Merge pull request #26 from 0xPolygonMiden/al-bench-docs

Benchmark instructions for hash functions

README.md

@@ -2,24 +2,24 @@
 This crate contains cryptographic primitives used in Polygon Miden.
 
 ## Hash
-[Hash module](./src/hash) provides a set of cryptographic hash functions which are used by Miden VM and Miden Rollup. Currently, these functions are:
+[Hash module](./src/hash) provides a set of cryptographic hash functions which are used by the Miden VM and the Miden rollup. Currently, these functions are:
 
 * [BLAKE3](https://github.com/BLAKE3-team/BLAKE3) hash function with 256-bit, 192-bit, or 160-bit output. The 192-bit and 160-bit outputs are obtained by truncating the 256-bit output of the standard BLAKE3.
 * [RPO](https://eprint.iacr.org/2022/1577) hash function with 256-bit output. This hash function is an algebraic hash function suitable for recursive STARKs.
 
 ## Merkle
-[Merkle module](./src/merkle/) provides a set of data structures related to Merkle tree. All these data structures are implemented using RPO hash function described above. The data structure are:
+[Merkle module](./src/merkle/) provides a set of data structures related to Merkle trees. All these data structures are implemented using the RPO hash function described above. The data structures are:
 
 * `MerkleTree`: a regular fully-balanced binary Merkle tree. The depth of this tree can be at most 64.
 * `MerklePathSet`: a collection of Merkle authentication paths all resolving to the same root. The length of the paths can be at most 64.
 
 ## Crate features
-This carate can be compiled with the following features:
+This crate can be compiled with the following features:
 
 * `std` - enabled by default and relies on the Rust standard library.
 * `no_std` does not rely on the Rust standard library and enables compilation to WebAssembly.
 
-Both of these features imply use of [alloc](https://doc.rust-lang.org/alloc/) to support heap-allocated collections.
+Both of these features imply the use of [alloc](https://doc.rust-lang.org/alloc/) to support heap-allocated collections.
 
 To compile with `no_std`, disable default features via `--no-default-features` flag.
 

benches/README.md

@@ -0,0 +1,52 @@
+# Miden VM Hash Functions 
+In the Miden VM, we make use of different hash functions. Some of these are "traditional" hash functions, like `BLAKE3`, which are optimized for out-of-STARK performance, while others are algebraic hash functions, like `Rescue Prime`, and are more optimized for a better performance inside the STARK. In what follows, we benchmark several such hash functions and compare against other constructions that are used by other proving systems. More precisely, we benchmark:
+
+* **Rescue Prime:**
+As specified [here](https://eprint.iacr.org/2020/1143) and implemented [here](https://github.com/novifinancial/winterfell/blob/46dce1adf0/crypto/src/hash/rescue/rp64_256/mod.rs).
+
+* **Rescue Prime Optimized:**
+As specified [here](https://eprint.iacr.org/2022/1577) and implemented in this crate.
+
+* **BLAKE3:**
+As specified [here](https://github.com/BLAKE3-team/BLAKE3-specs/blob/master/blake3.pdf) and implemented in this crate.
+
+* **SHA3:**
+As specified [here](https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.202.pdf) and implemented [here](https://github.com/novifinancial/winterfell/blob/46dce1adf0/crypto/src/hash/sha/mod.rs).
+
+* **Poseidon:**
+As specified [here](https://eprint.iacr.org/2019/458.pdf) and implemented (in pure Rust, without vectorized instructions) [here](https://github.com/mir-protocol/plonky2/blob/main/plonky2/src/hash/poseidon_goldilocks.rs).
+
+## Comparison and Instructions
+
+### Comparison
+We benchmark the above hash functions using two scenarios. The first is a 2-to-1 $(a,b)\mapsto h(a,b)$ hashing where both $a$, $b$ and $h(a,b)$ are the digests corresponding to each of the hash functions.
+The second scenario is that of sequential hashing where we take a sequence of length $100$ field elements and hash these to produce a single digest. The digests are $4$ field elements (i.e. 256-bit) for Poseidon, Rescue Prime and RPO, and an array `[u8;32]` for SHA3 and BLAKE3.
+
+#### Scenario 1: 2-to-1 hashing `h(a,b)` 
+
+| Function          | BLAKE3 | SHA3    | Poseidon  | Rp64_256  | RPO_256 |
+| ----------------- | ------ | --------| --------- | --------- | ------- |
+| Apple M1 Pro      | 80 ns  | 245 ns  |  1.3 us   |  9.1 us   | 5.4 us  |
+| Apple M2          | 76 ns  | 233 ns  |  1.2 us   |  7.9 us   | 5.0 us  |
+| AMD Ryzen 9 5950X | 64 ns  | 273 ns  |  1.2 us   |  9.1 us   | 5.5 us  |
+
+#### Scenario 2: Sequential hashing of 100 elements `h([a_0,...,a_99])`
+
+| Function          | BLAKE3 | SHA3    | Poseidon  | Rp64_256  | RPO_256 |
+| ----------------- | -------| ------- | --------- | --------- | ------- |
+| Apple M1 Pro      | 1.1 us | 1.5 us  |  17.3 us  |   118 us  | 70 us   |
+| Apple M2          | 1.0 us  | 1.5 us  |  15.5 us  |   103 us  | 65 us   |
+| AMD Ryzen 9 5950X | 0.8 us | 1.7 us  |  15.7 us  |   120 us  | 72 us   |
+
+### Instructions
+Before you can run the benchmarks, you'll need to make sure you have Rust [installed](https://www.rust-lang.org/tools/install). After that, to run the benchmarks for RPO and BLAKE3, clone the current repository, and from the root directory of the repo run the following:
+
+ ```
+ cargo bench --bench hash
+ ```
+
+To run the benchmarks for Rescue Prime, Poseidon and SHA3, clone the following [repository](https://github.com/Dominik1999/winterfell.git) as above, then checkout the `hash-functions-benches` branch, and from the root directory of the repo run the following:
+
+```
+cargo bench --bench hash
+```