aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2018-03-08 18:00:40 -0500
committerJack Lloyd <[email protected]>2018-03-08 18:00:40 -0500
commit69b53b714b5bac4298a90f42753202d687bac8e8 (patch)
tree070157e5255d12a4a83983e9984a9ee24bec4d52
parentcc22c1e0a7c53bb4fb92e674c0b2b9ef6fe39c68 (diff)
Avoid creating too-large values during ECDSA signing
It would cause the Barrett reduction to fallback to schoolbook division. Small but noticable speedup (2-3%)
-rw-r--r--src/lib/pubkey/ecdsa/ecdsa.cpp8
1 files changed, 5 insertions, 3 deletions
diff --git a/src/lib/pubkey/ecdsa/ecdsa.cpp b/src/lib/pubkey/ecdsa/ecdsa.cpp
index 57bc197c5..d473e466c 100644
--- a/src/lib/pubkey/ecdsa/ecdsa.cpp
+++ b/src/lib/pubkey/ecdsa/ecdsa.cpp
@@ -89,9 +89,11 @@ ECDSA_Signature_Operation::raw_sign(const uint8_t msg[], size_t msg_len,
#endif
const BigInt k_inv = inverse_mod(k, m_group.get_order());
- const PointGFp k_times_P = m_group.blinded_base_point_multiply(k, rng, m_ws);
- const BigInt r = m_group.mod_order(k_times_P.get_affine_x());
- const BigInt s = m_group.multiply_mod_order(k_inv, mul_add(m_x, r, m));
+ const BigInt r = m_group.mod_order(
+ m_group.blinded_base_point_multiply(k, rng, m_ws).get_affine_x());
+
+ const BigInt xrm = m_group.mod_order(m_group.multiply_mod_order(m_x, r) + m);
+ const BigInt s = m_group.multiply_mod_order(k_inv, xrm);
// With overwhelming probability, a bug rather than actual zero r/s
if(r.is_zero() || s.is_zero())