X-Git-Url: https://git.distorted.org.uk/u/mdw/catacomb/blobdiff_plain/77d943105c69c4dc44a2e8d882a1fe8a69a94a2c..391faf428ac513f9031c773016d79fdbe8b4653c:/exp.h

diff --git a/exp.h b/exp.h
index 6bfd686..59cb632 100644
--- a/exp.h
+++ b/exp.h
@@ -1,6 +1,6 @@
 /* -*-c-*-
  *
- * $Id: exp.h,v 1.2 2004/03/21 22:52:06 mdw Exp $
+ * $Id: exp.h,v 1.3 2004/03/22 02:19:10 mdw Exp $
  *
  * Generalized exponentiation
  *
@@ -30,6 +30,11 @@
 /*----- Revision history --------------------------------------------------* 
  *
  * $Log: exp.h,v $
+ * Revision 1.3  2004/03/22 02:19:10  mdw
+ * Rationalise the sliding-window threshold.  Drop guarantee that right
+ * arguments to EC @add@ are canonical, and fix up projective implementations
+ * to cope.
+ *
  * Revision 1.2  2004/03/21 22:52:06  mdw
  * Merge and close elliptic curve branch.
  *
@@ -84,10 +89,19 @@ typedef struct exp_simul {
 #  define EXP_WINSZ 4			/* Predefine if you need to */
 #endif
 
-/* --- These are determined from the window size --- */
+/* --- These are determined from the window size --- *
+ *
+ * Given a %$k$%-bit exponent, I expect to do %$k/2$% multiplies if I use the
+ * simple way.  If I use an n-bit sliding window, then I do %$2^n$%
+ * multiplies up front, but I only do %$(2^n - 1)/2^n k/n$% multiplies for
+ * the exponentiation.  This is a win when
+ *
+ *   %$k \ge \frac{n 2^{n+1}}{n - 2}$%
+ */
 
 #define EXP_TABSZ (1 << EXP_WINSZ)
-#define EXP_THRESH (((MPW_BITS / EXP_WINSZ) << 2) + 1)
+#define EXP_THRESH							\
+    ((EXP_WINSZ * (2 << EXP_WINSZ))/((EXP_WINSZ - 2) * MPW_BITS))
 
 /* --- Required operations --- *
  *