[openssl-dev] A faster addition chain for use in P-256 inversion mod n
Brian Smith
brian at briansmith.org
Wed Jun 29 21:49:01 UTC 2016
Hi,
I saw Vlad Krasnov's patch to optimize inversion mod n for the P-256
curve. Please see [1], which presents an addition chain that uses 9
fewer multiplications (but two more squarings, IIRC). I spent some
non-trivial effort to optimize this chain, but I wouldn't be surprised
to see somebody remove 3-4 more multiplications.
I don't think you'll want to use the code directly, but I think you
can make use of the math.
The same code has an analogous addition chain for the P-384 curve, but
it isn't optimized to the same extent.
[1] https://github.com/briansmith/ring/commit/ad6528f98bd228208f93c179cbbae87604c282fe#diff-b0cdc11124e9960a1faeb7baa390b50fR76
Cheers,
Brian
--
https://briansmith.org/
More information about the openssl-dev
mailing list