Skip to content

Commit 8b7680a

Browse files
gmaxwellgmaxwell
committed
Unroll secp256k1_fe_(get|set)_b32 for 10x26.
field_get_b32: min 0.890us / avg 0.905us / max 0.956us field_set_b32: min 1.12us / avg 1.15us / max 1.19us becomes field_get_b32: min 0us / avg 0.000000119us / max 0.000000238us field_set_b32: min 0.0532us / avg 0.0584us / max 0.0782us
1 parent aa84990 commit 8b7680a

File tree

1 file changed

+43
-22
lines changed

1 file changed

+43
-22
lines changed

src/field_10x26_impl.h

Lines changed: 43 additions & 22 deletions
Original file line numberDiff line numberDiff line change
@@ -321,17 +321,17 @@ static int secp256k1_fe_cmp_var(const secp256k1_fe *a, const secp256k1_fe *b) {
321321
}
322322

323323
static int secp256k1_fe_set_b32(secp256k1_fe *r, const unsigned char *a) {
324-
int i;
325-
r->n[0] = r->n[1] = r->n[2] = r->n[3] = r->n[4] = 0;
326-
r->n[5] = r->n[6] = r->n[7] = r->n[8] = r->n[9] = 0;
327-
for (i=0; i<32; i++) {
328-
int j;
329-
for (j=0; j<4; j++) {
330-
int limb = (8*i+2*j)/26;
331-
int shift = (8*i+2*j)%26;
332-
r->n[limb] |= (uint32_t)((a[31-i] >> (2*j)) & 0x3) << shift;
333-
}
334-
}
324+
r->n[0] = (uint32_t)a[31] | ((uint32_t)a[30] << 8) | ((uint32_t)a[29] << 16) | ((uint32_t)(a[28] & 0x3) << 24);
325+
r->n[1] = (uint32_t)((a[28] >> 2) & 0x3f) | ((uint32_t)a[27] << 6) | ((uint32_t)a[26] << 14) | ((uint32_t)(a[25] & 0xf) << 22);
326+
r->n[2] = (uint32_t)((a[25] >> 4) & 0xf) | ((uint32_t)a[24] << 4) | ((uint32_t)a[23] << 12) | ((uint32_t)(a[22] & 0x3f) << 20);
327+
r->n[3] = (uint32_t)((a[22] >> 6) & 0x3) | ((uint32_t)a[21] << 2) | ((uint32_t)a[20] << 10) | ((uint32_t)a[19] << 18);
328+
r->n[4] = (uint32_t)a[18] | ((uint32_t)a[17] << 8) | ((uint32_t)a[16] << 16) | ((uint32_t)(a[15] & 0x3) << 24);
329+
r->n[5] = (uint32_t)((a[15] >> 2) & 0x3f) | ((uint32_t)a[14] << 6) | ((uint32_t)a[13] << 14) | ((uint32_t)(a[12] & 0xf) << 22);
330+
r->n[6] = (uint32_t)((a[12] >> 4) & 0xf) | ((uint32_t)a[11] << 4) | ((uint32_t)a[10] << 12) | ((uint32_t)(a[9] & 0x3f) << 20);
331+
r->n[7] = (uint32_t)((a[9] >> 6) & 0x3) | ((uint32_t)a[8] << 2) | ((uint32_t)a[7] << 10) | ((uint32_t)a[6] << 18);
332+
r->n[8] = (uint32_t)a[5] | ((uint32_t)a[4] << 8) | ((uint32_t)a[3] << 16) | ((uint32_t)(a[2] & 0x3) << 24);
333+
r->n[9] = (uint32_t)((a[2] >> 2) & 0x3f) | ((uint32_t)a[1] << 6) | ((uint32_t)a[0] << 14);
334+
335335
if (r->n[9] == 0x3FFFFFUL && (r->n[8] & r->n[7] & r->n[6] & r->n[5] & r->n[4] & r->n[3] & r->n[2]) == 0x3FFFFFFUL && (r->n[1] + 0x40UL + ((r->n[0] + 0x3D1UL) >> 26)) > 0x3FFFFFFUL) {
336336
return 0;
337337
}
@@ -345,21 +345,42 @@ static int secp256k1_fe_set_b32(secp256k1_fe *r, const unsigned char *a) {
345345

346346
/** Convert a field element to a 32-byte big endian value. Requires the input to be normalized */
347347
static void secp256k1_fe_get_b32(unsigned char *r, const secp256k1_fe *a) {
348-
int i;
349348
#ifdef VERIFY
350349
VERIFY_CHECK(a->normalized);
351350
secp256k1_fe_verify(a);
352351
#endif
353-
for (i=0; i<32; i++) {
354-
int j;
355-
int c = 0;
356-
for (j=0; j<4; j++) {
357-
int limb = (8*i+2*j)/26;
358-
int shift = (8*i+2*j)%26;
359-
c |= ((a->n[limb] >> shift) & 0x3) << (2 * j);
360-
}
361-
r[31-i] = c;
362-
}
352+
r[0] = (a->n[9] >> 14) & 0xff;
353+
r[1] = (a->n[9] >> 6) & 0xff;
354+
r[2] = ((a->n[9] & 0x3F) << 2) | ((a->n[8] >> 24) & 0x3);
355+
r[3] = (a->n[8] >> 16) & 0xff;
356+
r[4] = (a->n[8] >> 8) & 0xff;
357+
r[5] = a->n[8] & 0xff;
358+
r[6] = (a->n[7] >> 18) & 0xff;
359+
r[7] = (a->n[7] >> 10) & 0xff;
360+
r[8] = (a->n[7] >> 2) & 0xff;
361+
r[9] = ((a->n[7] & 0x3) << 6) | ((a->n[6] >> 20) & 0x3f);
362+
r[10] = (a->n[6] >> 12) & 0xff;
363+
r[11] = (a->n[6] >> 4) & 0xff;
364+
r[12] = ((a->n[6] & 0xf) << 4) | ((a->n[5] >> 22) & 0xf);
365+
r[13] = (a->n[5] >> 14) & 0xff;
366+
r[14] = (a->n[5] >> 6) & 0xff;
367+
r[15] = ((a->n[5] & 0x3f) << 2) | ((a->n[4] >> 24) & 0x3);
368+
r[16] = (a->n[4] >> 16) & 0xff;
369+
r[17] = (a->n[4] >> 8) & 0xff;
370+
r[18] = a->n[4] & 0xff;
371+
r[19] = (a->n[3] >> 18) & 0xff;
372+
r[20] = (a->n[3] >> 10) & 0xff;
373+
r[21] = (a->n[3] >> 2) & 0xff;
374+
r[22] = ((a->n[3] & 0x3) << 6) | ((a->n[2] >> 20) & 0x3f);
375+
r[23] = (a->n[2] >> 12) & 0xff;
376+
r[24] = (a->n[2] >> 4) & 0xff;
377+
r[25] = ((a->n[2] & 0xf) << 4) | ((a->n[1] >> 22) & 0xf);
378+
r[26] = (a->n[1] >> 14) & 0xff;
379+
r[27] = (a->n[1] >> 6) & 0xff;
380+
r[28] = ((a->n[1] & 0x3f) << 2) | ((a->n[0] >> 24) & 0x3);
381+
r[29] = (a->n[0] >> 16) & 0xff;
382+
r[30] = (a->n[0] >> 8) & 0xff;
383+
r[31] = a->n[0] & 0xff;
363384
}
364385

365386
SECP256K1_INLINE static void secp256k1_fe_negate(secp256k1_fe *r, const secp256k1_fe *a, int m) {

0 commit comments

Comments
 (0)