From a5fa9169d0936764d7e4914777c884fb056d7eb1 Mon Sep 17 00:00:00 2001
From: ICHINOSE Shogo <shogo82148@gmail.com>
Date: Sat, 29 Oct 2022 00:02:05 +0900
Subject: [PATCH] internal/edwards25519: skip zero coef in
 VarTimeDoubleScalarBaseMult
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The comment says "Find the first nonzero coefficient.", but actually
this code does nothing.

I fixed it to work correctly.

```
name                            old time/op  new time/op  delta
VarTimeDoubleScalarBaseMult-10  37.5µs ± 0%  36.9µs ± 0%  -1.48%  (p=0.000 n=19+16)
```
---
 src/crypto/internal/edwards25519/scalarmult.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/crypto/internal/edwards25519/scalarmult.go b/src/crypto/internal/edwards25519/scalarmult.go
index f7ca3cef993..3992dc90828 100644
--- a/src/crypto/internal/edwards25519/scalarmult.go
+++ b/src/crypto/internal/edwards25519/scalarmult.go
@@ -167,8 +167,8 @@ func (v *Point) VarTimeDoubleScalarBaseMult(a *Scalar, A *Point, b *Scalar) *Poi
 
 	// Find the first nonzero coefficient.
 	i := 255
-	for j := i; j >= 0; j-- {
-		if aNaf[j] != 0 || bNaf[j] != 0 {
+	for ; i >= 0; i-- {
+		if aNaf[i] != 0 || bNaf[i] != 0 {
 			break
 		}
 	}