We describe an implementation of fast elliptic curve scalar multiplication, optimized for Diffie--Hellman Key Exchange at the 128-bit security level. The algorithms are compact (using only x-coordinates), run in constant time with uniform execution patterns, and do not distinguish between the curve and its quadratic twist; they thus have a built-in measure of side-channel resistance. The core of our construction is a suite of two-dimensional differential addition chains driven by efficient endomorphism decompositions, built on curves selected from a family of Q-curve reductions over \(\FF_{p^2}\) with \(p = 2^{127}-1\). We include state-of-the-art experimental results for twist-secure, constant-time, x-coordinate-only scalar multiplication.