ecc/p384: use of complete projective formulas for scalar multiplication.

armfazh · armfazh · commit fcba359f4178 · 2026-01-22T03:08:10.000-08:00
diff --git a/ecc/p384/p384opt.go b/ecc/p384/p384opt.go
@@ -94,33 +94,32 @@ func (c curve) scalarMultOmega(x1, y1 *big.Int, k []byte, omega uint) (x, y *big
 	const bitsN = uint(384)
 	L := math.SignedDigit(&scalar, omega, bitsN)
 
-	var R jacobianPoint
-	Q := zeroPoint().toJacobian()
-	TabP := newAffinePoint(x1, y1).oddMultiples(omega)
+	var R projectivePoint
+	Q := zeroPoint().toProjective()
+	TabP := newAffinePoint(x1, y1).oddMultiplesProy(omega)
 	for i := len(L) - 1; i > 0; i-- {
 		for j := uint(0); j < omega-1; j++ {
-			Q.double()
+			Q.completeAdd(Q, Q)
 		}
 		idx := absolute(L[i]) >> 1
 		for j := range TabP {
 			R.cmov(&TabP[j], subtle.ConstantTimeEq(int32(j), idx))
 		}
 		R.cneg(int(L[i]>>31) & 1)
-		Q.add(Q, &R)
+		Q.completeAdd(Q, &R)
 	}
 	// Calculate the last iteration using complete addition formula.
 	for j := uint(0); j < omega-1; j++ {
-		Q.double()
+		Q.completeAdd(Q, Q)
 	}
 	idx := absolute(L[0]) >> 1
 	for j := range TabP {
 		R.cmov(&TabP[j], subtle.ConstantTimeEq(int32(j), idx))
 	}
 	R.cneg(int(L[0]>>31) & 1)
-	QQ := Q.toProjective()
-	QQ.completeAdd(QQ, R.toProjective())
-	QQ.cneg(isEvenK)
-	return QQ.toAffine().toInt()
+	Q.completeAdd(Q, &R)
+	Q.cneg(isEvenK)
+	return Q.toAffine().toInt()
 }
 
 // ScalarBaseMult returns k*G, where G is the base point of the group
diff --git a/ecc/p384/point.go b/ecc/p384/point.go
@@ -87,6 +87,24 @@ func (ap affinePoint) oddMultiples(n uint) []jacobianPoint {
 	return t
 }
 
+// OddMultiplesProy calculates the points iP for i={1,3,5,7,..., 2^(n-1)-1}
+// Ensure that 1 < n < 31, otherwise it returns an empty slice.
+func (ap affinePoint) oddMultiplesProy(n uint) []projectivePoint {
+	var t []projectivePoint
+	if n > 1 && n < 31 {
+		P := ap.toProjective()
+		s := int32(1) << (n - 1)
+		t = make([]projectivePoint, s)
+		t[0] = *P
+		var _2P projectivePoint
+		_2P.completeAdd(P, P)
+		for i := int32(1); i < s; i++ {
+			t[i].completeAdd(&t[i-1], &_2P)
+		}
+	}
+	return t
+}
+
 // p2Point is a point in P^2
 type p2Point struct{ x, y, z fp384 }
 
@@ -303,6 +321,8 @@ func (P *projectivePoint) isZero() bool {
 	return P.x == zero && P.y != zero && P.z == zero
 }
 
+func (P *projectivePoint) cmov(Q *projectivePoint, b int) { P.p2Point.cmov(&Q.p2Point, b) }
+
 func (P *projectivePoint) toAffine() *affinePoint {
 	var aP affinePoint
 	z := &fp384{}
