Function scalar_mul_point 

pub fn scalar_mul_point<const LIMBS: usize>(
    k: &FieldElement<LIMBS>,
    point: &JacobianPoint<LIMBS>,
    params: &CurveParams<LIMBS>,
) -> JacobianPoint<LIMBS>

Scalar multiplication using the constant-time Montgomery ladder. Computes k * P for a scalar k and a non-infinity point P.

Constant-time properties

• Fixed iteration count LIMBS * 64 – independent of k.
• Each iteration performs exactly one ct_swap, one point_add_ct and one point_double, in that order. No branch depends on any scalar bit beyond the ct_swap mask.
• point_double and point_add_ct themselves are uniform: they always compute the generic formulas and then apply branchless selects for the Z == 0 (infinity) edge cases that occur during the leading-zero bits of k.

Ladder invariant

At every step of the scan, R1 - R0 == P. This guarantees that point_add_ct is never called with R0 == R1 (which would require P == O; P is assumed non-infinity). The R0 == -R1 case is algebraically valid (the formulas give Z3 = 0 = infinity) and therefore handled with no special-casing.