Commit 5b19af35 authored by Niels Möller's avatar Niels Möller

Reduce ecc_add_ehh scratch need.

parent 472444cf
2014-07-26 Niels Möller <nisse@lysator.liu.se>
* ecc-add-ehh.c (ecc_add_ehh): Reduce scratch need.
* ecc-internal.h (ECC_ADD_EHH_ITCH): Reduced to 7*size.
2014-07-23 Niels Möller <nisse@lysator.liu.se> 2014-07-23 Niels Möller <nisse@lysator.liu.se>
* testsuite/curve25519-dh-test.c: New test case, based on * testsuite/curve25519-dh-test.c: New test case, based on
......
...@@ -65,50 +65,53 @@ ecc_add_ehh (const struct ecc_curve *ecc, ...@@ -65,50 +65,53 @@ ecc_add_ehh (const struct ecc_curve *ecc,
Computation Operation Live variables Computation Operation Live variables
A = z1*z2 mul A C = x1*x2 mul C
B = A^2 sqr A, B D = y1*y2 mul C, D
C = x1*x2 mul A, B, C T = (x1+y1)(x2+y2) - C - D C, D, T
D = y1*y2 mul A, B, C, D E = b*C*D 2 mul C, E, T (Replace C <-- D - C)
E = b*C*D 2 mul A, B, C, D, E A = z1*z2 mul A, C, E, T
F = B - E A, B, C, D, E, F B = A^2 sqr A, B, C, E, T
G = B + E A, C, D, F, G F = B - E A, B, C, E, F, T
x3 = A*F*[(x1+y1)(x2+y2) - C - D] 3 mul A, C, D, G G = B + E A, C, F, G, T
x3 = A*F*T 3 mul A, C, G
y3 = A*G*(D-C) 2 mul F, G y3 = A*G*(D-C) 2 mul F, G
z3 = F*G mul z3 = F*G mul
*/ */
#define A scratch #define C scratch
#define B (scratch + ecc->size) #define D (scratch + ecc->size)
#define C (scratch + 2*ecc->size) #define T (scratch + 2*ecc->size)
#define D (scratch + 3*ecc->size) #define E (scratch + 3*ecc->size)
#define E (scratch + 4*ecc->size) #define A (scratch + 4*ecc->size)
#define F (scratch + 5*ecc->size) #define B (scratch + 5*ecc->size)
#define G (scratch + 6*ecc->size) #define F D
#define T (scratch + 7*ecc->size) #define G E
ecc_modp_mul (ecc, A, z1, z2);
ecc_modp_sqr (ecc, B, A);
ecc_modp_mul (ecc, C, x1, x2); ecc_modp_mul (ecc, C, x1, x2);
ecc_modp_mul (ecc, D, y1, y2); ecc_modp_mul (ecc, D, y1, y2);
ecc_modp_mul (ecc, T, C, D); ecc_modp_add (ecc, A, x1, y1);
ecc_modp_mul (ecc, E, T, ecc->b); ecc_modp_add (ecc, B, x2, y2);
ecc_modp_mul (ecc, T, A, B);
ecc_modp_sub (ecc, T, T, C);
ecc_modp_sub (ecc, T, T, D);
ecc_modp_mul (ecc, x3, C, D);
ecc_modp_mul (ecc, E, x3, ecc->b);
ecc_modp_sub (ecc, C, D, C);
ecc_modp_mul (ecc, A, z1, z2);
ecc_modp_sqr (ecc, B, A);
ecc_modp_sub (ecc, F, B, E); ecc_modp_sub (ecc, F, B, E);
ecc_modp_add (ecc, G, B, E); ecc_modp_add (ecc, G, B, E);
/* x3 */ /* x3 */
ecc_modp_add (ecc, B, x1, y1); ecc_modp_mul (ecc, B, F, T);
ecc_modp_add (ecc, E, x2, y2); ecc_modp_mul (ecc, x3, B, A);
ecc_modp_mul (ecc, T, B, E);
ecc_modp_sub (ecc, T, T, C);
ecc_modp_sub (ecc, x3, T, D);
ecc_modp_mul (ecc, T, x3, A);
ecc_modp_mul (ecc, x3, T, F);
/* y3 */ /* y3 */
ecc_modp_sub (ecc, C, D, C); ecc_modp_mul (ecc, B, G, C);
ecc_modp_mul (ecc, T, A, C); ecc_modp_mul (ecc, y3, B, A);
ecc_modp_mul (ecc, y3, T, G);
/* z3 */ /* z3 */
ecc_modp_mul (ecc, T, F, G); ecc_modp_mul (ecc, B, F, G);
mpn_copyi (z3, T, ecc->size); mpn_copyi (z3, B, ecc->size);
} }
...@@ -243,7 +243,7 @@ sec_modinv (mp_limb_t *vp, mp_limb_t *ap, mp_size_t n, ...@@ -243,7 +243,7 @@ sec_modinv (mp_limb_t *vp, mp_limb_t *ap, mp_size_t n,
#define ECC_ADD_JJA_ITCH(size) (6*(size)) #define ECC_ADD_JJA_ITCH(size) (6*(size))
#define ECC_ADD_JJJ_ITCH(size) (8*(size)) #define ECC_ADD_JJJ_ITCH(size) (8*(size))
#define ECC_ADD_EH_ITCH(size) (6*(size)) #define ECC_ADD_EH_ITCH(size) (6*(size))
#define ECC_ADD_EHH_ITCH(size) (9*(size)) #define ECC_ADD_EHH_ITCH(size) (7*(size))
#define ECC_MUL_G_ITCH(size) (9*(size)) #define ECC_MUL_G_ITCH(size) (9*(size))
#define ECC_MUL_G_EH_ITCH(size) (9*(size)) #define ECC_MUL_G_EH_ITCH(size) (9*(size))
#if ECC_MUL_A_WBITS == 0 #if ECC_MUL_A_WBITS == 0
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment