aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authormoneromooo-monero <moneromooo-monero@users.noreply.github.com>2018-08-24 18:51:14 +0000
committermoneromooo-monero <moneromooo-monero@users.noreply.github.com>2018-10-22 16:07:44 +0000
commit10e5a9276953ece1f96d6801fe6d91d550c5dfae (patch)
treeb7b109474070140e9b61d5c4c024c62ab8c28c3d
parentbulletproofs: rework flow to use sarang's fast batch inversion code (diff)
downloadmonero-10e5a9276953ece1f96d6801fe6d91d550c5dfae.tar.xz
bulletproofs: maintain -z4, -z5, and -y0 to avoid subtractions
-rw-r--r--src/ringct/bulletproofs.cc19
1 files changed, 8 insertions, 11 deletions
diff --git a/src/ringct/bulletproofs.cc b/src/ringct/bulletproofs.cc
index d9961cb20..9e4d85534 100644
--- a/src/ringct/bulletproofs.cc
+++ b/src/ringct/bulletproofs.cc
@@ -847,8 +847,8 @@ bool bulletproof_VERIFY(const std::vector<const Bulletproof*> &proofs)
// setup weighted aggregates
rct::key z1 = rct::zero();
rct::key z3 = rct::zero();
- rct::keyV z4(maxMN, rct::zero()), z5(maxMN, rct::zero());
- rct::key y0 = rct::zero(), y1 = rct::zero();
+ rct::keyV m_z4(maxMN, rct::zero()), m_z5(maxMN, rct::zero());
+ rct::key m_y0 = rct::zero(), y1 = rct::zero();
int proof_data_index = 0;
for (const Bulletproof *p: proofs)
{
@@ -872,7 +872,7 @@ bool bulletproof_VERIFY(const std::vector<const Bulletproof*> &proofs)
PERF_TIMER_START_BP(VERIFY_line_61);
// PAPER LINE 61
- sc_muladd(y0.bytes, proof.taux.bytes, weight_y.bytes, y0.bytes);
+ sc_mulsub(m_y0.bytes, proof.taux.bytes, weight_y.bytes, m_y0.bytes);
const rct::keyV zpow = vector_powers(pd.z, M+3);
@@ -968,8 +968,8 @@ bool bulletproof_VERIFY(const std::vector<const Bulletproof*> &proofs)
sc_mulsub(h_scalar.bytes, tmp.bytes, yinvpow.bytes, h_scalar.bytes);
}
- sc_muladd(z4[i].bytes, g_scalar.bytes, weight_z.bytes, z4[i].bytes);
- sc_muladd(z5[i].bytes, h_scalar.bytes, weight_z.bytes, z5[i].bytes);
+ sc_mulsub(m_z4[i].bytes, g_scalar.bytes, weight_z.bytes, m_z4[i].bytes);
+ sc_mulsub(m_z5[i].bytes, h_scalar.bytes, weight_z.bytes, m_z5[i].bytes);
if (i == 0)
{
@@ -1005,17 +1005,14 @@ bool bulletproof_VERIFY(const std::vector<const Bulletproof*> &proofs)
// now check all proofs at once
PERF_TIMER_START_BP(VERIFY_step2_check);
- sc_sub(tmp.bytes, rct::zero().bytes, y0.bytes);
- sc_sub(tmp.bytes, tmp.bytes, z1.bytes);
+ sc_sub(tmp.bytes, m_y0.bytes, z1.bytes);
multiexp_data.emplace_back(tmp, rct::G);
sc_sub(tmp.bytes, z3.bytes, y1.bytes);
multiexp_data.emplace_back(tmp, rct::H);
for (size_t i = 0; i < maxMN; ++i)
{
- sc_sub(tmp.bytes, rct::zero().bytes, z4[i].bytes);
- multiexp_data.emplace_back(tmp, Gi_p3[i]);
- sc_sub(tmp.bytes, rct::zero().bytes, z5[i].bytes);
- multiexp_data.emplace_back(tmp, Hi_p3[i]);
+ multiexp_data.emplace_back(m_z4[i], Gi_p3[i]);
+ multiexp_data.emplace_back(m_z5[i], Hi_p3[i]);
}
if (!(multiexp(multiexp_data, false) == rct::identity()))
{