pub fn scalar_multiply<F: BigPrimeField, FC, C>(
chip: &FC,
ctx: &mut Context<F>,
P: EcPoint<F, FC::FieldPoint>,
scalar: Vec<AssignedValue<F>>,
max_bits: usize,
window_bits: usize,
) -> EcPoint<F, FC::FieldPoint>
Expand description
Computes [scalar] * P
on short Weierstrass curve y^2 = x^3 + b
scalar
is represented as a reference array ofAssignedValue
sscalar = sum_i scalar_i * 2^{max_bits * i}
- an array of length > 1 is needed when
scalar
exceeds the modulus of scalar fieldF
ยงAssumptions
window_bits != 0
- The order of
P
is at least2^{window_bits}
(in particular,P
is not the point at infinity) - The curve has no points of order 2.
scalar_i < 2^{max_bits} for all i
max_bits <= modulus::<F>.bits()
, and equality only allowed when the order ofP
equals the modulus ofF