Avoid an inversion during ECDSA/SM2/etc signature verification #4211
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
randombit
force-pushed
the
jack/project-r
branch
from
37dc241 to
7effff0
Compare
20 tasks
reneme
approved these changes
Jul 15, 2024
…ality check @gmaxwell pointed out in a really great comment on #1479 that you don't need to actually perform a projective->affine conversion in ECDSA verification, since instead you can project the r value. However in the current setup that's not possible since the function is defining as returning the value and then the comparison happens in the pubkey code. Instead have the expected value be passed down and all that comes back is a boolean accept or reject. This allows the project-r optimization. This also avoids some back and forth with the various type wrappers, which is a small win on its own.
Given a projective coordinate, we previously performed an inversion to extract the affine x. But instead we can project v using the same value of z as the projective point. This improves ECDSA verification performance by between 4% and 9%, depending on the curve.
randombit
force-pushed
the
jack/project-r
branch
from
7effff0 to
ef6efa3
Compare
randombit
added a commit
that referenced
this pull request
Jul 15, 2024
This is the same trick as #4211 applied in the pcurves implementation. Improves ECDSA verification by 6-12% depending on the curve.
randombit
added a commit
that referenced
this pull request
Jul 15, 2024
This is the same trick as #4211 applied in the pcurves implementation. Improves ECDSA verification by 6-12% depending on the curve.
randombit
added a commit
that referenced
this pull request
Jul 15, 2024
This is the same trick as #4211 applied in the pcurves implementation. Improves ECDSA verification by 6-12% depending on the curve.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Instead of converting the multiscalar product to affine and extracting the x coordinate for comparison, project the verification value. This saves an inversion and improves ECDSA verification by 4-9%