RistrettoPoint::vartime_check_double_scalar_mul_basepoint

Checks whether [a]A + [b]B = C in variable time.
dalek-cryptography · Dec 12, 2022 · 28b9aa5 · 28b9aa5
1 parent 6df1917
commit 28b9aa5
Showing 1 changed file with 12 additions and 2 deletions.
diff --git a/src/ristretto.rs b/src/ristretto.rs
@@ -179,7 +179,6 @@ use digest::Digest;
 use crate::constants;
 use crate::field::FieldElement;
 
-#[cfg(feature = "alloc")]
 use cfg_if::cfg_if;
 
 use subtle::Choice;
@@ -199,7 +198,6 @@ use crate::traits::Identity;
 #[cfg(feature = "alloc")]
 use crate::traits::{MultiscalarMul, VartimeMultiscalarMul, VartimePrecomputedMultiscalarMul};
 
-#[cfg(feature = "alloc")]
 cfg_if! {
     if #[cfg(all(
         curve25519_dalek_backend = "simd",
@@ -1025,6 +1023,18 @@ impl RistrettoPoint {
             a, &A.0, b,
         ))
     }
+
+    /// Checks whether \\([a]A + [b]B = C\\) in variable time.
+    pub fn vartime_check_double_scalar_mul_basepoint(
+        a: &Scalar,
+        A: &RistrettoPoint,
+        b: &Scalar,
+        C: &RistrettoPoint,
+    ) -> bool {
+        use crate::traits::IsIdentity;
+
+        scalar_mul::abglsv_pornin::mul(a, &A.0, b, &C.0).is_identity()
+    }
 }
 
 /// A precomputed table of multiples of a basepoint, used to accelerate