Review comments on formulas.

Author: armfazh

ecc/goldilocks/curve_test.go

@@ -105,6 +105,7 @@ func BenchmarkCurve(b *testing.B) {
 	_, _ = rand.Read(l[:])
 	P := randomPoint()
 	Q := randomPoint()
+	enc, _ := P.MarshalBinary()
 
 	b.Run("Add", func(b *testing.B) {
 		for i := 0; i < b.N; i++ {
@@ -126,9 +127,14 @@ func BenchmarkCurve(b *testing.B) {
 			e.CombinedMult(P, &k, &l, P)
 		}
 	})
-	b.Run("ToAffine", func(b *testing.B) {
+	b.Run("Marshal", func(b *testing.B) {
 		for i := 0; i < b.N; i++ {
-			P.ToAffine()
+			_, _ = P.MarshalBinary()
+		}
+	})
+	b.Run("Unmarshal", func(b *testing.B) {
+		for i := 0; i < b.N; i++ {
+			_ = P.UnmarshalBinary(enc)
 		}
 	})
 }

ecc/goldilocks/twist.go

@@ -29,11 +29,11 @@ func isOnCurve(x, y, ta, tb, z *fp.Elt, isOnTwist bool) bool {
 	fp.Sqr(y2, y)     // y^2
 	fp.Sqr(z2, z)     // z^2
 	fp.Sqr(t2, t)     // t^2
-	if isOnTwist {
-		fp.Sub(lhs, y2, x2)           // ax^2 + y^2
+	if isOnTwist {    // a = -1
+		fp.Sub(lhs, y2, x2)           // -x^2 + y^2
 		fp.Mul(rhs, t2, &paramDTwist) // dt^2
-	} else {
-		fp.Add(lhs, y2, x2)      // ax^2 + y^2
+	} else { // a = 1
+		fp.Add(lhs, x2, y2)      // x^2 + y^2
 		fp.Mul(rhs, t2, &paramD) // dt^2
 	}
 	fp.Add(rhs, rhs, z2)  // z^2 + dt^2
@@ -83,7 +83,6 @@ func (e twistCurve) ScalarMult(R *twistPoint, k *Scalar, P *twistPoint) {
 	var d [113]int8
 
 	kk := *k
-
 	isZero := kk.IsZero()
 	isZeroInt := *(*int)(unsafe.Pointer(&isZero))
 	subtle.ConstantTimeCopy(isZeroInt, kk[:], order[:])