Closed andiflabs closed 1 week ago
I've reviewed this but mostly from a learning perspective, not a bug perspective so take my approve with a grain of salt.
I did ultimately track down the difference in checked vs unchecked to here, if I'm correct. https://github.com/iron-fish/jubjub/blob/47dfe5181ccf39166c0c479c35c0644d708f4294/src/lib.rs#L1424-L1433
I've reviewed this but mostly from a learning perspective, not a bug perspective so take my approve with a grain of salt.
I did ultimately track down the difference in checked vs unchecked to here, if I'm correct. https://github.com/iron-fish/jubjub/blob/47dfe5181ccf39166c0c479c35c0644d708f4294/src/lib.rs#L1424-L1433
Yes, that's correct. The checked function calls into_subgroup()
, the unchecked variant doesn't. into_subgroup()
calls is_torsion_free()
, which in turn calls multiply()
, which is the expensive operation that we want to get rid of.
Summary
Wallet scans get the blocks/transactions/notes from the chain db. The chain db contains data that has already been validated in the past (or that otherwise is assumed to be valid). For this reason, it should be possible to speed up scans by skipping expensive validation performed when parsing notes.
More specifically,
NoteEncrypted
parses some elliptic curve points in compressed form. The regular parsing done throughjubjub::SubgroupPoint::from_bytes()
involves an expensive check: it checks whether the uncompressed point belongs to the prime-order subgroup. This check is perfromed using elliptic curve point multiplication, which is the most predominant and slowest operation happening during wallet scans.Due to this check, for each note, the wallet currently performs two elliptic curve point multiplications: one to parse the note, another to attempt the actual decryption. By using
from_bytes_unchecked()
instead offrom_bytes()
we can skip the first multiplication, effectively improving note decryption performance by a factor of almost 2x.This change only affects the performance of wallet scans. Note parsing and decryption outside of a scan is unaffected at the moment. In the future, we can disable validation in other contexts as we see fit.
Testing Plan
Observe the number of elliptic curve point multiplications happening during a scan before and after this change (using the feature introduced in GH-5074).
Documentation
N/A
Breaking Change
N/A