summary refs log tree commit diff
diff options
context:
space:
mode:
authorPeter Dettman <peter.dettman@bouncycastle.org>2014-01-23 14:50:10 +0700
committerPeter Dettman <peter.dettman@bouncycastle.org>2014-01-23 14:50:10 +0700
commit40d318fb8c3da32fa16251aa160dd4876910fc63 (patch)
treeba536e7782d757a28ad0a9bab749a825886feb15
parentAdd Nat/Mod classes and use instead of (slow) BigInteger.ModInverse implement... (diff)
downloadBouncyCastle.NET-ed25519-40d318fb8c3da32fa16251aa160dd4876910fc63.tar.xz
Use residue-based reduction for more curves, in particular P-256
-rw-r--r--crypto/src/math/ec/ECFieldElement.cs10
1 files changed, 8 insertions, 2 deletions
diff --git a/crypto/src/math/ec/ECFieldElement.cs b/crypto/src/math/ec/ECFieldElement.cs
index 93f63a435..f29d1f1b0 100644
--- a/crypto/src/math/ec/ECFieldElement.cs
+++ b/crypto/src/math/ec/ECFieldElement.cs
@@ -79,8 +79,14 @@ namespace Org.BouncyCastle.Math.EC
             int bitLength = p.BitLength;
             if (bitLength > 128)
             {
-                BigInteger firstWord = p.ShiftRight(bitLength - 64);
-                if (firstWord.LongValue == -1L)
+                /*
+                 * NOTE: Due to poor performance of BigInteger.Mod in C#, the residue-based reduction is
+                 * currently faster even for e.g. P-256, where the prime has 32 leading 1 bits.
+                 */
+                //BigInteger firstWord = p.ShiftRight(bitLength - 64);
+                //if (firstWord.LongValue == -1L)
+                BigInteger firstWord = p.ShiftRight(bitLength - 32);
+                if (firstWord.IntValue == -1)
                 {
                     return BigInteger.One.ShiftLeft(bitLength).Subtract(p);
                 }