public static void ScalarMultBase(byte[] k, int kOff, byte[] r, int rOff)
{
Precompute();
uint[] n = new uint[8]; DecodeScalar(k, kOff, n);
int[] x0 = X25519Field.Create();
//int[] x1 = X25519Field.Create(); X25519Field.Copy(S_x, 0, x1, 0);
int[] x1 = X25519Field.Create(); x1[0] = 1;
int[] z1 = X25519Field.Create(); z1[0] = 1;
int[] x2 = X25519Field.Create(); X25519Field.Copy(PsubS_x, 0, x2, 0);
int[] z2 = X25519Field.Create(); z2[0] = 1;
int[] A = x1;
int[] B = z1;
int[] C = x0;
int[] D = A;
int[] E = B;
Debug.Assert(n[7] >> 30 == 1U);
int off = 0, bit = 3, swap = 1;
do
{
X25519Field.Copy(precompBase, off, x0, 0);
off += X25519Field.Size;
int word = bit >> 5, shift = bit & 0x1F;
int kt = (int)(n[word] >> shift) & 1;
swap ^= kt;
X25519Field.CSwap(swap, x1, x2);
X25519Field.CSwap(swap, z1, z2);
swap = kt;
X25519Field.Apm(x1, z1, A, B);
X25519Field.Mul(x0, B, C);
X25519Field.Carry(A);
X25519Field.Apm(A, C, D, E);
X25519Field.Sqr(D, D);
X25519Field.Sqr(E, E);
X25519Field.Mul(z2, D, x1);
X25519Field.Mul(x2, E, z1);
}while (++bit < 255);
Debug.Assert(swap == 1);
for (int i = 0; i < 3; ++i)
{
PointDouble(x1, z1);
}
X25519Field.Inv(z1, z1);
X25519Field.Mul(x1, z1, x1);
X25519Field.Normalize(x1);
X25519Field.Encode(x1, r, rOff);
}
