Remove the redundant largrange_interpolation from compute_agg_key_from_dkg

Author: NDobrev

crates/dkg/src/dkg_math.rs

@@ -206,6 +206,7 @@ pub fn lagrange_interpolation<C: Curve>(
     }
     // Pre-allocate vectors for batch processing
     let mut terms = Vec::with_capacity(k);
+    let mut denominators = Vec::with_capacity(k);
 
     for i in 0..k {
         let mut b = x_vec[i];
@@ -221,7 +222,13 @@ pub fn lagrange_interpolation<C: Curve>(
                 b.mul_assign(&v);
             }
         }
-        let li0 = a.mul(&b.invert());
+        denominators.push(b);
+    }
+
+    let inv_denominators = batch_invert::<C>(&denominators);
+
+    for i in 0..k {
+        let li0 = a.mul(&inv_denominators[i]);
         terms.push(y_vec[i].mul_scalar(&li0));
     }
 
@@ -230,10 +237,10 @@ pub fn lagrange_interpolation<C: Curve>(
 }
 
 #[allow(clippy::assign_op_pattern)]
-pub fn agg_coefficients<C: Curve>(
-    verification_vectors: &[Vec<C::Point>],
-    ids: &[C::Scalar],
-) -> Vec<C::Point> {
+pub fn agg_coefficients<C: Curve>(verification_vectors: &[Vec<C::Point>]) -> Vec<C::Point> {
+    if verification_vectors.is_empty() {
+        return Vec::new();
+    }
     let num_vectors = verification_vectors.len();
     let vector_len = verification_vectors[0].len();
 
@@ -252,12 +259,7 @@ pub fn agg_coefficients<C: Curve>(
         let sum = batch_add_points::<C>(&points_to_sum);
         final_cfs.push(sum);
     }
-    let mut final_keys = Vec::new();
-    for id in ids.iter() {
-        let tmp = evaluate_polynomial::<C>(&final_cfs, id);
-        final_keys.push(tmp);
-    }
-    final_keys
+    final_cfs
 }
 
 // Optimized batch point addition function for elliptic curve operations
@@ -302,6 +304,30 @@ pub fn batch_add_points<C: Curve>(points: &[C::Point]) -> C::Point {
     current_points[0]
 }
 
+fn batch_invert<C: Curve>(scalars: &[C::Scalar]) -> Vec<C::Scalar> {
+    if scalars.is_empty() {
+        return Vec::new();
+    }
+
+    let mut products = Vec::with_capacity(scalars.len());
+    let mut current_product = C::Scalar::from_u32(1);
+
+    for s in scalars {
+        current_product = current_product.mul(s);
+        products.push(current_product);
+    }
+
+    let mut inv = products[products.len() - 1].invert();
+    let mut result = vec![C::Scalar::from_u32(0); scalars.len()];
+
+    for i in (1..scalars.len()).rev() {
+        result[i] = inv.mul(&products[i - 1]);
+        inv = inv.mul(&scalars[i]);
+    }
+    result[0] = inv;
+    result
+}
+
 #[cfg(test)]
 mod tests {
     use crate::crypto::*;
@@ -310,6 +336,43 @@ mod tests {
 
     use super::*;
 
+    #[test]
+    fn test_batch_invert_basic() {
+        let scalars = vec![
+            BlsScalar::from_u32(2),
+            BlsScalar::from_u32(3),
+            BlsScalar::from_u32(4),
+            BlsScalar::from_u32(5),
+        ];
+
+        let inverted = batch_invert::<BlsG1Curve>(&scalars);
+
+        assert_eq!(scalars.len(), inverted.len());
+
+        for i in 0..scalars.len() {
+            let product = scalars[i].mul(&inverted[i]);
+            assert_eq!(product.scalar, Scalar::one());
+        }
+    }
+
+    #[test]
+    fn test_batch_invert_empty() {
+        let scalars: Vec<BlsScalar> = vec![];
+        let inverted = batch_invert::<BlsG1Curve>(&scalars);
+        assert!(inverted.is_empty());
+    }
+
+    #[test]
+    fn test_batch_invert_single() {
+        let scalar = BlsScalar::from_u32(42);
+        let scalars = vec![scalar];
+
+        let inverted = batch_invert::<BlsG1Curve>(&scalars);
+
+        assert_eq!(inverted.len(), 1);
+        assert_eq!(inverted[0].scalar, scalar.invert().scalar);
+    }
+
     #[test]
     fn test_verify_signature() {
         let data = hex::decode("2f901d5cec8722e44afd59e94d0a56bf1506a72a0a60709920aad714d1a2ece0")

crates/dkg/src/verification.rs

@@ -202,10 +202,16 @@ where
 
 fn compute_agg_key_from_dkg<C: Curve>(
     verification_vectors: &[Vec<C::Point>],
-    ids: &[C::Scalar],
+    _ids: &[C::Scalar],
 ) -> Result<C::Point, Box<dyn std::error::Error>> {
-    let coefficients = agg_coefficients::<C>(verification_vectors, ids);
-    lagrange_interpolation::<C>(&coefficients, ids)
+    let coefficients = agg_coefficients::<C>(verification_vectors);
+    if coefficients.is_empty() {
+        return Err(Box::new(std::io::Error::new(
+            std::io::ErrorKind::InvalidData,
+            "no verification vectors",
+        )));
+    }
+    Ok(coefficients[0])
 }
 
 pub fn verify_generation_hashes<Setup>(
@@ -539,14 +545,8 @@ where
         })
         .collect();
 
-    let ids: Vec<Setup::Scalar> = sorted
-        .iter()
-        .enumerate()
-        .map(|(i, _)| Setup::Scalar::from_u32((i + 1) as u32))
-        .collect();
-
-    let computed_keys = agg_coefficients::<Setup::Curve>(&verification_vectors, &ids);
-    let expected_key = evaluate_polynomial::<Setup::Curve>(&computed_keys, perpetrator_id);
+    let computed_keys_coeffs = agg_coefficients::<Setup::Curve>(&verification_vectors);
+    let expected_key = evaluate_polynomial::<Setup::Curve>(&computed_keys_coeffs, perpetrator_id);
     Setup::Point::from_bytes(&expected_key.to_bytes()).expect("Invalid pubkey")
 }
 

perf/baseline.json

@@ -101,30 +101,30 @@
     }
   },
   "bad-partial-key_bad_partial_key.json": {
-    "total_opcodes": 25814891,
+    "total_opcodes": 25815409,
     "opcodes": {
-      "add": 9927134,
-      "sltu": 4806127,
-      "lw": 2914792,
-      "mul": 1952285,
+      "add": 9927835,
+      "sltu": 4806121,
+      "lw": 2914771,
+      "mul": 1952288,
       "mulhu": 1896338,
-      "sw": 1577028,
-      "beq": 1080593,
-      "and": 764557,
-      "or": 233881,
-      "sub": 174034,
-      "sll": 64726,
+      "sw": 1576996,
+      "beq": 1080597,
+      "and": 764539,
+      "or": 233878,
+      "sub": 174042,
+      "sll": 64742,
       "srl": 64259,
       "sra": 61131,
-      "jalr": 59257,
-      "bltu": 58140,
-      "bne": 50796,
+      "jalr": 59250,
+      "bltu": 58135,
+      "bne": 50721,
       "xor": 45900,
-      "auipc": 30227,
+      "auipc": 30223,
       "lbu": 16666,
       "sb": 16076,
-      "jal": 10686,
-      "bgeu": 5583,
+      "jal": 10700,
+      "bgeu": 5526,
       "ecall": 1565,
       "blt": 1547,
       "lb": 1507,
@@ -154,53 +154,53 @@
     }
   },
   "finalization_finalization_test.json": {
-    "total_opcodes": 60332240,
+    "total_opcodes": 42662050,
     "opcodes": {
-      "add": 16267715,
-      "sw": 11982112,
-      "lw": 11957780,
-      "and": 4629027,
-      "bltu": 3555662,
-      "bne": 2841325,
-      "jalr": 2691236,
-      "sltu": 1476623,
-      "beq": 1462263,
-      "auipc": 1347865,
-      "or": 772070,
-      "ecall": 549206,
-      "xor": 409355,
-      "sb": 159922,
-      "lbu": 79504,
-      "sub": 53956,
-      "sll": 24251,
-      "mul": 21466,
-      "srl": 17914,
-      "mulhu": 8609,
-      "bgeu": 8507,
-      "jal": 7309,
-      "blt": 3839,
+      "add": 11636103,
+      "sw": 8706072,
+      "lw": 8602479,
+      "and": 3015370,
+      "bltu": 2545745,
+      "jalr": 1905389,
+      "bne": 1857709,
+      "sltu": 971430,
+      "beq": 964262,
+      "auipc": 954151,
+      "or": 514625,
+      "ecall": 426369,
+      "xor": 243173,
+      "sb": 128164,
+      "lbu": 58289,
+      "sub": 44221,
+      "sll": 23525,
+      "mul": 19594,
+      "srl": 15971,
+      "bgeu": 8478,
+      "mulhu": 8247,
+      "jal": 5732,
+      "blt": 2302,
       "slt": 1920,
       "lb": 1653,
-      "sra": 1118,
+      "sra": 1044,
       "sh": 22,
       "bge": 9,
       "lh": 1,
       "lhu": 1
     },
-    "total_syscalls": 549206,
+    "total_syscalls": 426369,
     "syscalls": {
-      "bls12381_fp_mul": 240216,
-      "bls12381_fp_add": 110012,
+      "bls12381_fp_mul": 178786,
       "bls12381_fp2_add": 84845,
+      "bls12381_fp_add": 57882,
       "bls12381_fp2_mul": 50257,
       "bls12381_fp2_sub": 35618,
-      "bls12381_fp_sub": 24659,
+      "bls12381_fp_sub": 15454,
       "bls12381_double": 2772,
       "bls12381_add": 220,
-      "uint256_mul": 146,
-      "hint_len": 135,
-      "hint_read": 135,
-      "enter_unconstrained": 112,
+      "uint256_mul": 122,
+      "hint_len": 119,
+      "hint_read": 119,
+      "enter_unconstrained": 96,
       "sha_compress": 25,
       "sha_extend": 25,
       "write": 12,