diff options
| author | Niels Möller <nisse@lysator.liu.se> | 2020-11-03 22:48:11 +0100 |
|---|---|---|
| committer | Niels Möller <nisse@lysator.liu.se> | 2020-11-03 22:48:11 +0100 |
| commit | 3c9e49b1d923c6b6169b11fc38dd6a21a60eaab4 (patch) | |
| tree | 227f6b3d269081978c9da3bd5fc13193be430b95 | |
| parent | 98eae4144069bb7d96b783e0e80e0307aaa19421 (diff) | |
| download | nettle-3c9e49b1d923c6b6169b11fc38dd6a21a60eaab4.tar.gz | |
Reduce scratch need for ecc_add_thh
| -rw-r--r-- | ChangeLog | 4 | ||||
| -rw-r--r-- | ecc-add-th.c | 4 | ||||
| -rw-r--r-- | ecc-add-thh.c | 61 | ||||
| -rw-r--r-- | ecc-internal.h | 2 |
4 files changed, 35 insertions, 36 deletions
@@ -11,7 +11,9 @@ * ecc-add-eh.c (ecc_add_eh): Reduce scratch need. * ecc-add-th.c (ecc_add_th): Analogous changes. * ecc-add-ehh.c (ecc_add_ehh): Reduce scratch need. - * ecc-internal.h (ECC_ADD_EH_ITCH, ECC_ADD_EHH_ITCH, ECC_ADD_TH_ITCH): Now 4*size. + * ecc-add-thh.c (ecc_add_thh): Analogous changes. + * ecc-internal.h (ECC_ADD_EH_ITCH, ECC_ADD_EHH_ITCH) + (ECC_ADD_TH_ITCH, ECC_ADD_THH_ITCH): Now 4*size. 2020-11-02 Niels Möller <nisse@lysator.liu.se> diff --git a/ecc-add-th.c b/ecc-add-th.c index e99e0763..b4fb8a6c 100644 --- a/ecc-add-th.c +++ b/ecc-add-th.c @@ -101,8 +101,8 @@ ecc_add_th (const struct ecc_curve *ecc, ecc_mod_mul (&ecc->p, C, C, z1, x3); ecc_mod_sqr (&ecc->p, B, z1, x3); /* C, T, E, B */ - ecc_mod_add (&ecc->p, x3, B, E); /* C, T, G */ - ecc_mod_sub (&ecc->p, F, B, E); + ecc_mod_add (&ecc->p, x3, B, E); + ecc_mod_sub (&ecc->p, F, B, E); /* C, T, F */ /* Can now use y3 as scratch, without breaking in-place operation. */ ecc_mod_mul (&ecc->p, y3, C, F, y3); /* T G */ diff --git a/ecc-add-thh.c b/ecc-add-thh.c index 80d05d7e..d6acf16c 100644 --- a/ecc-add-thh.c +++ b/ecc-add-thh.c @@ -76,41 +76,38 @@ ecc_add_thh (const struct ecc_curve *ecc, We have different sign for E, hence swapping F and G, because our ecc->b corresponds to -b above. */ -#define C scratch -#define D (scratch + ecc->p.size) -#define T (scratch + 2*ecc->p.size) -#define E (scratch + 3*ecc->p.size) -#define A (scratch + 4*ecc->p.size) -#define B (scratch + 5*ecc->p.size) -#define F D -#define G E - - ecc_mod_mul (&ecc->p, C, x1, x2, C); - ecc_mod_mul (&ecc->p, D, y1, y2, D); - ecc_mod_add (&ecc->p, A, x1, y1); - ecc_mod_add (&ecc->p, B, x2, y2); - ecc_mod_mul (&ecc->p, T, A, B, T); +#define T scratch +#define E (scratch + 1*ecc->p.size) +#define F E +#define C (scratch + 2*ecc->p.size) +#define D (scratch + 3*ecc->p.size) +#define B D + + /* Use T as scratch, clobber E */ + ecc_mod_mul (&ecc->p, C, x1, x2, T); /* C */ + ecc_mod_mul (&ecc->p, D, y1, y2, T); /* C, D */ + ecc_mod_add (&ecc->p, x3, x1, y1); + ecc_mod_add (&ecc->p, y3, x2, y2); + ecc_mod_mul (&ecc->p, T, x3, y3, T); /* C, D, T */ + + /* Can now use x3 as scratch, without breaking in-place operation. */ + ecc_mod_mul (&ecc->p, E, C, D, x3); /* C, D, T, E */ + ecc_mod_mul (&ecc->p, E, E, ecc->b, x3); + ecc_mod_add (&ecc->p, C, D, C); /* C, T, E */ ecc_mod_sub (&ecc->p, T, T, C); - ecc_mod_sub (&ecc->p, T, T, D); - ecc_mod_mul (&ecc->p, x3, C, D, x3); - ecc_mod_mul (&ecc->p, E, x3, ecc->b, E); - ecc_mod_add (&ecc->p, C, D, C); - ecc_mod_mul (&ecc->p, A, z1, z2, A); - ecc_mod_sqr (&ecc->p, B, A, B); + ecc_mod_mul (&ecc->p, B, z1, z2, x3); + ecc_mod_mul (&ecc->p, T, T, B, x3); + ecc_mod_mul (&ecc->p, C, C, B, x3); + ecc_mod_sqr (&ecc->p, B, B, x3); - ecc_mod_sub (&ecc->p, F, B, E); - ecc_mod_add (&ecc->p, G, B, E); + ecc_mod_add (&ecc->p, x3, B, E); + ecc_mod_sub (&ecc->p, F, B, E); /* C, T, F */ - /* x3 */ - ecc_mod_mul (&ecc->p, B, G, T, B); - ecc_mod_mul (&ecc->p, x3, B, A, x3); + /* Can now use y3 as scratch, without breaking in-place operation. */ + ecc_mod_mul (&ecc->p, y3, C, F, y3); /* T G */ - /* y3 */ - ecc_mod_mul (&ecc->p, B, F, C, B); - ecc_mod_mul (&ecc->p, y3, B, A, y3); - - /* z3 */ - ecc_mod_mul (&ecc->p, B, F, G, B); - mpn_copyi (z3, B, ecc->p.size); + /* Can use C--D as scratch */ + ecc_mod_mul (&ecc->p, z3, x3, F, C); /* T */ + ecc_mod_mul (&ecc->p, x3, x3, T, C); } diff --git a/ecc-internal.h b/ecc-internal.h index ff8c6f6a..24c73155 100644 --- a/ecc-internal.h +++ b/ecc-internal.h @@ -452,7 +452,7 @@ curve448_eh_to_x (mp_limb_t *xp, const mp_limb_t *p, #define ECC_ADD_EH_ITCH(size) (4*(size)) #define ECC_ADD_EHH_ITCH(size) (4*(size)) #define ECC_ADD_TH_ITCH(size) (4*(size)) -#define ECC_ADD_THH_ITCH(size) (7*(size)) +#define ECC_ADD_THH_ITCH(size) (4*(size)) #define ECC_MUL_G_ITCH(size) (9*(size)) #define ECC_MUL_G_EH_ITCH(size) (9*(size)) #if ECC_MUL_A_WBITS == 0 |