From 6b3bf37eea1c6643fcb019ff2dbb017d46a0430a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Olivier=20Ch=C3=A9ron?= <olivier.cheron@gmail.com>
Date: Sat, 4 Nov 2017 09:03:50 +0100
Subject: [PATCH] Use only fixed-window implementation

---
 Crypto/ECC/Ed25519.hs                   | 17 +-------------
 cbits/ed25519/ed25519-cryptonite-exts.h | 31 +------------------------
 2 files changed, 2 insertions(+), 46 deletions(-)

diff --git a/Crypto/ECC/Ed25519.hs b/Crypto/ECC/Ed25519.hs
index d9fea9a..0a18223 100644
--- a/Crypto/ECC/Ed25519.hs
+++ b/Crypto/ECC/Ed25519.hs
@@ -26,7 +26,6 @@ module Crypto.ECC.Ed25519
     , pointAdd
     , pointDouble
     , pointMul
-    , pointMulW
     , pointsMulVarTime
     ) where
 
@@ -198,7 +197,7 @@ pointDouble (Point a) =
         withByteArray a $ \pa ->
              ed25519_point_double out pa
 
--- | Scalar multiplication over Ed25519 (double-add always).
+-- | Scalar multiplication over Ed25519.
 pointMul :: Scalar -> Point -> Point
 pointMul (Scalar scalar) (Point base) =
     Point $ B.allocAndFreeze pointArraySize $ \out ->
@@ -206,14 +205,6 @@ pointMul (Scalar scalar) (Point base) =
         withByteArray base   $ \pbase   ->
              ed25519_point_scalarmul out pbase pscalar
 
--- | Scalar multiplication over Ed25519 (4-bit fixed window).
-pointMulW :: Scalar -> Point -> Point
-pointMulW (Scalar scalar) (Point base) =
-    Point $ B.allocAndFreeze pointArraySize $ \out ->
-        withByteArray scalar $ \pscalar ->
-        withByteArray base   $ \pbase   ->
-             ed25519_point_scalarmul_w out pbase pscalar
-
 -- | Multiply the point @p@ with @s2@ and add a lifted to curve value @s1@.
 --
 -- @
@@ -299,12 +290,6 @@ foreign import ccall "cryptonite_ed25519_point_scalarmul"
                             -> Ptr Scalar -- scalar
                             -> IO ()
 
-foreign import ccall "cryptonite_ed25519_point_scalarmul_w"
-    ed25519_point_scalarmul_w :: Ptr Point  -- scaled
-                              -> Ptr Point  -- base
-                              -> Ptr Scalar -- scalar
-                              -> IO ()
-
 foreign import ccall "cryptonite_ed25519_base_double_scalarmul_vartime"
     ed25519_base_double_scalarmul_vartime :: Ptr Point  -- combo
                                           -> Ptr Scalar -- scalar1
diff --git a/cbits/ed25519/ed25519-cryptonite-exts.h b/cbits/ed25519/ed25519-cryptonite-exts.h
index a295195..530c8cf 100644
--- a/cbits/ed25519/ed25519-cryptonite-exts.h
+++ b/cbits/ed25519/ed25519-cryptonite-exts.h
@@ -110,35 +110,6 @@ ED25519_FN(ed25519_point_base_scalarmul) (ge25519 *r, const bignum256modm s) {
     ge25519_scalarmult_base_niels(r, ge25519_niels_base_multiples, s);
 }
 
-void
-ED25519_FN(ed25519_point_scalarmul) (ge25519 *r, const ge25519 *p, const bignum256modm s) {
-    ge25519 tmp;
-    uint32_t scalar_bit;
-    unsigned char ss[32];
-
-    // transform scalar as little-endian number
-    contract256_modm(ss, s);
-
-    // initialize r to identity
-    memset(r, 0, sizeof(ge25519));
-    r->y[0] = 1;
-    r->z[0] = 1;
-
-    // double-add-always
-    for (int i = 31; i >= 0; i--) {
-        for (int j = 7; j >= 0; j--) {
-            ge25519_double(r, r);
-
-            ge25519_add(&tmp, r, p);
-            scalar_bit = (ss[i] >> j) & 1;
-            curve25519_swap_conditional(r->x, tmp.x, scalar_bit);
-            curve25519_swap_conditional(r->y, tmp.y, scalar_bit);
-            curve25519_swap_conditional(r->z, tmp.z, scalar_bit);
-            curve25519_swap_conditional(r->t, tmp.t, scalar_bit);
-        }
-    }
-}
-
 #if defined(ED25519_64BIT)
 typedef uint64_t ed25519_move_cond_word;
 #else
@@ -183,7 +154,7 @@ ed25519_point_scalarmul_w_choose_pniels(ge25519_pniels *t, const ge25519_pniels
 }
 
 void
-ED25519_FN(ed25519_point_scalarmul_w) (ge25519 *r, const ge25519 *p, const bignum256modm s) {
+ED25519_FN(ed25519_point_scalarmul) (ge25519 *r, const ge25519 *p, const bignum256modm s) {
     ge25519_pniels mult[15];
     ge25519_pniels pn;
     ge25519_p1p1 t;