From: Niels Möller Date: Tue, 3 Nov 2020 20:55:59 +0000 (+0100) Subject: Reduce scratch need for ecc_dup_eh. X-Git-Tag: nettle_3.7rc1~52^2~14 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3e2b2e3ff982027e36c8dbcc21f29635c3fe429d;p=thirdparty%2Fnettle.git Reduce scratch need for ecc_dup_eh. --- diff --git a/ChangeLog b/ChangeLog index 025403c9..e57db432 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,8 @@ 2020-11-03 Niels Möller + * ecc-dup-eh.c (ecc_dup_eh): Reduce scratch need. + * ecc-internal.h (ECC_DUP_EH_ITCH): Now 3*size. + * ecc-internal.h (ecc_add_func): Document in-place operation. * ecc-mul-a-eh.c (ecc_mul_a_eh): Fix call to ecc->add_hhh accordingly. * testsuite/ecc-add-test.c (test_main): Likewise. diff --git a/ecc-dup-eh.c b/ecc-dup-eh.c index f9429866..0075ec4f 100644 --- a/ecc-dup-eh.c +++ b/ecc-dup-eh.c @@ -42,6 +42,14 @@ ecc_dup_eh (const struct ecc_curve *ecc, mp_limb_t *r, const mp_limb_t *p, mp_limb_t *scratch) { +#define x1 p +#define y1 (p + ecc->p.size) +#define z1 (p + 2*ecc->p.size) + +#define x2 r +#define y2 (r + ecc->p.size) +#define z2 (r + 2*ecc->p.size) + /* Formulas (from djb, http://www.hyperelliptic.org/EFD/g1p/auto-edwards-projective.html#doubling-dbl-2007-bl): @@ -57,35 +65,30 @@ ecc_dup_eh (const struct ecc_curve *ecc, y' = e*(c-d) mul e, j z' = e*j mul */ -#define b scratch -#define c (scratch + ecc->p.size) -#define d (scratch + 2*ecc->p.size) -#define e (scratch + 3*ecc->p.size) -#define j (scratch + 4*ecc->p.size) - - /* b */ - ecc_mod_add (&ecc->p, e, p, p + ecc->p.size); - ecc_mod_sqr (&ecc->p, b, e, b); - - /* c */ - ecc_mod_sqr (&ecc->p, c, p, c); - /* d */ - ecc_mod_sqr (&ecc->p, d, p + ecc->p.size, d); - /* h, can use r as scratch, even for in-place operation. */ - ecc_mod_sqr (&ecc->p, r, p + 2*ecc->p.size, r); - /* e, */ - ecc_mod_add (&ecc->p, e, c, d); - /* j */ - ecc_mod_add (&ecc->p, r, r, r); - ecc_mod_sub (&ecc->p, j, e, r); - - /* x' */ - ecc_mod_sub (&ecc->p, b, b, e); - ecc_mod_mul (&ecc->p, r, b, j, r); - /* y' */ - ecc_mod_sub (&ecc->p, c, c, d); /* Redundant */ - ecc_mod_mul (&ecc->p, r + ecc->p.size, e, c, r + ecc->p.size); - /* z' */ - ecc_mod_mul (&ecc->p, b, e, j, b); - mpn_copyi (r + 2*ecc->p.size, b, ecc->p.size); +#define C scratch +#define D (scratch + 1*ecc->p.size) +#define B (scratch + 2*ecc->p.size) + +#define E C + + ecc_mod_sqr (&ecc->p, C, x1, C); /* C */ + ecc_mod_sqr (&ecc->p, D, y1, D); /* C, D */ + ecc_mod_add (&ecc->p, B, x1, y1); + ecc_mod_sqr (&ecc->p, B, B, x2); /* C, D, B */ + + /* c-d stored at y' */ + ecc_mod_sub (&ecc->p, y2, C, D); + ecc_mod_add (&ecc->p, E, C, D); /* B, E */ + /* b-e stored at x' */ + ecc_mod_sub (&ecc->p, x2, B, E); /* E */ + + /* Use D as scratch for the following multiplies. */ + ecc_mod_mul (&ecc->p, y2, y2, E, D); + + /* h and j stored at z' */ + ecc_mod_sqr (&ecc->p, z2, z1, D); + ecc_mod_add (&ecc->p, z2, z2, z2); + ecc_mod_sub (&ecc->p, z2, E, z2); + ecc_mod_mul (&ecc->p, x2, x2, z2, D); + ecc_mod_mul (&ecc->p, z2, z2, E, D); } diff --git a/ecc-internal.h b/ecc-internal.h index 6dba06d1..04bc07bd 100644 --- a/ecc-internal.h +++ b/ecc-internal.h @@ -445,7 +445,7 @@ curve448_eh_to_x (mp_limb_t *xp, const mp_limb_t *p, #define ECC_J_TO_A_ITCH(size) (4*(size)) #define ECC_EH_TO_A_ITCH(size, inv) (2*(size)+(inv)) #define ECC_DUP_JJ_ITCH(size) (5*(size)) -#define ECC_DUP_EH_ITCH(size) (5*(size)) +#define ECC_DUP_EH_ITCH(size) (3*(size)) #define ECC_DUP_TH_ITCH(size) (5*(size)) #define ECC_ADD_JJA_ITCH(size) (6*(size)) #define ECC_ADD_JJJ_ITCH(size) (8*(size))