diff --git a/include/polarssl/config.h b/include/polarssl/config.h
index d98bdb34f..16643dcaf 100644
--- a/include/polarssl/config.h
+++ b/include/polarssl/config.h
@@ -1874,6 +1874,7 @@
 //
 #define POLARSSL_ECP_MAX_BITS             521 /**< Maximum bit size of groups */
 #define POLARSSL_ECP_WINDOW_SIZE            6 /**< Maximum window size used */
+#define POLARSSL_ECP_FIXED_POINT_OPTIM      1 /**< Enable fixed-point speed-up */
 
 // Entropy options
 //
diff --git a/include/polarssl/ecp.h b/include/polarssl/ecp.h
index ff1072e0c..23351a742 100644
--- a/include/polarssl/ecp.h
+++ b/include/polarssl/ecp.h
@@ -178,11 +178,33 @@ ecp_keypair;
  * Minimum value: 2. Maximum value: 7.
  *
  * Result is an array of at most ( 1 << ( POLARSSL_ECP_WINDOW_SIZE - 1 ) )
- * points used for point multiplication.
+ * points used for point multiplication. This value is directly tied to EC
+ * peak memory usage, so decreasing it by one should roughly cut memory usage
+ * by two (if large curves are in use).
  *
- * Reduction in size may reduce speed for big curves.
+ * Reduction in size may reduce speed, but larger curves are impacted first.
+ * Sample performances (in ECDHE handshakes/s, with FIXED_POINT_OPTIM = 1):
+ *      w-size:     6       5       4       3       2
+ *      521       145     141     135     120      97
+ *      384       214     209     198     177     146
+ *      256       320     320     303     262     226
+ *      224       475     475     453     398     342
+ *      192       640     640     633     587     476
  */
 #define POLARSSL_ECP_WINDOW_SIZE    6   /**< Maximum window size used */
+
+/*
+ * Trade memory for speed on fixed-point multiplication.
+ *
+ * This speeds up repeated multiplication of the generator (that is, the
+ * multiplication in ECDSA signatures, and half of the multiplications in
+ * ECDSA verification and ECDHE) by a factor roughly 3 to 4.
+ *
+ * The cost is increasing EC peak memory usage by a factor roughly 2.
+ *
+ * Change this value to 0 to reduce peak memory usage.
+ */
+#define POLARSSL_ECP_FIXED_POINT_OPTIM  1   /**< Enable fixed-point speed-up */
 #endif
 
 /*
diff --git a/library/ecp.c b/library/ecp.c
index c3397a4f8..58b5d752e 100644
--- a/library/ecp.c
+++ b/library/ecp.c
@@ -1315,12 +1315,17 @@ static int ecp_mul_comb( ecp_group *grp, ecp_point *R,
 
     /*
      * If P == G, pre-compute a bit more, since this may be re-used later.
-     * Just adding one ups the cost of the first mul by at most 3%.
+     * Just adding one avoids upping the cost of the first mul too much,
+     * and the memory cost too.
      */
+#if POLARSSL_ECP_FIXED_POINT_OPTIM == 1
     p_eq_g = ( mpi_cmp_mpi( &P->Y, &grp->G.Y ) == 0 &&
                mpi_cmp_mpi( &P->X, &grp->G.X ) == 0 );
     if( p_eq_g )
         w++;
+#else
+    p_eq_g = 0;
+#endif
 
     /*
      * Make sure w is within bounds.