feat(core): use ntt-based polynomial multiplication for large polynomials #394
Conversation
|
@slab-ci cpu_fast_test |
sarah-ek
force-pushed
the
sk/feat/ntt-keygen
branch
from
5215448
to
32afcba
Compare
|
@slab-ci cpu_fast_test |
sarah-ek
force-pushed
the
sk/feat/ntt-keygen
branch
from
32afcba
to
6550bfa
Compare
|
@slab-ci cpu_fast_test |
| let polynomial_log = (rng.gen::<usize>() % 7) + 6; | ||
| let polynomial_log = (rng.gen::<usize>() % 7) + 4; |
There was a problem hiding this comment.
so the range changes from 6..12 to 4..10 ?
can we maybe expand it or keep it the same ? as we now have params with polynomial_log up to 16 IIRC ?
| const KARATUSBA_STOP: usize = 64; | ||
| const NTT_THRESHOLD: usize = 256; |
There was a problem hiding this comment.
I don't see the specialized/hard coded test cases for the various ranges of possible Polynomial sizes ? To be sure each domain is tested
sarah-ek
force-pushed
the
sk/feat/ntt-keygen
branch
from
6550bfa
to
cea0e28
Compare
|
@slab-ci cpu_fast_test |
| par_allocate_and_generate_new_lwe_bootstrap_key, ActivatedRandomGenerator, CiphertextModulus, | ||
| EncryptionRandomGenerator, SecretRandomGenerator, | ||
| }; | ||
| use tfhe::core_crypto::seeders::new_seeder; | ||
| use tfhe::shortint::prelude::*; | ||
|
|
||
| fn criterion_bench(c: &mut Criterion) { | ||
| let parameters = PARAM_MESSAGE_2_CARRY_2_KS_PBS; | ||
| let parameters = PARAM_MESSAGE_4_CARRY_4_KS_PBS; |
| let small_lwe_secret_key = allocate_and_generate_new_binary_lwe_secret_key( | ||
| parameters.lwe_dimension, | ||
| &mut secret_generator, | ||
| ); |
There was a problem hiding this comment.
I guess this is an unrelated fix
| @@ -752,11 +815,11 @@ mod test { | |||
|
|
|||
| #[test] | |||
| pub fn test_multiply_karatsuba_u32() { | |||
There was a problem hiding this comment.
I guess "karatsuba" should be removed from the name
Same comment for next test
| // test | ||
| assert_eq!(&sb_mul, &ka_mul); | ||
| // test | ||
| assert_eq!(&sb_mul, &ka_mul); |
There was a problem hiding this comment.
Why not also compare with the ntt?
| @@ -703,40 +748,58 @@ mod test { | |||
| assert_eq!(&poly, &ground_truth); | |||
| } | |||
|
|
|||
| fn negacyclic_multiply_schoolbook<Scalar: UnsignedInteger>( | |||
There was a problem hiding this comment.
Could be used in the else block of polynomial_wrapping_add_mul_assign
|
Hey just back from vacation, where are we at for this ? |
sarah-ek
force-pushed
the
sk/feat/ntt-keygen
branch
from
cea0e28
to
ffb5779
Compare
|
@slab-ci cpu_fast_test |
sarah-ek
force-pushed
the
sk/feat/ntt-keygen
branch
from
ffb5779
to
432ddf9
Compare
|
@slab-ci cpu_fast_test |
| /// test if we have the same result when using schoolbook or ntt/karatsuba | ||
| /// for random polynomial multiplication | ||
| fn test_sub_mul<T: UnsignedTorus>() { | ||
| // 50 times the test |
sarah-ek
force-pushed
the
sk/feat/ntt-keygen
branch
from
432ddf9
to
a28c475
Compare
|
@slab-ci cpu_fast_test |
i still haven't determined the overflow limit. i'll need to compute it from the prime values in concrete-ntt. just to be safe. i'll add a test case for a polynomial size of 2^16 |
do we want to wait for you to have the overflow limit ? So that we are safe here before merging ? |
as long as one of the polynomial operands contains only small values (positive, or negative), then we should be safe |
Indeed for the small values, I know for research they used some very big polynomials when testing something we may want to check with JB to see what's preferred in that case, I just would like to avoid having silent failures in the NTT polynomial code |
|
Maybe with unit tests with worst cases and not using NTT for the larger cases where there may be overflows but we need to be rock solid on that |
|
@sarah-ek could we maybe separate the test overhaul in a different PR and merge it ? so that the improvements are in main and the ntt-only problem can be investigated without blocking the fixes you did ? 🙂 |
- initial work done in #394 - useful reworks of the tests have been waiting in that PR, this is to have those tests while NTT usage gets validated co-authored-by: sarah-ek
- initial work done in #394 - useful reworks of the tests have been waiting in that PR, this is to have those tests while NTT usage gets validated co-authored-by: sarah-ek <sarah.elkazdadi@zama.ai>
- initial work done in #394 - useful reworks of the tests have been waiting in that PR, this is to have those tests while NTT usage gets validated co-authored-by: sarah-ek <sarah.elkazdadi@zama.ai>
PR content/description
use concrete-ntt for negacyclic polynomial multiplication. this speeds up keygen by 2x for MESSAGE_2_CARRY_2 and 6x for MESSAGE_4_CARRY_4
Check-list: