Efficient comparisons #1523
Merged
Efficient comparisons #1523
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
mitschabaude
force-pushed
the
feature/efficient-comparisons
branch
from
cc39156 to
ffae661
Compare
mitschabaude
changed the base branch from
feature/basic-gadgets-cs
to
feature/compatible-comparisons
Merged
mitschabaude
commented
Mar 28, 2024
src/lib/provable/crypto/signature.ts
Outdated
There was a problem hiding this comment.
here we use the new efficient isOdd(), plus some boyscouting
| return [x & 1n, x >> 1n]; | ||
| }); | ||
| let isOdd = b.assertBool(); | ||
| z.assertLessThan((Field.ORDER + 1n) / 2n); |
There was a problem hiding this comment.
using the new full field comparison!
Comment on lines
-563
to
+572
| * Field(2).lessThan(3).assertEquals(Bool(true)); | ||
| * let isTrue = Field(2).lessThan(3); |
There was a problem hiding this comment.
some comments boyscouting in this file. I didn't like that the example for lessThan() was one that should actually have used assertLessThan()
Comment on lines
-673
to
+671
| * Calling this function is equivalent to `Field(...).lessThan(...).assertEquals(Bool(true))`. | ||
| * | ||
| * Note: This uses fewer constraints than `x.lessThan(y).assertTrue()`. |
There was a problem hiding this comment.
didn't like that this said it "was equivalent", people should use the assertion version if possible because they are cheaper
src/lib/provable/gadgets/basic.ts
Outdated
There was a problem hiding this comment.
removing the import cycles was mainly about importing Field only as a type, and using what we need from field-constructor.ts instead
Comment on lines
+775
to
+782
| /** | ||
| * Version of `multiRangeCheck` which does the check on a truncated version of the input, | ||
| * so that it always succeeds, and then checks equality of the truncated and full input. | ||
| * | ||
| * This is a hack to get an error when the constraint fails, around the fact that multiRangeCheck | ||
| * is not checked by snarky. | ||
| */ | ||
| function indirectMultiRangeChange( |
There was a problem hiding this comment.
added this to not make the (negative) unit tests break. it's also better DX
Comment on lines
-408
to
+414
| let xMinusYFits = RangeCheck.isDefinitelyInRangeN( | ||
| UInt64.NUM_BITS, | ||
| xMinusY | ||
| ); | ||
|
|
||
| let yMinusXFits = RangeCheck.isDefinitelyInRangeN( | ||
| UInt64.NUM_BITS, | ||
| yMinusX | ||
| ); | ||
|
|
||
| xMinusYFits.or(yMinusXFits).assertEquals(true); | ||
| // x <= y if y - x fits in 64 bits | ||
| return yMinusXFits; | ||
| } | ||
| return lessThanOrEqualGeneric(this.value, y.value, 1n << 64n, (v) => | ||
| RangeCheck.rangeCheckN(UInt64.NUM_BITS, v) | ||
| ); |
There was a problem hiding this comment.
this used to be less efficient because it called rangeCheckHelper() twice. the new version only calls it once
| asProver, | ||
| constraintSystem, | ||
| generateWitness, | ||
| } from './core/provable-context.js'; | ||
| import { exists, existsAsync } from './core/exists.js'; | ||
| import { witness, witnessAsync } from './types/witness.js'; |
There was a problem hiding this comment.
moved witness() to its own file to make it not depend on Field
Comment on lines
795
to
+796
| assertBoolean(this); | ||
| return Bool.Unsafe.fromField(this); |
There was a problem hiding this comment.
I made assertBool() return the Bool because this is a common use case: assert that some witnessed field element is boolean and then use the bool
Comment on lines
-95
to
+96
| equivalentProvable({ from: [big264, big264], to: big264 })( | ||
| // addition can fail on two unreduced inputs because we can get x + y - f > 2^264 | ||
| equivalentProvable({ from: [big264, f], to: big264 })( |
There was a problem hiding this comment.
we didn't catch this before because of the missing errors on multi range check failures 😬
Trivo25
approved these changes
Mar 28, 2024
| @@ -30,6 +30,12 @@ This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.htm | |||
| - Remove `CircuitValue`, `prop`, `arrayProp` and `matrixProp` https://github.com/o1-labs/o1js/pull/1507 | |||
| - Remove `Mina.accountCreationFee()`, `Mina.BerkeleyQANet`, all APIs which accept private keys for feepayers, `Token`, `AccountUpdate.tokenSymbol`, `SmartContract.{token, setValue, setPermissions}`, "assert" methods for preconditions, `MerkleTee.calculateRootSlow()`, `Scalar.fromBigInt()`, `UInt64.lt()` and friends, deprecated static methods on `Group`, utility methods on `Circuit` like `Circuit.if()`, `Field.isZero()`, `isReady` and `shutdown()` https://github.com/o1-labs/o1js/pull/1515 | |||
| - Remove `privateKey` from the accepted arguments of `SmartContract.deploy()` https://github.com/o1-labs/o1js/pull/1515 | |||
| - **Efficient comparisons**. Support arbitrary bit lengths for `Field` comparisons and massively reduce their constraints https://github.com/o1-labs/o1js/pull/1523 | |||
| - `Field.assertLessThan()` goes from 510 to 24 constraints, `Field.lessThan()` from 509 to 38 | |||
CHANGELOG.md
Outdated
| @@ -30,6 +30,12 @@ This project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.htm | |||
| - Remove `CircuitValue`, `prop`, `arrayProp` and `matrixProp` https://github.com/o1-labs/o1js/pull/1507 | |||
| - Remove `Mina.accountCreationFee()`, `Mina.BerkeleyQANet`, all APIs which accept private keys for feepayers, `Token`, `AccountUpdate.tokenSymbol`, `SmartContract.{token, setValue, setPermissions}`, "assert" methods for preconditions, `MerkleTee.calculateRootSlow()`, `Scalar.fromBigInt()`, `UInt64.lt()` and friends, deprecated static methods on `Group`, utility methods on `Circuit` like `Circuit.if()`, `Field.isZero()`, `isReady` and `shutdown()` https://github.com/o1-labs/o1js/pull/1515 | |||
| - Remove `privateKey` from the accepted arguments of `SmartContract.deploy()` https://github.com/o1-labs/o1js/pull/1515 | |||
| - **Efficient comparisons**. Support arbitrary bit lengths for `Field` comparisons and massively reduce their constraints https://github.com/o1-labs/o1js/pull/1523 | |||
| - `Field.assertLessThan()` goes from 510 to 24 constraints, `Field.lessThan()` from 509 to 38 | |||
| - Moderately improve other comparisons: `UInt64.assertLessThan()` from 27 to 14,, `UInt64.lessThan()` from 27 to 15, `UInt32` similar. | |||
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
closes #1434
isEven()andisOdd()using full field comparison, which makes them much cheaper and also handle 255-bit field elementsisEven()for converting between compressed and uncompressed public keysFieldclass, and prevent against import cycle problems in the future, I got rid of the dependency onFieldin many of the gadgets and a few other places