Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add a shortcut to speed up concrete evaluation of pmod. #1170

Merged
merged 1 commit into from
Apr 28, 2021
Merged

Add a shortcut to speed up concrete evaluation of pmod. #1170

merged 1 commit into from
Apr 28, 2021

Conversation

brianhuffman
Copy link
Contributor

Used with a modulus of degree d, the low d bits of the input can be copied directly to the output unchanged. This lets us skip the first d iterations of the main loop.

This change reduces the runtime of my 42,000-bit polynomial GCD function from just over 3 minutes to less than 2.

Add a shortcut to speed up concrete evaluation of pmod.
44ed895 
Used with a modulus of degree `d`, the low `d` bits of
the input can be copied directly to the output unchanged.
This lets us skip the first `d` iterations of the main loop.
robdockins
robdockins approved these changes Apr 21, 2021
View reviewed changes
Copy link
Contributor

@robdockins robdockins left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The argument is basically that the first d iterations will never reduce? I think I buy that.

Is this an improvement we can also fold into the reference implementation?

@brianhuffman
Copy link
Contributor Author

We might be able to fold that into the reference implementation, but it's a bit tricky to do in cryptol because the polynomial degree of the modulus is not known statically, so we wouldn't be able to use cryptol sequences for doing loop iterations. I have an implementation of a variant of pmod in cryptol that uses this trick, but in my variant I assume an implicit leading 1 bit on the modulus, so the degree is fixed to match the bit width.

@brianhuffman brianhuffman merged commit 282613d into master Apr 28, 2021
@brianhuffman brianhuffman deleted the faster-pmod branch April 28, 2021 23:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@robdockins robdockins robdockins approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@brianhuffman @robdockins