JubJubFr.montgomeryReduce constructor

JubJubFr.montgomeryReduce(
  1. BigInt r0,
  2. BigInt r1,
  3. BigInt r2,
  4. BigInt r3,
  5. BigInt r4,
  6. BigInt r5,
  7. BigInt r6,
  8. BigInt r7,
)

Implementation

factory JubJubFr.montgomeryReduce(
  BigInt r0,
  BigInt r1,
  BigInt r2,
  BigInt r3,
  BigInt r4,
  BigInt r5,
  BigInt r6,
  BigInt r7,
) {
  BigInt k = (r0 * JubJubFrConst.inv).toU64;
  List<BigInt> t = BigintUtils.mac(
    r0,
    k,
    JubJubFrConst.modulus.limbs[0],
    BigInt.zero,
  );
  BigInt carry = t[1];
  t = BigintUtils.mac(r1, k, JubJubFrConst.modulus.limbs[1], carry);
  r1 = t[0];
  carry = t[1];

  t = BigintUtils.mac(r2, k, JubJubFrConst.modulus.limbs[2], carry);
  r2 = t[0];
  carry = t[1];

  t = BigintUtils.mac(r3, k, JubJubFrConst.modulus.limbs[3], carry);
  r3 = t[0];
  carry = t[1];

  t = BigintUtils.adc(r4, BigInt.zero, carry);
  r4 = t[0];
  BigInt carry2 = t[1];

  // --- 2nd iteration --------------------------------------------------------
  k = (r1 * JubJubFrConst.inv).toU64;

  t = BigintUtils.mac(r1, k, JubJubFrConst.modulus.limbs[0], BigInt.zero);
  carry = t[1];

  t = BigintUtils.mac(r2, k, JubJubFrConst.modulus.limbs[1], carry);
  r2 = t[0];
  carry = t[1];

  t = BigintUtils.mac(r3, k, JubJubFrConst.modulus.limbs[2], carry);
  r3 = t[0];
  carry = t[1];

  t = BigintUtils.mac(r4, k, JubJubFrConst.modulus.limbs[3], carry);
  r4 = t[0];
  carry = t[1];

  t = BigintUtils.adc(r5, carry2, carry);
  r5 = t[0];
  carry2 = t[1];

  // --- 3rd iteration --------------------------------------------------------
  k = (r2 * JubJubFrConst.inv).toU64;

  t = BigintUtils.mac(r2, k, JubJubFrConst.modulus.limbs[0], BigInt.zero);
  carry = t[1];

  t = BigintUtils.mac(r3, k, JubJubFrConst.modulus.limbs[1], carry);
  r3 = t[0];
  carry = t[1];

  t = BigintUtils.mac(r4, k, JubJubFrConst.modulus.limbs[2], carry);
  r4 = t[0];
  carry = t[1];

  t = BigintUtils.mac(r5, k, JubJubFrConst.modulus.limbs[3], carry);
  r5 = t[0];
  carry = t[1];

  t = BigintUtils.adc(r6, carry2, carry);
  r6 = t[0];
  carry2 = t[1];

  // --- 4th iteration --------------------------------------------------------
  k = (r3 * JubJubFrConst.inv).toU64;

  t = BigintUtils.mac(r3, k, JubJubFrConst.modulus.limbs[0], BigInt.zero);
  carry = t[1];

  t = BigintUtils.mac(r4, k, JubJubFrConst.modulus.limbs[1], carry);
  r4 = t[0];
  carry = t[1];

  t = BigintUtils.mac(r5, k, JubJubFrConst.modulus.limbs[2], carry);
  r5 = t[0];
  carry = t[1];

  t = BigintUtils.mac(r6, k, JubJubFrConst.modulus.limbs[3], carry);
  r6 = t[0];
  carry = t[1];

  t = BigintUtils.adc(r7, carry2, carry);
  r7 = t[0];
  return JubJubFr([r4, r5, r6, r7]).sub(JubJubFrConst.modulus);
}