@@ -43,41 +43,54 @@ static void secp256k1_ecmult_table_precomp_gej_var(secp256k1_gej_t *pre, const s
4343 secp256k1_gej_add_var (& pre [i ], & d , & pre [i - 1 ]);
4444}
4545
46- static void secp256k1_ecmult_table_precomp_ge_var ( secp256k1_ge_t * pre , const secp256k1_gej_t * a , int w ) {
46+ static void secp256k1_ecmult_table_precomp_ge_storage_var ( secp256k1_ge_storage_t * pre , const secp256k1_gej_t * a , int w ) {
4747 const int table_size = 1 << (w - 2 );
4848 secp256k1_gej_t * prej = checked_malloc (sizeof (secp256k1_gej_t ) * table_size );
49+ secp256k1_ge_t * prea = checked_malloc (sizeof (secp256k1_ge_t ) * table_size );
4950 prej [0 ] = * a ;
5051 secp256k1_gej_t d ; secp256k1_gej_double_var (& d , a );
5152 for (int i = 1 ; i < table_size ; i ++ ) {
5253 secp256k1_gej_add_var (& prej [i ], & d , & prej [i - 1 ]);
5354 }
54- secp256k1_ge_set_all_gej_var (table_size , pre , prej );
55+ secp256k1_ge_set_all_gej_var (table_size , prea , prej );
56+ for (int i = 0 ; i < table_size ; i ++ ) {
57+ secp256k1_ge_to_storage (& pre [i ], & prea [i ]);
58+ }
5559 free (prej );
60+ free (prea );
5661}
5762
5863/** The number of entries a table with precomputed multiples needs to have. */
5964#define ECMULT_TABLE_SIZE (w ) (1 << ((w)-2))
6065
6166/** The following two macro retrieves a particular odd multiple from a table
6267 * of precomputed multiples. */
63- #define ECMULT_TABLE_GET (r ,pre ,n ,w , neg ) do { \
68+ #define ECMULT_TABLE_GET_GEJ (r ,pre ,n ,w ) do { \
6469 VERIFY_CHECK(((n) & 1) == 1); \
6570 VERIFY_CHECK((n) >= -((1 << ((w)-1)) - 1)); \
6671 VERIFY_CHECK((n) <= ((1 << ((w)-1)) - 1)); \
6772 if ((n) > 0) \
6873 *(r) = (pre)[((n)-1)/2]; \
6974 else \
70- (neg)((r), &(pre)[(-(n)-1)/2]); \
75+ secp256k1_gej_neg((r), &(pre)[(-(n)-1)/2]); \
76+ } while(0)
77+ #define ECMULT_TABLE_GET_GE_STORAGE (r ,pre ,n ,w ) do { \
78+ VERIFY_CHECK(((n) & 1) == 1); \
79+ VERIFY_CHECK((n) >= -((1 << ((w)-1)) - 1)); \
80+ VERIFY_CHECK((n) <= ((1 << ((w)-1)) - 1)); \
81+ if ((n) > 0) \
82+ secp256k1_ge_from_storage((r), &(pre)[((n)-1)/2]); \
83+ else {\
84+ secp256k1_ge_from_storage((r), &(pre)[(-(n)-1)/2]); \
85+ secp256k1_ge_neg((r), (r)); \
86+ } \
7187} while(0)
72-
73- #define ECMULT_TABLE_GET_GEJ (r ,pre ,n ,w ) ECMULT_TABLE_GET((r),(pre),(n),(w),secp256k1_gej_neg)
74- #define ECMULT_TABLE_GET_GE (r ,pre ,n ,w ) ECMULT_TABLE_GET((r),(pre),(n),(w),secp256k1_ge_neg)
7588
7689typedef struct {
7790 /* For accelerating the computation of a*P + b*G: */
78- secp256k1_ge_t pre_g [ECMULT_TABLE_SIZE (WINDOW_G )]; /* odd multiples of the generator */
91+ secp256k1_ge_storage_t pre_g [ECMULT_TABLE_SIZE (WINDOW_G )]; /* odd multiples of the generator */
7992#ifdef USE_ENDOMORPHISM
80- secp256k1_ge_t pre_g_128 [ECMULT_TABLE_SIZE (WINDOW_G )]; /* odd multiples of 2^128*generator */
93+ secp256k1_ge_storage_t pre_g_128 [ECMULT_TABLE_SIZE (WINDOW_G )]; /* odd multiples of 2^128*generator */
8194#endif
8295} secp256k1_ecmult_consts_t ;
8396
@@ -101,9 +114,9 @@ static void secp256k1_ecmult_start(void) {
101114#endif
102115
103116 /* precompute the tables with odd multiples */
104- secp256k1_ecmult_table_precomp_ge_var (ret -> pre_g , & gj , WINDOW_G );
117+ secp256k1_ecmult_table_precomp_ge_storage_var (ret -> pre_g , & gj , WINDOW_G );
105118#ifdef USE_ENDOMORPHISM
106- secp256k1_ecmult_table_precomp_ge_var (ret -> pre_g_128 , & g_128j , WINDOW_G );
119+ secp256k1_ecmult_table_precomp_ge_storage_var (ret -> pre_g_128 , & g_128j , WINDOW_G );
107120#endif
108121
109122 /* Set the global pointer to the precomputation table. */
@@ -224,11 +237,11 @@ static void secp256k1_ecmult(secp256k1_gej_t *r, const secp256k1_gej_t *a, const
224237 secp256k1_gej_add_var (r , r , & tmpj );
225238 }
226239 if (i < bits_ng_1 && (n = wnaf_ng_1 [i ])) {
227- ECMULT_TABLE_GET_GE (& tmpa , c -> pre_g , n , WINDOW_G );
240+ ECMULT_TABLE_GET_GE_STORAGE (& tmpa , c -> pre_g , n , WINDOW_G );
228241 secp256k1_gej_add_ge_var (r , r , & tmpa );
229242 }
230243 if (i < bits_ng_128 && (n = wnaf_ng_128 [i ])) {
231- ECMULT_TABLE_GET_GE (& tmpa , c -> pre_g_128 , n , WINDOW_G );
244+ ECMULT_TABLE_GET_GE_STORAGE (& tmpa , c -> pre_g_128 , n , WINDOW_G );
232245 secp256k1_gej_add_ge_var (r , r , & tmpa );
233246 }
234247#else
@@ -237,7 +250,7 @@ static void secp256k1_ecmult(secp256k1_gej_t *r, const secp256k1_gej_t *a, const
237250 secp256k1_gej_add_var (r , r , & tmpj );
238251 }
239252 if (i < bits_ng && (n = wnaf_ng [i ])) {
240- ECMULT_TABLE_GET_GE (& tmpa , c -> pre_g , n , WINDOW_G );
253+ ECMULT_TABLE_GET_GE_STORAGE (& tmpa , c -> pre_g , n , WINDOW_G );
241254 secp256k1_gej_add_ge_var (r , r , & tmpa );
242255 }
243256#endif
0 commit comments