Tweak multiexp to compile on core

On `core`, it'll use a serial implementation of no benefit other than the fact that when `alloc` _is_ enabled, it'll use the multi-scalar multiplication algorithms. `schnorr-signatures` was prior tweaked to include a shim for `SchnorrSignature::verify` which didn't use `multiexp_vartime` yet this same premise. Now, instead of callers writing these shims, it's within `multiexp`.
2025-12-10 13:09:24 +00:00 · 2025-09-15 22:37:59 -04:00
parent d6d96fe8ff
commit be68e27551
10 changed files with 161 additions and 189 deletions
--- a/crypto/schnorr/src/lib.rs
+++ b/crypto/schnorr/src/lib.rs
@@ -23,8 +23,9 @@ use ciphersuite::{
  },
  GroupIo,
 };
+use multiexp::multiexp_vartime;
 #[cfg(feature = "alloc")]
-use multiexp::{multiexp_vartime, BatchVerifier};
+use multiexp::BatchVerifier;

 /// Half-aggregation from <https://eprint.iacr.org/2021/350>.
 #[cfg(feature = "aggregate")]
@@ -109,12 +110,7 @@ impl<C: GroupIo> SchnorrSignature<C> {
  /// different keys/messages.
  #[must_use]
  pub fn verify(&self, public_key: C::G, challenge: C::F) -> bool {
-    let statements = self.batch_statements(public_key, challenge);
-    #[cfg(feature = "alloc")]
-    let res = multiexp_vartime(&statements);
-    #[cfg(not(feature = "alloc"))]
-    let res = statements.into_iter().map(|(scalar, point)| point * scalar).sum::<C::G>();
-    res.is_identity().into()
+    multiexp_vartime(&self.batch_statements(public_key, challenge)).is_identity().into()
  }

  /// Queue a signature for batch verification.