As discovered by sipa in #1033.
See commit message for reasoning but note that the infinity handling will be replaced in the second commit again.
group: Save a normalize_to_zero in gej_add_ge #1078
pull real-or-random wants to merge 2 commits into bitcoin-core:master from real-or-random:202202-gej_add_ge changing 2 files +34 −27-
real-or-random commented at 10:05 AM on February 21, 2022: contributor
- real-or-random force-pushed on Feb 21, 2022
-
ac71020ebe
group: Save a normalize_to_zero in gej_add_ge
The code currently switches to the alternative formula for lambda only if (R,M) = (0,0) but the alternative formula works whenever M = 0: Specifically, M = 0 implies y1 = -y2. If x1 = x2, then a = -b this is the r = infinity case that we handle separately. If x1 != x2, then the denominator in the alternative formula is non-zero, so this formula is well-defined. One needs to carefully check that the infinity assignment is still correct because now the definition of m_alt at this point in the code has changed. But this is true: Case y1 = -y2: Then degenerate = true and infinity = ((x1 - x2)Z == 0) & ~a->infinity . a->infinity is handled separately. And if ~a->infinity, then Z = Z1 != 0, so infinity = (x1 - x2 == 0) = (a == -b) by case condition. Case y1 != -y2: Then degenerate = false and infinity = ((y1 + y2)Z == 0) & ~a->infinity . a->infinity is handled separately. And if ~a->infinity, then Z = Z1 != 0, so infinity = (y1 + y2 == 0) = false by case condition. Co-Authored-By: Pieter Wuille <pieter@wuille.net>
- real-or-random force-pushed on Feb 21, 2022
-
real-or-random commented at 12:20 PM on February 26, 2022: contributor
I think the comment I wrote is wrong, I'll have a look at this.
-
group: Further simply gej_add_ge e089eecc1e
- real-or-random force-pushed on Feb 26, 2022
-
real-or-random commented at 12:23 PM on February 26, 2022: contributor
Fixed... (ok that was quick).
-
sipa commented at 8:32 PM on November 18, 2022: contributor
ACK e089eecc1e54551287b12539d2211da631a6ec5c
-
apoelstra commented at 12:12 AM on February 14, 2023: contributor
utACK but I think this could be rebased on master so I can run the ctime tests on it. (This predates the existence of the ctime tests.)
-
apoelstra commented at 12:18 AM on February 14, 2023: contributor
Never mind me :) the ctime tests just used to have a different name.
- apoelstra approved
-
apoelstra commented at 12:42 AM on February 14, 2023: contributor
ACK e089eecc1e54551287b12539d2211da631a6ec5c
-
sipa commented at 7:49 PM on February 14, 2023: contributor
Benchmarks on Ryzen 5950X, locked at 2.2 GHz, GCC 12.2.0, running with
SECP256K1_BENCH_ITERS=1000000 ./bench_internal add:Master:
Benchmark , Min(us) , Avg(us) , Max(us) group_add_affine , 0.444 , 0.444 , 0.444Master + #1078
Benchmark , Min(us) , Avg(us) , Max(us) group_add_affine , 0.432 , 0.433 , 0.433 - sipa merged this on Feb 14, 2023
- sipa closed this on Feb 14, 2023
- hebasto referenced this in commit 7c0cc5d976 on Mar 7, 2023
- dhruv referenced this in commit a5df79db12 on Mar 7, 2023
- dhruv referenced this in commit 77b510d84c on Mar 7, 2023
- sipa referenced this in commit 763079a3f1 on Mar 8, 2023
- div72 referenced this in commit 945b094575 on Mar 14, 2023
- vmta referenced this in commit e1120c94a1 on Jun 4, 2023
- vmta referenced this in commit 8f03457eed on Jul 1, 2023
- delta1 referenced this in commit 3f32c20932 on Aug 8, 2023
- delta1 referenced this in commit 31ac0c1081 on Aug 31, 2023
- janus referenced this in commit 4816e2a921 on Sep 3, 2023
- backpacker69 referenced this in commit 26f6d832fb on Mar 5, 2024
- str4d referenced this in commit b350ac56ac on Jun 4, 2025
- Fabcien referenced this in commit 88a843c56e on Apr 11, 2026
- Fabcien referenced this in commit 8f1b7e6aeb on Apr 11, 2026
