LogoLogo
LogoLogo
  • Introduction
    • About Us
    • Notations & Definitions
      • MPC
      • ZK
    • Contribute to this Site!
  • Primitives
    • Multiplication
      • Karatsuba Multiplication
      • Toom-Cook Multiplication
    • NAF (Non-adjacent form)
    • Chinese Remainder Theorem (CRT)
    • Euclidean Algorithm
      • Extended Euclidean Algorithm
      • Binary Euclidean Algorithm
      • Extended Binary Euclidean Algorithm
    • Coding Theory
      • Linear Code
    • Number Theoretic Transform
    • Abstract Algebra
      • Group
        • -Morphisms
        • Batch Inverse
      • Elliptic Curve
        • Weierstrass Curve
          • Coordinate Forms
          • Fast Elliptic Curve Arithmetic and Improved WEIL Pairing Evaluation
        • Edwards Curve
          • Coordinate Forms
          • Twisted Edwards ↔ Short Weierstrass Transformation
        • Batch Inverse for Batch Point Additions
        • Scalar Multiplication
          • Double-and-add
          • GLV Decomposition
        • MSM
          • Pippenger's Algorithm
          • Signed Bucket Index
          • CycloneMSM
          • EdMSM
          • cuZK
        • 2-Chain and 2-Cycle of Elliptic Curves
    • Encryption Scheme
      • ElGamal Encryption
    • Modular Arithmetic
      • Modular Reduction
        • Barrett Reduction
        • Montgomery Reduction
      • Modular Inverse
        • Bernstein-Yang's Inverse
    • Multiset Check
    • Sumcheck
    • Commitment Scheme
      • Fflonk
      • SHPlonk
      • Zeromorph
  • MPC
    • Yao's Garbled Circuits
    • GMW
    • BMR
  • ZK
    • Arithmetization
      • R1CS
      • PLONK
      • AIR
    • Folding
      • LatticeFold
      • Nova
        • Nova over Cycles of Curves
    • Lookup
      • Lasso
      • LogUp-GKR
    • SNARK
      • Groth16
      • HyperPlonk
      • Spartan
        • SPARK
    • STARK
      • Additive NTT
      • Basefold
      • Binius
      • Brakedown
      • CircleSTARK
      • FRI
        • FRI Security Features and Optimizations
      • DEEP FRI
      • STIR
      • WHIR
    • Distributed ZK
      • Ryan's Trick for Distributed Groth16
  • Application
    • zkLogin
    • zkHoldem
    • zkTLS
      • DECO
      • Proxying is enough
  • zkVM
Powered by GitBook
On this page
  • Motivation
  • Definition
  • Examples
  • References
Export as PDF
  1. Primitives

NAF (Non-adjacent form)

Reduction of Hamming weight to ~1/3

PreviousToom-Cook MultiplicationNextChinese Remainder Theorem (CRT)

Last updated 1 month ago

Motivation

The cost of is directly proportional to the or the number of non-zero digits of the scalar's binary form. NAF attempts to reduce the Hamming weight in comparison to unsigned bit representation.

Definition

Non-adjacent form is defined as a unique signed-bit representation of a positive number where non-zero values are non-adjacent. Note that unsigned-bit representation results in an average Hamming weight of around 12\frac{1}{2}21​ the total bits. In comparison, for NAF, the property for having non-zero values be non-adjacent reduces the average Hamming weight to around 13\frac{1}{3}31​ the total bits.

Examples

unsigned binaryNAF Form11=1⏟230⏟221⏟211⏟20=1⏟240⏟23−1⏟220⏟21−1⏟20=16−4−112=1⏟231⏟220⏟210⏟20=1⏟240⏟23−1⏟220⏟210⏟20=16−413=1⏟231⏟220⏟211⏟20=1⏟240⏟23−1⏟220⏟211⏟20=16−4+114=1⏟231⏟221⏟210⏟20=1⏟240⏟230⏟22−1⏟210⏟20=16−215=1⏟231⏟221⏟211⏟20=1⏟240⏟230⏟220⏟21−1⏟20=16−1\begin{array}{cll} & \quad \text{unsigned binary} & \quad \quad \quad \text{NAF Form}\\ 11 &= \underbrace{1}_{2^3}\underbrace{0}_{2^2}\underbrace{1}_{2^1}\underbrace{1}_{2^0} \quad \quad &= \underbrace{1}_{2^4}\underbrace{0}_{2^3}\underbrace{-1}_{2^2}\underbrace{0}_{2^1}\underbrace{-1}_{2^0} = 16 - 4-1\\ 12 &= \underbrace{1}_{2^3}\underbrace{1}_{2^2}\underbrace{0}_{2^1}\underbrace{0}_{2^0} &= \underbrace{1}_{2^4}\underbrace{0}_{2^3}\underbrace{-1}_{2^2}\underbrace{0}_{2^1}\underbrace{0}_{2^0} = 16 - 4\\ 13 &= \underbrace{1}_{2^3}\underbrace{1}_{2^2}\underbrace{0}_{2^1}\underbrace{1}_{2^0} &= \underbrace{1}_{2^4}\underbrace{0}_{2^3}\underbrace{-1}_{2^2}\underbrace{0}_{2^1}\underbrace{1}_{2^0} = 16 - 4 + 1\\ 14 &= \underbrace{1}_{2^3}\underbrace{1}_{2^2}\underbrace{1}_{2^1}\underbrace{0}_{2^0} &= \underbrace{1}_{2^4}\underbrace{0}_{2^3}\underbrace{0}_{2^2}\underbrace{-1}_{2^1}\underbrace{0}_{2^0} = 16 - 2\\ 15 &= \underbrace{1}_{2^3}\underbrace{1}_{2^2}\underbrace{1}_{2^1}\underbrace{1}_{2^0} &= \underbrace{1}_{2^4}\underbrace{0}_{2^3}\underbrace{0}_{2^2}\underbrace{0}_{2^1}\underbrace{-1}_{2^0} = 16 - 1\\ \end{array}1112131415​unsigned binary=231​​220​​211​​201​​=231​​221​​210​​200​​=231​​221​​210​​201​​=231​​221​​211​​200​​=231​​221​​211​​201​​​NAF Form=241​​230​​22−1​​210​​20−1​​=16−4−1=241​​230​​22−1​​210​​200​​=16−4=241​​230​​22−1​​210​​201​​=16−4+1=241​​230​​220​​21−1​​200​​=16−2=241​​230​​220​​210​​20−1​​=16−1​

References

Written by of A41

Double-and-add
Hamming weight
https://hackmd.io/HkVWGwsRTM2HeBL1VN0lAw
Ashley Jeong