Re-use Scalar::halve() to compute div_by_four()

daxpedda · daxpedda · commit 55b2586ded7c · 2025-09-01T12:18:56.000+02:00
diff --git a/ed448-goldilocks/src/edwards/extended.rs b/ed448-goldilocks/src/edwards/extended.rs
@@ -553,8 +553,7 @@ impl EdwardsPoint {
     /// Generic scalar multiplication to compute s*P
     pub fn scalar_mul(&self, scalar: &EdwardsScalar) -> Self {
         // Compute floor(s/4)
-        let mut scalar_div_four = *scalar;
-        scalar_div_four.div_by_four();
+        let scalar_div_four = scalar.div_by_four();
 
         // Use isogeny and dual isogeny to compute phi^-1((s/4) * phi(P))
         variable_base(&self.to_twisted(), &scalar_div_four).to_untwisted()
diff --git a/ed448-goldilocks/src/field/scalar.rs b/ed448-goldilocks/src/field/scalar.rs
@@ -661,20 +661,8 @@ impl<C: CurveWithScalar> Scalar<C> {
     /// Divides a scalar by four without reducing mod p
     /// This is used in the 2-isogeny when mapping points from Ed448-Goldilocks
     /// to Twisted-Goldilocks
-    pub(crate) fn div_by_four(&mut self) {
-        let s_mod_4 = self[0] & 3;
-
-        let s_plus_l = self.scalar + ORDER;
-        let s_plus_2l = s_plus_l + ORDER;
-        let s_plus_3l = s_plus_2l + ORDER;
-
-        self.scalar.conditional_assign(&s_plus_l, s_mod_4.ct_eq(&1));
-        self.scalar
-            .conditional_assign(&s_plus_2l, s_mod_4.ct_eq(&2));
-        self.scalar
-            .conditional_assign(&s_plus_3l, s_mod_4.ct_eq(&3));
-
-        self.scalar >>= 2;
+    pub(crate) fn div_by_four(&self) -> Self {
+        self.halve().halve()
     }
 
     // This method was modified from Curve25519-Dalek codebase. [scalar.rs]
