diff options
author | Jack Lloyd <[email protected]> | 2018-03-08 18:00:40 -0500 |
---|---|---|
committer | Jack Lloyd <[email protected]> | 2018-03-08 18:00:40 -0500 |
commit | 69b53b714b5bac4298a90f42753202d687bac8e8 (patch) | |
tree | 070157e5255d12a4a83983e9984a9ee24bec4d52 | |
parent | cc22c1e0a7c53bb4fb92e674c0b2b9ef6fe39c68 (diff) |
Avoid creating too-large values during ECDSA signing
It would cause the Barrett reduction to fallback to schoolbook
division. Small but noticable speedup (2-3%)
-rw-r--r-- | src/lib/pubkey/ecdsa/ecdsa.cpp | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/src/lib/pubkey/ecdsa/ecdsa.cpp b/src/lib/pubkey/ecdsa/ecdsa.cpp index 57bc197c5..d473e466c 100644 --- a/src/lib/pubkey/ecdsa/ecdsa.cpp +++ b/src/lib/pubkey/ecdsa/ecdsa.cpp @@ -89,9 +89,11 @@ ECDSA_Signature_Operation::raw_sign(const uint8_t msg[], size_t msg_len, #endif const BigInt k_inv = inverse_mod(k, m_group.get_order()); - const PointGFp k_times_P = m_group.blinded_base_point_multiply(k, rng, m_ws); - const BigInt r = m_group.mod_order(k_times_P.get_affine_x()); - const BigInt s = m_group.multiply_mod_order(k_inv, mul_add(m_x, r, m)); + const BigInt r = m_group.mod_order( + m_group.blinded_base_point_multiply(k, rng, m_ws).get_affine_x()); + + const BigInt xrm = m_group.mod_order(m_group.multiply_mod_order(m_x, r) + m); + const BigInt s = m_group.multiply_mod_order(k_inv, xrm); // With overwhelming probability, a bug rather than actual zero r/s if(r.is_zero() || s.is_zero()) |