Skip to content

Commit 7a5c193

Browse files
sipasipa
committed
Optimization: special-case zero modulus limbs in modinv64
This doesn't appear to be a win in the 32-bit implementation, so only do it for the 64-bit one.
1 parent 5f1817b commit 7a5c193

File tree

1 file changed

+17
-6
lines changed

1 file changed

+17
-6
lines changed

src/modinv64_impl.h

Lines changed: 17 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -189,6 +189,7 @@ static void secp256k1_modinv64_update_de_62(secp256k1_modinv64_signed62 *d, secp
189189
md -= (modinfo->modulus_inv62 * (uint64_t)cd + md) & M62;
190190
me -= (modinfo->modulus_inv62 * (uint64_t)ce + me) & M62;
191191

192+
/* The modulus has to be odd, so we can assume it is nonzero. */
192193
cd += (int128_t)modinfo->modulus.v[0] * md;
193194
ce += (int128_t)modinfo->modulus.v[0] * me;
194195

@@ -198,33 +199,43 @@ static void secp256k1_modinv64_update_de_62(secp256k1_modinv64_signed62 *d, secp
198199
cd += (int128_t)u * d1 + (int128_t)v * e1;
199200
ce += (int128_t)q * d1 + (int128_t)r * e1;
200201

201-
cd += (int128_t)modinfo->modulus.v[1] * md;
202-
ce += (int128_t)modinfo->modulus.v[1] * me;
202+
/* Limb 1 of the modulus may be zero (optimization). */
203+
if (modinfo->modulus.v[1]) {
204+
cd += (int128_t)modinfo->modulus.v[1] * md;
205+
ce += (int128_t)modinfo->modulus.v[1] * me;
206+
}
203207

204208
d->v[0] = (int64_t)cd & M62; cd >>= 62;
205209
e->v[0] = (int64_t)ce & M62; ce >>= 62;
206210

207211
cd += (int128_t)u * d2 + (int128_t)v * e2;
208212
ce += (int128_t)q * d2 + (int128_t)r * e2;
209213

210-
cd += (int128_t)modinfo->modulus.v[2] * md;
211-
ce += (int128_t)modinfo->modulus.v[2] * me;
214+
/* Limb 2 of the modulus may be zero (optimization). */
215+
if (modinfo->modulus.v[2]) {
216+
cd += (int128_t)modinfo->modulus.v[2] * md;
217+
ce += (int128_t)modinfo->modulus.v[2] * me;
218+
}
212219

213220
d->v[1] = (int64_t)cd & M62; cd >>= 62;
214221
e->v[1] = (int64_t)ce & M62; ce >>= 62;
215222

216223
cd += (int128_t)u * d3 + (int128_t)v * e3;
217224
ce += (int128_t)q * d3 + (int128_t)r * e3;
218225

219-
cd += (int128_t)modinfo->modulus.v[3] * md;
220-
ce += (int128_t)modinfo->modulus.v[3] * me;
226+
/* Limb 3 of the modulus may be zero (optimization). */
227+
if (modinfo->modulus.v[3]) {
228+
cd += (int128_t)modinfo->modulus.v[3] * md;
229+
ce += (int128_t)modinfo->modulus.v[3] * me;
230+
}
221231

222232
d->v[2] = (int64_t)cd & M62; cd >>= 62;
223233
e->v[2] = (int64_t)ce & M62; ce >>= 62;
224234

225235
cd += (int128_t)u * d4 + (int128_t)v * e4;
226236
ce += (int128_t)q * d4 + (int128_t)r * e4;
227237

238+
/* As this is for 256-bit operations, assume the top limb is nonzero. */
228239
cd += (int128_t)modinfo->modulus.v[4] * md;
229240
ce += (int128_t)modinfo->modulus.v[4] * me;
230241

0 commit comments

Comments
 (0)