From: Niels Möller Date: Sun, 8 Nov 2020 10:53:56 +0000 (+0100) Subject: Reduce scratch need for ecc_add_jjj some more X-Git-Tag: nettle_3.7rc1~52^2~3 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=92f657b3d6038be6d23c2dfab05e40bbcda79ebb;p=thirdparty%2Fnettle.git Reduce scratch need for ecc_add_jjj some more --- diff --git a/ChangeLog b/ChangeLog index 1479cec5..a7acd45d 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,10 +1,8 @@ 2020-11-08 Niels Möller * ecc-add-jja.c (ecc_add_jja): Reduce scratch need. - * ecc-internal.h (ECC_ADD_JJA_ITCH): Now 5*size. - * ecc-add-jjj.c (ecc_add_jjj): Reduce scratch need. - * ecc-internal.h (ECC_ADD_JJJ_ITCH): Now 6*size. + * ecc-internal.h (ECC_ADD_JJA_ITCH, ECC_ADD_JJJ_ITCH): Now 5*size. 2020-11-06 Niels Möller diff --git a/ecc-add-jjj.c b/ecc-add-jjj.c index a5a7e7a0..4a5d727c 100644 --- a/ecc-add-jjj.c +++ b/ecc-add-jjj.c @@ -77,36 +77,38 @@ ecc_add_jjj (const struct ecc_curve *ecc, #define h scratch #define z1z1 (scratch + ecc->p.size) -#define z2z2 (scratch + 2*ecc->p.size) -#define z1z2 (scratch + 3*ecc->p.size) +#define z2z2 z1z1 +#define z1z2 (scratch + 2*ecc->p.size) #define w (scratch + ecc->p.size) #define i (scratch + 2*ecc->p.size) #define j h #define v i -#define tp (scratch + 4*ecc->p.size) +#define tp (scratch + 3*ecc->p.size) - ecc_mod_sqr (&ecc->p, z1z1, z1, tp); /* z1z1 */ - ecc_mod_sqr (&ecc->p, z2z2, z2, tp); /* z1z1, z2z2 */ + ecc_mod_sqr (&ecc->p, z2z2, z2, tp); /* z2z2 */ /* Store u1 at x3 */ - ecc_mod_mul (&ecc->p, x3, x1, z2z2, tp); /* z1z1, z2z2 */ - ecc_mod_mul (&ecc->p, h, x2, z1z1, tp); /* z1z1, z2z2, h */ - ecc_mod_sub (&ecc->p, h, h, x3); + ecc_mod_mul (&ecc->p, x3, x1, z2z2, tp); /* z2z2 */ - ecc_mod_add (&ecc->p, z1z2, z1, z2); /* z1z1, z2z2, z1z2, h */ + ecc_mod_add (&ecc->p, z1z2, z1, z2); /* z2z2, z1z2 */ ecc_mod_sqr (&ecc->p, z1z2, z1z2, tp); + ecc_mod_sub (&ecc->p, z1z2, z1z2, z2z2); /* z2z2, z1z2 */ + + /* Do s1 early, store at y3 */ + ecc_mod_mul (&ecc->p, z2z2, z2z2, z2, tp); /* z2z2, z1z2 */ + ecc_mod_mul (&ecc->p, y3, z2z2, y1, tp); /* z1z2 */ + + ecc_mod_sqr (&ecc->p, z1z1, z1, tp); /* z1z1, z1z2 */ ecc_mod_sub (&ecc->p, z1z2, z1z2, z1z1); - ecc_mod_sub (&ecc->p, z1z2, z1z2, z2z2); + ecc_mod_mul (&ecc->p, h, x2, z1z1, tp); /* z1z1, z1z2, h */ + ecc_mod_sub (&ecc->p, h, h, x3); - /* z1^3, z2^3 */ + /* z1^3 */ ecc_mod_mul (&ecc->p, z1z1, z1z1, z1, tp); - ecc_mod_mul (&ecc->p, z2z2, z2z2, z2, tp); /* z3 <-- h z1 z2 delayed until now, since that may clobber z1. */ - ecc_mod_mul (&ecc->p, z3, z1z2, h, tp); /* z1z1, z2z2, h */ - /* Store s1 at y3 */ - ecc_mod_mul (&ecc->p, y3, z2z2, y1, tp); /* z1z1, h */ + ecc_mod_mul (&ecc->p, z3, z1z2, h, tp); /* z1z1, h */ /* w = 2 (s2 - s1) */ ecc_mod_mul (&ecc->p, w, z1z1, y2, tp); /* h, w */ ecc_mod_sub (&ecc->p, w, w, y3); diff --git a/ecc-internal.h b/ecc-internal.h index ed725d9c..81c1c39a 100644 --- a/ecc-internal.h +++ b/ecc-internal.h @@ -448,7 +448,7 @@ curve448_eh_to_x (mp_limb_t *xp, const mp_limb_t *p, #define ECC_DUP_EH_ITCH(size) (3*(size)) #define ECC_DUP_TH_ITCH(size) (3*(size)) #define ECC_ADD_JJA_ITCH(size) (5*(size)) -#define ECC_ADD_JJJ_ITCH(size) (6*(size)) +#define ECC_ADD_JJJ_ITCH(size) (5*(size)) #define ECC_ADD_EH_ITCH(size) (4*(size)) #define ECC_ADD_EHH_ITCH(size) (4*(size)) #define ECC_ADD_TH_ITCH(size) (4*(size))