Simplify double-and-add code

Author: daxpedda

ed448-goldilocks/src/curve/scalar_mul/variable_base.rs

@@ -53,10 +53,10 @@ mod test {
             // XXX: Would be great if subtle had a From<u32> for Choice. But maybe that is not it's purpose?
             for bit in s_bits.into_iter().rev() {
                 result = result.double();
-
-                let mut p = ExtendedPoint::IDENTITY;
-                p.conditional_assign(point, Choice::from(bit as u8));
-                result = result.to_extended().add_extended(&p);
+                result.conditional_assign(
+                    &result.to_extended().add_extended(point),
+                    Choice::from(u8::from(bit)),
+                );
             }
 
             result

ed448-goldilocks/src/curve/twedwards/extensible.rs

@@ -4,7 +4,7 @@
 use super::affine::AffinePoint;
 use super::extended::ExtendedPoint;
 use crate::field::FieldElement;
-use subtle::{Choice, ConstantTimeEq};
+use subtle::{Choice, ConditionallySelectable, ConstantTimeEq};
 
 /// This is the representation that we will do most of the group operations on.
 // In affine (x,y) is the extensible point (X, Y, Z, T1, T2)
@@ -31,6 +31,17 @@ impl ConstantTimeEq for ExtensiblePoint {
         XZ.ct_eq(&ZX) & YZ.ct_eq(&ZY)
     }
 }
+impl ConditionallySelectable for ExtensiblePoint {
+    fn conditional_select(a: &Self, b: &Self, choice: Choice) -> Self {
+        Self {
+            X: FieldElement::conditional_select(&a.X, &b.X, choice),
+            Y: FieldElement::conditional_select(&a.Y, &b.Y, choice),
+            Z: FieldElement::conditional_select(&a.Z, &b.Z, choice),
+            T1: FieldElement::conditional_select(&a.T1, &b.T1, choice),
+            T2: FieldElement::conditional_select(&a.T2, &b.T2, choice),
+        }
+    }
+}
 impl PartialEq for ExtensiblePoint {
     fn eq(&self, other: &ExtensiblePoint) -> bool {
         self.ct_eq(other).into()