Use pre-computed generator tables

sethdusek · sethdusek · commit b87620e76858 · 2025-01-03T11:54:08.000+05:00
diff --git a/ergo-chain-types/src/ec_point.rs b/ergo-chain-types/src/ec_point.rs
@@ -4,6 +4,7 @@ use alloc::string::String;
 use core::convert::TryFrom;
 use core::ops::{Add, Mul, Neg};
 use derive_more::{From, Into};
+use elliptic_curve::ops::MulByGenerator;
 use k256::elliptic_curve::group::prime::PrimeCurveAffine;
 use k256::elliptic_curve::sec1::ToEncodedPoint;
 use k256::{ProjectivePoint, PublicKey, Scalar};
@@ -117,6 +118,11 @@ pub fn exponentiate(base: &EcPoint, exponent: &Scalar) -> EcPoint {
     }
 }
 
+/// Raise the generator g to the exponent. This is faster than exponentiate(&generator(), exponent)
+pub fn exponentiate_gen(exponent: &Scalar) -> EcPoint {
+    ProjectivePoint::mul_by_generator(exponent).into()
+}
+
 impl ScorexSerializable for EcPoint {
     fn scorex_serialize<W: WriteSigmaVlqExt>(&self, w: &mut W) -> ScorexSerializeResult {
         let caff = self.0.to_affine();
diff --git a/ergotree-interpreter/src/sigma_protocol/dlog_protocol.rs b/ergotree-interpreter/src/sigma_protocol/dlog_protocol.rs
@@ -48,15 +48,15 @@ pub mod interactive_prover {
     use crate::sigma_protocol::{private_input::DlogProverInput, Challenge};
     use blake2::Blake2b;
     use blake2::Digest;
-    use elliptic_curve::ops::MulByGenerator;
+    use ergo_chain_types::ec_point::exponentiate_gen;
     use ergo_chain_types::{
-        ec_point::{exponentiate, generator, inverse},
+        ec_point::{exponentiate, inverse},
         EcPoint,
     };
     use ergotree_ir::serialization::SigmaSerializable;
     use ergotree_ir::sigma_protocol::sigma_boolean::ProveDlog;
     use k256::elliptic_curve::ops::Reduce;
-    use k256::{ProjectivePoint, Scalar};
+    use k256::Scalar;
 
     /// Step 5 from <https://ergoplatform.org/docs/ErgoScript.pdf>
     /// For every leaf marked “simulated”, use the simulator of the sigma protocol for that leaf
@@ -77,7 +77,7 @@ pub mod interactive_prover {
         let e: Scalar = challenge.clone().into();
         let minus_e = e.negate();
         let h_to_e = exponentiate(&public_input.h, &minus_e);
-        let g_to_z = exponentiate(&generator(), &z);
+        let g_to_z = exponentiate_gen(&z);
         let a = g_to_z * &h_to_e;
         (
             FirstDlogProverMessage { a: a.into() },
@@ -91,11 +91,10 @@ pub mod interactive_prover {
     #[cfg(feature = "std")]
     pub fn first_message() -> (Wscalar, FirstDlogProverMessage) {
         use ergotree_ir::sigma_protocol::dlog_group;
-        let r = dlog_group::random_scalar_in_group_range(
-            crate::sigma_protocol::crypto_utils::secure_rng(),
-        );
-        let g = generator();
-        let a = exponentiate(&g, &r);
+
+        use crate::sigma_protocol::crypto_utils;
+        let r = dlog_group::random_scalar_in_group_range(crypto_utils::secure_rng());
+        let a = exponentiate_gen(&r);
         (r.into(), FirstDlogProverMessage { a: a.into() })
     }
 
@@ -137,7 +136,7 @@ pub mod interactive_prover {
         (
             r.into(),
             FirstDlogProverMessage {
-                a: Box::new(ProjectivePoint::mul_by_generator(&r).into()),
+                a: Box::new(exponentiate_gen(&r)),
             },
         )
     }
@@ -169,10 +168,9 @@ pub mod interactive_prover {
         challenge: &Challenge,
         second_message: &SecondDlogProverMessage,
     ) -> EcPoint {
-        let g = generator();
         let h = *proposition.h.clone();
         let e: Scalar = challenge.clone().into();
-        let g_z = exponentiate(&g, second_message.z.as_scalar_ref());
+        let g_z = exponentiate_gen(second_message.z.as_scalar_ref());
         let h_e = exponentiate(&h, &e);
         g_z * &inverse(&h_e)
     }
diff --git a/ergotree-interpreter/src/sigma_protocol/private_input.rs b/ergotree-interpreter/src/sigma_protocol/private_input.rs
@@ -3,7 +3,7 @@ use core::convert::TryInto;
 use core::fmt::Formatter;
 
 use alloc::vec::Vec;
-use elliptic_curve::ops::MulByGenerator;
+use ergo_chain_types::ec_point::exponentiate_gen;
 use ergo_chain_types::EcPoint;
 use ergotree_ir::serialization::SigmaSerializable;
 use ergotree_ir::sigma_protocol::sigma_boolean::ProveDhTuple;
@@ -14,7 +14,6 @@ use ergotree_ir::sigma_protocol::sigma_boolean::SigmaBoolean;
 extern crate derive_more;
 use derive_more::From;
 use k256::elliptic_curve::PrimeField;
-use k256::ProjectivePoint;
 use num_bigint::BigUint;
 use num_traits::ToPrimitive;
 
@@ -56,7 +55,7 @@ impl DlogProverInput {
     /// Create new DlogProverInput
     pub fn new(w: Wscalar) -> DlogProverInput {
         Self {
-            pk: EcPoint::from(ProjectivePoint::mul_by_generator(w.as_scalar_ref())),
+            pk: exponentiate_gen(w.as_scalar_ref()),
             w,
         }
     }
@@ -154,15 +153,13 @@ impl DhTupleProverInput {
     pub fn random() -> DhTupleProverInput {
         use ergo_chain_types::ec_point::{exponentiate, generator};
         use ergotree_ir::sigma_protocol::dlog_group;
-        let g = generator();
-        let h = exponentiate(
-            &generator(),
-            &dlog_group::random_scalar_in_group_range(super::crypto_utils::secure_rng()),
-        );
+        let h = exponentiate_gen(&dlog_group::random_scalar_in_group_range(
+            super::crypto_utils::secure_rng(),
+        ));
         let w = dlog_group::random_scalar_in_group_range(super::crypto_utils::secure_rng());
-        let u = exponentiate(&g, &w);
+        let u = exponentiate_gen(&w);
         let v = exponentiate(&h, &w);
-        let common_input = ProveDhTuple::new(g, h, u, v);
+        let common_input = ProveDhTuple::new(generator(), h, u, v);
         DhTupleProverInput {
             w: w.into(),
             common_input,
