@@ -72,29 +72,8 @@ pub struct ProjectiveMontgomeryXpoint {
7272impl Mul < & EdwardsScalar > for & MontgomeryXpoint {
7373 type Output = ProjectiveMontgomeryXpoint ;
7474
75- #[ allow( clippy:: suspicious_arithmetic_impl) ]
7675 fn mul ( self , scalar : & EdwardsScalar ) -> ProjectiveMontgomeryXpoint {
77- // Algorithm 8 of Costello-Smith 2017
78- let affine_u = FieldElement :: from_bytes ( & self . 0 ) ;
79- let mut x0 = ProjectiveMontgomeryXpoint :: IDENTITY ;
80- let mut x1 = ProjectiveMontgomeryXpoint {
81- U : affine_u,
82- W : FieldElement :: ONE ,
83- } ;
84-
85- let bits = scalar. bits ( ) ;
86- let mut swap = 0 ;
87- for s in ( 0 ..448 ) . rev ( ) {
88- let bit = bits[ s] as u8 ;
89- let choice: u8 = swap ^ bit;
90-
91- ProjectiveMontgomeryXpoint :: conditional_swap ( & mut x0, & mut x1, Choice :: from ( choice) ) ;
92- differential_add_and_double ( & mut x0, & mut x1, & affine_u) ;
93-
94- swap = bit;
95- }
96-
97- x0
76+ self . mul_internal ( scalar) . 0
9877 }
9978}
10079
@@ -137,6 +116,30 @@ impl MontgomeryXpoint {
137116 self . to_projective ( ) . y ( sign) . to_bytes ( )
138117 }
139118
119+ pub ( super ) fn mul_internal (
120+ & self ,
121+ scalar : & EdwardsScalar ,
122+ ) -> ( ProjectiveMontgomeryXpoint , ProjectiveMontgomeryXpoint ) {
123+ // Algorithm 8 of Costello-Smith 2017
124+ let mut x0 = ProjectiveMontgomeryXpoint :: IDENTITY ;
125+ let mut x1 = self . to_projective ( ) ;
126+ let diff = x1. U ;
127+
128+ let bits = scalar. bits ( ) ;
129+ let mut swap = 0 ;
130+ for s in ( 0 ..448 ) . rev ( ) {
131+ let bit = bits[ s] as u8 ;
132+ let choice: u8 = swap ^ bit;
133+
134+ ProjectiveMontgomeryXpoint :: conditional_swap ( & mut x0, & mut x1, Choice :: from ( choice) ) ;
135+ differential_add_and_double ( & mut x0, & mut x1, & diff) ;
136+
137+ swap = bit;
138+ }
139+
140+ ( x0, x1)
141+ }
142+
140143 /// Convert the point to a ProjectiveMontgomeryPoint
141144pub fn to_projective ( & self ) -> ProjectiveMontgomeryXpoint {
142145 ProjectiveMontgomeryXpoint {
0 commit comments