In many use cases, there are multiple signatures of the same message, e.g., Ethereum attestations often share the signed AttestationData.
For that situation, blst started exposing Pippenger multiplication to accelerate this use case. Multiscalar multiplication is much faster than individual scalar multiplication of each signature / pubkey.
Further optimizations may be achieved with parallel tiling, see the Rust binding code in the npoints >= 32 situation:
Likewise, multiple pubkeys / signatures may be loaded simultaneously using the new blst APIs.
We don't do either of these additional optimizations as our architecture does not readily support them. Pippenger multiplication alone already offers a significant speedup until prioritizing further optimizations.
------------------------------------------------------------------------------------------------------------------------------------
BLS verif of 6 msgs by 6 pubkeys 117.232 ops/s 8530098 ns/op 20471994 cycles
BLS verif of 6 sigs of same msg by 6 pubkeys (with blinding) 553.186 ops/s 1807711 ns/op 4338371 cycles
BLS verif of 6 sigs of same msg by 6 pubkeys 724.279 ops/s 1380683 ns/op 3313617 cycles
------------------------------------------------------------------------------------------------------------------------------------
BLS verif of 60 msgs by 60 pubkeys 11.131 ops/s 89839743 ns/op 215615251 cycles
BLS verif of 60 sigs of same msg by 60 pubkeys (with blinding) 238.059 ops/s 4200634 ns/op 10081380 cycles
BLS verif of 60 sigs of same msg by 60 pubkeys 680.634 ops/s 1469219 ns/op 3526031 cycles
------------------------------------------------------------------------------------------------------------------------------------
BLS verif of 180 msgs by 180 pubkeys 3.887 ops/s 257298895 ns/op 617517127 cycles
BLS verif of 180 sigs of same msg by 180 pubkeys (with blinding) 166.340 ops/s 6011785 ns/op 14428186 cycles
BLS verif of 180 sigs of same msg by 180 pubkeys 536.938 ops/s 1862413 ns/op 4469689 cycles
------------------------------------------------------------------------------------------------------------------------------------
In many use cases, there are multiple signatures of the same message, e.g., Ethereum attestations often share the signed
AttestationData
.For that situation,
blst
started exposing Pippenger multiplication to accelerate this use case. Multiscalar multiplication is much faster than individual scalar multiplication of each signature / pubkey.Further optimizations may be achieved with parallel tiling, see the Rust binding code in the
npoints >= 32
situation:Likewise, multiple pubkeys / signatures may be loaded simultaneously using the new
blst
APIs.We don't do either of these additional optimizations as our architecture does not readily support them. Pippenger multiplication alone already offers a significant speedup until prioritizing further optimizations.