Use SIMD? #1700

issue Raimo33 openend this issue on July 13, 2025
  1. Raimo33 commented at 11:29 pm on July 13, 2025: none

    Ever thought about using SIMD intrinsics to speed up some functions?

    https://github.com/sipa/secp256k1/blob/master/src%2Ffield_10x26_impl.h

    This code for example is full of cases were SIMD would offer great benefit

  2. real-or-random commented at 6:51 am on July 14, 2025: contributor

    Ever thought about using SIMD intrinsics to speed up some functions?

    Does this issue answer your question? #1110

    sipa/secp256k1@master/src%2Ffield_10x26_impl.h

    By the way, this link points to a 10 year old version of the library code (because it points to the the wrong repo).

    I’m open to implement it myself if it gets decided

    I would be happy to see experimentation with SIMD, and I think we’re in general open to the idea, but be aware that we have very high coding and reviewing standards, and not a lot of bandwidth. Reviewing such code will take a long time, and no one can give you a “decision” right now.

  3. real-or-random added the label performance on Jul 14, 2025
  4. Raimo33 commented at 7:20 am on July 14, 2025: none
    Ok I will experiment then. do you think I should make separate files or put #ifndefs blocks and embed the SSE2, AVX2, AVX512 versions directly along the already existing functions?
  5. real-or-random commented at 7:26 am on July 14, 2025: contributor
    I’d start with #ifdef blocks for experimentation. This gets you started quicker if some functions use intrinsics and some don’t because you won’t need to care about organizing files so that you’ll have all the right functions included.
  6. real-or-random commented at 1:09 pm on July 14, 2025: contributor
    Yes, essentially. The VERIFY blocks and the VERIFY_CHECK macros are for assertions enabled only in the tests. No need to add SIMD there.
  7. Raimo33 commented at 4:29 pm on July 14, 2025: none

    I’ve added SIMD to field_5x52_impl.h Please share feedback and let me know if I should continue with the other files.

    I ran the benchmarks (both with avx2 enabled, to see difference between auto-generated simd and manual simd). I ran benchmarks thoroughly to ensure every change was meaningful. I don’t have an avx512 CPU so I’m unable to run some tests & benchmarks for the secp256k1_fe_impl_get_b32 function. But it should be much faster as well.

    Code: https://github.com/Raimo33/secp256k1/blob/simd/src/field_5x52_impl.h Benchmarks:

    bench_diff.pdf bench.zip

    Keep in mind that the only file I changed was field_5x52_impl.h, Imagine the possible speedup by applying simd to all other files as well. I see a lot of room for improvement and I would have a lot of fun implementing it.

  8. real-or-random commented at 3:53 pm on July 17, 2025: contributor

    We have two finite implementations:

    • One that represents a field element by 5 limbs of uint64_t, where 52 bits are used if elements are reduced (5x52). This is used on 64-bit platforms.
    • One that represents a field element by 10 limbs of uint32_t where 26 bits are used if elements are fully reduced (10x26). This is used on 32-bit platforms.

    When using cmake, create a build32 dir and run CC="$CC -m32" cmake -B build32. This should set up a 32-bit build on x86_64.

  9. real-or-random commented at 7:24 pm on July 17, 2025: contributor
    Oh, but in case this was not obvious: You won’t find an x86 (32-bit) CPU with AVX…
  10. real-or-random commented at 7:32 pm on July 17, 2025: contributor

    I’ve added SIMD to field_5x52_impl.h Please share feedback and let me know if I should continue with the other files.

    I think it would be better to open a draft pull request. This makes it easier for people to look at the changes.

    I ran the benchmarks (both with avx2 enabled, to see difference between auto-generated simd and manual simd). I ran benchmarks thoroughly to ensure every change was meaningful. I don’t have an avx512 CPU so I’m unable to run some tests & benchmarks for the secp256k1_fe_impl_get_b32 function. But it should be much faster as well.

    Code: Raimo33/secp256k1@simd/src/field_5x52_impl.h Benchmarks:

    bench_diff.pdf

    Hm, that doesn’t draw a very consistent picture. Did you disable turbo boost? Do you know that you can increase the number of benchmark iterations by setting SECP256K1_BENCH_ITERS?

    Keep in mind that the only file I changed was field_5x52_impl.h, Imagine the possible speedup by applying simd to all other files as well. I see a lot of room for improvement and I would have a lot of fun implementing it.

    I’m not sure. I assume this is the file with the biggest potential. Bigger improvements might be possible by changing the algorithms or even the data structure so that they’re more amenable to vectorization. (No idea if this is possible; I haven’t thought about this or read up on it.)

  11. real-or-random commented at 7:35 pm on July 17, 2025: contributor

    But at this point do you think I should avoid adding SIMD to the whole field_10x26?

    Yeah, I mean the only reason why 64-bit Intel CPUs support the old 32-bit instruction set is compatibility. If you want good performance on 64-bit, you’ll need to use the 5x52 code.

    The reason why we have 32-bit code is for entirely different CPUs.


Raimo33 real-or-random

Labels
performance

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin-core/secp256k1. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2025-08-30 22:15 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me