Reduce scratch need for ecc_dup_eh.

diff --git a/ChangeLog b/ChangeLog
index 025403c909f66e8b9a557e895641a06e7d4a9985..e57db432416edc1e65cf56b1ba24d150a180d30d 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,8 @@
 2020-11-03  Niels Möller  <nisse@lysator.liu.se>
 
+       * ecc-dup-eh.c (ecc_dup_eh): Reduce scratch need.
+       * ecc-internal.h (ECC_DUP_EH_ITCH): Now 3*size.
+
        * ecc-internal.h (ecc_add_func): Document in-place operation.
        * ecc-mul-a-eh.c (ecc_mul_a_eh): Fix call to ecc->add_hhh accordingly.
        * testsuite/ecc-add-test.c (test_main): Likewise.

diff --git a/ecc-dup-eh.c b/ecc-dup-eh.c
index f9429866acfb0688003753f4a982a78bc174e0f6..0075ec4f3548d422d2d3954c9cbbfc01dcd152e1 100644 (file)
--- a/ecc-dup-eh.c
+++ b/ecc-dup-eh.c
@@ -42,6 +42,14 @@ ecc_dup_eh (const struct ecc_curve *ecc,
            mp_limb_t *r, const mp_limb_t *p,
            mp_limb_t *scratch)
 {
+#define x1 p
+#define y1 (p + ecc->p.size)
+#define z1 (p + 2*ecc->p.size)
+
+#define x2 r
+#define y2 (r + ecc->p.size)
+#define z2 (r + 2*ecc->p.size)
+
   /* Formulas (from djb,
      http://www.hyperelliptic.org/EFD/g1p/auto-edwards-projective.html#doubling-dbl-2007-bl):
 
@@ -57,35 +65,30 @@ ecc_dup_eh (const struct ecc_curve *ecc,
      y' = e*(c-d)      mul             e, j
      z' = e*j          mul
   */
-#define b scratch
-#define c (scratch  + ecc->p.size)
-#define d (scratch  + 2*ecc->p.size)
-#define e (scratch  + 3*ecc->p.size)
-#define j (scratch  + 4*ecc->p.size)
-
-  /* b */
-  ecc_mod_add (&ecc->p, e, p, p + ecc->p.size);
-  ecc_mod_sqr (&ecc->p, b, e, b);
-
-  /* c */
-  ecc_mod_sqr (&ecc->p, c, p, c);
-  /* d */
-  ecc_mod_sqr (&ecc->p, d, p + ecc->p.size, d);
-  /* h, can use r as scratch, even for in-place operation. */
-  ecc_mod_sqr (&ecc->p, r, p + 2*ecc->p.size, r);
-  /* e, */
-  ecc_mod_add (&ecc->p, e, c, d);
-  /* j */
-  ecc_mod_add (&ecc->p, r, r, r);
-  ecc_mod_sub (&ecc->p, j, e, r);
-
-  /* x' */
-  ecc_mod_sub (&ecc->p, b, b, e);
-  ecc_mod_mul (&ecc->p, r, b, j, r);
-  /* y' */
-  ecc_mod_sub (&ecc->p, c, c, d); /* Redundant */
-  ecc_mod_mul (&ecc->p, r + ecc->p.size, e, c, r + ecc->p.size);
-  /* z' */
-  ecc_mod_mul (&ecc->p, b, e, j, b);
-  mpn_copyi (r + 2*ecc->p.size, b, ecc->p.size);
+#define C scratch
+#define D (scratch + 1*ecc->p.size)
+#define B (scratch + 2*ecc->p.size)
+
+#define E C
+
+  ecc_mod_sqr (&ecc->p, C, x1, C);     /* C */
+  ecc_mod_sqr (&ecc->p, D, y1, D);     /* C, D */
+  ecc_mod_add (&ecc->p, B, x1, y1);
+  ecc_mod_sqr (&ecc->p, B, B, x2);     /* C, D, B */
+
+  /* c-d stored at y' */
+  ecc_mod_sub (&ecc->p, y2, C, D);
+  ecc_mod_add (&ecc->p, E, C, D);      /* B, E */
+  /* b-e stored at x' */
+  ecc_mod_sub (&ecc->p, x2, B, E);     /* E */
+
+  /* Use D as scratch for the following multiplies. */
+  ecc_mod_mul (&ecc->p, y2, y2, E, D);
+
+  /* h and j stored at z' */
+  ecc_mod_sqr (&ecc->p, z2, z1, D);
+  ecc_mod_add (&ecc->p, z2, z2, z2);
+  ecc_mod_sub (&ecc->p, z2, E, z2);
+  ecc_mod_mul (&ecc->p, x2, x2, z2, D);
+  ecc_mod_mul (&ecc->p, z2, z2, E, D);
 }

diff --git a/ecc-internal.h b/ecc-internal.h
index 6dba06d1b00cf6e59439f46e54033bd2d67017e9..04bc07bdee0dd23677ce5d7a3aaf449dbd8d6d0c 100644 (file)
--- a/ecc-internal.h
+++ b/ecc-internal.h
@@ -445,7 +445,7 @@ curve448_eh_to_x (mp_limb_t *xp, const mp_limb_t *p,
 #define ECC_J_TO_A_ITCH(size) (4*(size))
 #define ECC_EH_TO_A_ITCH(size, inv) (2*(size)+(inv))
 #define ECC_DUP_JJ_ITCH(size) (5*(size))
-#define ECC_DUP_EH_ITCH(size) (5*(size))
+#define ECC_DUP_EH_ITCH(size) (3*(size))
 #define ECC_DUP_TH_ITCH(size) (5*(size))
 #define ECC_ADD_JJA_ITCH(size) (6*(size))
 #define ECC_ADD_JJJ_ITCH(size) (8*(size))