| Category | Name | Status | Lemma(s) | Description |
|---|---|---|---|---|
| Field Arithmetic | Unsaturated limbs/delayed carrying | Implemented | ModularBaseSystemProofs.v#L347 | Represent field elements using more machine words than strictly necessary in order to delay carrying (for example, represent a 255-bit number using 51 bits per 64-bit word) |
| Field Arithmetic | Division-free Modular Reduction | Implemented | PseudoMersenneBaseParamProofs.v#L41 | Reduce |
| Field Arithmetic | Inverse square root | Not Implemented | n/a | Compute |
| Field Arithmetic | Addition Chain Exponentiation | Implemented | AdditionChainExponentiation.v#L53 | https://en.wikipedia.org/wiki/Addition-chain_exponentiation |
| Field Arithmetic | Specialized Squaring | Not Implemented | n/a | Write a specialized function for squaring field elts rather than just using mul |
| Field Arithmetic | Karatsuba | Not Implemented | n/a | Use Karatsuba's trick for multiplication (mostly relevant for primes |
| Elliptic Curve Points | Extended Coordinates | Implemented | ExtendedCoordinates.v#L258 | http://hyperelliptic.org/EFD/g1p/auto-edwards.html |
| Elliptic Curve Points | Precomputed Tables | Not Implemented | n/a | Precompute powers of base point |
| Elliptic Curve Points | Hex Exponentiation | Not Implemented | n/a | Use hexadecimal exponentiation for elliptic curve scalar multiplication |
| Elliptic Curve Points | Point Compression | Implemented | PointEncodingPre.v#L313 and PointEncodingPre.v#L412 | Instead of transmitting |
| Low-Level | Use Varied-size Registers | Half-Implemented | MapCastWithCastOp.v#L116 | Rather than using the largest available integer size (e.g., uint32_t on x86_32, uint64_t on x86_64) for all operations, pick the smallest integer size which is guaranteed to fit the result for each arithmetic operation separately |