Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Effectiveness of the Karatsuba multiplication in ciphertext multiplication. #2

Closed
fionser opened this issue Dec 5, 2018 · 1 comment
Closed

Effectiveness of the Karatsuba multiplication in ciphertext multiplication. #2

fionser opened this issue Dec 5, 2018 · 1 comment

Comments

@fionser
Copy link
Contributor

fionser commented Dec 5, 2018

Description

To multiply two size-2 ciphertext, (c0, c1) and (d0, d1), we compute three values c0*d0, c0*d1 + c1*d0 and c1*d1.

Current Status

  • Currently, SEAL uses Karatsuba to compute the second value as
    c0*d1 + c1*d0 = (c0 + d0) * (c1 + d1) - (c0*d0 + c1*d1)
    which save one multiplication as the cost of two more additions and one more subtraction, since the first and the third values are computed after all.

Observation

  • However, these multiplication, addition, subtraction are done over the finite field, i.e., mod p. I found the one more addition and subtraction of the Karatsuba method is somehow expensive, because it increases the mis-prediction of CPU instructions.

Simpler is Better

  • If we directly compute the second value c0 * d1 + c1 * d0, we actually only need one modulo reduction. Because the two multiplications can be done with lazy reduction.
  • I have do some experiences with NFLlib, can found that the naive method can be $10% -- 50%$ faster.
@kimlaine
Copy link
Contributor

kimlaine commented Dec 8, 2018

In the current bfv_multiply implementation the Karatsuba multiplication has nearly no effect on performance because almost all running time is in NTT. Therefore, as far as I can see, the most meaningful change would be to remove the unnecessary Karatsuba branch and just go with the generic approach every time.

@kimlaine kimlaine closed this as completed Dec 8, 2018
fboemer referenced this issue in fboemer/SEAL Apr 2, 2021
@fboemer
Merge branch 'fboemer/ci' into 'intel-master'
35350cd 
Fboemer/ci

Closes #2

See merge request DBIO/glade/seal!5
rickwebiii pushed a commit to rickwebiii/SEAL that referenced this issue Aug 25, 2023
@ryanorendorff
Add copy constructor for PolynomialArray (microsoft#2)
51e50ff
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@fionser @kimlaine