From e82144edfb7673d9a5eeb2b556d08be5223835ac Mon Sep 17 00:00:00 2001 From: Peter Dettman Date: Sun, 26 Dec 2021 14:56:28 +0700 Subject: [PATCH] Fixup skew before global Z fixup --- src/ecmult_const_impl.h | 21 +++++++++------------ 1 file changed, 9 insertions(+), 12 deletions(-) diff --git a/src/ecmult_const_impl.h b/src/ecmult_const_impl.h index c384d0fac9..3d198dcede 100644 --- a/src/ecmult_const_impl.h +++ b/src/ecmult_const_impl.h @@ -213,25 +213,22 @@ static void secp256k1_ecmult_const(secp256k1_gej *r, const secp256k1_ge *a, cons } } - secp256k1_fe_mul(&r->z, &r->z, &Z); - { /* Correct for wNAF skew */ - secp256k1_gej tmp; - secp256k1_ge a_1; - secp256k1_ge_neg(&a_1, a); + secp256k1_gej tmpj; - secp256k1_gej_add_ge(&tmp, r, &a_1); - secp256k1_gej_cmov(r, &tmp, skew_1); + secp256k1_ge_neg(&tmpa, &pre_a[0]); + secp256k1_gej_add_ge(&tmpj, r, &tmpa); + secp256k1_gej_cmov(r, &tmpj, skew_1); if (size > 128) { - secp256k1_ge a_lam; - secp256k1_ge_mul_lambda(&a_lam, &a_1); - - secp256k1_gej_add_ge(&tmp, r, &a_lam); - secp256k1_gej_cmov(r, &tmp, skew_lam); + secp256k1_ge_neg(&tmpa, &pre_a_lam[0]); + secp256k1_gej_add_ge(&tmpj, r, &tmpa); + secp256k1_gej_cmov(r, &tmpj, skew_lam); } } + + secp256k1_fe_mul(&r->z, &r->z, &Z); } #endif /* SECP256K1_ECMULT_CONST_IMPL_H */