RustCrypto · daxpedda · Sep 24, 2025
diff --git a/ed448-goldilocks/src/decaf/scalar.rs b/ed448-goldilocks/src/decaf/scalar.rs
@@ -11,6 +11,8 @@ use subtle::{Choice, ConstantTimeEq, CtOption};
 impl CurveWithScalar for Decaf448 {
     type ReprSize = U56;
 
+    const NUM_BITS: u32 = 448;
+
     fn from_bytes_mod_order_wide(input: &WideScalarBytes<Self>) -> Scalar<Self> {
         let value = (
             U448::from_le_slice(&input[..56]),

diff --git a/ed448-goldilocks/src/edwards/scalar.rs b/ed448-goldilocks/src/edwards/scalar.rs
@@ -11,6 +11,8 @@ use subtle::{Choice, ConstantTimeEq, CtOption};
 impl CurveWithScalar for Ed448 {
     type ReprSize = U57;
 
+    const NUM_BITS: u32 = 456;
+
     fn from_bytes_mod_order_wide(input: &WideScalarBytes<Self>) -> Scalar<Self> {
         // top multiplier = 2^896 mod ℓ
         const TOP_MULTIPLIER: U448 = U448::from_be_hex(
@@ -297,7 +299,7 @@ mod test {
         let res = serde_bare::to_vec(&EdwardsScalar::TWO_INV);
         assert!(res.is_ok());
         let sb = res.unwrap();
-        assert_eq!(sb.len(), 57);
+        assert_eq!(sb.len(), 58);
 
         let res = serde_bare::from_slice::<EdwardsScalar>(&sb);
         assert!(res.is_ok());

diff --git a/ed448-goldilocks/src/field/scalar.rs b/ed448-goldilocks/src/field/scalar.rs
@@ -44,6 +44,8 @@ pub type WideScalarBytes<C> = Array<u8, Prod<<C as CurveWithScalar>::ReprSize, U
 pub trait CurveWithScalar: 'static + CurveArithmetic + Send + Sync {
     type ReprSize: ArraySize<ArrayType<u8>: Copy> + Mul<U2, Output: ArraySize<ArrayType<u8>: Copy>>;
 
+    const NUM_BITS: u32;
+
     fn from_bytes_mod_order_wide(input: &WideScalarBytes<Self>) -> Scalar<Self>;
 
     fn from_canonical_bytes(bytes: &ScalarBytes<Self>) -> CtOption<Scalar<Self>>;
@@ -339,7 +341,7 @@ impl<C: CurveWithScalar> PrimeField for Scalar<C> {
         Choice::from((self.scalar.to_words()[0] & 1) as u8)
     }
     const MODULUS: &'static str = "3fffffffffffffffffffffffffffffffffffffffffffffffffffffff7cca23e9c44edb49aed63690216cc2728dc58f552378c292ab5844f3";
-    const NUM_BITS: u32 = 448;
+    const NUM_BITS: u32 = C::NUM_BITS;
     const CAPACITY: u32 = Self::NUM_BITS - 1;
     const TWO_INV: Self = Self::new(U448::from_be_hex(
         "1fffffffffffffffffffffffffffffffffffffffffffffffffffffffbe6511f4e2276da4d76b1b4810b6613946e2c7aa91bc614955ac227a",
@@ -430,7 +432,7 @@ impl<C: CurveWithScalar> serdect::serde::Serialize for Scalar<C> {
     where
         S: serdect::serde::Serializer,
     {
-        serdect::slice::serialize_hex_lower_or_bin(&self.to_bytes(), s)
+        serdect::slice::serialize_hex_lower_or_bin(&self.to_repr(), s)
     }
 }
 
@@ -441,7 +443,7 @@ impl<'de, C: CurveWithScalar> serdect::serde::Deserialize<'de> for Scalar<C> {
         D: serdect::serde::Deserializer<'de>,
     {
         let mut buffer = ScalarBytes::<C>::default();
-        serdect::array::deserialize_hex_or_bin(&mut buffer[..56], d)?;
+        serdect::array::deserialize_hex_or_bin(&mut buffer, d)?;
         Option::from(Self::from_canonical_bytes(&buffer)).ok_or(serdect::serde::de::Error::custom(
             "scalar was not canonically encoded",
         ))

diff --git a/ed448-goldilocks/src/lib.rs b/ed448-goldilocks/src/lib.rs
@@ -100,12 +100,12 @@ impl PointCompression for Ed448 {
 
 impl FieldBytesEncoding<Ed448> for U448 {
     fn decode_field_bytes(field_bytes: &Ed448FieldBytes) -> Self {
-        U448::from_le_slice(field_bytes)
+        U448::from_le_slice(&field_bytes[..56])
     }
 
     fn encode_field_bytes(&self) -> Ed448FieldBytes {
         let mut data = Ed448FieldBytes::default();
-        data.copy_from_slice(&self.to_le_byte_array()[..]);
+        data[..56].copy_from_slice(&self.to_le_byte_array());
         data
     }
 }