diff options
| author | Niels Möller <nisse@lysator.liu.se> | 2020-11-08 11:53:56 +0100 |
|---|---|---|
| committer | Niels Möller <nisse@lysator.liu.se> | 2020-11-08 11:53:56 +0100 |
| commit | 92f657b3d6038be6d23c2dfab05e40bbcda79ebb (patch) | |
| tree | 18b59ce29a82e1c641fdd358793022b6ff4ddc15 | |
| parent | f1bbbcae39e99b127aaf063ed0bd80799155aa4d (diff) | |
| download | nettle-92f657b3d6038be6d23c2dfab05e40bbcda79ebb.tar.gz | |
Reduce scratch need for ecc_add_jjj some more
| -rw-r--r-- | ChangeLog | 4 | ||||
| -rw-r--r-- | ecc-add-jjj.c | 32 | ||||
| -rw-r--r-- | ecc-internal.h | 2 |
3 files changed, 19 insertions, 19 deletions
@@ -1,10 +1,8 @@ 2020-11-08 Niels Möller <nisse@lysator.liu.se> * ecc-add-jja.c (ecc_add_jja): Reduce scratch need. - * ecc-internal.h (ECC_ADD_JJA_ITCH): Now 5*size. - * ecc-add-jjj.c (ecc_add_jjj): Reduce scratch need. - * ecc-internal.h (ECC_ADD_JJJ_ITCH): Now 6*size. + * ecc-internal.h (ECC_ADD_JJA_ITCH, ECC_ADD_JJJ_ITCH): Now 5*size. 2020-11-06 Niels Möller <nisse@lysator.liu.se> diff --git a/ecc-add-jjj.c b/ecc-add-jjj.c index a5a7e7a0..4a5d727c 100644 --- a/ecc-add-jjj.c +++ b/ecc-add-jjj.c @@ -77,36 +77,38 @@ ecc_add_jjj (const struct ecc_curve *ecc, #define h scratch #define z1z1 (scratch + ecc->p.size) -#define z2z2 (scratch + 2*ecc->p.size) -#define z1z2 (scratch + 3*ecc->p.size) +#define z2z2 z1z1 +#define z1z2 (scratch + 2*ecc->p.size) #define w (scratch + ecc->p.size) #define i (scratch + 2*ecc->p.size) #define j h #define v i -#define tp (scratch + 4*ecc->p.size) +#define tp (scratch + 3*ecc->p.size) - ecc_mod_sqr (&ecc->p, z1z1, z1, tp); /* z1z1 */ - ecc_mod_sqr (&ecc->p, z2z2, z2, tp); /* z1z1, z2z2 */ + ecc_mod_sqr (&ecc->p, z2z2, z2, tp); /* z2z2 */ /* Store u1 at x3 */ - ecc_mod_mul (&ecc->p, x3, x1, z2z2, tp); /* z1z1, z2z2 */ - ecc_mod_mul (&ecc->p, h, x2, z1z1, tp); /* z1z1, z2z2, h */ - ecc_mod_sub (&ecc->p, h, h, x3); + ecc_mod_mul (&ecc->p, x3, x1, z2z2, tp); /* z2z2 */ - ecc_mod_add (&ecc->p, z1z2, z1, z2); /* z1z1, z2z2, z1z2, h */ + ecc_mod_add (&ecc->p, z1z2, z1, z2); /* z2z2, z1z2 */ ecc_mod_sqr (&ecc->p, z1z2, z1z2, tp); + ecc_mod_sub (&ecc->p, z1z2, z1z2, z2z2); /* z2z2, z1z2 */ + + /* Do s1 early, store at y3 */ + ecc_mod_mul (&ecc->p, z2z2, z2z2, z2, tp); /* z2z2, z1z2 */ + ecc_mod_mul (&ecc->p, y3, z2z2, y1, tp); /* z1z2 */ + + ecc_mod_sqr (&ecc->p, z1z1, z1, tp); /* z1z1, z1z2 */ ecc_mod_sub (&ecc->p, z1z2, z1z2, z1z1); - ecc_mod_sub (&ecc->p, z1z2, z1z2, z2z2); + ecc_mod_mul (&ecc->p, h, x2, z1z1, tp); /* z1z1, z1z2, h */ + ecc_mod_sub (&ecc->p, h, h, x3); - /* z1^3, z2^3 */ + /* z1^3 */ ecc_mod_mul (&ecc->p, z1z1, z1z1, z1, tp); - ecc_mod_mul (&ecc->p, z2z2, z2z2, z2, tp); /* z3 <-- h z1 z2 delayed until now, since that may clobber z1. */ - ecc_mod_mul (&ecc->p, z3, z1z2, h, tp); /* z1z1, z2z2, h */ - /* Store s1 at y3 */ - ecc_mod_mul (&ecc->p, y3, z2z2, y1, tp); /* z1z1, h */ + ecc_mod_mul (&ecc->p, z3, z1z2, h, tp); /* z1z1, h */ /* w = 2 (s2 - s1) */ ecc_mod_mul (&ecc->p, w, z1z1, y2, tp); /* h, w */ ecc_mod_sub (&ecc->p, w, w, y3); diff --git a/ecc-internal.h b/ecc-internal.h index ed725d9c..81c1c39a 100644 --- a/ecc-internal.h +++ b/ecc-internal.h @@ -448,7 +448,7 @@ curve448_eh_to_x (mp_limb_t *xp, const mp_limb_t *p, #define ECC_DUP_EH_ITCH(size) (3*(size)) #define ECC_DUP_TH_ITCH(size) (3*(size)) #define ECC_ADD_JJA_ITCH(size) (5*(size)) -#define ECC_ADD_JJJ_ITCH(size) (6*(size)) +#define ECC_ADD_JJJ_ITCH(size) (5*(size)) #define ECC_ADD_EH_ITCH(size) (4*(size)) #define ECC_ADD_EHH_ITCH(size) (4*(size)) #define ECC_ADD_TH_ITCH(size) (4*(size)) |