|
| 1 | +{-# LANGUAGE BangPatterns #-} |
| 2 | +{-# LANGUAGE DataKinds #-} |
| 3 | +{-# LANGUAGE NoImplicitPrelude #-} |
| 4 | +{-# LANGUAGE TemplateHaskell #-} |
| 5 | + |
| 6 | +module Cardano.Benchmarking.PlutusScripts.MultiScalarMulG2 (script) where |
| 7 | + |
| 8 | +import Cardano.Api (PlutusScriptVersion (PlutusScriptV3)) |
| 9 | +import Cardano.Benchmarking.ScriptAPI (PlutusBenchScript, mkPlutusBenchScript) |
| 10 | +import Language.Haskell.TH.Syntax (Exp (LitE), Lit (StringL), Loc (loc_module), qLocation) |
| 11 | +import PlutusLedgerApi.Common (serialiseCompiledCode) |
| 12 | +import qualified PlutusLedgerApi.V3 as PlutusV3 |
| 13 | +import qualified PlutusTx (compile) |
| 14 | +import qualified PlutusTx.Builtins.Internal as BI (BuiltinList, head, snd, tail, unitval, |
| 15 | + unsafeDataAsConstr) |
| 16 | +import PlutusTx.Builtins as BI (bls12_381_G2_multiScalarMul) |
| 17 | +import PlutusTx.Prelude as Tx hiding (Semigroup (..), (.), (<$>)) |
| 18 | +import Prelude as Haskell ((.), (<$>)) |
| 19 | + |
| 20 | + |
| 21 | +script :: PlutusBenchScript |
| 22 | +script = mkPlutusBenchScript |
| 23 | + $(LitE . StringL . loc_module <$> qLocation) |
| 24 | + PlutusScriptV3 |
| 25 | + (serialiseCompiledCode $$(PlutusTx.compile [|| mkValidator ||])) |
| 26 | + |
| 27 | +{-# INLINABLE mkValidator #-} |
| 28 | +mkValidator :: BuiltinData -> BuiltinUnit |
| 29 | +mkValidator arg = |
| 30 | + if red_n < 1000000 -- large number ensures same bitsize for all counter values |
| 31 | + then traceError "redeemer is < 1000000" |
| 32 | + else loop (fmap Tx.bls12_381_G2_uncompress red_bss) red_is red_n |
| 33 | + where |
| 34 | + -- lazily decode script context up to redeemer, which is less expensive and results in much smaller tx size |
| 35 | + constrArgs :: BuiltinData -> BI.BuiltinList BuiltinData |
| 36 | + constrArgs = BI.snd . BI.unsafeDataAsConstr |
| 37 | + |
| 38 | + redeemerFollowedByScriptInfo :: BI.BuiltinList BuiltinData |
| 39 | + redeemerFollowedByScriptInfo = BI.tail (constrArgs arg) |
| 40 | + |
| 41 | + redeemer :: BuiltinData |
| 42 | + redeemer = BI.head redeemerFollowedByScriptInfo |
| 43 | + |
| 44 | + red_n :: Integer |
| 45 | + red_is :: [Integer] |
| 46 | + red_bss :: [BuiltinByteString] |
| 47 | + (red_n, red_is, red_bss) = PlutusV3.unsafeFromBuiltinData redeemer |
| 48 | + |
| 49 | + -- see Note[1] |
| 50 | + loop points scalars n |
| 51 | + | n == 1000000 = BI.unitval |
| 52 | + | otherwise = let !_ = BI.bls12_381_G2_multiScalarMul (n : scalars) points in loop points scalars (pred n) |
| 53 | + |
| 54 | + |
| 55 | +{- |
| 56 | +
|
| 57 | +Note[1]: |
| 58 | +
|
| 59 | + The benchmarking loop's counter will always be used as a nonce, prepended to the list of scalars. |
| 60 | + Hence, make sure that in the redeemer args, |
| 61 | + >> THE LIST OF SCALARS IS ALWAYS 1 ELEMENT SHORTER THAN THE LIST OF POINTS << |
| 62 | +
|
| 63 | + == Reason for Nonce-as-Head ('n : scalars'): |
| 64 | + 1. Defeats Pippenger Bucket-Caching: Mutating a single scalar |
| 65 | + head element breaks the windowed bit-partitioning configuration. This forces |
| 66 | + the 'blst' library to perform full, un-cached linear combination logic from |
| 67 | + scratch rather than reusing pre-computed bucket structures. |
| 68 | + 2. Minmize execution units to achieve 1.: Prepending a head nonce element |
| 69 | + guarantees a predictable O(1) overhead, focusing execution cost purely on the underlying |
| 70 | + curve arithmetic. Also, this guarantees a stable memory footprint. |
| 71 | +
|
| 72 | + CIP-0133 Optimal 256-bit Scalars (Bounded by Curve Order 'r'): |
| 73 | + To prevent early-termination short-circuits in the underlying 'blst' library, |
| 74 | + we use high bit-density, non-trivial scalars strictly reduced modulo |
| 75 | + 'r' (= 73eda753299d7d483339d80809a1d80553bda402fffe5bfeffffffff00000001) - see example below. |
| 76 | +
|
| 77 | + CIP-0133 Valid G2 Test Points (96-Byte Compressed Hex Literals): |
| 78 | + The points have been chosen to ensure maximum Montgomery multiplication stress in |
| 79 | + the F_p^2 field and prevent 'blst' from short-circuiting. They correspond to |
| 80 | + 1. Official 1*G2 Base Generator, 2. 2*G2 Point, 3. 3*G2 Point and 4. 4*G2 Point - see example below. |
| 81 | +
|
| 82 | + Assuming you want to run a benchmark with input length 4, this would be the resulting redeemer: |
| 83 | +
|
| 84 | +{ |
| 85 | + "constructor": 0, |
| 86 | + "fields": [ |
| 87 | + { |
| 88 | + "int": 1000000 |
| 89 | + }, |
| 90 | + { |
| 91 | + "list": [ |
| 92 | + { |
| 93 | + "int": 42148542872313659974763123524802260613429458928903366458240005849867442446806 |
| 94 | + }, |
| 95 | + { |
| 96 | + "int": 43175885667968324076475204474312361068172079008185553631823030366527704308590 |
| 97 | + }, |
| 98 | + { |
| 99 | + "int": 30296922462898274839287732105045363550642484192066614321073140284814517593443 |
| 100 | + } |
| 101 | + ] |
| 102 | + }, |
| 103 | + { |
| 104 | + "list": [ |
| 105 | + { |
| 106 | + "bytes": "93e02b6052719f607dacd3a088274f65596bd0d09920b61ab5da61bbdc7f5049334cf11213945d57e5ac7d055d042b7e024aa2b2f08f0a91260805272dc51051c6e47ad4fa403b02b4510b647ae3d1770bac0326a805bbefd48056c8c121bdb8" |
| 107 | + }, |
| 108 | + { |
| 109 | + "bytes": "aa4edef9c1ed7f729f520e47730a124fd70662a904ba1074728114d1031e1572c6c886f6b57ec72a6178288c47c335771638533957d540a9d2370f17cc7ed5863bc0b995b8825e0ee1ea1e1e4d00dbae81f14b0bf3611b78c952aacab827a053" |
| 110 | + }, |
| 111 | + { |
| 112 | + "bytes": "89380275bbc8e5dcea7dc4dd7e0550ff2ac480905396eda55062650f8d251c96eb480673937cc6d9d6a44aaa56ca66dc122915c824a0857e2ee414a3dccb23ae691ae54329781315a0c75df1c04d6d7a50a030fc866f09d516020ef82324afae" |
| 113 | + }, |
| 114 | + { |
| 115 | + "bytes": "870227d3f13684fdb7ce31b8065ba3acb35f7bde6fe2ddfefa359f8b35d08a9ab9537b43e24f4ffb720b5a0bda2a82f20e7a30979a8853a077454eb63b8dcee75f106221b262886bb8e01b0abb043368da82f60899cc1412e33e4120195fc557" |
| 116 | + } |
| 117 | + ] |
| 118 | + } |
| 119 | + ] |
| 120 | +} |
| 121 | +
|
| 122 | + >> BEWARE << |
| 123 | +
|
| 124 | + The scalars are way out of range for safe representation in most JSON implementations: IEEE 754 double-precision (what most JSON parsers use for numbers) has a safe integer limit of roughly 16 digits. |
| 125 | + The scalars used here are 77 digits. |
| 126 | +
|
| 127 | + Consequences in practice: |
| 128 | + - JavaScript JSON.parse(), Python json.parse() silently lose precision; you get a wrong number with no error. |
| 129 | + - Make sure your tooling like nix, jq, dyff et al. does not exhibit the same issue, in case you process the redeemer as a JSON file. |
| 130 | + - Haskell's aeson parses it as Scientific or Integer (arbitrary precision); the scalars survive correctly. |
| 131 | + - For a Plutus redeemer value this doesn't matter at the JSON level because it is CBOR-encoded, and CBOR has native arbitrary-precision integer support. |
| 132 | +-} |
0 commit comments