Change MontgomeryPoint scalar multiplication output to ProjectiveMontgomeryXpoint

daxpedda · daxpedda · commit 853ca1e57781 · 2025-07-19T01:10:07.000+02:00
diff --git a/ed448-goldilocks/src/montgomery/x.rs b/ed448-goldilocks/src/montgomery/x.rs
@@ -65,10 +65,10 @@ pub struct ProjectiveMontgomeryXpoint {
 }
 
 impl Mul<&EdwardsScalar> for &MontgomeryXpoint {
-    type Output = MontgomeryXpoint;
+    type Output = ProjectiveMontgomeryXpoint;
 
     #[allow(clippy::suspicious_arithmetic_impl)]
-    fn mul(self, scalar: &EdwardsScalar) -> MontgomeryXpoint {
+    fn mul(self, scalar: &EdwardsScalar) -> ProjectiveMontgomeryXpoint {
         // Algorithm 8 of Costello-Smith 2017
         let affine_u = FieldElement::from_bytes(&self.0);
         let mut x0 = ProjectiveMontgomeryXpoint::identity();
@@ -89,14 +89,14 @@ impl Mul<&EdwardsScalar> for &MontgomeryXpoint {
             swap = bit;
         }
 
-        x0.to_affine()
+        x0
     }
 }
 
 impl Mul<&MontgomeryXpoint> for &EdwardsScalar {
-    type Output = MontgomeryXpoint;
+    type Output = ProjectiveMontgomeryXpoint;
 
-    fn mul(self, point: &MontgomeryXpoint) -> MontgomeryXpoint {
+    fn mul(self, point: &MontgomeryXpoint) -> ProjectiveMontgomeryXpoint {
         point * self
     }
 }
@@ -161,6 +161,22 @@ impl PartialEq for ProjectiveMontgomeryXpoint {
     }
 }
 
+impl Mul<&EdwardsScalar> for &ProjectiveMontgomeryXpoint {
+    type Output = ProjectiveMontgomeryXpoint;
+
+    fn mul(self, scalar: &EdwardsScalar) -> ProjectiveMontgomeryXpoint {
+        &self.to_affine() * scalar
+    }
+}
+
+impl Mul<&ProjectiveMontgomeryXpoint> for &EdwardsScalar {
+    type Output = ProjectiveMontgomeryXpoint;
+
+    fn mul(self, point: &ProjectiveMontgomeryXpoint) -> ProjectiveMontgomeryXpoint {
+        point * self
+    }
+}
+
 fn differential_add_and_double(
     P: &mut ProjectiveMontgomeryXpoint,
     Q: &mut ProjectiveMontgomeryXpoint,
@@ -227,10 +243,13 @@ mod tests {
 
         // Montgomery scalar mul
         let montgomery_bp = bp.to_montgomery_x();
-        let montgomery_res = &montgomery_bp * &scalar;
+        let montgomery_res = &(&montgomery_bp * &scalar) * &scalar;
 
         // Goldilocks scalar mul
-        let goldilocks_point = bp.scalar_mul(&scalar);
-        assert_eq!(goldilocks_point.to_montgomery_x(), montgomery_res);
+        let goldilocks_point = bp.scalar_mul(&scalar).scalar_mul(&scalar);
+        assert_eq!(
+            goldilocks_point.to_montgomery_x(),
+            montgomery_res.to_affine()
+        );
     }
 }
