Optimize public key generation performance in core C implementation

[peiqing6888]

Hey folks,

While digging through the codebase, I noticed we could squeeze out some extra performance from the public key generation code. The current implementation in secp256k1.c has some room for improvement, particularly in the pubkey creation helper function.

I've been working with this in a high-frequency trading setup, and found we can shave off some unnecessary operations. The main idea is to use variable-time operations where constant-time isn't strictly needed, and clean up the control flow a bit.

Initial benchmarks show around 5-10% speedup in pubkey generation, which adds up in heavy usage scenarios. The changes are pretty straightforward - just optimizing the helper function without touching the core crypto stuff.

Happy to put together a PR if this sounds interesting. Thoughts?

Cheers

[apoelstra]

Hi @peiqing6888,

We are always happy to take PRs to improve performance. If you want to update the C code then the right venue is the upstream secp256k1 library.

I'm skeptical though that we'll be able to accept a change that makes pubkey generation variable-time. In what contexts is this acceptable? Note that we already have pubkey_tweak_add which takes an existing key and adds an offset to it in variable time.