bitcoin-core · sipa · Dec 15, 2021 · Dec 15, 2021 · Dec 15, 2021 · Dec 15, 2021
diff --git a/.gitattributes b/.gitattributes
@@ -1,2 +1,4 @@
-src/ecmult_static_pre_g.h linguist-generated
-src/ecmult_gen_static_prec_table.h linguist-generated
+src/precomputed_ecmult.h linguist-generated
+src/precomputed_ecmult.c linguist-generated
+src/precomputed_ecmult_gen.c linguist-generated
+src/precomputed_ecmult_gen.h linguist-generated
diff --git a/.gitignore b/.gitignore
@@ -3,8 +3,7 @@ bench_ecmult
 bench_internal
 tests
 exhaustive_tests
-gen_ecmult_gen_static_prec_table
-gen_ecmult_static_pre_g
+precompute
 valgrind_ctime_test
 *.exe
 *.so

diff --git a/Makefile.am b/Makefile.am
@@ -32,6 +32,8 @@ noinst_HEADERS += src/ecmult_gen.h
 noinst_HEADERS += src/ecmult_gen_impl.h
 noinst_HEADERS += src/ecmult_gen_prec.h
 noinst_HEADERS += src/ecmult_gen_prec_impl.h
+noinst_HEADERS += src/ecmult_prec.h
+noinst_HEADERS += src/ecmult_prec_impl.h
 noinst_HEADERS += src/field_10x26.h
 noinst_HEADERS += src/field_10x26_impl.h
 noinst_HEADERS += src/field_5x52.h
@@ -60,12 +62,17 @@ noinst_HEADERS += contrib/lax_der_parsing.c
 noinst_HEADERS += contrib/lax_der_privatekey_parsing.h
 noinst_HEADERS += contrib/lax_der_privatekey_parsing.c
 
+PRECOMPUTED_LIB = libsecp256k1_precomputed.la
+noinst_LTLIBRARIES = $(PRECOMPUTED_LIB)
+libsecp256k1_precomputed_la_SOURCES = src/precomputed_ecmult.c src/precomputed_ecmult_gen.c
+libsecp256k1_precomputed_la_CPPFLAGS = $(SECP_INCLUDES)
+
 if USE_EXTERNAL_ASM
 COMMON_LIB = libsecp256k1_common.la
-noinst_LTLIBRARIES = $(COMMON_LIB)
 else
 COMMON_LIB =
 endif
+noinst_LTLIBRARIES += $(COMMON_LIB)
 
 pkgconfigdir = $(libdir)/pkgconfig
 pkgconfig_DATA = libsecp256k1.pc
@@ -78,7 +85,7 @@ endif
 
 libsecp256k1_la_SOURCES = src/secp256k1.c
 libsecp256k1_la_CPPFLAGS = -I$(top_srcdir)/include -I$(top_srcdir)/src $(SECP_INCLUDES)
-libsecp256k1_la_LIBADD = $(SECP_LIBS) $(COMMON_LIB)
+libsecp256k1_la_LIBADD = $(SECP_LIBS) $(COMMON_LIB) $(PRECOMPUTED_LIB)
 libsecp256k1_la_LDFLAGS = -no-undefined
 
 if VALGRIND_ENABLED
@@ -91,10 +98,10 @@ noinst_PROGRAMS += bench bench_internal bench_ecmult
 bench_SOURCES = src/bench.c
 bench_LDADD = libsecp256k1.la $(SECP_LIBS) $(SECP_TEST_LIBS) $(COMMON_LIB)
 bench_internal_SOURCES = src/bench_internal.c
-bench_internal_LDADD = $(SECP_LIBS) $(COMMON_LIB)
+bench_internal_LDADD = $(SECP_LIBS) $(COMMON_LIB) $(PRECOMPUTED_LIB)
 bench_internal_CPPFLAGS = $(SECP_INCLUDES)
 bench_ecmult_SOURCES = src/bench_ecmult.c
-bench_ecmult_LDADD = $(SECP_LIBS) $(COMMON_LIB)
+bench_ecmult_LDADD = $(SECP_LIBS) $(COMMON_LIB) $(PRECOMPUTED_LIB)
 bench_ecmult_CPPFLAGS = $(SECP_INCLUDES)
 endif
 
@@ -112,7 +119,7 @@ endif
 if !ENABLE_COVERAGE
 tests_CPPFLAGS += -DVERIFY
 endif
-tests_LDADD = $(SECP_LIBS) $(SECP_TEST_LIBS) $(COMMON_LIB)
+tests_LDADD = $(SECP_LIBS) $(SECP_TEST_LIBS) $(COMMON_LIB) $(PRECOMPUTED_LIB)
 tests_LDFLAGS = -static
 TESTS += tests
 endif
@@ -124,41 +131,36 @@ exhaustive_tests_CPPFLAGS = $(SECP_INCLUDES)
 if !ENABLE_COVERAGE
 exhaustive_tests_CPPFLAGS += -DVERIFY
 endif
+# Note: do not include $(PRECOMPUTED_LIB) in exhaustive_tests
 exhaustive_tests_LDADD = $(SECP_LIBS) $(COMMON_LIB)
 exhaustive_tests_LDFLAGS = -static
 TESTS += exhaustive_tests
 endif
 
-### Precomputed tables
-EXTRA_PROGRAMS = gen_ecmult_static_pre_g gen_ecmult_gen_static_prec_table
+### Generating precomputed tables
+EXTRA_PROGRAMS = precompute
 CLEANFILES = $(EXTRA_PROGRAMS)
 
-gen_ecmult_static_pre_g_SOURCES = src/gen_ecmult_static_pre_g.c
-gen_ecmult_static_pre_g_CPPFLAGS = $(SECP_INCLUDES)
-gen_ecmult_static_pre_g_LDADD = $(SECP_LIBS) $(COMMON_LIB)
-
-gen_ecmult_gen_static_prec_table_SOURCES = src/gen_ecmult_gen_static_prec_table.c
-gen_ecmult_gen_static_prec_table_CPPFLAGS = $(SECP_INCLUDES)
-gen_ecmult_gen_static_prec_table_LDADD = $(SECP_LIBS) $(COMMON_LIB)
+precompute_SOURCES = src/precompute.c
+precompute_CPPFLAGS = $(SECP_INCLUDES)
+# Note: do not include $(PRECOMPUTED_LIB) in precompute
+precompute_LDADD = $(SECP_LIBS) $(COMMON_LIB)
 
 # See Automake manual, Section "Errors with distclean".
 # We don't list any dependencies for the prebuilt files here because
 # otherwise make's decision whether to rebuild them (even in the first
 # build by a normal user) depends on mtimes, and thus is very fragile.
 # This means that rebuilds of the prebuilt files always need to be
 # forced by deleting them, e.g., by invoking `make clean-precomp`.
-src/ecmult_static_pre_g.h:
- $(MAKE) $(AM_MAKEFLAGS) gen_ecmult_static_pre_g$(EXEEXT)
- ./gen_ecmult_static_pre_g$(EXEEXT)
-src/ecmult_gen_static_prec_table.h:
- $(MAKE) $(AM_MAKEFLAGS) gen_ecmult_gen_static_prec_table$(EXEEXT)
- ./gen_ecmult_gen_static_prec_table$(EXEEXT)
-
-PRECOMP = src/ecmult_gen_static_prec_table.h src/ecmult_static_pre_g.h
+src/precomputed_%:
+ $(MAKE) $(AM_MAKEFLAGS) precompute$(EXEEXT)
+ ./precompute$(EXEEXT) $@
+
+PRECOMP = src/precomputed_ecmult_gen.h src/precomputed_ecmult_gen.c src/precomputed_ecmult.h src/precomputed_ecmult.c
 noinst_HEADERS += $(PRECOMP)
 precomp: $(PRECOMP)
 
-# Ensure the prebuilt files will be build first (only if they don't exist,
+# Ensure the prebuilt files will be built first (only if they don't exist,
 # e.g., after `make maintainer-clean`).
 BUILT_SOURCES = $(PRECOMP)
 

diff --git a/configure.ac b/configure.ac
@@ -152,7 +152,7 @@ AC_ARG_WITH([ecmult-window], [AS_HELP_STRING([--with-ecmult-window=SIZE|auto],
 [window size for ecmult precomputation for verification, specified as integer in range [2..24].]
 [Larger values result in possibly better performance at the cost of an exponentially larger precomputed table.]
 [The table will store 2^(SIZE-1) * 64 bytes of data but can be larger in memory due to platform-specific padding and alignment.]
-[A window size larger than 15 will require you delete the prebuilt ecmult_static_pre_g.h file so that it can be rebuilt.]
+[A window size larger than 15 will require you delete the prebuilt precomputed_ecmult.h file so that it can be rebuilt.]
 [For very large window sizes, use "make -j 1" to reduce memory use during compilation.]
 ["auto" is a reasonable setting for desktop machines (currently 15). [default=auto]]
 )],

diff --git a/src/ecmult_gen_impl.h b/src/ecmult_gen_impl.h
@@ -12,7 +12,7 @@
 #include "group.h"
 #include "ecmult_gen.h"
 #include "hash_impl.h"
-#include "ecmult_gen_static_prec_table.h"
+#include "precomputed_ecmult_gen.h"
 
 static void secp256k1_ecmult_gen_context_build(secp256k1_ecmult_gen_context *ctx) {
  secp256k1_ecmult_gen_blind(ctx, NULL);

diff --git a/src/ecmult_impl.h b/src/ecmult_impl.h
@@ -14,7 +14,7 @@
 #include "group.h"
 #include "scalar.h"
 #include "ecmult.h"
-#include "ecmult_static_pre_g.h"
+#include "precomputed_ecmult.h"
 
 #if defined(EXHAUSTIVE_TEST_ORDER)
 /* We need to lower these values for exhaustive tests because
@@ -103,7 +103,7 @@ static void secp256k1_ecmult_odd_multiples_table(int n, secp256k1_gej *prej, sec
  * It only operates on tables sized for WINDOW_A wnaf multiples.
  *
  * To compute a*P + b*G, we compute a table for P using this function,
- * and use the precomputed table in <ecmult_static_pre_g.h> for G.
+ * and use the precomputed table in <precomputed_ecmult.h> for G.
  */
 static void secp256k1_ecmult_odd_multiples_table_globalz_windowa(secp256k1_ge *pre, secp256k1_fe *globalz, const secp256k1_gej *a) {
  secp256k1_gej prej[ECMULT_TABLE_SIZE(WINDOW_A)];

diff --git a/src/ecmult_prec.h b/src/ecmult_prec.h
@@ -0,0 +1,15 @@
+/*****************************************************************************************************
+ * Copyright (c) 2013, 2014, 2017, 2021 Pieter Wuille, Andrew Poelstra, Jonas Nick, Russell O'Connor *
+ * Distributed under the MIT software license, see the accompanying *
+ * file COPYING or https://www.opensource.org/licenses/mit-license.php. *
+ *****************************************************************************************************/
+
+#ifndef SECP256K1_ECMULT_PREC_H
+#define SECP256K1_ECMULT_PREC_H
+
+#include "ecmult.h"
+
+static void secp256k1_ecmult_create_prec_table(secp256k1_ge_storage* table, int window_g, const secp256k1_gej* gen);
+static void secp256k1_ecmult_create_prec_two_tables(secp256k1_ge_storage* table, secp256k1_ge_storage* table_128, int window_g, const secp256k1_ge* gen);
+
+#endif /* SECP256K1_ECMULT_PREC_H */
diff --git a/src/ecmult_prec_impl.h b/src/ecmult_prec_impl.h
@@ -0,0 +1,48 @@
+/*****************************************************************************************************
+ * Copyright (c) 2013, 2014, 2017, 2021 Pieter Wuille, Andrew Poelstra, Jonas Nick, Russell O'Connor *
+ * Distributed under the MIT software license, see the accompanying *
+ * file COPYING or https://www.opensource.org/licenses/mit-license.php. *
+ *****************************************************************************************************/
+
+#ifndef SECP256K1_ECMULT_PREC_IMPL_H
+#define SECP256K1_ECMULT_PREC_IMPL_H
+
+#include "ecmult_prec.h"
+#include "group_impl.h"
+#include "field_impl.h"
+#include "ecmult.h"
+#include "util.h"
+
+static void secp256k1_ecmult_create_prec_table(secp256k1_ge_storage* table, int window_g, const secp256k1_gej* gen) {
+ secp256k1_gej gj;
+ secp256k1_ge ge, dgen;
+ int j;
+
+ gj = *gen;
+ secp256k1_ge_set_gej_var(&ge, &gj);
+ secp256k1_ge_to_storage(&table[0], &ge);
+
+ secp256k1_gej_double_var(&gj, gen, NULL);
+ secp256k1_ge_set_gej_var(&dgen, &gj);
+
+ for (j = 1; j < ECMULT_TABLE_SIZE(window_g); ++j) {
+ secp256k1_gej_set_ge(&gj, &ge);
+ secp256k1_gej_add_ge_var(&gj, &gj, &dgen, NULL);
+ secp256k1_ge_set_gej_var(&ge, &gj);
+ secp256k1_ge_to_storage(&table[j], &ge);
+ }
+}
+
+static void secp256k1_ecmult_create_prec_two_tables(secp256k1_ge_storage* table, secp256k1_ge_storage* table_128, int window_g, const secp256k1_ge* gen) {
+ secp256k1_gej gj;
+ int i;
+
+ secp256k1_gej_set_ge(&gj, gen);
+ secp256k1_ecmult_create_prec_table(table, window_g, &gj);
+ for (i = 0; i < 128; ++i) {
+ secp256k1_gej_double_var(&gj, &gj, NULL);
+ }
+ secp256k1_ecmult_create_prec_table(table_128, window_g, &gj);
+}
+
+#endif /* SECP256K1_ECMULT_PREC_IMPL_H */
diff --git a/src/gen_ecmult_gen_static_prec_table.c b/src/gen_ecmult_gen_static_prec_table.c