Skip to content

Add WnafBase::multiscalar_mul again#22

Closed
tarcieri wants to merge 21 commits into
RustCrypto:mainfrom
tarcieri:rustcrypto-multiscalar-mul
Closed

Add WnafBase::multiscalar_mul again#22
tarcieri wants to merge 21 commits into
RustCrypto:mainfrom
tarcieri:rustcrypto-multiscalar-mul

Conversation

@tarcieri
Copy link
Copy Markdown
Member

@tarcieri tarcieri commented Jun 2, 2026

This merges the multiscalar multiplication implementation proposed in zkcrypto#85 into the RustCrypto fork so we can try it out.

Originally added as #14

tarcieri and others added 21 commits February 8, 2026 09:07
@tarcieri
Bump rand_core to v0.10; MSRV 1.85
87fcee0 
NOTE: depends on zkcrypto/ff#149

Release notes for `rand_core` v0.10.0:

https://github.com/rust-random/rand_core/releases/tag/v0.10.0
@str4d
Introduce CurveAffine trait
2110485 
This unifies the methods previously exposed by the `PrimeCurveAffine`
and `CofactorCurveAffine` traits. The prime-order and cofactor traits
are now all marker traits, and their affine-specific traits are
automatically derived.
@str4d
Merge pull request zkcrypto#48 from zkcrypto/curveaffine
6bee6ef 
Introduce `CurveAffine` trait
@ebfull
Merge pull request zkcrypto#71 from tarcieri/rand_core/v0.10
62923b9 
Bump `rand_core` to v0.10; MSRV 1.85
@ebfull
Update patch to retarget ff 0.14.0 release branch
92f221b
@ebfull
Rename Group::try_from_rng to Group::try_random
326b36b 
Matches the naming adopted in zkcrypto/rfcs#1.
@ebfull
Update to ff 0.14.0-pre.1
d24dd0d
@ebfull
Update CHANGELOG.md
b8220c8
@ebfull
Preview 0.14.0-pre.1
b71b98a
@ebfull
Update CHANGELOG.md
0562c20
@ebfull
Update MSRV in README.md to 1.85
8b8e53b
@ebfull
Update to ff 0.14.0
d0bed6d
@ebfull
Use consistent CHANGELOG language for ff bump
1d05796
@ebfull
Fix lints and minor nits
5e5b9b9
@ebfull
Simplify Curve::Affine bounds
ab86533
@ebfull
Align group random docs with ff
7fc1ccc
@ebfull
Release 0.14.0
f9a84a7
@ebfull
Merge pull request zkcrypto#63 from zkcrypto/release-0.14.0
f10610b 
Release 0.14.0
@tarcieri
Add WnafBase::multiscalar_mul
2cf6afc 
Computes a sum-of-products `aA + bB + ...` in variable time with w-NAF
multi-exponentiation using the interleaved window method, also known
as Straus' method.

The key insight is that when computing this sum by means of additions
and doublings, the doublings can be shared by performing the additions
within an inner loop.

The API and implementation are inspired in part by `curve25519-dalek`,
namely the `VartimeMultiscalarMul` trait and corresponding
implementation in `straus.rs`.

This results in ~28% speedup on `p256` for a 3 scalar/point input:

    ProjectivePoint operations/point-scalar lincomb (variable-time)
        time:   [149.13 µs 149.80 µs 150.84 µs]
        change: [−27.999% −27.645% −27.267%] (p = 0.00 < 0.05)
@tarcieri
Use IntoIterator for multiscalar_mul bounds
2bac7bc 
This is closer to the `VartimeMultiscalarMul` trait in
`curve25519-dalek`.
@tarcieri
Merge branch 'multiscalar-mul' into rustcrypto-multiscalar-mul
bc30c98 
This merges the multiscalar multiplication implementation proposed in
zkcrypto#85 into the RustCrypto fork so we can try it out.

Originally added as RustCrypto#14
@tarcieri tarcieri closed this Jun 2, 2026
@tarcieri tarcieri deleted the rustcrypto-multiscalar-mul branch June 2, 2026 18:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@tarcieri @str4d @ebfull