CAT can reduce curve point scalar multiplication to a subtraction in the scalar field.
Subtraction of field elements can probably be emulated in less than 250 (?) opcodes. For now, let's assume we had an (emulated) opcode,
op_scalar_sub, for subtracting two elements of the scalar field of secp256k1.
Given secp's generator
G, we want to compute for some scalar
r the point
R = rG
That is possible by hacking it into a Schnorr signature
(R,s) for the key
P = xG = 1G = G