You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: report/src/sections/07-discussion.tex
+6-2Lines changed: 6 additions & 2 deletions
Original file line number
Diff line number
Diff line change
@@ -18,19 +18,23 @@ \subsection{CAAUrdleproofs in comparison to Curdleproofs}\label{subsec:CAAUrdlep
18
18
Thus, only the first round should be able to introduce some computational overhead.
19
19
But, as mentioned before, the overhead should be negligible.
20
20
21
-
The sort kind of explanation can be used to describe the same scenario at powers of two on the verifier side.
21
+
The same kind of explanation can be used to describe the same scenario at powers of two on the verifier side.
22
22
Looking at~\autoref{lst:ipa-verifier-optimized}(b), we see that the only difference in computation between CAAUrdleproofs and Curdleproofs stems from the calculation of $\mathbf{s}$.
23
23
Comparing line 29 and lines 33--47, it becomes clear that both ways work in $\mathcal{O}(n\log n)$, as they do $m$ computations for each of the $n$ elements.
24
24
CAAUrdleproofs does, however, need some more integer variables for splitting as well as an array for keeping track of the vector elements' active positions during recursion.
25
25
Nevertheless,~\autoref{fig:resulttimes}(b) shows that this does not have a big, if any, impact on the running time.
26
26
27
27
However, as mentioned in~\autoref{subsec:results:provingverifying}, when~$\ell$ is just above a power of two, we see some more aggressively increasing verifying times.
28
-
We expect this to be a result of~$m$ being set to~$\log n$ in line 8 of~\autoref{lst:ipa-verifier-optimized}.
28
+
We expect this to be a result of~$m$ being set to~$\lceil\log n\rceil$ in line 8 of~\autoref{lst:ipa-verifier-optimized}.
29
29
E.g., when~$\ell$ is~$65$, it will have to handle computations from an additional recursive round, in comparison to when~$\ell$ is~$64$.
30
30
Additionally, this also explains why the increase in running time flattens when~$\ell$ is increases.
31
31
32
32
Though the pattern shows that this bump has a decreasing impact on the running time, the higher $\ell$ is, as mentioned in~\autoref{subsec:results:provingverifying}.
33
+
In theory, the addition of an extra proof element should introduce a constant amount of work for the verifier.
33
34
35
+
Therefore, we believe this to be an artifact of memory optimizations done either by hardware or Rust.
36
+
This could, for instance, include pre-fetching, in which the memory system can optimize access if it suspects some values in memory are going to be used some time later on\footnote{\href{https://doc.rust-lang.org/core/arch/aarch64/fn._prefetch.html}{https://doc.rust-lang.org/core/arch/aarc.h64/fn.\_prefetch.html} — Accessed: 29/05/2025}.
37
+
As $\ell$ increases, the memory system will have more data to predict and optimize memory access.
When looking at the results of the shuffle security experiment in \autoref{fig:shufflesecurity} and \autoref{fig:shufflesecurityviolin}, we can see that when taking into account the standard deviation, the shuffle can still be secure with an~$\ell$ as low as 32 within the 8192 shuffles available.
0 commit comments