KZG_OK == new_kzg_settings(&ks, s1, s2, fs.max_width, &fs));
+
+    poly_l p;
+    assert(C_KZG_OK == new_poly_l(&p, fs.max_width));
+    for (int i = 0; i < fs.max_width; i++) {
+        p.values[i] = rand_fr();
+    }
+
+    fr_t x = rand_fr();
+    fr_t y;
+    assert(C_KZG_OK == eval_poly_l(&y, &p, &x, &fs));
+
+    while (total_time < max_seconds * NANO) {
+        g1_t proof;
+        clock_gettime(CLOCK_REALTIME, &t0);
+
+        assert(C_KZG_OK == compute_proof_single_l(&proof, &p, &x, &y, &ks));
+
+        clock_gettime(CLOCK_REALTIME, &t1);
+        nits++;
+        total_time += tdiff(t0, t1);
+    }
+
+    free_poly_l(&p);
+    free(s1);
+    free(s2);
+    free_kzg_settings(&ks);
+    free_fft_settings(&fs);
+
+    return total_time / nits;
+}
+
+int main(int argc, char *argv[]) {
+    int nsec = 0;
+
+    switch (argc) {
+    case 1:
+        nsec = NSEC;
+        break;
+    case 2:
+        nsec = atoi(argv[1]);
+        break;
+    default:
+        break;
+    };
+
+    if (nsec == 0) {
+        printf("Usage: %s [test time in seconds > 0]\n", argv[0]);
+        exit(EXIT_FAILURE);
+    }
+
+    printf("*** Benchmarking KZG Proof from Lagrange, %d second%s per test.\n", nsec, nsec == 1 ? "" : "s");
+    for (int scale = 1; scale <= 15; scale++) {
+        printf("compute_proof_single_l/scale_%d %lu ns/op\n", scale, run_bench(scale, nsec));
+    }
+
+    return EXIT_SUCCESS;
+}
diff --git a/src/fft_g1.c b/src/fft_g1.c
@@ -198,4 +198,4 @@ TEST_LIST = {
     {NULL, NULL} /* zero record marks the end of the list */
 };
 
-#endif // KZGTEST
+#endif // KZGTEST
diff --git a/src/fk20_proofs.c b/src/fk20_proofs.c
@@ -485,7 +485,7 @@ void fk_single(void) {
     FFTSettings fs;
     KZGSettings ks;
     FK20SingleSettings fk;
-    uint64_t secrets_len = n_len + 1;
+    uint64_t secrets_len = n_len;
     g1_t s1[secrets_len];
     g2_t s2[secrets_len];
     poly p;
@@ -558,7 +558,7 @@ void fk_single_strided(void) {
     FFTSettings fs;
     KZGSettings ks;
     FK20SingleSettings fk;
-    uint64_t secrets_len = n_len + 1;
+    uint64_t secrets_len = n_len;
     g1_t s1[secrets_len];
     g2_t s2[secrets_len];
     poly p;
@@ -606,7 +606,7 @@ void fk_multi_settings(void) {
     KZGSettings ks;
     FK20MultiSettings fk;
     uint64_t n = 5;
-    uint64_t secrets_len = 33;
+    uint64_t secrets_len = 32;
     g1_t s1[secrets_len];
     g2_t s2[secrets_len];
 
@@ -764,4 +764,4 @@ TEST_LIST = {
     {NULL, NULL} /* zero record marks the end of the list */
 };
 
-#endif
+#endif