SIMD-accelerate target-sum grinding during signing#51
SIMD-accelerate target-sum grinding during signing#51dicethedev wants to merge 1 commit intoleanEthereum:devnet4from
Conversation
|
@dicethedev Could you display in the PR description the benchmark results before/after, including key generation for a small instance (not need to run the big one to see the improvements in general)? This is just a way to evaluate the benefits of the PR |
I will do just that. Thanks! |
@dicethedev Don't hesitate to let us know if you need help with anything for this one :) |
@tcoratger You can check benchmark results included in my PR description. |
2 participants
🗒️ Description
This PR speeds up signing for the target-sum encoding path by adding a SIMD-accelerated grinding flow for Poseidon-based message hashing.
The signing bottleneck was the deterministic retry loop that keeps sampling encoding randomness until the chunk sum matches the target sum. Previously, this checked one candidate at a time. This PR keeps the same deterministic behavior, but evaluates multiple candidate randomness values per Poseidon permutation using packed SIMD lanes.
What Changed
MessageHash- newgrind_target_sumhookAdded a default method to
MessageHashfor deterministically searching for the first valid randomness value. The default falls back to scalar behavior, so non-Poseidon hashes are unaffected.IncomparableEncoding- newgrindhookAdded a default
grindmethod so signing can delegate the retry loop to the encoding itself, allowing specific encodings to override the search strategy.TargetSumEncoding- overridesgrindNow forwards the deterministic search to
MH::grind_target_sum, keeping target-sum logic centralized while enabling message-hash-specific acceleration.PoseidonMessageHash- SIMDgrind_target_sumThe core optimization. The new implementation:
rhovalues from the PRFGeneralizedXMSS::sign- uses encoding-level grindingThe manual retry loop is replaced with
IE::grind::<PRF>(...). Behavior is identical from the caller's perspective.Why This Fix Matters
The expensive part of signing for target-sum instantiations is the repeated encoding grind, not the already-optimized tree hashing code. This PR targets that hot path directly:
This should improve signing throughput for Poseidon target-sum instantiations, especially where many retries are needed before hitting the target sum.
Correctness Guarantees
EncodingAttemptsExceededfailure path is unchangedTests
Added
inc_encoding::target_sum::tests::test_grind_matches_first_successful_attempt— verifies the SIMD grind path returns the same randomness and chunks as the scalar search.Passing:
cargo test inc_encoding::target_sum::tests::test_grind_matches_first_successful_attemptcargo test test_deterministicNotes
This PR focuses on accelerating the encoding grind path used during signing, which matches the issue’s target and follows the same high-level idea as plonky3 grinding: batch many candidate witnesses and test them in parallel using packed field operations.
🔗 Related Issues or PRs
Closes #49
Benchmark Results
To evaluate the benefits of this PR, I compared this branch against its parent commit on a small Poseidon target-sum instance.
5cc7e373c4d6d2SIGTargetSumLifetime18W1NoOffcargo run --releaseThe primary goal of this PR is to accelerate the signing path by optimizing the target-sum grinding loop. On this small instance, signing throughput improves by approximately 7.6%. Key generation remains in the same general range, as expected, since this PR does not directly target key generation performance.