From b120f9e111143b94747155d676e0e8e2e7afd5a6 Mon Sep 17 00:00:00 2001
From: Youssef El Housni <youssef.housni21@gmail.com>
Date: Fri, 31 Jan 2025 14:49:02 -0500
Subject: [PATCH] perf(scalar_mul_le): use add_mixed for conditional
 subtraction

---
 src/groups/curves/short_weierstrass/mod.rs | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/groups/curves/short_weierstrass/mod.rs b/src/groups/curves/short_weierstrass/mod.rs
index ebc64cf..94f74c6 100644
--- a/src/groups/curves/short_weierstrass/mod.rs
+++ b/src/groups/curves/short_weierstrass/mod.rs
@@ -350,10 +350,10 @@ where
         // We can convert to projective safely because the result is guaranteed to be
         // non-zero by the condition on `affine_bits.len()`, and by the fact
         // that `accumulator` is non-zero
-        let result = accumulator.into_projective();
+        *mul_result += accumulator.into_projective();
         // If bits[0] is 0, then we have to subtract `self`; else, we subtract zero.
-        let subtrahend = bits[0].select(&Self::zero(), &initial_acc_value)?;
-        *mul_result += result - subtrahend;
+        let neg = NonZeroAffineVar::new(initial_acc_value.x, initial_acc_value.y.negate()?);
+        *mul_result = bits[0].select(mul_result, &mul_result.add_mixed(&neg)?)?;
 
         // Now, let's finish off the rest of the bits using our complete formulae
         for bit in proj_bits.iter().rev().skip(1).rev() {