Conversation
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #1389 +/- ##
==========================================
+ Coverage 81.44% 81.66% +0.22%
==========================================
Files 152 152
Lines 13396 13596 +200
Branches 3211 3226 +15
==========================================
+ Hits 10910 11103 +193
- Misses 342 343 +1
- Partials 2144 2150 +6
Flags with carried forward coverage won't be shown. Click here to find out more.
🚀 New features to boost your workflow:
|
chfast
changed the title
Member
|
Improvement 72 Mgas/s → 117 Mgas/s (+63%). |
chfast
force-pushed
the
ecmul-opt
branch
4 times, most recently
from
4afee13 to
eb3b456
Compare
Member
|
chfast
force-pushed
the
ecmul-opt
branch
4 times, most recently
from
6533f2f to
48be2b0
Compare
Member
|
The cost of decompose is 0.20%, out of which 0.14% is the division by DET. |
There was a problem hiding this comment.
Pull request overview
This PR optimizes the BN254 elliptic curve scalar multiplication using the GLV (Gallant-Lambert-Vanstone) endomorphism method, achieving a ~32% performance improvement (from ~56μs to ~38μs). The optimization decomposes a scalar k into two smaller scalars k₁ and k₂ such that k ≡ k₁ + k₂·λ (mod N), allowing the use of efficient multi-scalar multiplication instead of a full scalar multiplication.
Key changes:
- Introduces
ecc::decompose()function to split ECC scalars into two shorter signed scalars - Adds endomorphism parameters (LAMBDA, BETA, X1, MINUS_Y1, X2, Y2) to the BN254 Curve struct
- Modifies the
bn254::mul()function to use the decomposition and multi-scalar multiplication approach
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 7 comments.
| File | Description |
|---|---|
| lib/evmone_precompiles/ecc.hpp | Adds SignedScalar struct, decompose() function for scalar decomposition, and verify_scalar_decomposition() helper for testing |
| lib/evmone_precompiles/bn254.hpp | Adds endomorphism parameters (LAMBDA, BETA, lattice basis vectors) to the BN254 Curve struct |
| lib/evmone_precompiles/bn254.cpp | Replaces direct ecc::mul() call with decomposition-based multi-scalar multiplication using the GLV endomorphism |
| test/unittests/evmmax_bn254_mul_test.cpp | Adds comprehensive test coverage for the decompose() function with edge cases and fuzzer-found inputs |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
chfast
approved these changes
Dec 17, 2025
Add `ecc::decompose()` procedure to split ECC scalar into two smaller ones. Use the decomposition to speed up BN254 scalar multiplication. Co-authored-by: Paweł Bylica <pawel@hepcolgum.band>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
ecc::decompose()procedure to split ECC scalar into two smaller ones.with Efficient Endomorphisms
Before:
After: