secp256k1_gej_add_ge_var, and mainly in a descendant of the secp256k1_ecmult_gen2 function from here:
static void
hrdec_mult_gen2(secp256k1_gej *r,
const uchar *seckey) {
secp256k1_gej o1;
secp256k1_gej s1, s2, s3, s4, s5, s6, s7, s8,
s9,s10,s11,s12,s13,s14,s15,s16;
secp256k1_gej_set_ge(&o1, &prec[ seckey[31]]);
secp256k1_gej_add_ge_var(&s1, &o1, &prec[ 256 + seckey[30]], NULL);
secp256k1_gej_set_ge(&o1, &prec[512 + seckey[29]]);
secp256k1_gej_add_ge_var(&s2, &o1, &prec[ 768 + seckey[28]], NULL);
secp256k1_gej_set_ge(&o1, &prec[1024 + seckey[27]]);
secp256k1_gej_add_ge_var(&s3, &o1, &prec[1280 + seckey[26]], NULL);
secp256k1_gej_set_ge(&o1, &prec[1536 + seckey[25]]);
secp256k1_gej_add_ge_var(&s4, &o1, &prec[1792 + seckey[24]], NULL);
secp256k1_gej_set_ge(&o1, &prec[2048 + seckey[23]]);
secp256k1_gej_add_ge_var(&s5, &o1, &prec[2304 + seckey[22]], NULL);
secp256k1_gej_set_ge(&o1, &prec[2560 + seckey[21]]);
secp256k1_gej_add_ge_var(&s6, &o1, &prec[2816 + seckey[20]], NULL);
secp256k1_gej_set_ge(&o1, &prec[3072 + seckey[19]]);
secp256k1_gej_add_ge_var(&s7, &o1, &prec[3328 + seckey[18]], NULL);
secp256k1_gej_set_ge(&o1, &prec[3584 + seckey[17]]);
secp256k1_gej_add_ge_var(&s8, &o1, &prec[3840 + seckey[16]], NULL);
secp256k1_gej_set_ge(&o1, &prec[4096 + seckey[15]]);
secp256k1_gej_add_ge_var(&s9, &o1, &prec[4352 + seckey[14]], NULL);
secp256k1_gej_set_ge(&o1, &prec[4608 + seckey[13]]);
secp256k1_gej_add_ge_var(&s10, &o1, &prec[4864 + seckey[12]], NULL);
secp256k1_gej_set_ge(&o1, &prec[5120 + seckey[11]]);
secp256k1_gej_add_ge_var(&s11, &o1, &prec[5376 + seckey[10]], NULL);
secp256k1_gej_set_ge(&o1, &prec[5632 + seckey[9]]);
secp256k1_gej_add_ge_var(&s12, &o1, &prec[5888 + seckey[8]], NULL);
secp256k1_gej_set_ge(&o1, &prec[6144 + seckey[7]]);
secp256k1_gej_add_ge_var(&s13, &o1, &prec[6400 + seckey[6]], NULL);
secp256k1_gej_set_ge(&o1, &prec[6656 + seckey[5]]);
secp256k1_gej_add_ge_var(&s14, &o1, &prec[6912 + seckey[4]], NULL);
secp256k1_gej_set_ge(&o1, &prec[7168 + seckey[3]]);
secp256k1_gej_add_ge_var(&s15, &o1, &prec[7424 + seckey[2]], NULL);
secp256k1_gej_set_ge(&o1, &prec[7680 + seckey[1]]);
secp256k1_gej_add_ge_var(&s16, &o1, &prec[7936 + seckey[0]], NULL);
secp256k1_gej t1;
secp256k1_gej_add_var(&t1, &s1, &s2, NULL);
secp256k1_gej_add_var(&s1, &s3, &s4, NULL);
secp256k1_gej_add_var(&s2, &s5, &s6, NULL);
secp256k1_gej_add_var(&s3, &s7, &s8, NULL);
secp256k1_gej_add_var(&s4, &s9, &s10, NULL);
secp256k1_gej_add_var(&s5, &s11, &s12, NULL);
secp256k1_gej_add_var(&s6, &s13, &s14, NULL);
secp256k1_gej_add_var(&s7, &s15, &s16, NULL);
secp256k1_gej_add_var(&s8, &t1, &s1, NULL);
secp256k1_gej_add_var(&s1, &s2, &s3, NULL);
secp256k1_gej_add_var(&s2, &s4, &s5, NULL);
secp256k1_gej_add_var(&s3, &s6, &s7, NULL);
secp256k1_gej x1,x2;
secp256k1_gej_add_var(&x1, &s1, &s2, NULL);
secp256k1_gej_add_var(&x2, &s3, &s8, NULL);
secp256k1_gej_add_var(r, &x1, &x2, NULL);
}
I am highly dissatisfied with the code and the runtime still. All I managed by the tree-addition was to spare myself one secp256k1_gej_add_var call. All this EC arithmetic looks so clumsy...
I'll probably try to find some more efficient way how to form the sum of N secp256k1_gej values.
