@@ -69,29 +69,8 @@ pub struct ProjectiveMontgomeryXpoint {
6969impl Mul < & EdwardsScalar > for & MontgomeryXpoint {
7070 type Output = ProjectiveMontgomeryXpoint ;
7171
72- #[ allow( clippy:: suspicious_arithmetic_impl) ]
7372 fn mul ( self , scalar : & EdwardsScalar ) -> ProjectiveMontgomeryXpoint {
74- // Algorithm 8 of Costello-Smith 2017
75- let affine_u = FieldElement :: from_bytes ( & self . 0 ) ;
76- let mut x0 = ProjectiveMontgomeryXpoint :: IDENTITY ;
77- let mut x1 = ProjectiveMontgomeryXpoint {
78- U : affine_u,
79- W : FieldElement :: ONE ,
80- } ;
81-
82- let bits = scalar. bits ( ) ;
83- let mut swap = 0 ;
84- for s in ( 0 ..448 ) . rev ( ) {
85- let bit = bits[ s] as u8 ;
86- let choice: u8 = swap ^ bit;
87-
88- ProjectiveMontgomeryXpoint :: conditional_swap ( & mut x0, & mut x1, Choice :: from ( choice) ) ;
89- differential_add_and_double ( & mut x0, & mut x1, & affine_u) ;
90-
91- swap = bit;
92- }
93-
94- x0
73+ self . mul_internal ( scalar) . 0
9574 }
9675}
9776
@@ -134,6 +113,30 @@ impl MontgomeryXpoint {
134113 self . to_projective ( ) . y ( sign) . to_bytes ( )
135114 }
136115
116+ pub ( super ) fn mul_internal (
117+ & self ,
118+ scalar : & EdwardsScalar ,
119+ ) -> ( ProjectiveMontgomeryXpoint , ProjectiveMontgomeryXpoint ) {
120+ // Algorithm 8 of Costello-Smith 2017
121+ let mut x0 = ProjectiveMontgomeryXpoint :: IDENTITY ;
122+ let mut x1 = self . to_projective ( ) ;
123+ let diff = x1. U ;
124+
125+ let bits = scalar. bits ( ) ;
126+ let mut swap = 0 ;
127+ for s in ( 0 ..448 ) . rev ( ) {
128+ let bit = bits[ s] as u8 ;
129+ let choice: u8 = swap ^ bit;
130+
131+ ProjectiveMontgomeryXpoint :: conditional_swap ( & mut x0, & mut x1, Choice :: from ( choice) ) ;
132+ differential_add_and_double ( & mut x0, & mut x1, & diff) ;
133+
134+ swap = bit;
135+ }
136+
137+ ( x0, x1)
138+ }
139+
137140 /// Convert the point to a ProjectiveMontgomeryPoint
138141pub fn to_projective ( & self ) -> ProjectiveMontgomeryXpoint {
139142 ProjectiveMontgomeryXpoint {
0 commit comments