Optimize the lagrange_interpolation

Author: NDobrev

crates/dkg/src/dkg_math.rs

@@ -204,7 +204,9 @@ pub fn lagrange_interpolation<C: Curve>(
             "zero secret share id",
         )));
     }
-    let mut r = C::Point::identity();
+    // Pre-allocate vectors for batch processing
+    let mut terms = Vec::with_capacity(k);
+
     for i in 0..k {
         let mut b = x_vec[i];
         for j in 0..k {
@@ -220,23 +222,34 @@ pub fn lagrange_interpolation<C: Curve>(
             }
         }
         let li0 = a.mul(&b.invert());
-        let tmp = y_vec[i].mul_scalar(&li0);
-        r = r.add(&tmp);
+        terms.push(y_vec[i].mul_scalar(&li0));
     }
-    Ok(r)
+
+    // Batch add all terms
+    Ok(batch_add_points::<C>(&terms))
 }
 
 #[allow(clippy::assign_op_pattern)]
 pub fn agg_coefficients<C: Curve>(
     verification_vectors: &[Vec<C::Point>],
     ids: &[C::Scalar],
 ) -> Vec<C::Point> {
-    let mut final_cfs = Vec::new();
-    for i in 0..verification_vectors[0].len() {
-        let mut sum = C::Point::identity();
+    let num_vectors = verification_vectors.len();
+    let vector_len = verification_vectors[0].len();
+
+    // Pre-allocate the result vector
+    let mut final_cfs = Vec::with_capacity(vector_len);
+
+    // Batch point additions for better cache locality and performance
+    for i in 0..vector_len {
+        // Collect all points at position i for batch addition
+        let mut points_to_sum = Vec::with_capacity(num_vectors);
         for v in verification_vectors {
-            sum = sum.add(&v[i]);
+            points_to_sum.push(v[i]);
         }
+
+        // Perform batched addition
+        let sum = batch_add_points::<C>(&points_to_sum);
         final_cfs.push(sum);
     }
     let mut final_keys = Vec::new();
@@ -247,6 +260,48 @@ pub fn agg_coefficients<C: Curve>(
     final_keys
 }
 
+// Optimized batch point addition function for elliptic curve operations
+pub fn batch_add_points<C: Curve>(points: &[C::Point]) -> C::Point {
+    if points.is_empty() {
+        return C::Point::identity();
+    }
+
+    if points.len() == 1 {
+        return points[0];
+    }
+
+    // For small numbers of points, use sequential addition
+    if points.len() <= 4 {
+        let mut sum = points[0];
+        for point in &points[1..] {
+            sum = sum.add(point);
+        }
+        return sum;
+    }
+
+    // For larger numbers, use a binary tree approach to reduce depth
+    let mut current_points = points.to_vec();
+
+    while current_points.len() > 1 {
+        let mut next_level = Vec::new();
+        let mut i = 0;
+        while i < current_points.len() {
+            if i + 1 < current_points.len() {
+                // Add pairs
+                next_level.push(current_points[i].add(&current_points[i + 1]));
+                i += 2;
+            } else {
+                // Handle odd element
+                next_level.push(current_points[i]);
+                i += 1;
+            }
+        }
+        current_points = next_level;
+    }
+
+    current_points[0]
+}
+
 #[cfg(test)]
 mod tests {
     use crate::crypto::*;

crates/dkg/src/lib.rs

@@ -9,4 +9,5 @@ pub use verification::{
 };
 
 pub use crypto::*;
+pub use dkg_math::batch_add_points;
 pub use types::*;

crates/finalization_prove/src/main.rs

@@ -82,10 +82,12 @@ where
     // Method 1: Compute P(0) directly as the constant term of aggregated polynomial
     // P(x) = Σ_{j=0}^t c_j x^j where c_j = Σ_{k=1}^n PK(a_{k,j})
     // P(0) = c_0 = Σ_{k=1}^n PK(a_{k,0})
-    let mut p0 = Setup::Point::identity();
-    for verification_vector in &verification_vectors {
-        p0 = p0.add(&verification_vector[0]); // Sum of constant terms
-    }
+
+    // Extract constant terms for batch addition
+    let constant_terms: Vec<Setup::Point> = verification_vectors.iter().map(|v| v[0]).collect();
+
+    // Use optimized batch addition
+    let p0 = dkg::batch_add_points::<Setup::Curve>(&constant_terms);
 
     // Method 2: Use Lagrange interpolation on partial public keys (spec requirement)
     // L(PK_1, ..., PK_n) should equal P(0)
@@ -119,7 +121,9 @@ fn lagrange_interpolation_at_zero<C: dkg::Curve>(
     // For each point (x_i, y_i), compute the Lagrange basis polynomial l_i(0)
     // l_i(0) = Π_{j≠i} (0 - x_j) / (x_i - x_j) = Π_{j≠i} (-x_j) / (x_i - x_j)
 
-    let mut result = C::Point::identity();
+    // Pre-allocate vectors for batch processing
+    let mut terms = Vec::with_capacity(k);
+
     for i in 0..k {
         let mut numerator = C::Scalar::from_u32(1); // This will be Π_{j≠i} (-x_j)
         let mut denominator = C::Scalar::from_u32(1); // This will be Π_{j≠i} (x_i - x_j)
@@ -138,8 +142,9 @@ fn lagrange_interpolation_at_zero<C: dkg::Curve>(
 
         let li0 = numerator.mul(&denominator.invert());
         let term = y_vec[i].mul_scalar(&li0);
-        result = result.add(&term);
+        terms.push(term);
     }
 
-    Ok(result)
+    // Batch add all terms instead of accumulating sequentially
+    Ok(dkg::batch_add_points::<C>(&terms))
 }

perf/baseline.json

@@ -101,29 +101,29 @@
     }
   },
   "bad-partial-key_bad_partial_key.json": {
-    "total_opcodes": 25815757,
+    "total_opcodes": 25814891,
     "opcodes": {
-      "add": 9927990,
+      "add": 9927134,
       "sltu": 4806127,
-      "lw": 2914798,
+      "lw": 2914792,
       "mul": 1952285,
       "mulhu": 1896338,
-      "sw": 1577033,
-      "beq": 1080590,
+      "sw": 1577028,
+      "beq": 1080593,
       "and": 764557,
       "or": 233881,
       "sub": 174034,
       "sll": 64726,
       "srl": 64259,
       "sra": 61131,
-      "jalr": 59259,
+      "jalr": 59257,
       "bltu": 58140,
-      "bne": 50799,
+      "bne": 50796,
       "xor": 45900,
-      "auipc": 30228,
+      "auipc": 30227,
       "lbu": 16666,
       "sb": 16076,
-      "jal": 10682,
+      "jal": 10686,
       "bgeu": 5583,
       "ecall": 1565,
       "blt": 1547,
@@ -154,53 +154,53 @@
     }
   },
   "finalization_finalization_test.json": {
-    "total_opcodes": 60388524,
+    "total_opcodes": 60332240,
     "opcodes": {
-      "add": 16282532,
-      "sw": 11991752,
-      "lw": 11967507,
-      "and": 4634085,
-      "bltu": 3558455,
-      "bne": 2844125,
-      "jalr": 2694135,
-      "sltu": 1478387,
-      "beq": 1463754,
-      "auipc": 1349325,
-      "or": 773366,
-      "ecall": 549590,
-      "xor": 409811,
-      "sb": 160378,
-      "lbu": 80098,
-      "sub": 54086,
-      "sll": 24614,
-      "mul": 21458,
-      "srl": 18058,
-      "mulhu": 8605,
-      "bgeu": 8499,
-      "jal": 7316,
-      "blt": 3840,
+      "add": 16267715,
+      "sw": 11982112,
+      "lw": 11957780,
+      "and": 4629027,
+      "bltu": 3555662,
+      "bne": 2841325,
+      "jalr": 2691236,
+      "sltu": 1476623,
+      "beq": 1462263,
+      "auipc": 1347865,
+      "or": 772070,
+      "ecall": 549206,
+      "xor": 409355,
+      "sb": 159922,
+      "lbu": 79504,
+      "sub": 53956,
+      "sll": 24251,
+      "mul": 21466,
+      "srl": 17914,
+      "mulhu": 8609,
+      "bgeu": 8507,
+      "jal": 7309,
+      "blt": 3839,
       "slt": 1920,
       "lb": 1653,
-      "sra": 1142,
+      "sra": 1118,
       "sh": 22,
       "bge": 9,
       "lh": 1,
       "lhu": 1
     },
-    "total_syscalls": 549590,
+    "total_syscalls": 549206,
     "syscalls": {
-      "bls12381_fp_mul": 240420,
-      "bls12381_fp_add": 110144,
+      "bls12381_fp_mul": 240216,
+      "bls12381_fp_add": 110012,
       "bls12381_fp2_add": 84845,
       "bls12381_fp2_mul": 50257,
       "bls12381_fp2_sub": 35618,
-      "bls12381_fp_sub": 24689,
+      "bls12381_fp_sub": 24659,
       "bls12381_double": 2772,
       "bls12381_add": 220,
       "uint256_mul": 146,
-      "hint_len": 141,
-      "hint_read": 141,
-      "enter_unconstrained": 118,
+      "hint_len": 135,
+      "hint_read": 135,
+      "enter_unconstrained": 112,
       "sha_compress": 25,
       "sha_extend": 25,
       "write": 12,