Daiki Ueno <[email protected]> writes:
> From 8bc6e735d4b40cbab5e187a28e01b63a04ecd92b Mon Sep 17 00:00:00 2001
> From: Daiki Ueno <[email protected]>
> Date: Fri, 23 Jun 2017 17:26:18 +0200
> Subject: [PATCH 2/4] Implement Curve448 primitives
>
> This patch adds the necessary primitives for "curve448", defined in
> RFC 7748. Those primitives are namely: addition, doubling, scalar
> multiplication of the generator or an arbitrary point, inversion, and
> square root.
[...]
> +/* Computes a^{(p-3)/4} = a^{2^446-2^222-1} mod m. Needs 9 * n scratch
> + space. */
> +static void
> +ecc_mod_pow_446m224m1 (const struct ecc_modulo *p,
> + mp_limb_t *rp, const mp_limb_t *ap,
> + mp_limb_t *scratch)
> +{
> +#define t0 scratch
> +#define t1 (scratch + 3*ECC_LIMB_SIZE)
> +#define t2 (scratch + 6*ECC_LIMB_SIZE)
I think 6*n scratch space should be enough (with no other changes to
this function),
#define t0 scratch
#define t1 (scratch + 2*ECC_LIMB_SIZE)
#define t2 (scratch + 4*ECC_LIMB_SIZE)
(And it could possibly be trimmed down a bit further, by storing the
reused value a^{2^222 - 1} first).
Do you agree? Then storage for a few other things can likely be trimmed
down too, in particular, curve448_mul would get the same scratch need as
curve25519_mul, 12*n rather than 14*n.
Regards,
/Niels
--
Niels Möller. PGP-encrypted email is preferred. Keyid 368C6677.
Internet email is subject to wholesale government surveillance.
_______________________________________________
nettle-bugs mailing list
[email protected]
http://lists.lysator.liu.se/mailman/listinfo/nettle-bugs
