Skip to content

feat: batch subgroup membership testing #710

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 8 commits into from
Oct 27, 2025
Merged

feat: batch subgroup membership testing #710

merged 8 commits into from
Oct 27, 2025

Conversation

@yelhousni
Copy link
Collaborator

@yelhousni yelhousni commented Jul 17, 2025
edited by cursor bot
Loading

Description

This PR introduces batch subgroup membership for all curves. For small batches we individually check that all points are on G1/2. For large batches, for an error probability 1/2^64, we check that 64 random MSMs with coefficients in {0,1} are on G1/2. These coefficients do not kill small torsions points. For a higher probability we can redo the test. Empirically, we find that < 80 and < 160 are considered small batches for G1 and respectively G2.

Type of change

  • New feature (non-breaking change which adds functionality)

How has this been tested?

TestIsInSubGroupBatchG1/2 in g1/2_test.go

How has this been benchmarked?

Please describe the benchmarks that you ran to verify your changes.

  • e.g. BLS12-381 on G1:
Number of points Naive (ms/op) Batched (ms/op) Speedup x
2^7 1.475 1.125 1.311
2^8 2.860 1.474 1.940
2^9 6.163 2.183 2.824
2^10 11.120 3.572 3.113
2^11 21.423 6.475 3.309
2^12 44.098 12.917 3.414
2^13 87.337 22.587 3.867
2^14 174.153 47.257 3.685
2^15 333.508 83.476 3.995
2^16 651.185 162.479 4.008
2^17 1292.244 325.368 3.972
2^18 2588.981 686.961 3.769
2^19 5184.084 1263.900 4.102
2^20 10581.648 2665.976 3.969
2^21 20680.015 5119.575 4.039
2^22 42026.034 11111.155 3.782
  • e.g. BLS12-381 on G2:
Number of points Naive (ms/op) Batched (ms/op) Speedup x
2^8 4.112 3.682 1.117
2^9 8.980 6.861 1.309
2^10 17.356 10.688 1.624
2^11 32.402 23.390 1.385
2^12 59.415 37.791 1.572
2^13 121.708 73.877 1.647
2^14 268.745 157.836 1.703
2^15 514.079 306.245 1.679
2^16 1017.908 570.382 1.785
2^17 1938.422 1299.176 1.492
2^18 4165.813 2623.936 1.588
2^19 8034.229 4373.636 1.837
2^20 16153.649 9258.215 1.745
2^21 33173.966 19926.421 1.665

Checklist:

  • I have performed a self-review of my code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have added tests that prove my fix is effective or that my feature works
  • I did not modify files generated from templates
  • golangci-lint does not output errors locally
  • New and existing unit tests pass locally with my changes
  • Any dependent changes have been merged and published in downstream modules

Note

Introduce batched subgroup membership APIs for G1/G2 across curves with naive (<80/<160) and probabilistic MSM strategies, plus supporting helpers and tests; minor import cleanups.

  • ECC libraries (G1/G2):
    • Add IsInSubGroupBatchG1 and IsInSubGroupBatchG2 for batched subgroup checks.
      • Use naive per-point checks for small batches (<80 for G1, <160 for G2).
      • Use probabilistic method (64 MSMs with {0,1} scalars, crypto/rand, parallel, sync/atomic) for large batches.
    • Add curve-specific helpers (e.g., fuzzCofactorOfG1/G2 for BLS12-377/381) and necessary imports.
  • Tests:
    • Add TestIsInSubGroupBatchG1/TestIsInSubGroupBatchG2 covering positive and negative cases (including cofactor-torsion).
    • Expand existing subgroup tests and small import tidy-ups in various vector_test.go files.
  • Codegen templates:
    • Update internal/generator/ecc/template/point.go.tmpl to generate batched subgroup APIs and required imports.
    • Update internal/generator/ecc/template/tests/point.go.tmpl to generate batch tests and cofactor checks.

Written by Cursor Bugbot for commit fec8f67. This will update automatically on new commits. Configure here.

@yelhousni yelhousni added this to the v0.10.0 milestone Jul 17, 2025
@yelhousni yelhousni requested review from Copilot and gbotrel July 17, 2025 17:55
@yelhousni yelhousni self-assigned this Jul 17, 2025
Copilot AI reviewed Jul 17, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds batch subgroup membership checking for curve points across all supported ECC curves, using a naive per-point check for small batches and a probabilistic MSM-based check for larger batches. It also includes corresponding property-based tests for high-confidence validation.

  • Introduce IsInSubGroupBatch*, isInSubGroupBatch*Naive, and isInSubGroupBatch*Prob functions in generator templates and per-curve implementations.
  • Update imports to include crypto/rand and sync/atomic where needed.
  • Add TestIsInSubGroupBatch* property tests in all curve-specific test files.

Reviewed Changes

Copilot reviewed 35 out of 35 changed files in this pull request and generated no comments.

Show a summary per file
File Description
internal/generator/ecc/template/tests/point.go.tmpl Add template for TestIsInSubGroupBatch*
internal/generator/ecc/template/point.go.tmpl Add IsInSubGroupBatch* methods and imports
ecc/stark-curve/g1.go Add IsInSubGroupBatchG1 probabilistic batch check
ecc/secp256k1/g1.go Add IsInSubGroupBatchG1 (naive + probabilistic)
ecc/secp256k1/g1_test.go Add TestIsInSubGroupBatchG1
ecc/grumpkin/g1.go Add IsInSubGroupBatchG1 (naive + probabilistic)
ecc/grumpkin/g1_test.go Add TestIsInSubGroupBatchG1
ecc/bw6-761/g1.go Add IsInSubGroupBatchG1 (naive + probabilistic)
ecc/bw6-761/g1_test.go Add TestIsInSubGroupBatchG1
ecc/bw6-761/g2.go Add IsInSubGroupBatchG2 (naive + probabilistic)
ecc/bw6-761/g2_test.go Add TestIsInSubGroupBatchG2
ecc/bw6-633/g1.go Add IsInSubGroupBatchG1 (naive + probabilistic)
ecc/bw6-633/g1_test.go Add TestIsInSubGroupBatchG1
ecc/bw6-633/g2.go Add IsInSubGroupBatchG2 (naive + probabilistic)
ecc/bw6-633/g2_test.go Add TestIsInSubGroupBatchG2
ecc/bn254/g1.go Add IsInSubGroupBatchG1 (naive + probabilistic)
ecc/bn254/g1_test.go Add TestIsInSubGroupBatchG1
ecc/bn254/g2.go Add IsInSubGroupBatchG2 (naive + probabilistic)
ecc/bn254/g2_test.go Add TestIsInSubGroupBatchG2
ecc/bls24-317/g1.go Add IsInSubGroupBatchG1 (naive + probabilistic)
ecc/bls24-317/g1_test.go Add TestIsInSubGroupBatchG1
ecc/bls24-317/g2.go Add IsInSubGroupBatchG2 (naive + probabilistic)
ecc/bls24-317/g2_test.go Add TestIsInSubGroupBatchG2
ecc/bls24-315/g1.go Add IsInSubGroupBatchG1 (naive + probabilistic)
ecc/bls24-315/g1_test.go Add TestIsInSubGroupBatchG1
ecc/bls24-315/g2.go Add IsInSubGroupBatchG2 (naive + probabilistic)
ecc/bls24-315/g2_test.go Add TestIsInSubGroupBatchG2
ecc/bls12-381/g1.go Add IsInSubGroupBatchG1 (naive + probabilistic)
ecc/bls12-381/g1_test.go Add TestIsInSubGroupBatchG1
ecc/bls12-381/g2.go Add IsInSubGroupBatchG2 (naive + probabilistic)
ecc/bls12-381/g2_test.go Add TestIsInSubGroupBatchG2
ecc/bls12-377/g1.go Add IsInSubGroupBatchG1 (naive + probabilistic)
ecc/bls12-377/g1_test.go Add TestIsInSubGroupBatchG1
ecc/bls12-377/g2.go Add IsInSubGroupBatchG2 (naive + probabilistic)
ecc/bls12-377/g2_test.go Add TestIsInSubGroupBatchG2
Comments suppressed due to low confidence (2)

ecc/bw6-761/g2.go:216

  • The comment mentions G1 but this function checks subgroup membership for G2. Update the comment to reference G2.
// IsInSubGroupBatchG2 checks if a batch of points P_i are in G1.

internal/generator/ecc/template/point.go.tmpl:338

  • The loop for j := range len(points) is invalid syntax. Replace it with for j := 0; j < len(points); j++ { or for j := range points { to iterate over the slice.
			for j := range len(points) {

cursor[bot]

This comment was marked as outdated.

Sign in to view

@gbotrel gbotrel requested a review from ThomasPiellard August 18, 2025 17:38
@ivokub ivokub removed this from the v0.10.0 milestone Oct 7, 2025
@yelhousni yelhousni requested a review from Tabaie October 17, 2025 20:50
cursor[bot]

This comment was marked as outdated.

Sign in to view

cursor[bot]

This comment was marked as outdated.

Sign in to view

cursor[bot]

This comment was marked as outdated.

Sign in to view

Tabaie
Tabaie requested changes Oct 23, 2025
View reviewed changes
Copy link
Contributor

@Tabaie Tabaie left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cool algo! Just one thing, the test currently only looks for false positives ("positive" being off-subgroup) but it seems pretty obvious that there can't possibly be any. It'd be more interesting imo to look for false negatives, or both at least.

@yelhousni
Copy link
Collaborator Author

Cool algo! Just one thing, the test currently only looks for false positives ("positive" being off-subgroup) but it seems pretty obvious that there can't possibly be any. It'd be more interesting imo to look for false negatives, or both at least.

Thank for the review! yeah it seems tests are not complete. I'll push something.

cursor[bot]
cursor bot reviewed Oct 24, 2025
View reviewed changes
@yelhousni yelhousni requested a review from Tabaie October 27, 2025 10:57
@yelhousni yelhousni added this to the v0.19.N milestone Oct 27, 2025
@yelhousni yelhousni merged commit cde04a7 into master Oct 27, 2025
7 checks passed
@yelhousni yelhousni deleted the feat/batch-subgroup-check branch October 27, 2025 17:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@cursor cursor[bot] cursor[bot] left review comments

@Tabaie Tabaie Tabaie approved these changes

Assignees

@yelhousni yelhousni

Labels

type: new feature type: perf

Projects

None yet

Milestone

v0.19.N

Development

Successfully merging this pull request may close these issues.

4 participants

@yelhousni @Tabaie @ivokub