Skip to content

Fix wnaf_table overallocation#77

Open
42Pupusas wants to merge 1 commit into
zkcrypto:mainfrom
42Pupusas:fix-wnaf-table-size-zkcrypto
Open

Fix wnaf_table overallocation#77
42Pupusas wants to merge 1 commit into
zkcrypto:mainfrom
42Pupusas:fix-wnaf-table-size-zkcrypto

Conversation

@42Pupusas
Copy link
Copy Markdown

@42Pupusas 42Pupusas commented May 22, 2026

For window size w, wNAF digits have max magnitude 2^(w-1) - 1. The table is indexed by |digit| / 2, so the maximum index is (2^(w-1) - 1) / 2 = 2^(w-2) - 1, requiring 2^(w-2) entries.

The previous 2^(w-1) allocation computed twice as many odd multiples as needed, wasting point additions during table setup.

Benchmark

Ran the RustCrypto/k256 benches and gave around 20% improvements for hot paths, albeit on a noisy system.

schnorr/verify    time:   [52.109 µs 52.232 µs 52.374 µs]
                             change: [−26.395% −23.813% −21.156%] (p = 0.00 < 0.05)
                             Performance has improved.
 Found 28 outliers among 200 measurements (14.00%)
  28 (14.00%) high mild

Correctness

In an effort to make review easier, I have also demonstrated a Lean proof verifying the above claims.

@42Pupusas @claude
Fix wnaf_table to allocate 2^(w-2) entries instead of 2^(w-1)
acfbb84 
For window size w, wNAF digits have max magnitude 2^(w-1) - 1.
The table is indexed by |digit| / 2, so the maximum index is
(2^(w-1) - 1) / 2 = 2^(w-2) - 1, requiring 2^(w-2) entries.

The previous 2^(w-1) allocation computed twice as many odd
multiples as needed, wasting point additions during table setup.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@42Pupusas 42Pupusas mentioned this pull request May 22, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@42Pupusas