From dd3a27e5dc66fc47c34c077ca8124efe6fbea900 Mon Sep 17 00:00:00 2001 From: DanielKotov <159419107+DanielKotov@users.noreply.github.com> Date: Wed, 2 Oct 2024 14:02:06 +0300 Subject: [PATCH] chore: reduce number of gates in stdlib/sha256 hash function (#8905) We can reduce number of gates for round variables a and e in sha256. At the start of the round variables a and e were converted in maj and ch form respectively. But after that their .sparse form was replaced in functions majority and choose with the same values, and this procedure added some unnecessary gates. We can fix this by just initializing a and e using default constructors and put in .normal part values of h_init[0] and h_init[4]. After that functions majority and choose will add in .sparse values of lookup automatically All tests for stdlib/sha256 have passed after this patch. As a result, number of gates from sha256_nist_vector_five were reduced from 65194 to 65104. --------- Co-authored-by: Rumata888 --- .../barretenberg/stdlib/hash/sha256/sha256_plookup.cpp | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/barretenberg/cpp/src/barretenberg/stdlib/hash/sha256/sha256_plookup.cpp b/barretenberg/cpp/src/barretenberg/stdlib/hash/sha256/sha256_plookup.cpp index 6c809f12d84..3fa8f939c25 100644 --- a/barretenberg/cpp/src/barretenberg/stdlib/hash/sha256/sha256_plookup.cpp +++ b/barretenberg/cpp/src/barretenberg/stdlib/hash/sha256/sha256_plookup.cpp @@ -271,11 +271,16 @@ std::array, 8> sha256_block(const std::array, /** * Initialize round variables with previous block output **/ - auto a = map_into_maj_sparse_form(h_init[0]); + /** + * We can initialize round variables a and c and put value h_init[0] and + * h_init[4] in .normal, and don't do lookup for maj_output, because majority and choose + * functions will do that in the next step + **/ + sparse_value a = sparse_value(h_init[0]); auto b = map_into_maj_sparse_form(h_init[1]); auto c = map_into_maj_sparse_form(h_init[2]); auto d = map_into_maj_sparse_form(h_init[3]); - auto e = map_into_choose_sparse_form(h_init[4]); + sparse_value e = sparse_value(h_init[4]); auto f = map_into_choose_sparse_form(h_init[5]); auto g = map_into_choose_sparse_form(h_init[6]); auto h = map_into_choose_sparse_form(h_init[7]);