Use linear combination in ECDSA verification

Author: fjarri

k256/src/ecdsa/verify.rs

@@ -1,6 +1,7 @@
 //! ECDSA verifier
 
 use super::{recoverable, Error, Signature};
+use crate::arithmetic::lincomb;
 use crate::{
     AffinePoint, CompressedPoint, EncodedPoint, ProjectivePoint, PublicKey, Scalar, Secp256k1,
 };
@@ -90,9 +91,15 @@ impl VerifyPrimitive<Secp256k1> for AffinePoint {
         let u1 = z * &s_inv;
         let u2 = *r * s_inv;
 
-        let x = ((ProjectivePoint::generator() * u1) + (ProjectivePoint::from(*self) * u2))
-            .to_affine()
-            .x;
+        //let x = ((ProjectivePoint::generator() * u1) + (ProjectivePoint::from(*self) * u2))
+        let x = lincomb(
+            &ProjectivePoint::generator(),
+            &ProjectivePoint::from(*self),
+            &u1,
+            &u2,
+        )
+        .to_affine()
+        .x;
 
         if Scalar::from_bytes_reduced(&x.to_bytes()).eq(&r) {
             Ok(())