Perf/lottery fewer wide muls#9
Merged
Merged
Conversation
The Taylor lottery test computes `phi + error_term` and `phi - error_term` each iteration. Replace the two separate adds with the fused `Ratio::add_sub`, which shares the three cross-multiplications between the sum and difference — 3 U512 wide-multiplies per iteration instead of 6. Together with crypto-ratio's integer-operand mul fast path this cuts ~22% of the per-cert wide-multiplies, ~11% of total guest cycles, with byte-identical verification output (full mainnet corpus equivalence and num-rational differential both green). Note: crypto-ratio dependency is a local path during development; repoint to the published version before merge.
The divisor is bounded by the Taylor iteration count, so it fits a u64. `div_by_u64` scales the denominator with a single-limb multiply instead of widening to U512 — a clean, unreduced equivalent of div_by_uint. On the cycle bench this adds ~2.7% over the add_sub/mul-fastpath stack (~12-14% total vs baseline). Validated bit-identical to div_by_uint on the zkVM guest (in-guest assertion across the full bench corpus) and via the host equivalence gate.
add_sub / div_by_u64 land in crypto-ratio 0.2.0; bump the dependency from 0.1.0.
Sbcdn
force-pushed
the
perf/lottery-fewer-wide-muls
branch
from
f83c5d4 to
eaf4cfa
Compare
Sbcdn
added a commit
that referenced
this pull request
Jun 18, 2026
check_bounds used pos + needed > len; on the 32-bit guest a wire length field near u32::MAX wraps the add to a small value that passes the check and then panics the slice. Phrase as needed > len - pos (pos <= len is invariant) so adversarial lengths reject cleanly as OutOfBounds instead of panicking. Covers all 25 read sites; behaviour-identical on every non-wrapping input. Add a primitive-level pin for the wrap (the only way to exercise it off the 32-bit target), an oversized-prefix reject case, and a malformed-byte panic-safety fuzz over the parser. README: divergence #9 (former U512 Taylor overflow panic) is resolved by the wide fallback; describe the residual U2048 ceiling instead.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.