Zellic - Audit Reports

Possible gas savings in `_jAdd`

The method used by _jAdd to calculate the sum of two points given in Jacobian coordinates is to use the formulas termed "add-2007-bl" in the Explicit-Formulas Database↗. In the EVM, the gas cost of addmod and mulmod is the same, and there is no cheaper way to square or multiply by a power of 2. This makes the formulas termed "add-1998-cmo-2↗" more efficient. In the verification of the _jAdd formulas we carried out in section ref↗, the change would correspond to removing factors of two, so that at the end in, for example, case 3, one obtains $(r1,r2,r3) = (x_{3}, y_{3}, z_{3})$ directly rather than $(r1,r2,r3) = (4 x_{3}, 8 y_{3}, 2 z_{3})$ --- both represent the same point on the elliptic curve.

Biconomy Labs was provided a proof of concept patch for this optimization, which saved 1.48% gas when running the Wycheproof test suite.

Possible gas savings in _jAdd

Possible gas savings in `_jAdd`