k256: add basepoint-tables feature (#705)

This allows developers concerned with the resident size of the program
to avoid the large `GEN_LOOKUP_TABLE` static.

.github/workflows/k256.yml

@@ -40,6 +40,7 @@ jobs:
       - run: cargo build --target ${{ matrix.target }} --release --no-default-features
       - run: cargo build --target ${{ matrix.target }} --release --no-default-features --features alloc
       - run: cargo build --target ${{ matrix.target }} --release --no-default-features --features arithmetic
+      - run: cargo build --target ${{ matrix.target }} --release --no-default-features --features basepoint-tables
       - run: cargo build --target ${{ matrix.target }} --release --no-default-features --features bits
       - run: cargo build --target ${{ matrix.target }} --release --no-default-features --features ecdh
       - run: cargo build --target ${{ matrix.target }} --release --no-default-features --features ecdsa-core
@@ -53,7 +54,7 @@ jobs:
       - run: cargo build --target ${{ matrix.target }} --release --no-default-features --features sha256
       - run: cargo build --target ${{ matrix.target }} --release --no-default-features --features ecdsa
       - run: cargo build --target ${{ matrix.target }} --release --no-default-features --features ecdsa,sha256
-      - run: cargo build --target ${{ matrix.target }} --release --no-default-features --features arithmetic,bits,ecdh,ecdsa,hash2curve,jwk,pem,pkcs8,schnorr,serde,sha256
+      - run: cargo build --target ${{ matrix.target }} --release --no-default-features --features basepoint-tables,bits,ecdh,ecdsa,hash2curve,jwk,pem,pkcs8,schnorr,serde,sha256
 
   benches:
     runs-on: ubuntu-latest

k256/Cargo.toml

@@ -20,9 +20,9 @@ rust-version = "1.60"
 [dependencies]
 cfg-if = "1.0"
 elliptic-curve = { version = "0.12.3", default-features = false, features = ["hazmat", "sec1"] }
-once_cell = { version = "1.16", default-features = false, features = ["critical-section"] }
 
 # optional dependencies
+once_cell = { version = "1.16", optional = true, default-features = false, features = ["critical-section"] }
 ecdsa-core = { version = "=0.15.0-rc.1", package = "ecdsa", optional = true, default-features = false, features = ["der"] }
 hex-literal = { version = "0.3", optional = true }
 serdect = { version = "0.1", optional = true, default-features = false }
@@ -41,11 +41,12 @@ rand_core = { version = "0.6", features = ["getrandom"] }
 sha3 = { version = "0.10", default-features = false }
 
 [features]
-default = ["arithmetic", "ecdsa", "pkcs8", "schnorr", "std"]
+default = ["arithmetic", "basepoint-tables", "ecdsa", "pkcs8", "schnorr", "std"]
 alloc = ["ecdsa-core?/alloc", "elliptic-curve/alloc"]
 std = ["alloc", "ecdsa-core?/std", "elliptic-curve/std"]
 
 arithmetic = ["elliptic-curve/arithmetic"]
+basepoint-tables = ["arithmetic", "once_cell"]
 bits = ["arithmetic", "elliptic-curve/bits"]
 digest = ["ecdsa-core/digest", "ecdsa-core/hazmat"]
 ecdh = ["arithmetic", "elliptic-curve/ecdh"]

k256/src/arithmetic/mul.rs

@@ -44,6 +44,8 @@ use elliptic_curve::{
     subtle::{Choice, ConditionallySelectable, ConstantTimeEq},
     IsHigh,
 };
+
+#[cfg(feature = "basepoint-tables")]
 use once_cell::sync::Lazy;
 
 /// Lookup table containing precomputed values `[p, 2p, 3p, ..., 8p]`
@@ -372,8 +374,11 @@ fn lincomb_generic<const N: usize>(xs: &[ProjectivePoint; N], ks: &[Scalar; N])
     acc
 }
 
+/// Lazily computed basepoint table.
+#[cfg(feature = "basepoint-tables")]
 static GEN_LOOKUP_TABLE: Lazy<[LookupTable; 33]> = Lazy::new(precompute_gen_lookup_table);
 
+#[cfg(feature = "basepoint-tables")]
 fn precompute_gen_lookup_table() -> [LookupTable; 33] {
     let mut gen = ProjectivePoint::GENERATOR;
     let mut res = [LookupTable::default(); 33];
@@ -389,7 +394,14 @@ fn precompute_gen_lookup_table() -> [LookupTable; 33] {
     res
 }
 
-/// Calculages `k * G`, where `G` is the generator.
+/// Calculates `k * G`, where `G` is the generator.
+#[cfg(not(feature = "basepoint-tables"))]
+pub fn mul_by_generator(k: &Scalar) -> ProjectivePoint {
+    ProjectivePoint::GENERATOR * k
+}
+
+/// Calculates `k * G`, where `G` is the generator.
+#[cfg(feature = "basepoint-tables")]
 pub fn mul_by_generator(k: &Scalar) -> ProjectivePoint {
     let digits = Radix16Decomposition::<65>::new(k);
     let table = *GEN_LOOKUP_TABLE;