Which means, that not only we can use 02 and 03 as a prefix, but the number "three" can be used, to get three different x-values, leading to the same y-value. However, things doesn't stop there: by factoring n-1, we can use these numbers to explore smaller circles, where the biggest one has only 341948486974166000522343609283189 elements.
Yeah, that endo property is the reason why a vanity search can be sped up when the actual key range does not matter. But think about it: the SHA will get 32 new bytes for pubKey (X * lambda), so not much to reuse unfortunately. For 02 vs 03 - maybe. But the avalanche effect will inevitably do its job.
I think crypto guys are at a current state where they agree that using the endo as an attack vector doesn't really work. They tried and failed. No one found a way yet. It only helps with speeding up ECDSA verification today, to multiply random points with random scalars.
When I meant compiler, I was referring to the CUDA compiler, not a CPU one. For nvcc, any register in the code that isn't eventually useful (e.g. printed or written to memory) gets its entire traceback code completely removed. No useless instructions ever execute, because, well, all the instructions and all the branches always execute. Also, usually recomputing data ends up being much faster than reusing data. It's crazy.
I agree with this but in practice there are still some improvements possible.
Example : You can save a register on the triple XORs of sha256 by writing asm directly. This still works on the latest nvcc/nvrtc versions. So the compiler is not THAT smart. Doing stuff like this in quite a few places allows to reach 96 registers and yield occupancy related gains. It also shuffles the integer instruction mix a bit (less LOP3), which looks nice in profiler but probably has little effect overall on the current architectures.