Skip to main content

ed448_goldilocks/curve/scalar_mul/
double_and_add.rs

1use crate::curve::twedwards::extended::ExtendedPoint;
2use crate::curve::twedwards::extensible::ExtensiblePoint;
3use subtle::{Choice, ConditionallySelectable};
4
5/// Traditional double and add algorithm
6pub(crate) fn double_and_add(point: &ExtendedPoint, s_bits: [bool; 448]) -> ExtensiblePoint {
7    let mut result = ExtensiblePoint::IDENTITY;
8
9    // NB, we reverse here, so we are going from MSB to LSB
10    // XXX: Would be great if subtle had a From<u32> for Choice. But maybe that is not it's purpose?
11    for bit in s_bits.into_iter().rev() {
12        result = result.double();
13
14        let mut p = ExtendedPoint::IDENTITY;
15        p.conditional_assign(point, Choice::from(bit as u8));
16        result = result.to_extended().add_extended(&p);
17    }
18
19    result
20}