From 3abe464b06ab7d75954abda18dc41bf7af4a3839 Mon Sep 17 00:00:00 2001
From: Frank Denis <github@pureftpd.org>
Date: Mon, 27 Dec 2021 18:29:25 +0100
Subject: [PATCH] crypto/edwards25519: faster point decompression

Make recovery of the x-coordinate slightly faster.

See https://mailarchive.ietf.org/arch/msg/cfrg/qlKpMBqxXZYmDpXXIx6LO3Oznv4/
for details.
---
 lib/std/crypto/25519/edwards25519.zig | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/lib/std/crypto/25519/edwards25519.zig b/lib/std/crypto/25519/edwards25519.zig
index ef56e6a659..fcfc6ee258 100644
--- a/lib/std/crypto/25519/edwards25519.zig
+++ b/lib/std/crypto/25519/edwards25519.zig
@@ -34,8 +34,7 @@ pub const Edwards25519 = struct {
         var v = u.mul(Fe.edwards25519d);
         u = u.sub(z);
         v = v.add(z);
-        const v3 = v.sq().mul(v);
-        var x = v3.sq().mul(v).mul(u).pow2523().mul(v3).mul(u);
+        var x = u.mul(v).pow2523().mul(u);
         const vxx = x.sq().mul(v);
         const has_m_root = vxx.sub(u).isZero();
         const has_p_root = vxx.add(u).isZero();