Comments (5)
A quick improvement I believe would be to include a Reset() method that would re-slice the internal entries []entry of a BatchVerifier into a slice of length zero. An alternative would be to also change up the BatchVerifier API to accept slices and not allocate on its own so that allocations can be managed by the caller.
Any thoughts on this?
I would rather not break the API at this point. Exposing a Reset() call is certainly something I could do though. I'll think about if there are any other things I can do to make this use-case better behaved as well.
I also have a quick question: is there any reason entry.signature is a byte slice rather than a fixed 32 byte array?
Because the only time entry.signature
gets set is when the caller specifies cofactor-less verification, which should be extremely uncommon since attempting to do that is basically a bug in the calling code. I debated between panic()
and "forcing fallback to serial verification" when such a thing was requested and went with the latter.
from curve25519-voi.
Something like in #69 should make this case better behaved. I debated adding BatchVerifier.SetCapacityHint
, but opted for a ctor that does preallocation for the sake of simplicity.
As an aside, if your use case involves repeatedly verifying huge batches, where the set of public keys in each batch is dramatically different, then storing the public key in the entry in expanded (precomputed table) form will also cause significantly more allocation overhead than necessary.
I can't really think of any good ideas on how to improve this while keeping the code easy to maintain (since my use case favors what is being done now, and I would rather not do something like, expose multiple BatchVerifier types), but I am open to suggestions.
from curve25519-voi.
PR #69 allowed me to pool BatchVerifiers; thanks!
In terms of areas where it might be worth looking into optimizing away allocations, it looks like the one last hotspot I've noticed from my benchmarks is around how public keys are expanded prior to signature batch verification. Unfortunately, it isn't trivial to optimize the allocations around it away.
If I get any ideas I'll open up a new issue. For the time being though, here's a pprof heap profile graph straight from my benchmarks:
from curve25519-voi.
In terms of areas where it might be worth looking into optimizing away allocations, it looks like the one last hotspot I've noticed from my benchmarks is around how public keys are expanded prior to signature batch verification. Unfortunately, it isn't trivial to optimize the allocations around it away.
Yeah, the current behavior is an explicit design decision, around the assumption that the application code will repeatedly verify batches using the same (or similar) set of public keys, so the routine is written to make AddExpandedWithOptions
fast/efficient.
For the batch sizes that you use, storing A
as a curve.EdwardsPoint
would make more sense (both from a performance and allocation efficiency standpoint), but it's tricky to have a single implementation that does the right thing for both of our use cases, unfortunately.
from curve25519-voi.
I went ahead and opened a new issue for further improvements in this area, with a design sketch of how this could be improved. The associated PR is still very much a work in progress and is not nearly as tested as it should be, but it is much better behaved.
from curve25519-voi.
Related Issues (20)
- Platform support
- Public key encryption, private key decryption HOT 1
- Go 1.19.x tracking
- ../github.com/oasisprotocol/curve25519-voi/internal/toolchain/constraints.go:48:6: undefined: __SOFTWARE_REQUIRES_GO_VERSION_1_18__ HOT 5
- perf: Replace the STROBE implementation
- perf: Add sr25519 precomputation support
- api: Consider exposing the merlin implementation
- ci: Figure out how to setup arm64 and arm32 builds/tests HOT 1
- perf: Think more about defaulting to ExpandedPublicKeys in the ed25519 batch verifier HOT 2
- perf: provide safepoints for pre-emptive scheduling HOT 7
- perf: primitives/x25519: Rethink calling x/crypto/curve25519 HOT 2
- internal/field: Think about using fiat-crypto
- cleanup: Drop support for old versions of Go
- cleanup: Fix assembly `go vet` issues HOT 1
- cleanup: Use the 1.17 cast from slice to array syntax HOT 1
- perf: Consider faster batch forgery identification
- housekeeping: Go 1.17 related cleanup HOT 1
- Browser wasm compatibility request HOT 1
- enhancement: Add paranoid ed25519 signing
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from curve25519-voi.