Optimization: Precompute scalar -1/2

Author: real-or-random

src/ecmult_gen_impl.h

@@ -36,10 +36,9 @@ static void secp256k1_ecmult_gen_context_clear(secp256k1_ecmult_gen_context *ctx
 static void secp256k1_ecmult_gen_scalar_diff(secp256k1_scalar* diff) {
     int i;
 
-    /* Compute scalar -1/2. */
-    secp256k1_scalar neghalf = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 2);
-    secp256k1_scalar_inverse_var(&neghalf, &neghalf);
-    secp256k1_scalar_negate(&neghalf, &neghalf);
+    /* neghalf = -1/2. */
+    secp256k1_scalar neghalf;
+    secp256k1_scalar_set_neghalf(&neghalf);
 
     /* Compute offset = 2^(COMB_BITS - 1). */
     secp256k1_scalar_set_int(diff, 1);

src/scalar.h

@@ -42,6 +42,9 @@ static int secp256k1_scalar_set_b32_seckey(secp256k1_scalar *r, const unsigned c
 /** Set a scalar to an unsigned integer. */
 static void secp256k1_scalar_set_int(secp256k1_scalar *r, unsigned int v);
 
+/** Set a scalar to -1/2. */
+static void secp256k1_scalar_set_neghalf(secp256k1_scalar *r);
+
 /** Convert a scalar to a byte array. */
 static void secp256k1_scalar_get_b32(unsigned char *bin, const secp256k1_scalar* a);
 

src/scalar_impl.h

@@ -27,6 +27,20 @@
 static const secp256k1_scalar secp256k1_scalar_one = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 1);
 static const secp256k1_scalar secp256k1_scalar_zero = SECP256K1_SCALAR_CONST(0, 0, 0, 0, 0, 0, 0, 0);
 
+static void secp256k1_scalar_set_neghalf(secp256k1_scalar *r) {
+#if defined(EXHAUSTIVE_TEST_ORDER)
+    secp256k1_scalar_set_int(r, 2);
+    secp256k1_scalar_inverse_var(r, r);
+    secp256k1_scalar_negate(r, r);
+#else
+    static const secp256k1_scalar neghalf = SECP256K1_SCALAR_CONST(
+        0x7fffffff, 0xffffffff, 0xffffffff, 0xffffffff, 0x5d576e73, 0x57a4501d, 0xdfe92f46, 0x681b20a0);
+    *r = neghalf;
+#endif
+
+    SECP256K1_SCALAR_VERIFY(r);
+}
+
 static int secp256k1_scalar_set_b32_seckey(secp256k1_scalar *r, const unsigned char *bin) {
     int overflow;
     secp256k1_scalar_set_b32(r, bin, &overflow);

src/tests.c

@@ -2321,6 +2321,15 @@ static void run_scalar_tests(void) {
         CHECK(secp256k1_scalar_eq(&one, &secp256k1_scalar_one));
     }
 
+    {
+        /* Test secp256k1_scalar_set_neghalf. */
+        secp256k1_scalar s;
+        secp256k1_scalar_set_neghalf(&s);
+        secp256k1_scalar_add(&s, &s, &s);
+        secp256k1_scalar_negate(&s, &s);
+        CHECK(secp256k1_scalar_is_one(&s));
+    }
+
     {
         /* (-1)+1 should be zero. */
         secp256k1_scalar o;