Suggestions on adding precomputes for verification

[xxuejie]

Hi there,

Right now secp256k1 has a ecmult-static-precomputation module which allows us to trade space for speed. However the precomputation is only activated in secp256k1_ecmult_gen_context used in signing part. In our case we want to enable the precomputation in secp256k1_ecmult_context used in verification part as well.

We do have a patch that is mostly working here, and we are interested in submitting it to upstream. However, the result here, is that a 512KB code size increase(actually 1MB if endomorphism is also enabled). So before wasting everyone's time, we want to first check the best possible way going forward here. Should we put it in a second flag so we can disable it by default and enable it on demand? Or is it good enough to share the same precomputation flag?

Many thanks!

[real-or-random]

Thanks, great stuff. This is a related PR (abandoned but just because the creator is not working on it anymore):
#614
It introduces precomputed values only if the table is small, which may make more sense than a huge (1 MB) table.

[sipa]

I just stumbled upon this issue. It seems we did some double work in #956, but it does mean this can be now closed.