Merge #1761: ecmult_multi: reduce strauss memory usage by 30%

real-or-random · real-or-random · commit b6c2a3cd7752 · 2025-11-18T09:36:40.000+01:00
26166c4 ecmult_multi: reduce strauss memory usage by 30% (Jonas Nick) Pull request description: This is a draft because I'm not sure about the cleanest way to implement it. ACKs for top commit: real-or-random: ACK 26166c4 benchmarks show no significant difference (only tried low point counts) siv2r: tACK 26166c4 hebasto: ACK 26166c4, I have reviewed the code and it looks OK. Tree-SHA512: f289daee0b0b51451331eefdd99200a78bd83539365d38465c038dc0e6ad940daf821119f7161b08a2390cf046e3859a8f950f2fe881a427aba16353031def7d
diff --git a/src/ecmult_impl.h b/src/ecmult_impl.h
@@ -220,9 +220,24 @@ static int secp256k1_ecmult_wnaf(int *wnaf, int len, const secp256k1_scalar *a,
     return last_set_bit + 1;
 }
 
+/* Same as secp256k1_ecmult_wnaf, but stores to int8_t array. Requires w <= 8. */
+static int secp256k1_ecmult_wnaf_small(int8_t *wnaf, int len, const secp256k1_scalar *a, int w) {
+    int wnaf_tmp[256];
+    int ret, i;
+
+    VERIFY_CHECK(2 <= w && w <= 8);
+    ret = secp256k1_ecmult_wnaf(wnaf_tmp, len, a, w);
+
+    for (i = 0; i < len; i++) {
+        wnaf[i] = (int8_t)wnaf_tmp[i];
+    }
+
+    return ret;
+}
+
 struct secp256k1_strauss_point_state {
-    int wnaf_na_1[129];
-    int wnaf_na_lam[129];
+    int8_t wnaf_na_1[129];
+    int8_t wnaf_na_lam[129];
     int bits_na_1;
     int bits_na_lam;
 };
@@ -259,8 +274,8 @@ static void secp256k1_ecmult_strauss_wnaf(const struct secp256k1_strauss_state *
         secp256k1_scalar_split_lambda(&na_1, &na_lam, &na[np]);
 
         /* build wnaf representation for na_1 and na_lam. */
-        state->ps[no].bits_na_1   = secp256k1_ecmult_wnaf(state->ps[no].wnaf_na_1,   129, &na_1,   WINDOW_A);
-        state->ps[no].bits_na_lam = secp256k1_ecmult_wnaf(state->ps[no].wnaf_na_lam, 129, &na_lam, WINDOW_A);
+        state->ps[no].bits_na_1   = secp256k1_ecmult_wnaf_small(state->ps[no].wnaf_na_1,   129, &na_1,   WINDOW_A);
+        state->ps[no].bits_na_lam = secp256k1_ecmult_wnaf_small(state->ps[no].wnaf_na_lam, 129, &na_lam, WINDOW_A);
         VERIFY_CHECK(state->ps[no].bits_na_1 <= 129);
         VERIFY_CHECK(state->ps[no].bits_na_lam <= 129);
         if (state->ps[no].bits_na_1 > bits) {
