Use tuple for MultiscalarMul

daxpedda · daxpedda · commit 8b9538e68210 · 2025-07-17T18:40:44.000+02:00
diff --git a/curve25519-dalek/benches/dalek_benchmarks.rs b/curve25519-dalek/benches/dalek_benchmarks.rs
@@ -139,7 +139,7 @@ mod multiscalar_benches {
                     // rerandomize the scalars for every call just in case.
                     b.iter_batched(
                         || construct_scalars(size),
-                        |scalars| EdwardsPoint::multiscalar_alloc_mul(&scalars, &points),
+                        |scalars| EdwardsPoint::multiscalar_alloc_mul(points.iter().zip(scalars)),
                         BatchSize::SmallInput,
                     );
                 },
diff --git a/curve25519-dalek/src/backend/mod.rs b/curve25519-dalek/src/backend/mod.rs
@@ -194,49 +194,46 @@ impl VartimePrecomputedStraus {
 
 #[allow(missing_docs)]
 pub fn straus_multiscalar_mul<const N: usize>(
-    scalars: &[Scalar; N],
-    points: &[EdwardsPoint; N],
+    points_and_scalars: &[(EdwardsPoint, Scalar); N],
 ) -> EdwardsPoint {
     match get_selected_backend() {
         #[cfg(curve25519_dalek_backend = "simd")]
         BackendKind::Avx2 => {
-            vector::scalar_mul::straus::spec_avx2::Straus::multiscalar_mul(scalars, points)
+            vector::scalar_mul::straus::spec_avx2::Straus::multiscalar_mul(points_and_scalars)
         }
         #[cfg(all(curve25519_dalek_backend = "unstable_avx512", nightly))]
         BackendKind::Avx512 => {
             vector::scalar_mul::straus::spec_avx512ifma_avx512vl::Straus::multiscalar_mul(
                 scalars, points,
             )
         }
-        BackendKind::Serial => serial::scalar_mul::straus::Straus::multiscalar_mul(scalars, points),
+        BackendKind::Serial => {
+            serial::scalar_mul::straus::Straus::multiscalar_mul(points_and_scalars)
+        }
     }
 }
 
 #[allow(missing_docs)]
 #[cfg(feature = "alloc")]
-pub fn straus_multiscalar_alloc_mul<I, J>(scalars: I, points: J) -> EdwardsPoint
+pub fn straus_multiscalar_alloc_mul<I, P, S>(points_and_scalars: I) -> EdwardsPoint
 where
-    I: IntoIterator,
-    I::Item: core::borrow::Borrow<Scalar>,
-    J: IntoIterator,
-    J::Item: core::borrow::Borrow<EdwardsPoint>,
+    I: IntoIterator<Item = (P, S)>,
+    P: core::borrow::Borrow<EdwardsPoint>,
+    S: core::borrow::Borrow<Scalar>,
 {
     match get_selected_backend() {
         #[cfg(curve25519_dalek_backend = "simd")]
         BackendKind::Avx2 => {
-            vector::scalar_mul::straus::spec_avx2::Straus::multiscalar_alloc_mul::<I, J>(
-                scalars, points,
-            )
+            vector::scalar_mul::straus::spec_avx2::Straus::multiscalar_alloc_mul(points_and_scalars)
         }
         #[cfg(all(curve25519_dalek_backend = "unstable_avx512", nightly))]
         BackendKind::Avx512 => {
-            vector::scalar_mul::straus::spec_avx512ifma_avx512vl::Straus::multiscalar_alloc_mul::<
-                I,
-                J,
-            >(scalars, points)
+            vector::scalar_mul::straus::spec_avx512ifma_avx512vl::Straus::multiscalar_alloc_mul(
+                points_and_scalars,
+            )
         }
         BackendKind::Serial => {
-            serial::scalar_mul::straus::Straus::multiscalar_alloc_mul::<I, J>(scalars, points)
+            serial::scalar_mul::straus::Straus::multiscalar_alloc_mul(points_and_scalars)
         }
     }
 }
diff --git a/curve25519-dalek/src/backend/serial/scalar_mul/straus.rs b/curve25519-dalek/src/backend/serial/scalar_mul/straus.rs
@@ -55,38 +55,38 @@ impl MultiscalarMul for Straus {
     type Point = EdwardsPoint;
 
     fn multiscalar_mul<const N: usize>(
-        scalars: &[Scalar; N],
-        points: &[EdwardsPoint; N],
+        points_and_scalars: &[(EdwardsPoint, Scalar); N],
     ) -> EdwardsPoint {
-        let lookup_tables: [_; N] =
-            core::array::from_fn(|index| LookupTable::<ProjectiveNielsPoint>::from(&points[index]));
+        let lookup_tables: [_; N] = core::array::from_fn(|index| {
+            LookupTable::<ProjectiveNielsPoint>::from(&points_and_scalars[index].0)
+        });
 
-        let scalar_digits: [_; N] = core::array::from_fn(|index| scalars[index].as_radix_16());
+        let scalar_digits: [_; N] =
+            core::array::from_fn(|index| points_and_scalars[index].1.as_radix_16());
 
         multiscalar_mul(&scalar_digits, &lookup_tables)
     }
 
     #[cfg(feature = "alloc")]
-    fn multiscalar_alloc_mul<I, J>(scalars: I, points: J) -> EdwardsPoint
+    fn multiscalar_alloc_mul<I, P, S>(points_and_scalars: I) -> EdwardsPoint
     where
-        I: IntoIterator,
-        I::Item: Borrow<Scalar>,
-        J: IntoIterator,
-        J::Item: Borrow<EdwardsPoint>,
+        I: IntoIterator<Item = (P, S)>,
+        P: Borrow<EdwardsPoint>,
+        S: Borrow<Scalar>,
     {
-        let lookup_tables: Vec<_> = points
-            .into_iter()
-            .map(|point| LookupTable::<ProjectiveNielsPoint>::from(point.borrow()))
-            .collect();
-
         // This puts the scalar digits into a heap-allocated Vec.
         // To ensure that these are erased, pass ownership of the Vec into a
         // Zeroizing wrapper.
         #[cfg_attr(not(feature = "zeroize"), allow(unused_mut))]
-        let mut scalar_digits: Vec<_> = scalars
+        let (lookup_tables, mut scalar_digits): (Vec<_>, Vec<_>) = points_and_scalars
             .into_iter()
-            .map(|s| s.borrow().as_radix_16())
-            .collect();
+            .map(|(p, s)| {
+                (
+                    LookupTable::<ProjectiveNielsPoint>::from(p.borrow()),
+                    s.borrow().as_radix_16(),
+                )
+            })
+            .unzip();
 
         let Q = multiscalar_mul(&scalar_digits, &lookup_tables);
 
diff --git a/curve25519-dalek/src/backend/vector/scalar_mul/straus.rs b/curve25519-dalek/src/backend/vector/scalar_mul/straus.rs
@@ -53,38 +53,39 @@ pub mod spec {
         type Point = EdwardsPoint;
 
         fn multiscalar_mul<const N: usize>(
-            scalars: &[Scalar; N],
-            points: &[EdwardsPoint; N],
+            points_and_scalars: &[(EdwardsPoint, Scalar); N],
         ) -> EdwardsPoint {
             // Construct a lookup table of [P,2P,3P,4P,5P,6P,7P,8P]
             // for each input point P
-            let lookup_tables: [_; N] =
-                core::array::from_fn(|index| LookupTable::<CachedPoint>::from(&points[index]));
+            let lookup_tables: [_; N] = core::array::from_fn(|index| {
+                LookupTable::<CachedPoint>::from(&points_and_scalars[index].0)
+            });
 
-            let scalar_digits: [_; N] = core::array::from_fn(|index| scalars[index].as_radix_16());
+            let scalar_digits: [_; N] =
+                core::array::from_fn(|index| points_and_scalars[index].1.as_radix_16());
 
             multiscalar_mul(&scalar_digits, &lookup_tables)
         }
 
         #[cfg(feature = "alloc")]
-        fn multiscalar_alloc_mul<I, J>(scalars: I, points: J) -> EdwardsPoint
+        fn multiscalar_alloc_mul<I, P, S>(points_and_scalars: I) -> EdwardsPoint
         where
-            I: IntoIterator,
-            I::Item: Borrow<Scalar>,
-            J: IntoIterator,
-            J::Item: Borrow<EdwardsPoint>,
+            I: IntoIterator<Item = (P, S)>,
+            P: Borrow<EdwardsPoint>,
+            S: Borrow<Scalar>,
         {
             // Construct a lookup table of [P,2P,3P,4P,5P,6P,7P,8P]
             // for each input point P
-            let lookup_tables: Vec<_> = points
+            let (lookup_tables, scalar_digits_vec): (Vec<_>, Vec<_>) = points_and_scalars
                 .into_iter()
-                .map(|point| LookupTable::<CachedPoint>::from(point.borrow()))
-                .collect();
+                .map(|(p, s)| {
+                    (
+                        LookupTable::<CachedPoint>::from(p.borrow()),
+                        s.borrow().as_radix_16(),
+                    )
+                })
+                .unzip();
 
-            let scalar_digits_vec: Vec<_> = scalars
-                .into_iter()
-                .map(|s| s.borrow().as_radix_16())
-                .collect();
             // Pass ownership to a `Zeroizing` wrapper
             #[cfg(feature = "zeroize")]
             let scalar_digits_vec = zeroize::Zeroizing::new(scalar_digits_vec);
diff --git a/curve25519-dalek/src/edwards.rs b/curve25519-dalek/src/edwards.rs
@@ -898,38 +898,19 @@ impl MultiscalarMul for EdwardsPoint {
     type Point = EdwardsPoint;
 
     fn multiscalar_mul<const N: usize>(
-        scalars: &[Scalar; N],
-        points: &[Self::Point; N],
+        points_and_scalars: &[(Self::Point, Scalar); N],
     ) -> Self::Point {
-        crate::backend::straus_multiscalar_mul(scalars, points)
+        crate::backend::straus_multiscalar_mul(points_and_scalars)
     }
 
     #[cfg(feature = "alloc")]
-    fn multiscalar_alloc_mul<I, J>(scalars: I, points: J) -> EdwardsPoint
+    fn multiscalar_alloc_mul<I, P, S>(points_and_scalars: I) -> EdwardsPoint
     where
-        I: IntoIterator,
-        I::Item: Borrow<Scalar>,
-        J: IntoIterator,
-        J::Item: Borrow<EdwardsPoint>,
+        I: IntoIterator<Item = (P, S)>,
+        P: Borrow<Self::Point>,
+        S: Borrow<Scalar>,
     {
-        // Sanity-check lengths of input iterators
-        let mut scalars = scalars.into_iter();
-        let mut points = points.into_iter();
-
-        // Lower and upper bounds on iterators
-        let (s_lo, s_hi) = scalars.by_ref().size_hint();
-        let (p_lo, p_hi) = points.by_ref().size_hint();
-
-        // They should all be equal
-        assert_eq!(s_lo, p_lo);
-        assert_eq!(s_hi, Some(s_lo));
-        assert_eq!(p_hi, Some(p_lo));
-
-        // Now we know there's a single size.  When we do
-        // size-dependent algorithm dispatch, use this as the hint.
-        let _size = s_lo;
-
-        crate::backend::straus_multiscalar_alloc_mul(scalars, points)
+        crate::backend::straus_multiscalar_alloc_mul(points_and_scalars)
     }
 }
 
@@ -2202,7 +2183,7 @@ mod test {
         let Gs = xs.iter().map(EdwardsPoint::mul_base).collect::<Vec<_>>();
 
         // Compute H1 = <xs, Gs> (consttime)
-        let H1 = EdwardsPoint::multiscalar_alloc_mul(&xs, &Gs);
+        let H1 = EdwardsPoint::multiscalar_alloc_mul(Gs.iter().zip(&xs));
         // Compute H2 = <xs, Gs> (vartime)
         let H2 = EdwardsPoint::vartime_multiscalar_mul(&xs, &Gs);
         // Compute H3 = <xs, Gs> = sum(xi^2) * B
@@ -2360,8 +2341,9 @@ mod test {
                 &[A, constants::ED25519_BASEPOINT_POINT],
             );
             let result_consttime = EdwardsPoint::multiscalar_alloc_mul(
-                &[A_SCALAR, B_SCALAR],
-                &[A, constants::ED25519_BASEPOINT_POINT],
+                [A, constants::ED25519_BASEPOINT_POINT]
+                    .into_iter()
+                    .zip([A_SCALAR, B_SCALAR]),
             );
 
             assert_eq!(result_vartime.compress(), result_consttime.compress());
diff --git a/curve25519-dalek/src/ristretto.rs b/curve25519-dalek/src/ristretto.rs
@@ -1011,26 +1011,26 @@ impl MultiscalarMul for RistrettoPoint {
     type Point = RistrettoPoint;
 
     fn multiscalar_mul<const N: usize>(
-        scalars: &[Scalar; N],
-        points: &[Self::Point; N],
-    ) -> Self::Point {
-        let extended_points: [_; N] = core::array::from_fn(|index| points[index].0);
-        RistrettoPoint(EdwardsPoint::multiscalar_mul(scalars, &extended_points))
+        points_and_scalars: &[(RistrettoPoint, Scalar); N],
+    ) -> RistrettoPoint {
+        let points_and_scalars: [_; N] = core::array::from_fn(|index| {
+            let (p, s) = points_and_scalars[index];
+            (p.0, s)
+        });
+        RistrettoPoint(EdwardsPoint::multiscalar_mul(&points_and_scalars))
     }
 
     #[cfg(feature = "alloc")]
-    fn multiscalar_alloc_mul<I, J>(scalars: I, points: J) -> RistrettoPoint
+    fn multiscalar_alloc_mul<I, P, S>(points_and_scalars: I) -> RistrettoPoint
     where
-        I: IntoIterator,
-        I::Item: Borrow<Scalar>,
-        J: IntoIterator,
-        J::Item: Borrow<RistrettoPoint>,
+        I: IntoIterator<Item = (P, S)>,
+        P: Borrow<RistrettoPoint>,
+        S: Borrow<Scalar>,
     {
-        let extended_points = points.into_iter().map(|P| P.borrow().0);
-        RistrettoPoint(EdwardsPoint::multiscalar_alloc_mul(
-            scalars,
-            extended_points,
-        ))
+        let points_and_scalars = points_and_scalars
+            .into_iter()
+            .map(|(p, s)| (p.borrow().0, s));
+        RistrettoPoint(EdwardsPoint::multiscalar_alloc_mul(points_and_scalars))
     }
 }
 
diff --git a/curve25519-dalek/src/traits.rs b/curve25519-dalek/src/traits.rs
@@ -111,18 +111,15 @@ pub trait MultiscalarMul {
     /// let R = P + Q;
     ///
     /// // A1 = a*P + b*Q + c*R
-    /// let abc = [a,b,c];
-    /// let A1 = RistrettoPoint::multiscalar_mul(&abc, &[P,Q,R]);
+    /// let A1 = RistrettoPoint::multiscalar_mul(&[(P, a), (Q, b), (R, c)]);
     ///
     /// // A2 = (-a)*P + (-b)*Q + (-c)*R
-    /// let minus_abc = abc.map(|x| -x);
-    /// let A2 = RistrettoPoint::multiscalar_mul(&minus_abc, &[P,Q,R]);
+    /// let A2 = RistrettoPoint::multiscalar_mul(&[(P, -a), (Q, -b), (R, -c)]);
     ///
     /// assert_eq!(A1.compress(), (-A2).compress());
     /// ```
     fn multiscalar_mul<const N: usize>(
-        scalars: &[Scalar; N],
-        points: &[Self::Point; N],
+        points_and_scalars: &[(Self::Point, Scalar); N],
     ) -> Self::Point;
 
     /// Given an iterator of (possibly secret) scalars and an iterator of
@@ -160,24 +157,23 @@ pub trait MultiscalarMul {
     ///
     /// // A1 = a*P + b*Q + c*R
     /// let abc = [a,b,c];
-    /// let A1 = RistrettoPoint::multiscalar_alloc_mul(&abc, &[P,Q,R]);
+    /// let A1 = RistrettoPoint::multiscalar_alloc_mul([P,Q,R].into_iter().zip(&abc));
     /// // Note: (&abc).into_iter(): Iterator<Item=&Scalar>
     ///
     /// // A2 = (-a)*P + (-b)*Q + (-c)*R
     /// let minus_abc = abc.iter().map(|x| -x);
-    /// let A2 = RistrettoPoint::multiscalar_alloc_mul(minus_abc, &[P,Q,R]);
+    /// let A2 = RistrettoPoint::multiscalar_alloc_mul([P,Q,R].into_iter().zip(minus_abc));
     /// // Note: minus_abc.into_iter(): Iterator<Item=Scalar>
     ///
     /// assert_eq!(A1.compress(), (-A2).compress());
     /// # }
     /// ```
     #[cfg(feature = "alloc")]
-    fn multiscalar_alloc_mul<I, J>(scalars: I, points: J) -> Self::Point
+    fn multiscalar_alloc_mul<I, P, S>(points_and_scalars: I) -> Self::Point
     where
-        I: IntoIterator,
-        I::Item: Borrow<Scalar>,
-        J: IntoIterator,
-        J::Item: Borrow<Self::Point>;
+        I: IntoIterator<Item = (P, S)>,
+        P: Borrow<Self::Point>,
+        S: Borrow<Scalar>;
 }
 
 /// A trait for variable-time multiscalar multiplication without precomputation.
