Skip to content

Add back WnafBase::multiscalar_mul#23

Merged
tarcieri merged 2 commits into
mainfrom
multiscalar-mul
Jun 2, 2026
Merged

Add back WnafBase::multiscalar_mul#23
tarcieri merged 2 commits into
mainfrom
multiscalar-mul

Conversation

@tarcieri
Copy link
Copy Markdown
Member

@tarcieri tarcieri commented Jun 2, 2026

Second take on #14

tarcieri added 2 commits June 2, 2026 12:06
@tarcieri
Add WnafBase::multiscalar_mul
1bbadb1 
Computes a sum-of-products `aA + bB + ...` in variable time with w-NAF
multi-exponentiation using the interleaved window method, also known
as Straus' method.

The key insight is that when computing this sum by means of additions
and doublings, the doublings can be shared by performing the additions
within an inner loop.

The API and implementation are inspired in part by `curve25519-dalek`,
namely the `VartimeMultiscalarMul` trait and corresponding
implementation in `straus.rs`.

This results in ~28% speedup on `p256` for a 3 scalar/point input:

    ProjectivePoint operations/point-scalar lincomb (variable-time)
        time:   [149.13 µs 149.80 µs 150.84 µs]
        change: [−27.999% −27.645% −27.267%] (p = 0.00 < 0.05)
@tarcieri
Use IntoIterator for multiscalar_mul bounds
e7fe8e2 
This is closer to the `VartimeMultiscalarMul` trait in
`curve25519-dalek`.
@tarcieri tarcieri merged commit 2f1ea2e into main Jun 2, 2026
8 checks passed
@tarcieri tarcieri deleted the multiscalar-mul branch June 2, 2026 18:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@tarcieri