MSM

Multi-scalar multiplication (MSM) refers to calculating the following summation:

Or in other words, MSM calculates the sum of groups elements $P$ multiplied by scalars $k$, where $n$ is the total number of scalar $*$ element multiplications.

In terms of elliptic curve operations, we use MSM to calculate the sum of point-scalar multiplications. Since point addition operations are cheap based on , operation on points are best reduced to a series of additions (and/or doubles since they are also additions). The most naive reduction method for this purpose is "," though numerous additional approaches have been discovered to further reduce the total number of addition and double operations.

Here is a list of current optimizations done on MSM:

1. (MSM optimization)

   1. Reduces number of additions and doubles in comparison to ""

2. (optimization on or other naive bucket methods)

   1. Using , the number of required buckets per window is reduced in half

3. (optimization for batch elliptic curve point additions)

   1. When calculating batches of point additions at once, batch inversion can be utilized to reduce the number of required field inverse operations to 1.

4. Montgomery Multiplication (optimization on field multiplications)

   1. Efficiently computes modular arithmetic using

5. (optimization for point-scalar multiplication)

   1. GLV is often used to decompose MSM multiplications before running separate MSM's on the smaller parts. GLV generally reduces the total number of doubles operations needed; however, more significantly, if GLV is used before , the number of buckets required is reduced to $\frac{1}{4}$ of the original number.