Reduce ecc_add_ehh scratch need.

diff --git a/ChangeLog b/ChangeLog
index 465cf903e6a594e25ae68cbc32e47885ca629bdf..62100ae2a74a081735cd13a651246d87a69975de 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,8 @@
+2014-07-26  Niels Möller  <nisse@lysator.liu.se>
+
+       * ecc-add-ehh.c (ecc_add_ehh): Reduce scratch need.
+       * ecc-internal.h (ECC_ADD_EHH_ITCH): Reduced to 7*size.
+
 2014-07-23  Niels Möller  <nisse@lysator.liu.se>
 
        * testsuite/curve25519-dh-test.c: New test case, based on

diff --git a/ecc-add-ehh.c b/ecc-add-ehh.c
index 33dc19064d7fcbd98500a71a73d73310c3e130dc..b009d84f98b7ebb23464f11fe75252c1cfa03b6b 100644 (file)
--- a/ecc-add-ehh.c
+++ b/ecc-add-ehh.c
@@ -65,50 +65,53 @@ ecc_add_ehh (const struct ecc_curve *ecc,
 
      Computation       Operation       Live variables
 
-     A = z1*z2         mul             A
-     B = A^2           sqr             A, B
-     C = x1*x2         mul             A, B, C
-     D = y1*y2         mul             A, B, C, D
-     E = b*C*D         2 mul           A, B, C, D, E
-     F = B - E                         A, B, C, D, E, F
-     G = B + E                         A, C, D, F, G
-     x3 = A*F*[(x1+y1)(x2+y2) - C - D] 3 mul   A, C, D, G
+     C = x1*x2         mul             C
+     D = y1*y2         mul             C, D
+     T = (x1+y1)(x2+y2) - C - D                C, D, T
+     E = b*C*D         2 mul           C, E, T (Replace C <-- D - C)
+     A = z1*z2         mul             A, C, E, T
+     B = A^2           sqr             A, B, C, E, T
+     F = B - E                         A, B, C, E, F, T
+     G = B + E                         A, C, F, G, T
+     x3 = A*F*T                3 mul           A, C, G
      y3 = A*G*(D-C)    2 mul           F, G
      z3 = F*G          mul
   */
-#define A scratch
-#define B (scratch + ecc->size)
-#define C (scratch + 2*ecc->size)
-#define D (scratch + 3*ecc->size)
-#define E (scratch + 4*ecc->size) 
-#define F (scratch + 5*ecc->size)
-#define G (scratch + 6*ecc->size)
-#define T (scratch + 7*ecc->size)
- 
-  ecc_modp_mul (ecc, A, z1, z2);
-  ecc_modp_sqr (ecc, B, A);
+#define C scratch
+#define D (scratch + ecc->size)
+#define T (scratch + 2*ecc->size)
+#define E (scratch + 3*ecc->size) 
+#define A (scratch + 4*ecc->size)
+#define B (scratch + 5*ecc->size)
+#define F D
+#define G E
+
   ecc_modp_mul (ecc, C, x1, x2);
   ecc_modp_mul (ecc, D, y1, y2);
-  ecc_modp_mul (ecc, T, C, D);
-  ecc_modp_mul (ecc, E, T, ecc->b);
+  ecc_modp_add (ecc, A, x1, y1);
+  ecc_modp_add (ecc, B, x2, y2);
+  ecc_modp_mul (ecc, T, A, B);
+  ecc_modp_sub (ecc, T, T, C);
+  ecc_modp_sub (ecc, T, T, D);
+  ecc_modp_mul (ecc, x3, C, D);
+  ecc_modp_mul (ecc, E, x3, ecc->b);
+  ecc_modp_sub (ecc, C, D, C);
+  
+  ecc_modp_mul (ecc, A, z1, z2);
+  ecc_modp_sqr (ecc, B, A);
+
   ecc_modp_sub (ecc, F, B, E);
   ecc_modp_add (ecc, G, B, E);
 
   /* x3 */
-  ecc_modp_add (ecc, B, x1, y1);
-  ecc_modp_add (ecc, E, x2, y2);
-  ecc_modp_mul (ecc, T, B, E);
-  ecc_modp_sub (ecc, T, T, C);
-  ecc_modp_sub (ecc, x3, T, D);
-  ecc_modp_mul (ecc, T, x3, A);
-  ecc_modp_mul (ecc, x3, T, F);
+  ecc_modp_mul (ecc, B, F, T);
+  ecc_modp_mul (ecc, x3, B, A);
 
   /* y3 */
-  ecc_modp_sub (ecc, C, D, C);
-  ecc_modp_mul (ecc, T, A, C);
-  ecc_modp_mul (ecc, y3, T, G);
+  ecc_modp_mul (ecc, B, G, C);
+  ecc_modp_mul (ecc, y3, B, A);
 
   /* z3 */
-  ecc_modp_mul (ecc, T, F, G);
-  mpn_copyi (z3, T, ecc->size);
+  ecc_modp_mul (ecc, B, F, G);
+  mpn_copyi (z3, B, ecc->size);
 }

diff --git a/ecc-internal.h b/ecc-internal.h
index c0272b91c20d62e055022444dad2efaa96cab0e7..99f7416917386386dfe3a1e2629187dcf1112c93 100644 (file)
--- a/ecc-internal.h
+++ b/ecc-internal.h
@@ -243,7 +243,7 @@ sec_modinv (mp_limb_t *vp, mp_limb_t *ap, mp_size_t n,
 #define ECC_ADD_JJA_ITCH(size) (6*(size))
 #define ECC_ADD_JJJ_ITCH(size) (8*(size))
 #define ECC_ADD_EH_ITCH(size) (6*(size))
-#define ECC_ADD_EHH_ITCH(size) (9*(size))
+#define ECC_ADD_EHH_ITCH(size) (7*(size))
 #define ECC_MUL_G_ITCH(size) (9*(size))
 #define ECC_MUL_G_EH_ITCH(size) (9*(size))
 #if ECC_MUL_A_WBITS == 0