Daiki Ueno ueno@gnu.org writes:
From 8bc6e735d4b40cbab5e187a28e01b63a04ecd92b Mon Sep 17 00:00:00 2001 From: Daiki Ueno dueno@redhat.com Date: Fri, 23 Jun 2017 17:26:18 +0200 Subject: [PATCH 2/4] Implement Curve448 primitives
This patch adds the necessary primitives for "curve448", defined in RFC 7748. Those primitives are namely: addition, doubling, scalar multiplication of the generator or an arbitrary point, inversion, and square root.
[...]
+/* Computes a^{(p-3)/4} = a^{2^446-2^222-1} mod m. Needs 9 * n scratch
- space. */
+static void +ecc_mod_pow_446m224m1 (const struct ecc_modulo *p,
mp_limb_t *rp, const mp_limb_t *ap,mp_limb_t *scratch)+{ +#define t0 scratch +#define t1 (scratch + 3*ECC_LIMB_SIZE) +#define t2 (scratch + 6*ECC_LIMB_SIZE)
I think 6*n scratch space should be enough (with no other changes to this function),
#define t0 scratch #define t1 (scratch + 2*ECC_LIMB_SIZE) #define t2 (scratch + 4*ECC_LIMB_SIZE)
(And it could possibly be trimmed down a bit further, by storing the reused value a^{2^222 - 1} first).
Do you agree? Then storage for a few other things can likely be trimmed down too, in particular, curve448_mul would get the same scratch need as curve25519_mul, 12*n rather than 14*n.
Regards, /Niels