@@ -72,29 +72,8 @@ pub struct ProjectiveMontgomeryXpoint {
7272impl Mul < & EdwardsScalar > for & MontgomeryXpoint {
7373 type Output = ProjectiveMontgomeryXpoint ;
7474
75- #[ allow( clippy:: suspicious_arithmetic_impl) ]
7675 fn mul ( self , scalar : & EdwardsScalar ) -> ProjectiveMontgomeryXpoint {
77- // Algorithm 8 of Costello-Smith 2017
78- let affine_u = FieldElement :: from_bytes ( & self . 0 ) ;
79- let mut x0 = ProjectiveMontgomeryXpoint :: IDENTITY ;
80- let mut x1 = ProjectiveMontgomeryXpoint {
81- U : affine_u,
82- W : FieldElement :: ONE ,
83- } ;
84-
85- let bits = scalar. bits ( ) ;
86- let mut swap = 0 ;
87- for s in ( 0 ..448 ) . rev ( ) {
88- let bit = bits[ s] as u8 ;
89- let choice: u8 = swap ^ bit;
90-
91- ProjectiveMontgomeryXpoint :: conditional_swap ( & mut x0, & mut x1, Choice :: from ( choice) ) ;
92- differential_add_and_double ( & mut x0, & mut x1, & affine_u) ;
93-
94- swap = bit;
95- }
96-
97- x0
76+ self . mul_internal ( scalar) . 0
9877 }
9978}
10079
@@ -149,6 +128,30 @@ impl MontgomeryXpoint {
149128 v
150129 }
151130
131+ pub ( super ) fn mul_internal (
132+ & self ,
133+ scalar : & EdwardsScalar ,
134+ ) -> ( ProjectiveMontgomeryXpoint , ProjectiveMontgomeryXpoint ) {
135+ // Algorithm 8 of Costello-Smith 2017
136+ let mut x0 = ProjectiveMontgomeryXpoint :: IDENTITY ;
137+ let mut x1 = self . to_projective ( ) ;
138+ let diff = x1. U ;
139+
140+ let bits = scalar. bits ( ) ;
141+ let mut swap = 0 ;
142+ for s in ( 0 ..448 ) . rev ( ) {
143+ let bit = bits[ s] as u8 ;
144+ let choice: u8 = swap ^ bit;
145+
146+ ProjectiveMontgomeryXpoint :: conditional_swap ( & mut x0, & mut x1, Choice :: from ( choice) ) ;
147+ differential_add_and_double ( & mut x0, & mut x1, & diff) ;
148+
149+ swap = bit;
150+ }
151+
152+ ( x0, x1)
153+ }
154+
152155 /// Convert the point to a ProjectiveMontgomeryPoint
153156pub fn to_projective ( & self ) -> ProjectiveMontgomeryXpoint {
154157 ProjectiveMontgomeryXpoint {
0 commit comments