Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

confirm worst-case calibration of ed25519 operations #1030

Closed
graydon opened this issue Sep 1, 2023 · 0 comments · Fixed by #1109
Closed

confirm worst-case calibration of ed25519 operations #1030

graydon opened this issue Sep 1, 2023 · 0 comments · Fixed by #1109
Assignees
@jayz22
Labels
bug Something isn't working

Comments

@graydon
Copy link
Contributor

graydon commented Sep 1, 2023

A year ago, in 7367f00, I added a calibration for Ed25519 operations that was based on a range of possible scalars fed into a Curve25519 operation, such as the one that an Ed25519 signature verification does. This is visible in the EdwardsPointCurve25519ScalarMulRun calibration routine. Later in March of this year this was removed along with the EdwardsPointCurve25519ScalarMul cost type, in 349dab8. The idea I think of adding it was to use it to charge more-carefully for the cost of an Ed25519 signature verification, somehow?

Anyway, looking at the git history, it looks like this finer-grained cost type was never actually used when charging for Ed25519 signature verification. This might be ok, or it might not be. It depends on the variability of signature verification. It is a variable-time operation: it varies by the size of the scalar component. Which I think is usually "a randomly distributed 256-bit number" so perhaps 50%-likely to have its high bit set, and presumably that might hit the worst, or at least a dominant-cost case? But I'm not sure. It might be the case that the worst-case scalar multiplication cost is abnormally high -- higher than the average or whatever the calibration code is testing -- and users could cause us to undercharge if they submit this worst case. This should be investigated.
@graydon graydon added the bug Something isn't working label Sep 1, 2023
@graydon graydon mentioned this issue Sep 1, 2023
Closed
@jayz22 jayz22 mentioned this issue Oct 13, 2023
Merged
github-merge-queue bot pushed a commit that referenced this issue Oct 13, 2023
@jayz22
Setup bench framework to run experiments (#1109)
930ba53 
### What

Setup bench framework to run experiments 
- Experimental bench code is located in `experimental` (`benches/common`
and `src/cost_runner` dirs)
- Aggregate `ContractCostType`, `WasmInsnType` and a new
**`ExperimentalCostType`** into top level `CostType`

Resolves #1030 
- Bring back `EdwardsPointCurve25519ScalarMul` as a experimental cost
type and run variation histogram on it.

### Why

[TODO: Why this change is being made. Include any context required to
understand the why.]

### Known limitations

[TODO or N/A]
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jayz22 jayz22

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Setup bench framework to run experiments jayz22/rs-soroban-env
2 participants
@graydon @jayz22