Skip to content

Optimize BN254 ecmul with the field endomorphism #1389

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
chfast merged 1 commit into from
Dec 18, 2025
Merged

Optimize BN254 ecmul with the field endomorphism #1389

chfast merged 1 commit into from
Dec 18, 2025

Conversation

@rodiazet
Copy link
Member

@rodiazet rodiazet commented Dec 2, 2025
edited by chfast
Loading

Before:

(vvenv) rodia@MacBook-Pro-2 evmone % ./build/bin/evmone-precompiles-bench --benchmark_filter=ecmul
Unable to determine clock rate from sysctl: hw.cpufrequency: No such file or directory
This does not affect benchmark measurements, only the metadata output.
***WARNING*** Failed to set thread affinity. Estimated CPU frequency may be incorrect.
2025-12-02T12:37:39+01:00
Running ./build/bin/evmone-precompiles-bench
Run on (12 X 24 MHz CPU s)
CPU Caches:
  L1 Data 64 KiB
  L1 Instruction 128 KiB
  L2 Unified 4096 KiB (x12)
Load Average: 1.82, 2.09, 1.99
------------------------------------------------------------------------------------------------------
Benchmark                                            Time             CPU   Iterations UserCounters...
------------------------------------------------------------------------------------------------------
precompile<PrecompileId::ecmul, evmmax_cpp>      56080 ns        56081 ns        12380 gas_rate=106.989M/s gas_used=60k

After:

(vvenv) rodia@MacBook-Pro-2 evmone % ./build/bin/evmone-precompiles-bench --benchmark_filter=ecmul
Unable to determine clock rate from sysctl: hw.cpufrequency: No such file or directory
This does not affect benchmark measurements, only the metadata output.
***WARNING*** Failed to set thread affinity. Estimated CPU frequency may be incorrect.
2025-12-02T12:38:10+01:00
Running ./build/bin/evmone-precompiles-bench
Run on (12 X 24 MHz CPU s)
CPU Caches:
  L1 Data 64 KiB
  L1 Instruction 128 KiB
  L2 Unified 4096 KiB (x12)
Load Average: 1.75, 2.05, 1.97
------------------------------------------------------------------------------------------------------
Benchmark                                            Time             CPU   Iterations UserCounters...
------------------------------------------------------------------------------------------------------
precompile<PrecompileId::ecmul, evmmax_cpp>      37996 ns        37987 ns        18480 gas_rate=157.947M/s gas_used=60k

@rodiazet rodiazet added the has_dependencies PR depends on not merged yet PR label Dec 2, 2025
@rodiazet rodiazet requested a review from chfast December 2, 2025 11:45
@codecov
Copy link

codecov bot commented Dec 2, 2025
edited
Loading

Codecov Report

❌ Patch coverage is 96.50000% with 7 lines in your changes missing coverage. Please review.
✅ Project coverage is 81.66%. Comparing base (eeb288a) to head (c09a5a9).
⚠️ Report is 1 commits behind head on master.

Files with missing lines Patch % Lines
test/unittests/evmmax_bn254_mul_test.cpp 96.64% 0 Missing and 5 partials ⚠️
lib/evmone_precompiles/ecc.hpp 95.34% 1 Missing and 1 partial ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##           master    #1389      +/-   ##
==========================================
+ Coverage   81.44%   81.66%   +0.22%     
==========================================
  Files         152      152              
  Lines       13396    13596     +200     
  Branches     3211     3226      +15     
==========================================
+ Hits        10910    11103     +193     
- Misses        342      343       +1     
- Partials     2144     2150       +6
Flag Coverage Δ
eest-develop 91.13% <100.00%> (+0.04%) ⬆️
eest-develop-gmp 29.08% <17.00%> (-0.26%) ⬇️
eest-legacy 15.32% <0.00%> (-0.23%) ⬇️
eest-legacy-silkpre 24.42% <17.00%> (-0.19%) ⬇️
evmone-unittests 76.21% <96.50%> (+0.30%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Components Coverage Δ
core 94.42% <96.07%> (+0.01%) ⬆️
tooling 83.63% <ø> (ø)
tests 73.55% <96.64%> (+0.46%) ⬆️
Files with missing lines Coverage Δ
lib/evmone_precompiles/bn254.cpp 100.00% <100.00%> (ø)
lib/evmone_precompiles/ecc.hpp 95.81% <95.34%> (-0.10%) ⬇️
test/unittests/evmmax_bn254_mul_test.cpp 92.26% <96.64%> (+34.36%) ⬆️
🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@rodiazet rodiazet removed the has_dependencies PR depends on not merged yet PR label Dec 4, 2025
@chfast chfast changed the title Optimize ecmul with the field endomorphism and shamir trick. Optimize BN254 ecmul with the field endomorphism Dec 5, 2025
@chfast
Copy link
Member

chfast commented Dec 5, 2025

Improvement 72 Mgas/s → 117 Mgas/s (+63%).

@chfast chfast force-pushed the ecmul-opt branch 4 times, most recently from 4afee13 to eb3b456 Compare December 15, 2025 12:00
@chfast
Copy link
Member

chfast commented Dec 15, 2025 

Comparing o/ecmul to o/ecmul-endo
Benchmark                                                            Time             CPU      Time Old      Time New       CPU Old       CPU New
-------------------------------------------------------------------------------------------------------------------------------------------------
precompile<PrecompileId::ecmul, evmmax_cpp>_pvalue                 0.0001          0.0001      U Test, Repetitions: 11 vs 11
precompile<PrecompileId::ecmul, evmmax_cpp>_mean                  -0.3707         -0.3707         80940         50937         80920         50925
precompile<PrecompileId::ecmul, evmmax_cpp>_median                -0.3695         -0.3695         80762         50922         80746         50909
precompile<PrecompileId::ecmul, evmmax_cpp>_stddev                -0.8101         -0.8133           367            70           371            69
precompile<PrecompileId::ecmul, evmmax_cpp>_cv                    -0.6982         -0.7034             0             0             0             0
OVERALL_GEOMEAN                                                   -0.3707         -0.3707             0             0             0             0

@chfast chfast force-pushed the ecmul-opt branch 4 times, most recently from 6533f2f to 48be2b0 Compare December 17, 2025 20:14
@chfast
Copy link
Member

chfast commented Dec 17, 2025

The cost of decompose is 0.20%, out of which 0.14% is the division by DET.

@chfast chfast requested a review from Copilot December 17, 2025 20:22
Copilot AI reviewed Dec 17, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR optimizes the BN254 elliptic curve scalar multiplication using the GLV (Gallant-Lambert-Vanstone) endomorphism method, achieving a ~32% performance improvement (from ~56μs to ~38μs). The optimization decomposes a scalar k into two smaller scalars k₁ and k₂ such that k ≡ k₁ + k₂·λ (mod N), allowing the use of efficient multi-scalar multiplication instead of a full scalar multiplication.

Key changes:

  • Introduces ecc::decompose() function to split ECC scalars into two shorter signed scalars
  • Adds endomorphism parameters (LAMBDA, BETA, X1, MINUS_Y1, X2, Y2) to the BN254 Curve struct
  • Modifies the bn254::mul() function to use the decomposition and multi-scalar multiplication approach

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 7 comments.

File Description
lib/evmone_precompiles/ecc.hpp Adds SignedScalar struct, decompose() function for scalar decomposition, and verify_scalar_decomposition() helper for testing
lib/evmone_precompiles/bn254.hpp Adds endomorphism parameters (LAMBDA, BETA, lattice basis vectors) to the BN254 Curve struct
lib/evmone_precompiles/bn254.cpp Replaces direct ecc::mul() call with decomposition-based multi-scalar multiplication using the GLV endomorphism
test/unittests/evmmax_bn254_mul_test.cpp Adds comprehensive test coverage for the decompose() function with edge cases and fuzzer-found inputs

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@rodiazet @chfast
Optimize BN254 ecmul with field endomorphism
c09a5a9 
Add `ecc::decompose()` procedure to split ECC scalar into two smaller
ones. Use the decomposition to speed up BN254 scalar multiplication.

Co-authored-by: Paweł Bylica <pawel@hepcolgum.band>
@chfast chfast enabled auto-merge (squash) December 18, 2025 12:29
@chfast chfast merged commit 1598e91 into master Dec 18, 2025
21 checks passed
@chfast chfast deleted the ecmul-opt branch December 18, 2025 12:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@chfast chfast chfast approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@rodiazet @chfast