diff --git a/ChangeLog b/ChangeLog
index 4a0d858419b44b71549194bd87c394c0149e9259..373abae935af72e14c8caf4e2ee20266b221af8b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2019-12-09  Niels Möller  <nisse@lysator.liu.se>
+
+	* ecc-448.c (ecc_mod_pow_446m224m1): Reduce scratch space from 9*n
+	to 6*n.
+	(ECC_448_INV_ITCH, ECC_448_SQRT_ITCH): Reduce accordingly.
+	* curve448-mul.c (curve448_mul): Reduce allocation from 14*n to 12*n.
+
 2019-12-08  Niels Möller  <nisse@lysator.liu.se>
 
 	* x86_64/ecc-curve448-modp.asm (nettle_ecc_curve448_modp): New
diff --git a/curve448-mul.c b/curve448-mul.c
index afa814a42e45481a07c1a6228e92efae79b056bd..59cf766467369b364fab1f8d3cd4720191b78b67 100644
--- a/curve448-mul.c
+++ b/curve448-mul.c
@@ -34,6 +34,7 @@
 # include "config.h"
 #endif
 
+#include <assert.h>
 #include <string.h>
 
 #include "curve448.h"
@@ -72,7 +73,8 @@ curve448_mul (uint8_t *q, const uint8_t *n, const uint8_t *p)
 
 #define a24 39081
 
-  itch = ecc->p.size * 14;
+  itch = ecc->p.size * 12;
+  assert (ecc->p.invert_itch + 5*ecc->p.size <= itch);
   scratch = gmp_alloc_limbs (itch);
 
   /* Note that 255 % GMP_NUMB_BITS == 0 isn't supported, so x1 always
diff --git a/ecc-448.c b/ecc-448.c
index 2e8400249d849e8e7ebb60f2f3ec7ca23c128311..429bb8ffd7220e6cb362c4b00993b3328d881feb 100644
--- a/ecc-448.c
+++ b/ecc-448.c
@@ -124,7 +124,7 @@ ecc_mod_pow_2k (const struct ecc_modulo *m,
     }
 }
 
-/* Computes a^{(p-3)/4} = a^{2^446-2^222-1} mod m. Needs 9 * n scratch
+/* Computes a^{(p-3)/4} = a^{2^446-2^222-1} mod m. Needs 6 * n scratch
    space. */
 static void
 ecc_mod_pow_446m224m1 (const struct ecc_modulo *p,
@@ -132,8 +132,8 @@ ecc_mod_pow_446m224m1 (const struct ecc_modulo *p,
 		       mp_limb_t *scratch)
 {
 #define t0 scratch
-#define t1 (scratch + 3*ECC_LIMB_SIZE)
-#define t2 (scratch + 6*ECC_LIMB_SIZE)
+#define t1 (scratch + 2*ECC_LIMB_SIZE)
+#define t2 (scratch + 4*ECC_LIMB_SIZE)
 
   ecc_mod_sqr (p, rp, ap);	        /* a^2 */
   ecc_mod_mul (p, t0, ap, rp);		/* a^3 */
@@ -164,8 +164,8 @@ ecc_mod_pow_446m224m1 (const struct ecc_modulo *p,
 #undef t2
 }
 
-/* Needs 9*ECC_LIMB_SIZE scratch space. */
-#define ECC_448_INV_ITCH (9*ECC_LIMB_SIZE)
+/* Needs 6*ECC_LIMB_SIZE scratch space. */
+#define ECC_448_INV_ITCH (6*ECC_LIMB_SIZE)
 
 static void ecc_448_inv (const struct ecc_modulo *p,
 			 mp_limb_t *rp, const mp_limb_t *ap,
@@ -207,7 +207,7 @@ ecc_448_zero_p (const struct ecc_modulo *p, mp_limb_t *xp)
 */
 
 /* Needs 4*n space + scratch for ecc_mod_pow_446m224m1. */
-#define ECC_448_SQRT_ITCH (13*ECC_LIMB_SIZE)
+#define ECC_448_SQRT_ITCH (10*ECC_LIMB_SIZE)
 
 static int
 ecc_448_sqrt(const struct ecc_modulo *p, mp_limb_t *rp,