chore: Speed up random poly generation

As noted in
https://github.com/privacy-scaling-explorations/halo2/issues/151 the
generation of a random poly for degrees bigger than 20 starts to get
quite slow.

This PR tries to include some minimal changes in the `commit` fn so that
we upstream the improvements achieved in PSE/halo2

halo2_proofs/Cargo.toml

@@ -52,6 +52,7 @@ rand_core = { version = "0.6", default-features = false }
 tracing = "0.1"
 blake2b_simd = "1"
 maybe-rayon = {version = "0.1.0", default-features = false}
+rand_chacha = { version = "0.3", optional = true }
 
 # Developer tooling dependencies
 plotters = { version = "0.3.0", default-features = false, optional = true }
@@ -69,7 +70,7 @@ getrandom = { version = "0.2", features = ["js"] }
 
 [features]
 default = ["batch", "multicore"]
-multicore = ["maybe-rayon/threads"]
+multicore = ["maybe-rayon/threads", "rand_chacha"]
 dev-graph = ["plotters", "tabbycat"]
 test-dev-graph = [
     "dev-graph",

halo2_proofs/src/plonk/vanishing/prover.rs

@@ -2,7 +2,15 @@ use std::iter;
 
 use ff::Field;
 use group::Curve;
-use rand_core::RngCore;
+#[cfg(feature = "multicore")]
+use maybe_rayon::{
+    current_num_threads,
+    prelude::{IntoParallelRefMutIterator, ParallelIterator},
+};
+#[cfg(feature = "multicore")]
+use rand_chacha::ChaCha20Rng;
+#[cfg(feature = "multicore")]
+use rand_core::{RngCore, SeedableRng};
 
 use super::Argument;
 use crate::{
@@ -42,10 +50,42 @@ impl<C: CurveAffine> Argument<C> {
         transcript: &mut T,
     ) -> Result<Committed<C>, Error> {
         // Sample a random polynomial of degree n - 1
-        let mut random_poly = domain.empty_coeff();
-        for coeff in random_poly.iter_mut() {
-            *coeff = C::Scalar::random(&mut rng);
-        }
+        #[cfg(feature = "multicore")]
+        let random_poly = {
+            let n_threads = current_num_threads();
+            let needed_scalars = (1usize << domain.k as usize) / n_threads;
+
+            let mut thread_seeds: Vec<ChaCha20Rng> = (0..n_threads)
+                .into_iter()
+                .map(|_| {
+                    let mut seed = [0u8; 32];
+                    rng.fill_bytes(&mut seed);
+                    ChaCha20Rng::from_seed(seed)
+                })
+                .collect();
+
+            let rand_vec: Vec<C::Scalar> = thread_seeds
+                .par_iter_mut()
+                .flat_map(|mut rng| {
+                    (0..needed_scalars)
+                        .into_iter()
+                        .map(|_| C::Scalar::random(&mut rng))
+                        .collect::<Vec<C::Scalar>>()
+                })
+                .collect();
+
+            Polynomial::<C::ScalarExt, Coeff>::from_evals(rand_vec)
+        };
+
+        #[cfg(not(feature = "multicore"))]
+        let random_poly = {
+            let mut random_poly = domain.empty_coeff();
+            for coeff in random_poly.iter_mut() {
+                *coeff = C::Scalar::random(&mut rng);
+            }
+            random_poly
+        };
+
         // Sample a random blinding factor
         let random_blind = Blind(C::Scalar::random(rng));
 

halo2_proofs/src/poly.rs

@@ -130,6 +130,14 @@ impl<F, B> Polynomial<F, B> {
     pub fn num_coeffs(&self) -> usize {
         self.values.len()
     }
+
+    /// Allows to create a Polynomial from a Vec.
+    pub fn from_evals(vector: Vec<F>) -> Self {
+        Polynomial {
+            values: vector,
+            _marker: PhantomData,
+        }
+    }
 }
 
 pub(crate) fn batch_invert_assigned<F: Field>(

halo2_proofs/src/poly/domain.rs

@@ -19,7 +19,7 @@ use std::marker::PhantomData;
 #[derive(Clone, Debug)]
 pub struct EvaluationDomain<F: Field> {
     n: u64,
-    k: u32,
+    pub(crate) k: u32,
     extended_k: u32,
     omega: F,
     omega_inv: F,