Feat : MSM black box implementation by ocdbytes · Pull Request #310 · worldfnd/provekit

ocdbytes · 2026-02-26T12:53:21Z

MSM Black Box Support

Implements black-box Multi-Scalar Multiplication (MSM) in the R1CS compiler with full elliptic
curve arithmetic over multi-limb field elements.
Adds a cost model that analytically selects optimal (limb_bits, window_size) parameters,
following the same pattern as SHA256 spread optimization.
Implements FakeGLV scalar decomposition for single-point MSM, reducing scalar width by ~50% via
half-GCD and interleaved two-point windowed scalar multiplication.
Adds bigint_mod.rs in the prover for 256-bit modular arithmetic (half-GCD, Barrett reduction,
modular inverse) used in witness solving.
18.9% decrease in constraint count as compared to native noir implementation of msm.

To test MSM blackbox :

cargo test -p provekit-bench --test compiler -- "embedded_curve_msm"

Performance Comparison :
This is for 2 points call for msm: s_1[p_1] * s_2[p_2]

Metric	Native Noir MSM	Black Box MSM	% Reduction
R1CS Constraints	5,741	4,658	-18.9%
R1CS Witnesses	6,257	5,899	-5.7%
A Entries	6,749	6,813	+0.9%
B Entries	6,364	7,264	+14.1%
C Entries	14,453	9,021	-37.6%
W1 Size	3,354	1,769	-47.3%
W2 Size	3,367	4,130	+22.7%

…k box

…relation verification

…ion for non native msm

…ble doubling

ocdbytes added 9 commits March 6, 2026 10:49

feat : ec_ops added with proper constraints for field element

ad0b500

feat : added wide field ops for ec operations and added trait generics

e64cf9e

feat : added dynamic multi limb approach with cost model for msm blac…

ac142d6

…k box

feat : added gnark optimisations for msm

0f769a7

opt: added unchecked select for already constrained values in scalar …

92ab236

…relation verification

feat : added scalar 0 and inf handling

4052765

feat : updated G offset for curve and refactor

6e7197b

fix : private document items ci

64111f9

fix : document-private-items ci

76ec439

ocdbytes force-pushed the aj/black-box/msm branch from 89605eb to 76ec439 Compare March 6, 2026 05:47

ocdbytes added 6 commits March 6, 2026 20:51

fix : bug in curve params handling for bigger field curves

b308656

feat : updated native and non native curve implementations

e0a3d1d

fix : lint

5c5f1f1

feat : added wNAF implementation in native msm noir circuit

ad1f690

merge: main

43efc92

lint : document-private-items

089e400

ocdbytes marked this pull request as ready for review March 11, 2026 03:24

ocdbytes added 5 commits March 11, 2026 12:42

feat : added tests for proper coverage of logic

665c17f

feat : added merged doubles and signed digit window with skew correct…

3e0ddab

…ion for non native msm

feat : added prover hint for step by step multi limb ops and fused ta…

1ac6a8e

…ble doubling

refactor : modules and comments

8f57e57

feat : bug fix and witness solving test for non native msm

cf115a0

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Feat : MSM black box implementation#310

Feat : MSM black box implementation#310
ocdbytes wants to merge 20 commits intomainfrom
aj/black-box/msm

ocdbytes commented Feb 26, 2026 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

ocdbytes commented Feb 26, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

MSM Black Box Support

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

ocdbytes commented Feb 26, 2026 •

edited

Loading