aleksejspopovs
commented
7 years ago Oh, totally my fault for missing this. Thank you Madars, looks great!
Closed madars closed 7 years ago
aleksejspopovs
commented
7 years ago Oh, totally my fault for missing this. Thank you Madars, looks great!
The proving key for [GM17] proof system contains elements of the form Z(t) t^i gamma^2 G (0 <= i <=d); these elements were previously computed by performing d sequential exponentiations (i.e. d sequential calls to `G1::operator`). This commit changes this computation to use batch exponentiation instead.
Performance impact: the generator runtime, reported by
profile_r1cs_se_ppzksnark 1000000 10(i.e. 10^6 R1CS constraints and 10 inputs) on a system with i7-4770 Haswell CPU, decreases from ~358s to ~100s.