Faster const-time modinv divsteps (rebase of #1031) #1197

pull sipa wants to merge 5 commits into bitcoin-core:master from sipa:202301_pr1031 changing 3 files +202 −165
  1. sipa commented at 9:02 pm on January 19, 2023: contributor

    Algorithm by Peter Dettman, with original comments:

    Changes to _divsteps_59 (_30) that give maybe 4% speed improvement to const-time modinv on 64 bit. I see a larger gain on 32 bit but measured on 64 bit so might not be real.

    Start the result matrix scaled by 2^62 (resp. 2^30) and shift q, r down instead of u, v up at each step (should make life easier for vectorization). Since we’re always shifting away the LSB of g, q, r, we can avoid doing a full negation for x, y, z (after a few tweaks).

    A new variable $\theta = \delta - 1/2$ is introduced then, which is slightly cheaper than the $\zeta = -\delta-1/2$ used before.

  2. Faster const-time modinv divsteps 8c0c69757e
  3. modinv: introduce theta=delta-1/2 b00bae412a
  4. Update safegcd writeup to reflect the code 7c310b79cc
  5. Improve matrix computation assertions 55f5ea681f
  6. Improve verify check and comments 
    - Add explanation for 59 divsteps vs 2^62 scaling
    57a09847d8
  7. sipa cross-referenced this on Jan 19, 2023 from issue Faster const-time modinv divsteps by peterdettman
  8. real-or-random added the label performance on May 11, 2023


sipa

Labels
performance

github-metadata-mirror

This is a metadata mirror of the GitHub repository bitcoin-core/secp256k1. This site is not affiliated with GitHub. Content is generated from a GitHub metadata backup.
generated: 2024-11-22 18:15 UTC
This site is hosted by @0xB10C
More mirrored repositories can be found on mirror.b10c.me