Skip to content

Commit 120c653

Browse files
sipasipa
committed
Optimization: special-case zero modulus limbs in modinv64
This doesn't appear to be a win in the 32-bit implementation, so only do it for the 64-bit one.
1 parent d41aecf commit 120c653

File tree

1 file changed

+17
-6
lines changed

1 file changed

+17
-6
lines changed

src/modinv64_impl.h

Lines changed: 17 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -201,6 +201,7 @@ static void secp256k1_modinv64_update_de_62(secp256k1_modinv64_signed62 *d, secp
201201
md -= (modinfo->modulus_inv62 * (uint64_t)cd + md) & M62;
202202
me -= (modinfo->modulus_inv62 * (uint64_t)ce + me) & M62;
203203

204+
/* The modulus has to be odd, so we can assume it is nonzero. */
204205
cd += (int128_t)modinfo->modulus.v[0] * md;
205206
ce += (int128_t)modinfo->modulus.v[0] * me;
206207

@@ -210,33 +211,43 @@ static void secp256k1_modinv64_update_de_62(secp256k1_modinv64_signed62 *d, secp
210211
cd += (int128_t)u * d1 + (int128_t)v * e1;
211212
ce += (int128_t)q * d1 + (int128_t)r * e1;
212213

213-
cd += (int128_t)modinfo->modulus.v[1] * md;
214-
ce += (int128_t)modinfo->modulus.v[1] * me;
214+
/* Limb 1 of the modulus may be zero (optimization). */
215+
if (modinfo->modulus.v[1]) {
216+
cd += (int128_t)modinfo->modulus.v[1] * md;
217+
ce += (int128_t)modinfo->modulus.v[1] * me;
218+
}
215219

216220
d->v[0] = (int64_t)cd & M62; cd >>= 62;
217221
e->v[0] = (int64_t)ce & M62; ce >>= 62;
218222

219223
cd += (int128_t)u * d2 + (int128_t)v * e2;
220224
ce += (int128_t)q * d2 + (int128_t)r * e2;
221225

222-
cd += (int128_t)modinfo->modulus.v[2] * md;
223-
ce += (int128_t)modinfo->modulus.v[2] * me;
226+
/* Limb 2 of the modulus may be zero (optimization). */
227+
if (modinfo->modulus.v[2]) {
228+
cd += (int128_t)modinfo->modulus.v[2] * md;
229+
ce += (int128_t)modinfo->modulus.v[2] * me;
230+
}
224231

225232
d->v[1] = (int64_t)cd & M62; cd >>= 62;
226233
e->v[1] = (int64_t)ce & M62; ce >>= 62;
227234

228235
cd += (int128_t)u * d3 + (int128_t)v * e3;
229236
ce += (int128_t)q * d3 + (int128_t)r * e3;
230237

231-
cd += (int128_t)modinfo->modulus.v[3] * md;
232-
ce += (int128_t)modinfo->modulus.v[3] * me;
238+
/* Limb 3 of the modulus may be zero (optimization). */
239+
if (modinfo->modulus.v[3]) {
240+
cd += (int128_t)modinfo->modulus.v[3] * md;
241+
ce += (int128_t)modinfo->modulus.v[3] * me;
242+
}
233243

234244
d->v[2] = (int64_t)cd & M62; cd >>= 62;
235245
e->v[2] = (int64_t)ce & M62; ce >>= 62;
236246

237247
cd += (int128_t)u * d4 + (int128_t)v * e4;
238248
ce += (int128_t)q * d4 + (int128_t)r * e4;
239249

250+
/* As this is for 256-bit operations, assume the top limb is nonzero. */
240251
cd += (int128_t)modinfo->modulus.v[4] * md;
241252
ce += (int128_t)modinfo->modulus.v[4] * me;
242253

0 commit comments

Comments
 (0)