Skip to content

Commit

Permalink
group: remove unneeded normalize_weak in secp256k1_gej_eq_x_var
Browse files Browse the repository at this point in the history
By requiring that the input group element's X coordinate (`a->x`) has a
magnitude of <= 31, the normalize_weak call and also the field element
variable `r2` are not needed anymore and hence can be dropped.

This makes ECDSA verification a little faster. On my machine:

Benchmark                     ,    Min(us)    ,    Avg(us)    ,    Max(us)

[ master ]
ecdsa_verify                  ,    68.9       ,    72.4       ,    77.8

[ PR ]
ecdsa_verify                  ,    65.4       ,    68.2       ,    76.6
  • Loading branch information
theStack committed Jun 14, 2023
1 parent efa76c4 commit ce51385
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 4 deletions.
3 changes: 2 additions & 1 deletion src/group.h
Original file line number Diff line number Diff line change
Expand Up @@ -100,7 +100,8 @@ static void secp256k1_gej_set_ge(secp256k1_gej *r, const secp256k1_ge *a);
/** Check two group elements (jacobian) for equality in variable time. */
static int secp256k1_gej_eq_var(const secp256k1_gej *a, const secp256k1_gej *b);

/** Compare the X coordinate of a group element (jacobian). */
/** Compare the X coordinate of a group element (jacobian).
* The mangitude of the group element's X coordinate must not exceed 31. */
static int secp256k1_gej_eq_x_var(const secp256k1_fe *x, const secp256k1_gej *a);

/** Set r equal to the inverse of a (i.e., mirrored around the X axis) */
Expand Down
10 changes: 7 additions & 3 deletions src/group_impl.h
Original file line number Diff line number Diff line change
Expand Up @@ -314,13 +314,17 @@ static int secp256k1_gej_eq_var(const secp256k1_gej *a, const secp256k1_gej *b)
}

static int secp256k1_gej_eq_x_var(const secp256k1_fe *x, const secp256k1_gej *a) {
secp256k1_fe r, r2;
secp256k1_fe r;

#ifdef VERIFY
secp256k1_fe_verify(x);
VERIFY_CHECK(a->x.magnitude <= 31);
secp256k1_gej_verify(a);
VERIFY_CHECK(!a->infinity);
#endif

secp256k1_fe_sqr(&r, &a->z); secp256k1_fe_mul(&r, &r, x);
r2 = a->x; secp256k1_fe_normalize_weak(&r2);
return secp256k1_fe_equal_var(&r, &r2);
return secp256k1_fe_equal_var(&r, &a->x);
}

static void secp256k1_gej_neg(secp256k1_gej *r, const secp256k1_gej *a) {
Expand Down

0 comments on commit ce51385

Please sign in to comment.