crypto: good fast sc_invert moved to crypto-ops

src/crypto/crypto-ops.c

@@ -3519,3 +3519,207 @@ void sc_mul(unsigned char* s, const unsigned char* a, const unsigned char* b)
   s[30] = s11 >> 9;
   s[31] = s11 >> 17;
 }
+
+// out = z ^ -1 (= z ^ (L - 2) according to Fermat little theorem)
+void sc_invert(unsigned char* out, const unsigned char* z)
+{
+  memcpy(out, z, 32);
+  for (size_t i = 0; i < 128; ++i)
+    sc_mul(out, out, out);
+  sc_mul(out, out, z);
+  sc_mul(out, out, out);
+  sc_mul(out, out, out);
+  sc_mul(out, out, z);
+  sc_mul(out, out, out);
+  sc_mul(out, out, out);
+  sc_mul(out, out, out);
+  sc_mul(out, out, z);
+  sc_mul(out, out, out);
+  sc_mul(out, out, z);
+  sc_mul(out, out, out);
+  sc_mul(out, out, out);
+  sc_mul(out, out, z);
+  sc_mul(out, out, out);
+  sc_mul(out, out, z);
+  sc_mul(out, out, out);
+  sc_mul(out, out, z);
+  sc_mul(out, out, out);
+  sc_mul(out, out, z);
+  sc_mul(out, out, out);
+  sc_mul(out, out, out);
+  sc_mul(out, out, z);
+  sc_mul(out, out, out);
+  sc_mul(out, out, z);
+  sc_mul(out, out, out);
+  sc_mul(out, out, z);
+  sc_mul(out, out, out);
+  sc_mul(out, out, z);
+  sc_mul(out, out, out);
+  sc_mul(out, out, z);
+  sc_mul(out, out, out);
+  sc_mul(out, out, out);
+  sc_mul(out, out, out);
+  sc_mul(out, out, z);
+  sc_mul(out, out, out);
+  sc_mul(out, out, z);
+  sc_mul(out, out, out);
+  sc_mul(out, out, z);
+  sc_mul(out, out, out);
+  sc_mul(out, out, out);
+  sc_mul(out, out, z);
+  sc_mul(out, out, out);
+  sc_mul(out, out, z);
+  sc_mul(out, out, out);
+  sc_mul(out, out, z);
+  sc_mul(out, out, out);
+  sc_mul(out, out, z);
+  sc_mul(out, out, out);
+  sc_mul(out, out, out);
+  sc_mul(out, out, z);
+  sc_mul(out, out, out);
+  sc_mul(out, out, out);
+  sc_mul(out, out, z);
+  sc_mul(out, out, out);
+  sc_mul(out, out, out);
+  sc_mul(out, out, out);
+  sc_mul(out, out, out);
+  sc_mul(out, out, z);
+  sc_mul(out, out, out);
+  sc_mul(out, out, out);
+  sc_mul(out, out, z);
+  sc_mul(out, out, out);
+  sc_mul(out, out, z);
+  sc_mul(out, out, out);
+  sc_mul(out, out, z);
+  sc_mul(out, out, out);
+  sc_mul(out, out, z);
+  sc_mul(out, out, out);
+  sc_mul(out, out, out);
+  sc_mul(out, out, z);
+  sc_mul(out, out, out);
+  sc_mul(out, out, z);
+  sc_mul(out, out, out);
+  sc_mul(out, out, z);
+  sc_mul(out, out, out);
+  sc_mul(out, out, z);
+  sc_mul(out, out, out);
+  sc_mul(out, out, out);
+  sc_mul(out, out, out);
+  sc_mul(out, out, z);
+  sc_mul(out, out, out);
+  sc_mul(out, out, z);
+  sc_mul(out, out, out);
+  sc_mul(out, out, z);
+  sc_mul(out, out, out);
+  sc_mul(out, out, out);
+  sc_mul(out, out, out);
+  sc_mul(out, out, z);
+  sc_mul(out, out, out);
+  sc_mul(out, out, z);
+  sc_mul(out, out, out);
+  sc_mul(out, out, out);
+  sc_mul(out, out, z);
+  sc_mul(out, out, out);
+  sc_mul(out, out, out);
+  sc_mul(out, out, z);
+  sc_mul(out, out, out);
+  sc_mul(out, out, z);
+  sc_mul(out, out, out);
+  sc_mul(out, out, out);
+  sc_mul(out, out, out);
+  sc_mul(out, out, z);
+  sc_mul(out, out, out);
+  sc_mul(out, out, out);
+  sc_mul(out, out, z);
+  sc_mul(out, out, out);
+  sc_mul(out, out, z);
+  sc_mul(out, out, out);
+  sc_mul(out, out, out);
+  sc_mul(out, out, out);
+  sc_mul(out, out, out);
+  sc_mul(out, out, out);
+  sc_mul(out, out, out);
+  sc_mul(out, out, out);
+  sc_mul(out, out, z);
+  sc_mul(out, out, out);
+  sc_mul(out, out, out);
+  sc_mul(out, out, out);
+  sc_mul(out, out, z);
+  sc_mul(out, out, out);
+  sc_mul(out, out, out);
+  sc_mul(out, out, out);
+  sc_mul(out, out, z);
+  sc_mul(out, out, out);
+  sc_mul(out, out, z);
+  sc_mul(out, out, out);
+  sc_mul(out, out, out);
+  sc_mul(out, out, out);
+  sc_mul(out, out, out);
+  sc_mul(out, out, z);
+  sc_mul(out, out, out);
+  sc_mul(out, out, z);
+  sc_mul(out, out, out);
+  sc_mul(out, out, out);
+  sc_mul(out, out, out);
+  sc_mul(out, out, out);
+  sc_mul(out, out, z);
+  sc_mul(out, out, out);
+  sc_mul(out, out, z);
+  sc_mul(out, out, out);
+  sc_mul(out, out, out);
+  sc_mul(out, out, z);
+  sc_mul(out, out, out);
+  sc_mul(out, out, out);
+  sc_mul(out, out, out);
+  sc_mul(out, out, z);
+  sc_mul(out, out, out);
+  sc_mul(out, out, out);
+  sc_mul(out, out, z);
+  sc_mul(out, out, out);
+  sc_mul(out, out, z);
+  sc_mul(out, out, out);
+  sc_mul(out, out, z);
+  sc_mul(out, out, out);
+  sc_mul(out, out, out);
+  sc_mul(out, out, out);
+  sc_mul(out, out, z);
+  sc_mul(out, out, out);
+  sc_mul(out, out, z);
+  sc_mul(out, out, out);
+  sc_mul(out, out, z);
+  sc_mul(out, out, out);
+  sc_mul(out, out, z);
+  sc_mul(out, out, out);
+  sc_mul(out, out, out);
+  sc_mul(out, out, z);
+  sc_mul(out, out, out);
+  sc_mul(out, out, out);
+  sc_mul(out, out, z);
+  sc_mul(out, out, out);
+  sc_mul(out, out, z);
+  sc_mul(out, out, out);
+  sc_mul(out, out, z);
+  sc_mul(out, out, out);
+  sc_mul(out, out, out);
+  sc_mul(out, out, z);
+  sc_mul(out, out, out);
+  sc_mul(out, out, out);
+  sc_mul(out, out, out);
+  sc_mul(out, out, z);
+  sc_mul(out, out, out);
+  sc_mul(out, out, z);
+  sc_mul(out, out, out);
+  sc_mul(out, out, z);
+  sc_mul(out, out, out);
+  sc_mul(out, out, z);
+  sc_mul(out, out, out);
+  sc_mul(out, out, z);
+  sc_mul(out, out, out);
+  sc_mul(out, out, out);
+  sc_mul(out, out, z);
+  sc_mul(out, out, out);
+  sc_mul(out, out, out);
+  sc_mul(out, out, z);
+  sc_mul(out, out, out);
+  sc_mul(out, out, z);
+}

src/crypto/crypto-ops.h

@@ -123,6 +123,7 @@ void sc_mulsub(unsigned char *, const unsigned char *, const unsigned char *, co
 void sc_mul(unsigned char *, const unsigned char *, const unsigned char *);
 int sc_check(const unsigned char *);
 int sc_isnonzero(const unsigned char *); /* Doesn't normalize */
+void sc_invert(unsigned char*, const unsigned char*);
 
 void fe_sq(fe h, const fe f);
 void fe_mul(fe, const fe, const fe);