-
Notifications
You must be signed in to change notification settings - Fork 121
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat(core): use ntt-based polynomial multiplication for large polynomials #394
base: main
Are you sure you want to change the base?
Conversation
@slab-ci cpu_fast_test |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could you check the tests of the polynomial mul and cases to be sure we cover all the threshold domains ?
i.e. N < 64
64 <= N <= 256
256 < N
5215448
to
32afcba
Compare
@slab-ci cpu_fast_test |
32afcba
to
6550bfa
Compare
@slab-ci cpu_fast_test |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the schoolbook test function, still the question about specific tests for each threshold range
let polynomial_log = (rng.gen::<usize>() % 7) + 6; | ||
let polynomial_log = (rng.gen::<usize>() % 7) + 4; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
so the range changes from 6..12 to 4..10 ?
can we maybe expand it or keep it the same ? as we now have params with polynomial_log up to 16 IIRC ?
const KARATUSBA_STOP: usize = 64; | ||
const NTT_THRESHOLD: usize = 256; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't see the specialized/hard coded test cases for the various ranges of possible Polynomial sizes ? To be sure each domain is tested
6550bfa
to
cea0e28
Compare
@slab-ci cpu_fast_test |
par_allocate_and_generate_new_lwe_bootstrap_key, ActivatedRandomGenerator, CiphertextModulus, | ||
EncryptionRandomGenerator, SecretRandomGenerator, | ||
}; | ||
use tfhe::core_crypto::seeders::new_seeder; | ||
use tfhe::shortint::prelude::*; | ||
|
||
fn criterion_bench(c: &mut Criterion) { | ||
let parameters = PARAM_MESSAGE_2_CARRY_2_KS_PBS; | ||
let parameters = PARAM_MESSAGE_4_CARRY_4_KS_PBS; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why change?
let small_lwe_secret_key = allocate_and_generate_new_binary_lwe_secret_key( | ||
parameters.lwe_dimension, | ||
&mut secret_generator, | ||
); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I guess this is an unrelated fix
@@ -752,11 +815,11 @@ mod test { | |||
|
|||
#[test] | |||
pub fn test_multiply_karatsuba_u32() { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I guess "karatsuba" should be removed from the name
Same comment for next test
// test | ||
assert_eq!(&sb_mul, &ka_mul); | ||
// test | ||
assert_eq!(&sb_mul, &ka_mul); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why not also compare with the ntt?
@@ -703,40 +748,58 @@ mod test { | |||
assert_eq!(&poly, &ground_truth); | |||
} | |||
|
|||
fn negacyclic_multiply_schoolbook<Scalar: UnsignedInteger>( |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could be used in the else
block of polynomial_wrapping_add_mul_assign
Hey just back from vacation, where are we at for this ? |
cea0e28
to
ffb5779
Compare
@slab-ci cpu_fast_test |
ffb5779
to
432ddf9
Compare
@slab-ci cpu_fast_test |
/// test if we have the same result when using schoolbook or ntt/karatsuba | ||
/// for random polynomial multiplication | ||
fn test_sub_mul<T: UnsignedTorus>() { | ||
// 50 times the test |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
comment is out of date
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Two small comments, did you clear up the NTT overflow you mentioned at some point ?
I seem to recall you were worried some computations might overflow
432ddf9
to
a28c475
Compare
@slab-ci cpu_fast_test |
i still haven't determined the overflow limit. i'll need to compute it from the prime values in concrete-ntt. just to be safe. i'll add a test case for a polynomial size of 2^16 |
do we want to wait for you to have the overflow limit ? So that we are safe here before merging ? |
as long as one of the polynomial operands contains only small values (positive, or negative), then we should be safe |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For now as a safety, requesting changes until we have the thresholds for NTT potential overflows and a counter measure in place
Indeed for the small values, I know for research they used some very big polynomials when testing something we may want to check with JB to see what's preferred in that case, I just would like to avoid having silent failures in the NTT polynomial code |
Maybe with unit tests with worst cases and not using NTT for the larger cases where there may be overflows but we need to be rock solid on that |
@sarah-ek could we maybe separate the test overhaul in a different PR and merge it ? so that the improvements are in main and the ntt-only problem can be investigated without blocking the fixes you did ? 🙂 |
- initial work done in #394 - useful reworks of the tests have been waiting in that PR, this is to have those tests while NTT usage gets validated co-authored-by: sarah-ek
- initial work done in #394 - useful reworks of the tests have been waiting in that PR, this is to have those tests while NTT usage gets validated co-authored-by: sarah-ek <sarah.elkazdadi@zama.ai>
- initial work done in #394 - useful reworks of the tests have been waiting in that PR, this is to have those tests while NTT usage gets validated co-authored-by: sarah-ek <sarah.elkazdadi@zama.ai>
PR content/description
use concrete-ntt for negacyclic polynomial multiplication. this speeds up keygen by 2x for MESSAGE_2_CARRY_2 and 6x for MESSAGE_4_CARRY_4
Check-list: