EdDSA: Minor verification optimization

2 files changed, 12 insertions, 0 deletions

diff --git a/crypto/src/math/ec/rfc8032/Ed25519.cs b/crypto/src/math/ec/rfc8032/Ed25519.cs

index 8add3c48b..bf3a1a8d8 100644
--- a/crypto/src/math/ec/rfc8032/Ed25519.cs
+++ b/crypto/src/math/ec/rfc8032/Ed25519.cs
@@ -1714,6 +1714,12 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032
             int bit = 128;
             while (--bit >= 0)
             {
+                if (((int)ws_b[bit] | (int)ws_b[128 + bit] | (int)ws_p[bit] | (int)ws_q[bit]) != 0)
+                    break;
+            }
+
+            for (; bit >= 0; --bit)
+            {
                 int wb = ws_b[bit];
                 if (wb != 0)
                 {
diff --git a/crypto/src/math/ec/rfc8032/Ed448.cs b/crypto/src/math/ec/rfc8032/Ed448.cs

index 6eee639fe..54321e37d 100644
--- a/crypto/src/math/ec/rfc8032/Ed448.cs
+++ b/crypto/src/math/ec/rfc8032/Ed448.cs
@@ -1581,6 +1581,12 @@ namespace Org.BouncyCastle.Math.EC.Rfc8032
             int bit = 225;
             while (--bit >= 0)
             {
+                if (((int)ws_b[bit] | (int)ws_b[225 + bit] | (int)ws_p[bit] | (int)ws_q[bit]) != 0)
+                    break;
+            }
+
+            for (; bit >= 0; --bit)
+            {
                 int wb = ws_b[bit];
                 if (wb != 0)
                 {