Fixup skew before global Z fixup

peterdettman · peterdettman · commit e82144edfb76 · 2021-12-26T14:56:51.000+07:00
diff --git a/src/ecmult_const_impl.h b/src/ecmult_const_impl.h
@@ -213,25 +213,22 @@ static void secp256k1_ecmult_const(secp256k1_gej *r, const secp256k1_ge *a, cons
         }
     }
 
-    secp256k1_fe_mul(&r->z, &r->z, &Z);
-
     {
         /* Correct for wNAF skew */
-        secp256k1_gej tmp;
-        secp256k1_ge a_1;
-        secp256k1_ge_neg(&a_1, a);
+        secp256k1_gej tmpj;
 
-        secp256k1_gej_add_ge(&tmp, r, &a_1);
-        secp256k1_gej_cmov(r, &tmp, skew_1);
+        secp256k1_ge_neg(&tmpa, &pre_a[0]);
+        secp256k1_gej_add_ge(&tmpj, r, &tmpa);
+        secp256k1_gej_cmov(r, &tmpj, skew_1);
 
         if (size > 128) {
-            secp256k1_ge a_lam;
-            secp256k1_ge_mul_lambda(&a_lam, &a_1);
-
-            secp256k1_gej_add_ge(&tmp, r, &a_lam);
-            secp256k1_gej_cmov(r, &tmp, skew_lam);
+            secp256k1_ge_neg(&tmpa, &pre_a_lam[0]);
+            secp256k1_gej_add_ge(&tmpj, r, &tmpa);
+            secp256k1_gej_cmov(r, &tmpj, skew_lam);
         }
     }
+
+    secp256k1_fe_mul(&r->z, &r->z, &Z);
 }
 
 #endif /* SECP256K1_ECMULT_CONST_IMPL_H */

Original file line number	Diff line number	Diff line change
`@@ -213,25 +213,22 @@ static void secp256k1_ecmult_const(secp256k1_gej r, const secp256k1_ge a, cons`
`213`	`213`	`}`
`214`	`214`	`}`
`215`	`215`
`216`		`- secp256k1_fe_mul(&r->z, &r->z, &Z);`
`217`		`-`
`218`	`216`	`{`
`219`	`217`	`/* Correct for wNAF skew */`
`220`		`- secp256k1_gej tmp;`
`221`		`- secp256k1_ge a_1;`
`222`		`- secp256k1_ge_neg(&a_1, a);`
	`218`	`+ secp256k1_gej tmpj;`
`223`	`219`
`224`		`- secp256k1_gej_add_ge(&tmp, r, &a_1);`
`225`		`- secp256k1_gej_cmov(r, &tmp, skew_1);`
	`220`	`+ secp256k1_ge_neg(&tmpa, &pre_a[0]);`
	`221`	`+ secp256k1_gej_add_ge(&tmpj, r, &tmpa);`
	`222`	`+ secp256k1_gej_cmov(r, &tmpj, skew_1);`
`226`	`223`
`227`	`224`	`if (size > 128) {`
`228`		`- secp256k1_ge a_lam;`
`229`		`- secp256k1_ge_mul_lambda(&a_lam, &a_1);`
`230`		`-`
`231`		`- secp256k1_gej_add_ge(&tmp, r, &a_lam);`
`232`		`- secp256k1_gej_cmov(r, &tmp, skew_lam);`
	`225`	`+ secp256k1_ge_neg(&tmpa, &pre_a_lam[0]);`
	`226`	`+ secp256k1_gej_add_ge(&tmpj, r, &tmpa);`
	`227`	`+ secp256k1_gej_cmov(r, &tmpj, skew_lam);`
`233`	`228`	`}`
`234`	`229`	`}`
	`230`	`+`
	`231`	`+ secp256k1_fe_mul(&r->z, &r->z, &Z);`
`235`	`232`	`}`
`236`	`233`
`237`	`234`	`#endif /* SECP256K1_ECMULT_CONST_IMPL_H */`