There is occasionally a need to multiply a non-prime-order Montgomery point by an integer. There's currently no way to do this, since our only methods are multiplication by Scalar (doesn't make sense in the non-prime-order case), and MontgomeryPoint::mul_base_clamped clamps the integer before multiplying.
So we define MontgomeryPoint::mul_bits_be, gated behind hazmat, which takes a big-endian representation of an integer and multiplies the point by that integer.
rozbb
commented
1 year ago
There is occasionally a need to multiply a non-prime-order Montgomery point by an integer. There's currently no way to do this, since our only methods are multiplication by
Scalar(doesn't make sense in the non-prime-order case), andMontgomeryPoint::mul_base_clampedclamps the integer before multiplying.So we define
MontgomeryPoint::mul_bits_be, gated behindhazmat, which takes a big-endian representation of an integer and multiplies the point by that integer.cc @elichai