Reduce scratch need for ecc_add_ehh

3 files changed, 31 insertions, 31 deletions

diff --git a/ChangeLog b/ChangeLog
index e57db432..af84b05e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -9,7 +9,8 @@
 
 	* ecc-add-eh.c (ecc_add_eh): Reduce scratch need.
 	* ecc-add-th.c (ecc_add_th): Analogous changes.
-	* ecc-internal.h (ECC_ADD_EH_ITCH, ECC_ADD_TH_ITCH): Now 4*size.
+	* ecc-add-ehh.c (ecc_add_ehh): Reduce scratch need.
+	* ecc-internal.h (ECC_ADD_EH_ITCH, ECC_ADD_EHH_ITCH, ECC_ADD_TH_ITCH): Now 4*size.
 
 2020-11-02  Niels Möller  <nisse@lysator.liu.se>
 
diff --git a/ecc-add-ehh.c b/ecc-add-ehh.c
index 414ded83..5ae90671 100644
--- a/ecc-add-ehh.c
+++ b/ecc-add-ehh.c
@@ -71,41 +71,40 @@ ecc_add_ehh (const struct ecc_curve *ecc,
      y3 = A*G*(D-C)	2 mul		F, G
      z3 = F*G		mul
   */
-#define C scratch
-#define D (scratch + ecc->p.size)
-#define T (scratch + 2*ecc->p.size)
-#define E (scratch + 3*ecc->p.size)
-#define A (scratch + 4*ecc->p.size)
-#define B (scratch + 5*ecc->p.size)
-#define F D
-#define G E
 
-  ecc_mod_mul (&ecc->p, C, x1, x2, C);
-  ecc_mod_mul (&ecc->p, D, y1, y2, D);
-  ecc_mod_add (&ecc->p, A, x1, y1);
-  ecc_mod_add (&ecc->p, B, x2, y2);
-  ecc_mod_mul (&ecc->p, T, A, B, T);
+#define T scratch
+#define E (scratch + 1*ecc->p.size)
+#define G E
+#define C (scratch + 2*ecc->p.size)
+#define D (scratch + 3*ecc->p.size)
+#define B D
+
+  /* Use T as scratch, clobber E */
+  ecc_mod_mul (&ecc->p, C, x1, x2, T);	/* C */
+  ecc_mod_mul (&ecc->p, D, y1, y2, T);	/* C, D */
+  ecc_mod_add (&ecc->p, x3, x1, y1);
+  ecc_mod_add (&ecc->p, y3, x2, y2);
+  ecc_mod_mul (&ecc->p, T, x3, y3, T);	/* C, D, T */
   ecc_mod_sub (&ecc->p, T, T, C);
   ecc_mod_sub (&ecc->p, T, T, D);
-  ecc_mod_mul (&ecc->p, x3, C, D, x3);
-  ecc_mod_mul (&ecc->p, E, x3, ecc->b, E);
-  ecc_mod_sub (&ecc->p, C, D, C);
 
-  ecc_mod_mul (&ecc->p, A, z1, z2, A);
-  ecc_mod_sqr (&ecc->p, B, A, B);
+  /* Can now use x3 as scratch, without breaking in-place operation. */
+  ecc_mod_mul (&ecc->p, E, C, D, x3);	/* C, D, T, E */
+  ecc_mod_mul (&ecc->p, E, E, ecc->b, x3);
+  ecc_mod_sub (&ecc->p, C, D, C);	/* C, T, E */
 
-  ecc_mod_sub (&ecc->p, F, B, E);
-  ecc_mod_add (&ecc->p, G, B, E);
+  ecc_mod_mul (&ecc->p, B, z1, z2, x3);	/* C, T, E, B */
+  ecc_mod_mul (&ecc->p, C, C, B, x3);
+  ecc_mod_mul (&ecc->p, T, T, B, x3);
+  ecc_mod_sqr (&ecc->p, B, B, x3);
 
-  /* x3 */
-  ecc_mod_mul (&ecc->p, B, F, T, B);
-  ecc_mod_mul (&ecc->p, x3, B, A, x3);
+  ecc_mod_sub (&ecc->p, x3, B, E);
+  ecc_mod_add (&ecc->p, G, B, E);	/* C, T, G */
 
-  /* y3 */
-  ecc_mod_mul (&ecc->p, B, G, C, B);
-  ecc_mod_mul (&ecc->p, y3, B, A, y3);
+  /* Can now use y3 as scratch, without breaking in-place operation. */
+  ecc_mod_mul (&ecc->p, y3, C, G, y3);	/* T G */
 
-  /* z3 */
-  ecc_mod_mul (&ecc->p, B, F, G, B);
-  mpn_copyi (z3, B, ecc->p.size);
+  /* Can use C--D as scratch */
+  ecc_mod_mul (&ecc->p, z3, x3, G, C);	/* T */
+  ecc_mod_mul (&ecc->p, x3, x3, T, C);
 }
diff --git a/ecc-internal.h b/ecc-internal.h
index 04bc07bd..29a8c7c3 100644
--- a/ecc-internal.h
+++ b/ecc-internal.h
@@ -450,7 +450,7 @@ curve448_eh_to_x (mp_limb_t *xp, const mp_limb_t *p,
 #define ECC_ADD_JJA_ITCH(size) (6*(size))
 #define ECC_ADD_JJJ_ITCH(size) (8*(size))
 #define ECC_ADD_EH_ITCH(size) (4*(size))
-#define ECC_ADD_EHH_ITCH(size) (7*(size))
+#define ECC_ADD_EHH_ITCH(size) (4*(size))
 #define ECC_ADD_TH_ITCH(size) (4*(size))
 #define ECC_ADD_THH_ITCH(size) (7*(size))
 #define ECC_MUL_G_ITCH(size) (9*(size))