On secp256k1 (i.e. the k256 crate) we would like to be able to leverage the GLV endomorphism to accelerate scalar multiplication. In fact, without such acceleration wNAF is slower than a constant-time implementation of scalar multiplication which does use it.
We're currently experimenting with this on https://github.com/RustCrypto/group, and there's a PR to k256 open which implements it directly there: RustCrypto/elliptic-curves#1745
I will try to ensure there's a PR open implementing the required API (which could be defined on e.g. the WnafGroup trait, with a default provided implementation)
On secp256k1 (i.e. the
k256crate) we would like to be able to leverage the GLV endomorphism to accelerate scalar multiplication. In fact, without such acceleration wNAF is slower than a constant-time implementation of scalar multiplication which does use it.We're currently experimenting with this on https://github.com/RustCrypto/group, and there's a PR to
k256open which implements it directly there: RustCrypto/elliptic-curves#1745I will try to ensure there's a PR open implementing the required API (which could be defined on e.g. the
WnafGrouptrait, with a default provided implementation)