2020-11-08 Niels Möller <nisse@lysator.liu.se>
+ * eddsa-sign.c (_eddsa_sign_itch): Update, since now point
+ multiplication needs less scratch than point compression.
+ * eddsa-pubkey.c (_eddsa_public_key_itch): Likewise.
+
+ * ecc-internal.h: Update *_ITCH macros for point multiplication
+ and signatures. They need slightly less scratch after optimization
+ of the point addition functions.
+
* ecc-mul-m.c (ecc_mul_m): Reduce scratch need.
(ecc_mul_m): Optimize swapping, with only a single mpn_cnd_swap
per iteration.
ecc_ecdsa_sign_itch (const struct ecc_curve *ecc)
{
/* Needs 3*ecc->p.size + scratch for ecc->mul_g. Currently same for
- ecc_mul_g and ecc_mul_g_eh. */
+ ecc_mul_g. */
return ECC_ECDSA_SIGN_ITCH (ecc->p.size);
}
ecc_gostdsa_sign_itch (const struct ecc_curve *ecc)
{
/* Needs 3*ecc->p.size + scratch for ecc->mul_g. Currently same for
- ecc_mul_g and ecc_mul_g_eh. */
+ ecc_mul_g. */
return ECC_GOSTDSA_SIGN_ITCH (ecc->p.size);
}
#define ECC_ADD_EHH_ITCH(size) (4*(size))
#define ECC_ADD_TH_ITCH(size) (4*(size))
#define ECC_ADD_THH_ITCH(size) (4*(size))
-#define ECC_MUL_G_ITCH(size) (9*(size))
-#define ECC_MUL_G_EH_ITCH(size) (9*(size))
+#define ECC_MUL_G_ITCH(size) (8*(size))
+#define ECC_MUL_G_EH_ITCH(size) (7*(size))
#if ECC_MUL_A_WBITS == 0
-#define ECC_MUL_A_ITCH(size) (12*(size))
+#define ECC_MUL_A_ITCH(size) (11*(size))
#else
#define ECC_MUL_A_ITCH(size) \
- (((3 << ECC_MUL_A_WBITS) + 11) * (size))
+ (((3 << ECC_MUL_A_WBITS) + 8) * (size))
#endif
#if ECC_MUL_A_EH_WBITS == 0
-#define ECC_MUL_A_EH_ITCH(size) (12*(size))
+#define ECC_MUL_A_EH_ITCH(size) (10*(size))
#else
#define ECC_MUL_A_EH_ITCH(size) \
- (((3 << ECC_MUL_A_EH_WBITS) + 10) * (size))
+ (((3 << ECC_MUL_A_EH_WBITS) + 7) * (size))
#endif
#define ECC_MUL_M_ITCH(size) (8*(size))
-#define ECC_ECDSA_SIGN_ITCH(size) (12*(size))
-#define ECC_GOSTDSA_SIGN_ITCH(size) (12*(size))
+#define ECC_ECDSA_SIGN_ITCH(size) (11*(size))
+#define ECC_GOSTDSA_SIGN_ITCH(size) (11*(size))
#define ECC_MOD_RANDOM_ITCH(size) (size)
#define ECC_HASH_ITCH(size) (1+(size))
#include "ecc-internal.h"
/* Binary algorithm needs 6*ecc->p.size + scratch for ecc_add_ehh,
- total 12 ecc->p.size
+ total 10 ecc->p.size
Window algorithm needs (3<<w) * ecc->p.size for the table,
3*ecc->p.size for a temporary point, and scratch for
const mp_limb_t *np, mp_limb_t *scratch)
{
/* Scratch need determined by the ecc_add_jja call. Current total is
- 9 * ecc->p.size, at most 648 bytes. */
+ 8 * ecc->p.size, at most 576 bytes. */
#define tp scratch
#define scratch_out (scratch + 3*ecc->p.size)
mp_size_t
_eddsa_public_key_itch (const struct ecc_curve *ecc)
{
- assert (_eddsa_compress_itch (ecc) <= ecc->mul_g_itch);
- return 3*ecc->p.size + ecc->mul_g_itch;
+ assert (ecc->mul_g_itch <= _eddsa_compress_itch (ecc));
+ return 3*ecc->p.size + _eddsa_compress_itch (ecc);
}
void
mp_size_t
_eddsa_sign_itch (const struct ecc_curve *ecc)
{
- assert (_eddsa_compress_itch (ecc) <= ecc->mul_g_itch);
- return 5*ecc->p.size + ecc->mul_g_itch;
+ assert (ecc->mul_g_itch <= _eddsa_compress_itch (ecc));
+ return 5*ecc->p.size + _eddsa_compress_itch (ecc);
}
void
projects / thirdparty / nettle.git / commitdiff
