Pieter Wuille
Pieter Wuille
@peterdettman Nice! Benchmarks on Ryzen 5950x (default compilation options, GCC 11.2.0, `SECP256K1_BENCH_ITERS=1000000 ./bench_internal inverse`: ``` master: field_inverse , 1.27 , 1.27 , 1.28 field_inverse_var , 0.867 , 0.871 , 0.874...
@peterdettman A vartime version of the vec matrix code could perhaps also do more than 59 iterations.
Benchmarks on ARM64 (Cortex-A53, default compilation options, GCC 9.3.0, `./bench_internal inverse`): ``` master: field_inverse , 12.5 , 12.5 , 12.5 field_inverse_var , 7.26 , 7.27 , 7.27 pr1031: field_inverse ,...
ACK 6afd499f53e94d48a7fd90ff345d47101a6c6e41 @robot-dreams Perhaps you're interested in reviewing this too? @peterdettman Given that your later (and much more significant) improvement builds on top of this one (at least conceptually, using...
See my updated branch https://github.com/sipa/secp256k1/commits/pr1031 . I've edited the "Update safegcd writeup to reflect the code" commit to address @robot-dreams's comments.
At least the implementation choice-specific includes are incorrect (e.g. you should include "field.h" instead of "field_5x52.h", and "scalar.h" instead of "scalar_4x64.h").
If it's derived from the seckey and/or message (and not from a counter or other mutable data), there is no need to modify the actual in-context `initial` point though. The...
Perhaps after #693? The ecmult_gen code gets changed a lot.
Benchmarks: #### AMD Ryzen 5950X, GCC 11.2.0, default compile options Using `./autogen.sh && ./configure --enable-experimental --enable-module-schnorrsig && make clean && make -j check && SECP256K1_BENCH_ITERS=1000000 ./bench schnorrsig_sign` ``` master: schnorrsig_sign...
I occurs to me that we could actually avoid the cost of doing the scalar halving at ecmult_gen time, by instead having precomputed tables with multiples of G/2 instead of...