in src/edwards.rs [1265:1294]
fn multiscalar_consistency_iter(n: usize) {
use core::iter;
let mut rng = rand::thread_rng();
// Construct random coefficients x0, ..., x_{n-1},
// followed by some extra hardcoded ones.
let xs = (0..n)
.map(|_| Scalar::random(&mut rng))
// The largest scalar allowed by the type system, 2^255-1
.chain(iter::once(Scalar::from_bits([0xff; 32])))
.collect::<Vec<_>>();
let check = xs.iter()
.map(|xi| xi * xi)
.sum::<Scalar>();
// Construct points G_i = x_i * B
let Gs = xs.iter()
.map(|xi| xi * &constants::ED25519_BASEPOINT_TABLE)
.collect::<Vec<_>>();
// Compute H1 = <xs, Gs> (consttime)
let H1 = EdwardsPoint::multiscalar_mul(&xs, &Gs);
// Compute H2 = <xs, Gs> (vartime)
let H2 = EdwardsPoint::vartime_multiscalar_mul(&xs, &Gs);
// Compute H3 = <xs, Gs> = sum(xi^2) * B
let H3 = &check * &constants::ED25519_BASEPOINT_TABLE;
assert_eq!(H1, H3);
assert_eq!(H2, H3);
}