ecmult_const: unify endomorphism and non-endomorphism skew cases #401

pull apoelstra wants to merge 1 commits into bitcoin-core:master from apoelstra:wnaf-cleanup changing 2 files +25 −52

apoelstra commented at 10:02 AM on June 30, 2016: contributor

We now do a skew correction even without the endomorphism optimization, which costs one additional group addition but unifies a lot of code.

in src/ecmult_const_impl.h:None in b2a1ada4fd outdated

 221 |          secp256k1_ge_to_storage(&correction_lam_stor, a);
 222 | +#endif
 223 |          secp256k1_ge_to_storage(&a2_stor, &correction);
 224 |  
 225 |          /* For odd numbers this is 2a (so replace it), for even ones a (so no-op) */
 226 |          secp256k1_ge_storage_cmov(&correction_1_stor, &a2_stor, skew_1 == 2);

sipa commented at 10:06 AM on June 30, 2016:

I think skew_1 == 2 can never be true in the non-USE_ENDOMORPHISM case.

apoelstra commented at 10:08 AM on June 30, 2016: contributor

I think it can, e.g. if the scalar is low and odd.

ecmult_const: unify endomorphism and non-endomorphism skew cases

We now do a skew correction even without the endomorphism optimization,
which costs one additional group addition but unifies a lot of code.

c6191fded8

apoelstra force-pushed on Jun 30, 2016
sipa commented at 1:50 PM on June 30, 2016: contributor

ACK
sipa merged this on Jun 30, 2016
sipa closed this on Jun 30, 2016
sipa referenced this in commit fa36a0ddb8 on Jun 30, 2016
apoelstra deleted the branch on Jun 19, 2017

Contributors

apoelstra

sipa