Add the relaxed NAF #302
Add the relaxed NAF #302
Conversation
|
Is this used anywhere? (Eg: for faster scalar muls?) |
I originally planned to use it for Poseidon. Unfortunately, for essentially all the prime numbers being considered, NAF is not better than the original form, because when NAF is better, it needs to use "inverse", and "inverse" here is costly, which requires 3 constraints to compute (it is needed to be compatible with the case that
Maybe it would be more useful for EC scalar mul, in which "inverse" (aka negative) is cheap. |
|
On a separate note, should we rename |
|
Yeah, |
|
@weikengchen what's the status of this PR? |
|
I should be able to revisit this PR today or tomorrow. |
weikengchen
force-pushed
the
add-relaxed-naf
branch
from
571a897 to
a7b829c
Compare
weikengchen
force-pushed
the
add-relaxed-naf
branch
from
a7b829c to
3414022
Compare
|
The PR is ready to go. @Pratyush please take a look |
| let vec = find_relaxed_naf(&[12u64]); | ||
| assert_eq!(vec.len(), 4); |
There was a problem hiding this comment.
Maybe we can add here find_naf(&12u64]) which has a shorter length?
There was a problem hiding this comment.
Yes. Added. It has a slightly longer len---5.
Description
This PR adds the relaxed NAF, which differs from the original
find_wnaf(should befind_naf?) by allowing the top 2 bits to be both nonzeros. This can, in some cases, reduce the overhead.The algorithm is indeed quite simple. The only case when the standard NAF may be suboptimal (note: NAF is optimal for hamming weight, but not the length + the hamming weight) is when the NAF ends with "-1 0 1", which can be systematically changed into "1 1". There are no other cases.
Before we can merge this PR, please make sure that all the following items have been
checked off. If any of the checklist items are not applicable, please leave them but
write a little note why.
Pendingsection inCHANGELOG.mdFiles changedin the Github PR explorer