deletions | additions       diff --git a/untitled.tex b/untitled.tex  index 4193274..2b535c3 100644  --- a/untitled.tex  +++ b/untitled.tex 
...
\section{Costs of point multiplying using a non-power-of-2 base}  The first thing we want to look at is how much more expensive it is to use a base which is not a power of 2. After all, a base which is a power of 2 allows us to implement that fixed multiplication by a handful of doublings, which is the most efficient possible. However, it turns out that other bases are almost as cheap.  To make this an apples-to-apples comparison, in both cases we'll assume that we're dealing with an Elliptic Curve with a 256 bit subgroup, and that we'll use a 64 bit blinding value $r$, yielding an exponent which is 320 bits long. We'll use the radix method, using a balanced representation of the digits (that is, the digits are values in the range $[-b/2, b/2]$ b/2]$, and we'll assume that the addition-by-0 is masked somehow (whether the low-level addition routines handle it without a special case, or because in that case we'll add by an arbitrary point and discard the result).  To implement this using radix $b=32$ (which is optimal over all powers-of-2 in this scenario), we'll first perform 7 doublings, 7 additions and 15 negations to compute the digits $(-16G, -15G, ..., 15G, 16G)$\footnote{In some elliptic curve representations, the operation of adding a point to itself (doubling) is cheaper than adding two distinct points, hence we track those separately}  \begin{itemize}  \item Generating exponents into non-power-of-2 base 
...