Add MSM with chunks and HashMapPippenger

Cargo.toml

@@ -40,3 +40,7 @@ lto = "thin"
 incremental = true
 debug-assertions = true
 debug = true
+
+# To be removed in the new release.
+[patch.crates-io]
+ark-std = { git = "https://github.com/arkworks-rs/std"}

ec/Cargo.toml

@@ -23,6 +23,7 @@ digest = { version = "0.10", default-features = false }
 num-traits = { version = "0.2", default-features = false }
 rayon = { version = "1", optional = true }
 zeroize = { version = "1", default-features = false, features = ["zeroize_derive"] }
+hashbrown = "0.11.2"
 
 [dev-dependencies]
 hashbrown = { version = "0.11.1" }

ec/src/lib.rs

@@ -262,8 +262,8 @@ pub trait AffineCurve:
 {
     type Parameters: ModelParameters<ScalarField = Self::ScalarField, BaseField = Self::BaseField>;
 
-    /// The group defined by this curve has order `h * r` where `r` is a large prime.
-    /// `Self::ScalarField` is the prime field defined by `r`
+    /// The group defined by this curve has order `h * r` where `r` is a large
+    /// prime. `Self::ScalarField` is the prime field defined by `r`
     type ScalarField: PrimeField + SquareRootField + Into<<Self::ScalarField as PrimeField>::BigInt>;
 
     /// The finite field over which this curve is defined.

ec/src/msm/variable_base/mod.rs

@@ -1,5 +1,6 @@
-use ark_ff::prelude::*;
-use ark_std::vec::Vec;
+use ark_ff::{prelude::*, PrimeField};
+use ark_std::{borrow::Borrow, iterable::Iterable, vec::Vec};
+use core::ops::AddAssign;
 
 use crate::{AffineCurve, ProjectiveCurve};
 
@@ -127,4 +128,43 @@ impl VariableBase {
                     total
                 })
     }
+    /// Steaming multi-scalar multiplication algorithm with hard-coded chunk
+    /// size.
+    pub fn msm_chunks<G, F, I: ?Sized, J>(bases_stream: &J, scalars_stream: &I) -> G::Projective
+    where
+        G: AffineCurve<ScalarField = F>,
+        I: Iterable,
+        F: PrimeField,
+        I::Item: Borrow<F>,
+        J: Iterable,
+        J::Item: Borrow<G>,
+    {
+        assert!(scalars_stream.len() <= bases_stream.len());
+
+        // remove offset
+        let bases_init = bases_stream.iter();
+        let mut scalars = scalars_stream.iter();
+
+        // align the streams
+        // NOTE: Change skip() to iter_advance_by() when it becomes stable.
+        let mut bases = bases_init.skip(bases_stream.len() - scalars_stream.len());
+        // .expect("bases not long enough");
+        let step: usize = 1 << 20;
+        let mut result = G::Projective::zero();
+        for _ in 0..(scalars_stream.len() + step - 1) / step {
+            let bases_step = (&mut bases)
+                .take(step)
+                .map(|b| *b.borrow())
+                .collect::<Vec<_>>();
+            let scalars_step = (&mut scalars)
+                .take(step)
+                .map(|s| s.borrow().into_bigint())
+                .collect::<Vec<_>>();
+            result.add_assign(crate::msm::VariableBase::msm(
+                bases_step.as_slice(),
+                scalars_step.as_slice(),
+            ));
+        }
+        result
+    }
 }

ec/src/msm/variable_base/stream_pippenger.rs

@@ -1,9 +1,9 @@
 //! A space-efficient implementation of Pippenger's algorithm.
-//!
 use crate::AffineCurve;
 use ark_ff::{PrimeField, Zero};
 
 use ark_std::{borrow::Borrow, ops::AddAssign, vec::Vec};
+use hashbrown::HashMap;
 
 /// Struct for the chunked Pippenger algorithm.
 pub struct ChunkedPippenger<G: AffineCurve> {
@@ -65,3 +65,66 @@ impl<G: AffineCurve> ChunkedPippenger<G> {
         self.result
     }
 }
+
+/// Hash map struct for Pippenger algorithm.
+pub struct HashMapPippenger<G: AffineCurve> {
+    pub buffer: HashMap<G, G::ScalarField>,
+    pub result: G::Projective,
+}
+
+impl<G: AffineCurve> HashMapPippenger<G> {
+    /// Produce a new hash map with the maximum msm buffer size.
+    pub fn new(max_msm_buffer: usize) -> Self {
+        Self {
+            buffer: HashMap::with_capacity(max_msm_buffer),
+            result: G::Projective::zero(),
+        }
+    }
+
+    /// Add a new (base, scalar) pair into the hash map.
+    #[inline(always)]
+    pub fn add<B, S>(&mut self, base: B, scalar: S)
+    where
+        B: Borrow<G>,
+        S: Borrow<G::ScalarField>,
+    {
+        // update the entry, guarding the possibility that it has been already set.
+        let entry = self
+            .buffer
+            .entry(*base.borrow())
+            .or_insert(G::ScalarField::zero());
+        *entry += *scalar.borrow();
+        if self.buffer.len() == self.buffer.capacity() {
+            let bases = self.buffer.keys().cloned().collect::<Vec<_>>();
+            let scalars = self
+                .buffer
+                .values()
+                .map(|s| s.into_bigint())
+                .collect::<Vec<_>>();
+            self.result
+                .add_assign(crate::msm::variable_base::VariableBase::msm(
+                    &bases, &scalars,
+                ));
+            self.buffer.clear();
+        }
+    }
+
+    /// Update the final result with (base, scalar) pairs in the hash map.
+    #[inline(always)]
+    pub fn finalize(mut self) -> G::Projective {
+        if !self.buffer.is_empty() {
+            let bases = self.buffer.keys().cloned().collect::<Vec<_>>();
+            let scalars = self
+                .buffer
+                .values()
+                .map(|s| s.into_bigint())
+                .collect::<Vec<_>>();
+
+            self.result
+                .add_assign(crate::msm::variable_base::VariableBase::msm(
+                    &bases, &scalars,
+                ));
+        }
+        self.result
+    }
+}