Adjust first-digit optimization to not be so conservative

author: Peter Dettman <peter.dettman@bouncycastle.org> 2014-01-26 10:17:26 +0700
committer: Peter Dettman <peter.dettman@bouncycastle.org> 2014-01-26 10:17:26 +0700
commit: b9f0dceb0ccf79356ec33dec264a1687a3edc622 (patch)
tree: db1b8e8fa4f9c7564d2415f88af83480f5ff3c49 /crypto/src/math/ec
parent: Port latest Java fixes for lambda-projective and make it the default for F2m (diff)
download: BouncyCastle.NET-ed25519-b9f0dceb0ccf79356ec33dec264a1687a3edc622.tar.xz
1 files changed, 7 insertions, 12 deletions
diff --git a/crypto/src/math/ec/multiplier/WNafMultiplier.cs b/crypto/src/math/ec/multiplier/WNafMultiplier.cs
index c2bb8c465..06ad76031 100644
--- a/crypto/src/math/ec/multiplier/WNafMultiplier.cs
+++ b/crypto/src/math/ec/multiplier/WNafMultiplier.cs
@@ -32,7 +32,7 @@ namespace Org.BouncyCastle.Math.EC.Multiplier
             int i = wnaf.Length;
 
             /*
-             * NOTE This code optimizes the first window using the precomputed points to substitute an
+             * NOTE: We try to optimize the first window using the precomputed points to substitute an
              * addition for 2 or more doublings.
              */
             if (i > 1)
@@ -43,19 +43,14 @@ namespace Org.BouncyCastle.Math.EC.Multiplier
                 int n = System.Math.Abs(digit);
                 ECPoint[] table = digit < 0 ? preCompNeg : preComp;
 
-                /*
-                 * NOTE: We use this optimization conservatively, since some coordinate systems have
-                 * significantly cheaper doubling relative to addition.
-                 * 
-                 * (n << 2) selects precomputed values in the lower half of the table
-                 * (n << 3) selects precomputed values in the lower quarter of the table
-                 */
-                //if ((n << 2) < (1 << width))
-                if ((n << 3) < (1 << width))
+                // Optimization can only be used for values in the lower half of the table
+                if ((n << 2) < (1 << width))
                 {
                     int highest = LongArray.BitLengths[n];
-                    int lowBits =  n ^ (1 << (highest - 1));
+
+                    // TODO Get addition/doubling cost ratio from curve and compare to 'scale' to see if worth substituting?
                     int scale = width - highest;
+                    int lowBits = n ^ (1 << (highest - 1));
 
                     int i1 = ((1 << (width - 1)) - 1);
                     int i2 = (lowBits << scale) + 1;
@@ -63,7 +58,7 @@ namespace Org.BouncyCastle.Math.EC.Multiplier
 
                     zeroes -= scale;
 
-    //              Console.WriteLine("Optimized: 2^" + scale + " * " + n + " = " + i1 + " + " + i2);
+                    //Console.WriteLine("Optimized: 2^" + scale + " * " + n + " = " + i1 + " + " + i2);
                 }
                 else
                 {
author	Peter Dettman <peter.dettman@bouncycastle.org>	2014-01-26 10:17:26 +0700
committer	Peter Dettman <peter.dettman@bouncycastle.org>	2014-01-26 10:17:26 +0700
commit	b9f0dceb0ccf79356ec33dec264a1687a3edc622 (patch)
tree	db1b8e8fa4f9c7564d2415f88af83480f5ff3c49 /crypto/src/math/ec
parent	Port latest Java fixes for lambda-projective and make it the default for F2m (diff)
download	BouncyCastle.NET-ed25519-b9f0dceb0ccf79356ec33dec264a1687a3edc622.tar.xz