Remove unnecessary `r` conversion from Montgomery form.

Question

Remove unnecessary `r` conversion from Montgomery form.

ilitteri opened this issue a year ago · 1 comments

Description:

r conversion from Montgomery form is not needed because we already have this value at the beginning of fallback function.

Recommendation:

Remember r value before conversion to Montgomery form and use it later.

Gas usage before: 1600877
Gas usage after: 1600757

diff --git a/precompiles/P256VERIFY.yul b/precompiles/P256VERIFY.yul
index c75be80..aba9ea6 100644
--- a/precompiles/P256VERIFY.yul
+++ b/precompiles/P256VERIFY.yul
@@ -595,6 +595,7 @@ object "P256VERIFY" {
             // TODO: Check if r, s, s1, t0 and t1 operations are optimal in Montgomery form or not
 
             hash := intoMontgomeryForm(hash, N(), N_PRIME(), R2_MOD_N())
+            let r_orig := r
             r := intoMontgomeryForm(r, N(), N_PRIME(), R2_MOD_N())
             s := intoMontgomeryForm(s, N(), N_PRIME(), R2_MOD_N())
 
@@ -610,10 +611,9 @@ object "P256VERIFY" {
             xr := montgomeryMul(xr, z_inv, P(), P_PRIME())
             xr := outOfMontgomeryForm(xr, P(), P_PRIME())
 
-            r := outOfMontgomeryForm(r, N(), N_PRIME())
             xr := mod(xr, N())
 
-            mstore(0, eq(xr, r))
+            mstore(0, eq(xr, r_orig))
             return(0, 32)
         }
     }

Answer 1 · 2023-11-12T15:26:52.000Z

Resolved in #200