AffineNielsPoint::multiply_bits
For parity with ExtendedNielsPoint::multiply_bits, and it is also slightly more efficient to use if the caller is starting from an AffinePoint.
This commit is contained in:
parent
798bc797e5
commit
a6afd81603
31
src/lib.rs
31
src/lib.rs
|
@ -219,6 +219,37 @@ impl AffineNielsPoint {
|
||||||
t2d: Fq::zero(),
|
t2d: Fq::zero(),
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#[inline]
|
||||||
|
fn multiply(&self, by: &[u8; 32]) -> ExtendedPoint {
|
||||||
|
let zero = AffineNielsPoint::identity();
|
||||||
|
|
||||||
|
let mut acc = ExtendedPoint::identity();
|
||||||
|
|
||||||
|
// This is a simple double-and-add implementation of point
|
||||||
|
// multiplication, moving from most significant to least
|
||||||
|
// significant bit of the scalar.
|
||||||
|
//
|
||||||
|
// We skip the leading four bits because they're always
|
||||||
|
// unset for Fr.
|
||||||
|
for bit in by
|
||||||
|
.iter()
|
||||||
|
.rev()
|
||||||
|
.flat_map(|byte| (0..8).rev().map(move |i| Choice::from((byte >> i) & 1u8)))
|
||||||
|
.skip(4)
|
||||||
|
{
|
||||||
|
acc = acc.double();
|
||||||
|
acc += AffineNielsPoint::conditional_select(&zero, &self, bit);
|
||||||
|
}
|
||||||
|
|
||||||
|
acc
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Multiplies this point by the specific little-endian bit pattern in the
|
||||||
|
/// given byte array, ignoring the highest four bits.
|
||||||
|
pub fn multiply_bits(&self, by: &[u8; 32]) -> ExtendedPoint {
|
||||||
|
self.multiply(by)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
impl ConditionallySelectable for AffineNielsPoint {
|
impl ConditionallySelectable for AffineNielsPoint {
|
||||||
|
|
Loading…
Reference in New Issue