From 37dba329c6cb0f7a4228a11dc26aa3a342a3a5d0 Mon Sep 17 00:00:00 2001 From: Jonas Nick Date: Fri, 17 Apr 2020 18:06:47 +0000 Subject: [PATCH] Remove unnecessary sign variable from wnaf_const --- src/ecmult_const_impl.h | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/src/ecmult_const_impl.h b/src/ecmult_const_impl.h index d0d963182464a..0c26b1e767e2c 100644 --- a/src/ecmult_const_impl.h +++ b/src/ecmult_const_impl.h @@ -101,16 +101,22 @@ static int secp256k1_wnaf_const(int *wnaf, const secp256k1_scalar *scalar, int w /* 4 */ u_last = secp256k1_scalar_shr_int(&s, w); do { - int sign; int even; /* 4.1 4.4 */ u = secp256k1_scalar_shr_int(&s, w); /* 4.2 */ even = ((u & 1) == 0); - sign = 2 * (u_last > 0) - 1; - u += sign * even; - u_last -= sign * even * (1 << w); + /* In contrast to the original algorithm, u_last is always > 0 and + * therefore we do not need to check its sign. In particular, it's easy + * to see that u_last is never < 0 because u is never < 0. Moreover, + * u_last is never = 0 because u is never even after a loop + * iteration. The same holds analogously for the initial value of + * u_last (in the first loop iteration). */ + VERIFY_CHECK(u_last > 0); + VERIFY_CHECK((u_last & 1) == 1); + u += even; + u_last -= even * (1 << w); /* 4.3, adapted for global sign change */ wnaf[word++] = u_last * global_sign;