Barretenberg: src/barretenberg/ecc/scalar_multiplication/scalar_multiplication_fast.hpp Source File

#pragma once


#include "barretenberg/common/thread.hpp"

#include "barretenberg/ecc/curves/bn254/bn254.hpp"

#include "barretenberg/ecc/curves/grumpkin/grumpkin.hpp"

#include "barretenberg/polynomials/polynomial.hpp"

#include <string>


#include <atomic>

#include <cstddef>

#include <cstdint>

#include <span>

#include <vector>


namespace bb::scalar_multiplication {


size_t window_bits_tuning_oversub_factor(size_t n_input);


// `external_glv_doubled`: optional caller-supplied [P, φP, ...] interleaved buffer

//   (length 2*n). When non-empty, every n_input is treated as GLV-eligible and the

//   doubled points are aliased instead of recomputed — the batched driver uses this

//   to share the doubled SRS prefix across MSMs in a batch.

// `external_arena`: optional caller-supplied scratch buffer ≥ this MSM_fast's required

//   bytes. When empty, allocated per-MSM_fast and freed at return. The batched driver

//   supplies a single arena sized to the largest member.

template <typename Curve>

typename Curve::Element pippenger_round_parallel(

    PolynomialSpan<const typename Curve::ScalarField> scalars,

    std::span<const typename Curve::AffineElement> points,

    bool dedup_hint = false,

    std::span<const typename Curve::AffineElement> external_glv_doubled = {},

    std::span<std::byte> external_arena = {}) noexcept;


extern template curve::BN254::Element pippenger_round_parallel<curve::BN254>(

    PolynomialSpan<const curve::BN254::ScalarField> scalars,

    std::span<const curve::BN254::AffineElement> points,

    bool dedup_hint,

    std::span<const curve::BN254::AffineElement> external_glv_doubled,

    std::span<std::byte> external_arena) noexcept;


extern template curve::Grumpkin::Element pippenger_round_parallel<curve::Grumpkin>(

    PolynomialSpan<const curve::Grumpkin::ScalarField> scalars,

    std::span<const curve::Grumpkin::AffineElement> points,

    bool dedup_hint,

    std::span<const curve::Grumpkin::AffineElement> external_glv_doubled,

    std::span<std::byte> external_arena) noexcept;


// ===================================================================================

// Public API (interface-compatible with the legacy `scalar_multiplication::MSM_fast` class).

// ===================================================================================

//

// `pippenger_fast`        — handle_edge_cases routed: false → fast affine round-parallel,

//                      true → Jacobian fast path (handles point-at-infinity / equal-x

//                      bucket collisions).

// `pippenger_unsafe_fast` — always the fast path; caller asserts linear-independence of points.

// `MSM_fast<Curve>::msm`            — single-MSM_fast convenience wrapper (returns AffineElement).

// `MSM_fast<Curve>::batch_multi_scalar_mul` — multi-MSM_fast driver: runs each MSM_fast via `pippenger_fast`

//                                       and returns a vector of AffineElement results.


template <typename Curve>

typename Curve::Element pippenger_fast(PolynomialSpan<const typename Curve::ScalarField> scalars,

                                       std::span<const typename Curve::AffineElement> points,

                                       bool handle_edge_cases = true,

                                       bool dedup_hint = false) noexcept;


template <typename Curve>

typename Curve::Element pippenger_unsafe_fast(PolynomialSpan<const typename Curve::ScalarField> scalars,

                                              std::span<const typename Curve::AffineElement> points,

                                              bool dedup_hint = false) noexcept;


extern template curve::BN254::Element pippenger_fast<curve::BN254>(

    PolynomialSpan<const curve::BN254::ScalarField> scalars,

    std::span<const curve::BN254::AffineElement> points,

    bool handle_edge_cases,

    bool dedup_hint) noexcept;


extern template curve::Grumpkin::Element pippenger_fast<curve::Grumpkin>(

    PolynomialSpan<const curve::Grumpkin::ScalarField> scalars,

    std::span<const curve::Grumpkin::AffineElement> points,

    bool handle_edge_cases,

    bool dedup_hint) noexcept;


extern template curve::BN254::Element pippenger_unsafe_fast<curve::BN254>(

    PolynomialSpan<const curve::BN254::ScalarField> scalars,

    std::span<const curve::BN254::AffineElement> points,

    bool dedup_hint) noexcept;


extern template curve::Grumpkin::Element pippenger_unsafe_fast<curve::Grumpkin>(

    PolynomialSpan<const curve::Grumpkin::ScalarField> scalars,

    std::span<const curve::Grumpkin::AffineElement> points,

    bool dedup_hint) noexcept;


template <typename Curve> class MSM_fast {

  public:

    using Element = typename Curve::Element;

    using ScalarField = typename Curve::ScalarField;

    using AffineElement = typename Curve::AffineElement;


    static AffineElement msm(std::span<const AffineElement> points,

                             PolynomialSpan<const ScalarField> scalars,

                             bool handle_edge_cases = false,

                             bool dedup_hint = false) noexcept;


    static std::vector<AffineElement> batch_multi_scalar_mul(std::span<const AffineElement> points,

                                                             std::span<PolynomialSpan<ScalarField>> scalars,

                                                             bool handle_edge_cases = true,

                                                             std::span<const uint8_t> dedup_hints = {}) noexcept;

};


extern template class MSM_fast<curve::Grumpkin>;

extern template class MSM_fast<curve::BN254>;


// `pippenger_round_parallel` falls back to `trivial_msm_threaded` when each worker

// would receive fewer than this many points (after the n_active filter). Exposed so tests

// and bench targets can pin behaviour at the boundary.

inline constexpr size_t MIN_PTS_PER_THREAD_FOR_PIPPENGER = 24;


// Per-MSM_fast arena sizer. Returns 0 for shapes that fall back to the Jacobian-fast path

// (no affine arena). Mirrors the inline budget calc inside `pippenger_round_parallel`;

// declared here so the test suite can exercise the same sizer.

template <typename Curve>

size_t compute_arena_bytes_for_msm(size_t n_input, bool external_glv_provided, bool dedup_active = false) noexcept;


namespace round_parallel_detail {


// Above this N, GLV's 2x point-count cost outweighs the windows-halved benefit.

#ifdef __wasm__

inline constexpr size_t GLV_SMALL_N_THRESHOLD = size_t{ 1 } << 16;

#else

inline constexpr size_t GLV_SMALL_N_THRESHOLD = size_t{ 1 } << 13;

#endif


template <typename Curve>

typename Curve::Element pippenger_round_parallel_jacobian_fast(std::span<const typename Curve::ScalarField> scalars,

                                                               std::span<const typename Curve::AffineElement> points,

                                                               size_t min_pts_per_thread_override = 0) noexcept;


extern template curve::BN254::Element pippenger_round_parallel_jacobian_fast<curve::BN254>(

    std::span<const curve::BN254::ScalarField> scalars,

    std::span<const curve::BN254::AffineElement> points,

    size_t min_pts_per_thread_override) noexcept;


extern template curve::Grumpkin::Element pippenger_round_parallel_jacobian_fast<curve::Grumpkin>(

    std::span<const curve::Grumpkin::ScalarField> scalars,

    std::span<const curve::Grumpkin::AffineElement> points,

    size_t min_pts_per_thread_override) noexcept;


} // namespace round_parallel_detail


template <typename Curve>

typename Curve::Element trivial_msm(PolynomialSpan<const typename Curve::ScalarField> scalars_span,

                                    std::span<const typename Curve::AffineElement> all_points) noexcept;


extern template curve::BN254::Element trivial_msm<curve::BN254>(

    PolynomialSpan<const curve::BN254::ScalarField> scalars_span,

    std::span<const curve::BN254::AffineElement> all_points) noexcept;


extern template curve::Grumpkin::Element trivial_msm<curve::Grumpkin>(

    PolynomialSpan<const curve::Grumpkin::ScalarField> scalars_span,

    std::span<const curve::Grumpkin::AffineElement> all_points) noexcept;


template <typename Curve>

typename Curve::Element trivial_msm_threaded(PolynomialSpan<const typename Curve::ScalarField> scalars_span,

                                             std::span<const typename Curve::AffineElement> all_points) noexcept;


extern template curve::BN254::Element trivial_msm_threaded<curve::BN254>(

    PolynomialSpan<const curve::BN254::ScalarField> scalars_span,

    std::span<const curve::BN254::AffineElement> all_points) noexcept;


extern template curve::Grumpkin::Element trivial_msm_threaded<curve::Grumpkin>(

    PolynomialSpan<const curve::Grumpkin::ScalarField> scalars_span,

    std::span<const curve::Grumpkin::AffineElement> all_points) noexcept;


} // namespace bb::scalar_multiplication

bb::curve::BN254
Definition bn254.hpp:16

bb::curve::BN254::Element
typename Group::element Element
Definition bn254.hpp:21

bb::curve::Grumpkin
Definition grumpkin.hpp:58

bb::curve::Grumpkin::Element
typename Group::element Element
Definition grumpkin.hpp:63

bb::curve::Grumpkin::AffineElement
typename Group::affine_element AffineElement
Definition grumpkin.hpp:64

bb::curve::Grumpkin::ScalarField
bb::fq ScalarField
Definition grumpkin.hpp:60

bb::scalar_multiplication::MSM_fast
Definition scalar_multiplication_fast.hpp:128

bb::scalar_multiplication::MSM_fast::ScalarField
typename Curve::ScalarField ScalarField
Definition scalar_multiplication_fast.hpp:131

bb::scalar_multiplication::MSM_fast::Element
typename Curve::Element Element
Definition scalar_multiplication_fast.hpp:130

bb::scalar_multiplication::MSM_fast::AffineElement
typename Curve::AffineElement AffineElement
Definition scalar_multiplication_fast.hpp:132

bn254.hpp

grumpkin.hpp

bb::scalar_multiplication::round_parallel_detail::GLV_SMALL_N_THRESHOLD
constexpr size_t GLV_SMALL_N_THRESHOLD
Definition scalar_multiplication_fast.hpp:191

bb::scalar_multiplication
Definition pippenger_arena_layout.hpp:33

bb::scalar_multiplication::trivial_msm_threaded
Curve::Element trivial_msm_threaded(PolynomialSpan< const typename Curve::ScalarField > scalars_span, std::span< const typename Curve::AffineElement > all_points) noexcept
Multi-threaded small-MSM_fast driver: parallel Element::straus_msm over zero-skipped input slices.

bb::scalar_multiplication::compute_arena_bytes_for_msm
size_t compute_arena_bytes_for_msm(size_t n_input, bool external_glv_provided, bool dedup_active) noexcept
Round-parallel Pippenger MSM_fast. Windows process sequentially (high-to-low) but each window is full...
Definition scalar_multiplication_fast.cpp:1119

bb::scalar_multiplication::trivial_msm
Curve::Element trivial_msm(PolynomialSpan< const typename Curve::ScalarField > scalars_span, std::span< const typename Curve::AffineElement > all_points) noexcept
Single-threaded small-MSM_fast driver: Element::straus_msm over the input slice.

bb::scalar_multiplication::pippenger_unsafe_fast
Curve::Element pippenger_unsafe_fast(PolynomialSpan< const typename Curve::ScalarField > scalars, std::span< const typename Curve::AffineElement > points, bool dedup_hint) noexcept
Definition scalar_multiplication_fast.cpp:2845

bb::scalar_multiplication::MIN_PTS_PER_THREAD_FOR_PIPPENGER
constexpr size_t MIN_PTS_PER_THREAD_FOR_PIPPENGER
Definition scalar_multiplication_fast.hpp:177

bb::scalar_multiplication::pippenger_round_parallel< curve::BN254 >
template curve::BN254::Element pippenger_round_parallel< curve::BN254 >(PolynomialSpan< const curve::BN254::ScalarField > scalars, std::span< const curve::BN254::AffineElement > points, bool dedup_hint, std::span< const curve::BN254::AffineElement > external_glv_doubled, std::span< std::byte > external_arena) noexcept

bb::scalar_multiplication::pippenger_round_parallel< curve::Grumpkin >
template curve::Grumpkin::Element pippenger_round_parallel< curve::Grumpkin >(PolynomialSpan< const curve::Grumpkin::ScalarField > scalars, std::span< const curve::Grumpkin::AffineElement > points, bool dedup_hint, std::span< const curve::Grumpkin::AffineElement > external_glv_doubled, std::span< std::byte > external_arena) noexcept

bb::scalar_multiplication::pippenger_fast
Curve::Element pippenger_fast(PolynomialSpan< const typename Curve::ScalarField > scalars, std::span< const typename Curve::AffineElement > points, bool handle_edge_cases, bool dedup_hint) noexcept
Definition scalar_multiplication_fast.cpp:2853

bb::scalar_multiplication::window_bits_tuning_oversub_factor
size_t window_bits_tuning_oversub_factor(size_t n_input)
N-dependent oversubscription factor used ONLY for choose_window_bits' target_load formula (not for ac...
Definition scalar_multiplication_fast.cpp:30

bb::scalar_multiplication::pippenger_round_parallel
Curve::Element pippenger_round_parallel(PolynomialSpan< const typename Curve::ScalarField > scalars_span, std::span< const typename Curve::AffineElement > all_points, bool dedup_hint, std::span< const typename Curve::AffineElement > external_glv_doubled, std::span< std::byte > external_arena) noexcept
State of the art pippenger_fast multiscalar multiplication algorithm.
Definition scalar_multiplication_fast.cpp:1264

bb::BN254
@ BN254
Definition types.hpp:10

round_parallel_detail
Definition pippenger_batched.hpp:15

std
STL namespace.

std::get
constexpr decltype(auto) get(::tuplet::tuple< T... > &&t) noexcept
Definition tuple.hpp:13

polynomial.hpp

Element
Curve::Element Element
Definition small_msm_matrix.bench.cpp:40

bb::PolynomialSpan
Definition polynomial.hpp:27

thread.hpp