Skip to content

Prescale coefficients to avoid expensive scalar multiplications #628

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
jtraglia merged 2 commits into from
Feb 25, 2026
Merged

Prescale coefficients to avoid expensive scalar multiplications #628

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
96cf8a9
Prescale coefficients to avoid expensive scalar multiplications
jtraglia Feb 24, 2026
0865a7b
Rename g1_ifft to g1_ifft_unscaled & add remark
jtraglia Feb 25, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 0 additions & 7 deletions src/eip7594/fft.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -235,13 +235,6 @@ C_KZG_RET g1_ifft(g1_t *out, const g1_t *in, size_t n, const KZGSettings *s) {
size_t stride = FIELD_ELEMENTS_PER_EXT_BLOB / n;
g1_fft_fast(out, in, 1, s->reverse_roots_of_unity, stride, n);

fr_t inv_n;
fr_from_uint64(&inv_n, n);
blst_fr_eucl_inverse(&inv_n, &inv_n);
for (size_t i = 0; i < n; i++) {
g1_mul(&out[i], &out[i], &inv_n);
}

return C_KZG_OK;
}

Expand Down
17 changes: 14 additions & 3 deletions src/eip7594/fk20.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -138,6 +138,7 @@ static void circulant_coeffs_stride(fr_t *out, const fr_t *in, size_t offset) {
C_KZG_RET compute_fk20_cell_proofs(g1_t *out, const fr_t *poly, const KZGSettings *s) {
C_KZG_RET ret;
size_t circulant_domain_size;
fr_t inv_domain_size;

blst_scalar *scalars = NULL;
fr_t **coeffs = NULL;
Expand Down Expand Up @@ -185,15 +186,24 @@ C_KZG_RET compute_fk20_cell_proofs(g1_t *out, const fr_t *poly, const KZGSetting
u[i] = G1_IDENTITY;
}

/* Phase 1, step 4: Compute the w_i columns */
/*
* Phase 1, step 4: Compute the w_i columns and prescale by 1/circulant_domain_size.
*
* The prescaling absorbs the 1/n factor from the IFFT (step 6) into cheap field
* multiplications, avoiding 128 expensive EC scalar multiplications that would otherwise be
* needed in the IFFT scaling step.
*/
fr_from_uint64(&inv_domain_size, circulant_domain_size);
blst_fr_eucl_inverse(&inv_domain_size, &inv_domain_size);
for (size_t i = 0; i < FIELD_ELEMENTS_PER_CELL; i++) {
/* Select the coefficients c_i of poly that form the i-th circulant matrix */
circulant_coeffs_stride(circulant_coeffs, poly, i);
/* Apply FFT to get w_i */
ret = fr_fft(circulant_coeffs_fft, circulant_coeffs, circulant_domain_size, s);
if (ret != C_KZG_OK) goto out;
/* Transpose and prescale by 1/n in one pass */
for (size_t j = 0; j < circulant_domain_size; j++) {
coeffs[j][i] = circulant_coeffs_fft[j];
blst_fr_mul(&coeffs[j][i], &circulant_coeffs_fft[j], &inv_domain_size);
}
}

Expand Down Expand Up @@ -236,7 +246,8 @@ C_KZG_RET compute_fk20_cell_proofs(g1_t *out, const fr_t *poly, const KZGSetting
}

/*
* Phase 1, step 6: Apply the inverse FFT to the u vector.
* Phase 1, step 6: Apply the inverse FFT to the u vector (without 1/n scaling, since we
* already prescaled the coefficients by 1/n in the field).
*
* The result is almost the final v vector: the second half of the vector should be set to the
* identity elements (commitments to zero coefficients). The v polynomial actually has degree
Expand Down
Loading