Optimize Montgomery <-> Edwards conversions

Author: daxpedda

ed448-goldilocks/src/edwards/extended.rs

@@ -333,12 +333,14 @@ impl EdwardsPoint {
 
         let affine = self.to_affine();
 
-        // TODO: optimize to a single inversion.
         let xx = affine.x.square();
         let yy = affine.y.square();
 
-        let u = yy * xx.invert();
-        let v = (FieldElement::TWO - xx - yy) * affine.y * (xx * affine.x).invert();
+        let v_den = xx * affine.x;
+        let den = (xx * v_den).invert();
+
+        let u = yy * v_den * den;
+        let v = (FieldElement::TWO - xx - yy) * affine.y * xx * den;
 
         AffineMontgomeryPoint::conditional_select(
             &AffineMontgomeryPoint::new(u, v),

ed448-goldilocks/src/montgomery/point.rs

@@ -129,8 +129,11 @@ impl From<&AffineMontgomeryPoint> for AffinePoint {
         t4 = t1 * t2; // 2x^2y^2+2y^2
         let yDen = t5 - t4; // yDen = x^5-2x^3+x-2x^2y^2-2y^2
 
-        let x = xNum * xDen.invert();
-        let y = yNum * yDen.invert();
+        let commonDen = xDen * yDen;
+        let invDen = commonDen.invert();
+
+        let x = xNum * yDen * invDen;
+        let y = yNum * xDen * invDen;
 
         AffinePoint::conditional_select(
             &AffinePoint { x, y },