diff options
author | Riccardo Spagni <ric@spagni.net> | 2018-09-24 16:15:49 +0200 |
---|---|---|
committer | Riccardo Spagni <ric@spagni.net> | 2018-09-24 16:15:49 +0200 |
commit | 5c637c79106625bf5877b0315f2abc91cc676f00 (patch) | |
tree | 10bc8b7fac3af589cb36c6e0708445f0058b9c63 | |
parent | Merge pull request #4416 (diff) | |
parent | bulletproofs: multiply points by 8 first thing in verification (diff) | |
download | monero-5c637c79106625bf5877b0315f2abc91cc676f00.tar.xz |
Merge pull request #4429
1dd5c73f bulletproofs: multiply points by 8 first thing in verification (moneromooo-monero)
-rw-r--r-- | src/ringct/bulletproofs.cc | 32 |
1 files changed, 17 insertions, 15 deletions
diff --git a/src/ringct/bulletproofs.cc b/src/ringct/bulletproofs.cc index abe4ef18d..381f50872 100644 --- a/src/ringct/bulletproofs.cc +++ b/src/ringct/bulletproofs.cc @@ -1068,6 +1068,14 @@ bool bulletproof_VERIFY(const std::vector<const Bulletproof*> &proofs) CHECK_AND_ASSERT_MES(!(x_ip == rct::zero()), false, "x_ip == 0"); PERF_TIMER_STOP(VERIFY_start); + // pre-multiply some points by 8 + rct::keyV proof8_V = proof.V; for (rct::key &k: proof8_V) k = rct::scalarmult8(k); + rct::keyV proof8_L = proof.L; for (rct::key &k: proof8_L) k = rct::scalarmult8(k); + rct::keyV proof8_R = proof.R; for (rct::key &k: proof8_R) k = rct::scalarmult8(k); + rct::key proof8_T1 = rct::scalarmult8(proof.T1); + rct::key proof8_T2 = rct::scalarmult8(proof.T2); + rct::key proof8_S = rct::scalarmult8(proof.S); + PERF_TIMER_START_BP(VERIFY_line_61); // PAPER LINE 61 sc_muladd(y0.bytes, proof.taux.bytes, weight.bytes, y0.bytes); @@ -1090,26 +1098,22 @@ bool bulletproof_VERIFY(const std::vector<const Bulletproof*> &proofs) multiexp_data.reserve(proof.V.size()); sc_sub(tmp.bytes, proof.t.bytes, tmp.bytes); sc_muladd(y1.bytes, tmp.bytes, weight.bytes, y1.bytes); - for (size_t j = 0; j < proof.V.size(); j++) + for (size_t j = 0; j < proof8_V.size(); j++) { - sc_mul(tmp.bytes, zpow[j+2].bytes, EIGHT.bytes); - multiexp_data.emplace_back(tmp, proof.V[j]); + multiexp_data.emplace_back(zpow[j+2], proof8_V[j]); } rct::addKeys(Y2, Y2, rct::scalarmultKey(multiexp(multiexp_data, false), weight)); - rct::key weight8; - sc_mul(weight8.bytes, weight.bytes, EIGHT.bytes); - sc_mul(tmp.bytes, x.bytes, weight8.bytes); - rct::addKeys(Y3, Y3, rct::scalarmultKey(proof.T1, tmp)); + sc_mul(tmp.bytes, x.bytes, weight.bytes); + rct::addKeys(Y3, Y3, rct::scalarmultKey(proof8_T1, tmp)); rct::key xsq; sc_mul(xsq.bytes, x.bytes, x.bytes); - sc_mul(tmp.bytes, xsq.bytes, weight8.bytes); - rct::addKeys(Y4, Y4, rct::scalarmultKey(proof.T2, tmp)); + sc_mul(tmp.bytes, xsq.bytes, weight.bytes); + rct::addKeys(Y4, Y4, rct::scalarmultKey(proof8_T2, tmp)); PERF_TIMER_STOP(VERIFY_line_61rl_new); PERF_TIMER_START_BP(VERIFY_line_62); // PAPER LINE 62 - sc_mul(tmp.bytes, x.bytes, EIGHT.bytes); - rct::addKeys(Z0, Z0, rct::scalarmultKey(rct::addKeys(rct::scalarmult8(proof.A), rct::scalarmultKey(proof.S, tmp)), weight)); + rct::addKeys(Z0, Z0, rct::scalarmultKey(rct::addKeys(rct::scalarmult8(proof.A), rct::scalarmultKey(proof8_S, x)), weight)); PERF_TIMER_STOP(VERIFY_line_62); // Compute the number of rounds for the inner product @@ -1192,11 +1196,9 @@ bool bulletproof_VERIFY(const std::vector<const Bulletproof*> &proofs) for (size_t i = 0; i < rounds; ++i) { sc_mul(tmp.bytes, w[i].bytes, w[i].bytes); - sc_mul(tmp.bytes, tmp.bytes, EIGHT.bytes); - multiexp_data.emplace_back(tmp, proof.L[i]); + multiexp_data.emplace_back(tmp, proof8_L[i]); sc_mul(tmp.bytes, winv[i].bytes, winv[i].bytes); - sc_mul(tmp.bytes, tmp.bytes, EIGHT.bytes); - multiexp_data.emplace_back(tmp, proof.R[i]); + multiexp_data.emplace_back(tmp, proof8_R[i]); } rct::key acc = multiexp(multiexp_data, false); rct::addKeys(Z2, Z2, rct::scalarmultKey(acc, weight)); |