aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/pubkey/ec_group
diff options
context:
space:
mode:
authorJack Lloyd <[email protected]>2018-03-19 15:15:57 -0400
committerJack Lloyd <[email protected]>2018-03-19 15:15:57 -0400
commit65e5f15c61c5ed5c41e1bed4c831ae7269f13066 (patch)
treeafb1494900be3cf600a2b46002ddcbf6761b9de1 /src/lib/pubkey/ec_group
parentd76d6711cf61c6b690d8c0fa7d69616c2645ce52 (diff)
Avoid needless computation in base point multiply
We computed twice as many values as were used.
Diffstat (limited to 'src/lib/pubkey/ec_group')
-rw-r--r--src/lib/pubkey/ec_group/curve_gfp.cpp24
-rw-r--r--src/lib/pubkey/ec_group/point_mul.cpp14
-rw-r--r--src/lib/pubkey/ec_group/point_mul.h1
3 files changed, 6 insertions, 33 deletions
diff --git a/src/lib/pubkey/ec_group/curve_gfp.cpp b/src/lib/pubkey/ec_group/curve_gfp.cpp
index fba9a419c..a8fdb2906 100644
--- a/src/lib/pubkey/ec_group/curve_gfp.cpp
+++ b/src/lib/pubkey/ec_group/curve_gfp.cpp
@@ -106,12 +106,6 @@ void CurveGFp_Montgomery::from_curve_rep(BigInt& z, secure_vector<word>& ws) con
void CurveGFp_Montgomery::curve_mul(BigInt& z, const BigInt& x, const BigInt& y,
secure_vector<word>& ws) const
{
- if(x.is_zero() || y.is_zero())
- {
- z.clear();
- return;
- }
-
if(ws.size() < get_ws_size())
ws.resize(get_ws_size());
@@ -138,12 +132,6 @@ void CurveGFp_Montgomery::curve_mul(BigInt& z, const BigInt& x, const BigInt& y,
void CurveGFp_Montgomery::curve_sqr(BigInt& z, const BigInt& x,
secure_vector<word>& ws) const
{
- if(x.is_zero())
- {
- z.clear();
- return;
- }
-
if(ws.size() < get_ws_size())
ws.resize(get_ws_size());
@@ -215,12 +203,6 @@ BigInt CurveGFp_NIST::invert_element(const BigInt& x, secure_vector<word>& ws) c
void CurveGFp_NIST::curve_mul(BigInt& z, const BigInt& x, const BigInt& y,
secure_vector<word>& ws) const
{
- if(x.is_zero() || y.is_zero())
- {
- z.clear();
- return;
- }
-
if(ws.size() < get_ws_size())
ws.resize(get_ws_size());
@@ -242,12 +224,6 @@ void CurveGFp_NIST::curve_mul(BigInt& z, const BigInt& x, const BigInt& y,
void CurveGFp_NIST::curve_sqr(BigInt& z, const BigInt& x,
secure_vector<word>& ws) const
{
- if(x.is_zero())
- {
- z.clear();
- return;
- }
-
if(ws.size() < get_ws_size())
ws.resize(get_ws_size());
diff --git a/src/lib/pubkey/ec_group/point_mul.cpp b/src/lib/pubkey/ec_group/point_mul.cpp
index 487fb9884..7acb60b6a 100644
--- a/src/lib/pubkey/ec_group/point_mul.cpp
+++ b/src/lib/pubkey/ec_group/point_mul.cpp
@@ -43,9 +43,9 @@ PointGFp_Base_Point_Precompute::PointGFp_Base_Point_Precompute(const PointGFp& b
* the size of the prime modulus. In all cases they are at most 1 bit
* longer. The +1 compensates for this.
*/
- m_T_bits = round_up(p_bits + PointGFp_SCALAR_BLINDING_BITS + 1, 2);
+ const size_t T_bits = round_up(p_bits + PointGFp_SCALAR_BLINDING_BITS + 1, 2) / 2;
- m_T.resize(3*m_T_bits);
+ m_T.resize(3*T_bits);
m_T[0] = base;
m_T[1] = m_T[0];
@@ -53,7 +53,7 @@ PointGFp_Base_Point_Precompute::PointGFp_Base_Point_Precompute(const PointGFp& b
m_T[2] = m_T[1];
m_T[2].add(m_T[0], ws);
- for(size_t i = 1; i != m_T_bits; ++i)
+ for(size_t i = 1; i != T_bits; ++i)
{
m_T[3*i+0] = m_T[3*i - 2];
m_T[3*i+0].mult2(ws);
@@ -78,17 +78,15 @@ PointGFp PointGFp_Base_Point_Precompute::mul(const BigInt& k,
const BigInt mask(rng, PointGFp_SCALAR_BLINDING_BITS, false);
const BigInt scalar = k + group_order * mask;
- const size_t scalar_bits = scalar.bits();
+ size_t windows = round_up(scalar.bits(), 2) / 2;
- BOTAN_ASSERT(scalar_bits <= m_T_bits,
+ BOTAN_ASSERT(windows <= m_T.size() / 3,
"Precomputed sufficient values for scalar mult");
- PointGFp R = m_T[0].zero();
-
if(ws.size() < PointGFp::WORKSPACE_SIZE)
ws.resize(PointGFp::WORKSPACE_SIZE);
- size_t windows = round_up(scalar_bits, 2) / 2;
+ PointGFp R = m_T[0].zero();
for(size_t i = 0; i != windows; ++i)
{
diff --git a/src/lib/pubkey/ec_group/point_mul.h b/src/lib/pubkey/ec_group/point_mul.h
index b6e9da3b9..97fd326a2 100644
--- a/src/lib/pubkey/ec_group/point_mul.h
+++ b/src/lib/pubkey/ec_group/point_mul.h
@@ -23,7 +23,6 @@ class PointGFp_Base_Point_Precompute
const BigInt& group_order,
std::vector<BigInt>& ws) const;
private:
- size_t m_T_bits;
std::vector<PointGFp> m_T;
};