[Cryptography] Why doesn't elliptic curve point addition check for equality?

[Pierre Abbat]

In 2022 I was working on a random ladder for elliptic curve point 
multiplication, using a pure Haskell implementation of elliptic curves. It 
takes a point multiplication problem (or an exponentiation problem in a Galois 
field) and a random number and computes the answer in a way that someone 
monitoring a side channel should be able to figure out only a vague idea of how 
big the multiplier is.

I originally wrote it with the addition as the only function argument, but 
found that (a+a) gives the wrong answer in the elliptic curve library, so I 
added the doubling function as an argument. I know that, at least for 
Weierstrass curves, the formula for a+b used when a and b are nonzero and have 
different x coordinates divides by zero when a==b, and that when climbing the 
ladder one often doubles a point. Why would an implementer not check for the 
a==b case? It seems to me that the addition operation should give correct 
results for all a and b, including a+a.

Pierre
-- 
li ze te'a ci vu'u ci bi'e te'a mu du
li ci su'i ze te'a mu bi'e vu'u ci