Skip to content

Commit b4721dc

Browse files
sipasipa
committed
Optimization: special-case zero modulus limbs in modinv64
This doesn't appear to be a win in the 32-bit implementation, so only do it for the 64-bit one.
1 parent e69e69c commit b4721dc

File tree

1 file changed

+17
-6
lines changed

1 file changed

+17
-6
lines changed

src/modinv64_impl.h

Lines changed: 17 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -195,6 +195,7 @@ static void secp256k1_modinv64_update_de_62(secp256k1_modinv64_signed62 *d, secp
195195
md -= (modinfo->modulus_inv62 * (uint64_t)cd + md) & M62;
196196
me -= (modinfo->modulus_inv62 * (uint64_t)ce + me) & M62;
197197

198+
/* The modulus has to be odd, so we can assume it is nonzero. */
198199
cd += (int128_t)modinfo->modulus.v[0] * md;
199200
ce += (int128_t)modinfo->modulus.v[0] * me;
200201

@@ -204,33 +205,43 @@ static void secp256k1_modinv64_update_de_62(secp256k1_modinv64_signed62 *d, secp
204205
cd += (int128_t)u * d1 + (int128_t)v * e1;
205206
ce += (int128_t)q * d1 + (int128_t)r * e1;
206207

207-
cd += (int128_t)modinfo->modulus.v[1] * md;
208-
ce += (int128_t)modinfo->modulus.v[1] * me;
208+
/* Limb 1 of the modulus may be zero (optimization). */
209+
if (modinfo->modulus.v[1]) {
210+
cd += (int128_t)modinfo->modulus.v[1] * md;
211+
ce += (int128_t)modinfo->modulus.v[1] * me;
212+
}
209213

210214
d->v[0] = (int64_t)cd & M62; cd >>= 62;
211215
e->v[0] = (int64_t)ce & M62; ce >>= 62;
212216

213217
cd += (int128_t)u * d2 + (int128_t)v * e2;
214218
ce += (int128_t)q * d2 + (int128_t)r * e2;
215219

216-
cd += (int128_t)modinfo->modulus.v[2] * md;
217-
ce += (int128_t)modinfo->modulus.v[2] * me;
220+
/* Limb 2 of the modulus may be zero (optimization). */
221+
if (modinfo->modulus.v[2]) {
222+
cd += (int128_t)modinfo->modulus.v[2] * md;
223+
ce += (int128_t)modinfo->modulus.v[2] * me;
224+
}
218225

219226
d->v[1] = (int64_t)cd & M62; cd >>= 62;
220227
e->v[1] = (int64_t)ce & M62; ce >>= 62;
221228

222229
cd += (int128_t)u * d3 + (int128_t)v * e3;
223230
ce += (int128_t)q * d3 + (int128_t)r * e3;
224231

225-
cd += (int128_t)modinfo->modulus.v[3] * md;
226-
ce += (int128_t)modinfo->modulus.v[3] * me;
232+
/* Limb 3 of the modulus may be zero (optimization). */
233+
if (modinfo->modulus.v[3]) {
234+
cd += (int128_t)modinfo->modulus.v[3] * md;
235+
ce += (int128_t)modinfo->modulus.v[3] * me;
236+
}
227237

228238
d->v[2] = (int64_t)cd & M62; cd >>= 62;
229239
e->v[2] = (int64_t)ce & M62; ce >>= 62;
230240

231241
cd += (int128_t)u * d4 + (int128_t)v * e4;
232242
ce += (int128_t)q * d4 + (int128_t)r * e4;
233243

244+
/* As this is for 256-bit operations, assume the top limb is nonzero. */
234245
cd += (int128_t)modinfo->modulus.v[4] * md;
235246
ce += (int128_t)modinfo->modulus.v[4] * me;
236247

0 commit comments

Comments
 (0)