diff --git a/test/default/core_ed25519.c b/test/default/core_ed25519.c
index 275764d0..5340f9e8 100644
--- a/test/default/core_ed25519.c
+++ b/test/default/core_ed25519.c
@@ -13,6 +13,26 @@ static const unsigned char max_canonical_p[32] = {
     0xe4, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
     0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f
 };
+static const unsigned char L_p1[32] = {
+    0xee, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, 0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10
+};
+static const unsigned char L[32] = {
+    0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, 0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10
+};
+static const unsigned char L_1[32] = {
+    0xec, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, 0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x10
+};
+static const unsigned char sc_8[32] = {
+    0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00
+};
+static const unsigned char sc_highbit[32] = {
+    0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+    0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80
+};
 
 static void
 add_P(unsigned char * const S)
@@ -378,6 +398,114 @@ main(void)
         crypto_core_ed25519_scalar_mul(sc3, sc, sc2);
         assert(memcmp(sc3, sc, crypto_core_ed25519_SCALARBYTES) != 0);
     }
+
+    crypto_core_ed25519_scalar_mul(sc, L_1, sc_8);
+    sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
+                   sc, crypto_core_ed25519_SCALARBYTES);
+    printf("(L-1)*8: %s\n", hex);
+    crypto_core_ed25519_scalar_mul(sc, sc_8, L_1);
+    sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
+                   sc, crypto_core_ed25519_SCALARBYTES);
+    printf("8(L-1): %s\n", hex);
+    crypto_core_ed25519_scalar_mul(sc, L_1, L_1);
+    sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
+                   sc, crypto_core_ed25519_SCALARBYTES);
+    printf("(L-1)^2: %s\n", hex);
+    crypto_core_ed25519_scalar_mul(sc, L, sc_8);
+
+    crypto_core_ed25519_scalar_mul(sc, L_p1, sc_8);
+    sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
+                   sc, crypto_core_ed25519_SCALARBYTES);
+    printf("(L+1)*8: %s\n", hex);
+    crypto_core_ed25519_scalar_mul(sc, sc_8, L_p1);
+    sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
+                   sc, crypto_core_ed25519_SCALARBYTES);
+    printf("8(L+1): %s\n", hex);
+    crypto_core_ed25519_scalar_mul(sc, L_p1, L_p1);
+    sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
+                   sc, crypto_core_ed25519_SCALARBYTES);
+    printf("(L+1)^2: %s\n", hex);
+
+    crypto_core_ed25519_scalar_mul(sc, L_1, sc_highbit);
+    sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
+                   sc, crypto_core_ed25519_SCALARBYTES);
+    printf("(L-1)h: %s\n", hex);
+    crypto_core_ed25519_scalar_mul(sc, sc_highbit, L_1);
+    sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
+                   sc, crypto_core_ed25519_SCALARBYTES);
+    printf("h(L-1): %s\n", hex);
+    crypto_core_ed25519_scalar_mul(sc, L_p1, sc_highbit);
+    sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
+                   sc, crypto_core_ed25519_SCALARBYTES);
+    printf("(L+1)h: %s\n", hex);
+    crypto_core_ed25519_scalar_mul(sc, sc_highbit, L_p1);
+    sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
+                   sc, crypto_core_ed25519_SCALARBYTES);
+    printf("h(L+1): %s\n", hex);
+    crypto_core_ed25519_scalar_mul(sc, sc_highbit, sc_highbit);
+    sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
+                   sc, crypto_core_ed25519_SCALARBYTES);
+    printf("h^2: %s\n", hex);
+
+    crypto_core_ed25519_scalar_mul(sc, L, sc_8);
+    assert(sodium_is_zero(sc, crypto_core_ed25519_SCALARBYTES));
+    crypto_core_ed25519_scalar_mul(sc, sc_8, L);
+    assert(sodium_is_zero(sc, crypto_core_ed25519_SCALARBYTES));
+    crypto_core_ed25519_scalar_mul(sc, L, L);
+    assert(sodium_is_zero(sc, crypto_core_ed25519_SCALARBYTES));
+    crypto_core_ed25519_scalar_mul(sc, L, L_1);
+    assert(sodium_is_zero(sc, crypto_core_ed25519_SCALARBYTES));
+    crypto_core_ed25519_scalar_mul(sc, L_1, L);
+    assert(sodium_is_zero(sc, crypto_core_ed25519_SCALARBYTES));
+
+    crypto_core_ed25519_scalar_add(sc, L_1, sc_8);
+    sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
+                   sc, crypto_core_ed25519_SCALARBYTES);
+    printf("(L-1)+8: %s\n", hex);
+    crypto_core_ed25519_scalar_add(sc, sc_8, L_1);
+    sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
+                   sc, crypto_core_ed25519_SCALARBYTES);
+    printf("8+(L-1): %s\n", hex);
+    crypto_core_ed25519_scalar_add(sc, L_1, L_1);
+    sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
+                   sc, crypto_core_ed25519_SCALARBYTES);
+    printf("(L-1)*2: %s\n", hex);
+    crypto_core_ed25519_scalar_add(sc, L, sc_8);
+
+    crypto_core_ed25519_scalar_add(sc, L_p1, sc_8);
+    sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
+                   sc, crypto_core_ed25519_SCALARBYTES);
+    printf("(L+1)+8: %s\n", hex);
+    crypto_core_ed25519_scalar_add(sc, sc_8, L_p1);
+    sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
+                   sc, crypto_core_ed25519_SCALARBYTES);
+    printf("8+(L+1): %s\n", hex);
+    crypto_core_ed25519_scalar_add(sc, L_p1, L_p1);
+    sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
+                   sc, crypto_core_ed25519_SCALARBYTES);
+    printf("(L+1)*2: %s\n", hex);
+
+    crypto_core_ed25519_scalar_add(sc, L_1, sc_highbit);
+    sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
+                   sc, crypto_core_ed25519_SCALARBYTES);
+    printf("(L-1)+h: %s\n", hex);
+    crypto_core_ed25519_scalar_add(sc, sc_highbit, L_1);
+    sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
+                   sc, crypto_core_ed25519_SCALARBYTES);
+    printf("h+(L-1): %s\n", hex);
+    crypto_core_ed25519_scalar_add(sc, L_p1, sc_highbit);
+    sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
+                   sc, crypto_core_ed25519_SCALARBYTES);
+    printf("(L+1)+h: %s\n", hex);
+    crypto_core_ed25519_scalar_add(sc, sc_highbit, L_p1);
+    sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
+                   sc, crypto_core_ed25519_SCALARBYTES);
+    printf("h+(L+1): %s\n", hex);
+    crypto_core_ed25519_scalar_add(sc, sc_highbit, sc_highbit);
+    sodium_bin2hex(hex, crypto_core_ed25519_SCALARBYTES * 2 + 1,
+                   sc, crypto_core_ed25519_SCALARBYTES);
+    printf("h*2: %s\n", hex);
+
     sodium_free(hex);
     sodium_free(sc64);
     sodium_free(sc3);
diff --git a/test/default/core_ed25519.exp b/test/default/core_ed25519.exp
index 65295bfa..0fea1020 100644
--- a/test/default/core_ed25519.exp
+++ b/test/default/core_ed25519.exp
@@ -15,4 +15,26 @@ sub1: f67c79849de0253ba142949e1db6224b13121212121212121212121212121202
 add2: b02e8581ce62f69922427c23f970f7e951525252525252525252525252525202
 sub2: 3da570db4b001cbeb35a7b7fe588e72aaeadadadadadadadadadadadadadad0d
 mul: 4453ef38408c06677c1b810e4bf8b1991f01c88716fbfa2f075a518b77da400b
+(L-1)*8: e5d3f55c1a631258d69cf7a2def9de1400000000000000000000000000000010
+8(L-1): e5d3f55c1a631258d69cf7a2def9de1400000000000000000000000000000010
+(L-1)^2: 0100000000000000000000000000000000000000000000000000000000000000
+(L+1)*8: 0800000000000000000000000000000000000000000000000000000000000000
+8(L+1): 0800000000000000000000000000000000000000000000000000000000000000
+(L+1)^2: 0100000000000000000000000000000000000000000000000000000000000000
+(L-1)h: 609faee7d21893c0b2e6bc17f5cef7a600000000000000000000000000000000
+h(L-1): 609faee7d21893c0b2e6bc17f5cef7a600000000000000000000000000000000
+(L+1)h: 8d344775474a7f9723b63a8be92ae76dffffffffffffffffffffffffffffff0f
+h(L+1): 8d344775474a7f9723b63a8be92ae76dffffffffffffffffffffffffffffff0f
+h^2: 726cf51b9ec1dda146af8c58ffd22d148f6ffd85f41cbb738f260cdf4650e60c
+(L-1)+8: 0700000000000000000000000000000000000000000000000000000000000000
+8+(L-1): 0700000000000000000000000000000000000000000000000000000000000000
+(L-1)*2: ebd3f55c1a631258d69cf7a2def9de1400000000000000000000000000000010
+(L+1)+8: 0900000000000000000000000000000000000000000000000000000000000000
+8+(L+1): 0900000000000000000000000000000000000000000000000000000000000000
+(L+1)*2: 0200000000000000000000000000000000000000000000000000000000000000
+(L-1)+h: 8c344775474a7f9723b63a8be92ae76dffffffffffffffffffffffffffffff0f
+h+(L-1): 8c344775474a7f9723b63a8be92ae76dffffffffffffffffffffffffffffff0f
+(L+1)+h: 8e344775474a7f9723b63a8be92ae76dffffffffffffffffffffffffffffff0f
+h+(L+1): 8e344775474a7f9723b63a8be92ae76dffffffffffffffffffffffffffffff0f
+h*2: 1000000000000000000000000000000000000000000000000000000000000000
 OK