sub method

PallasFp sub(
  1. PallasFp rhs
)

Implementation

PallasFp sub(PallasFp rhs) {
  // 4-limb subtraction with borrow
  var r0 = BigintUtils.sbb(limbs[0], rhs.limbs[0], BigInt.zero);
  var d0 = r0[0];
  var borrow = r0[1];

  var r1 = BigintUtils.sbb(limbs[1], rhs.limbs[1], borrow);
  var d1 = r1[0];
  borrow = r1[1];

  var r2 = BigintUtils.sbb(limbs[2], rhs.limbs[2], borrow);
  var d2 = r2[0];
  borrow = r2[1];

  var r3 = BigintUtils.sbb(limbs[3], rhs.limbs[3], borrow);
  var d3 = r3[0];
  borrow = r3[1];

  // If underflow happened:
  //   borrow = 0xFFFFFFFFFFFFFFFF (as BigInt)
  // Otherwise:
  //   borrow = 0x0
  //
  // So we AND each modulus limb with borrow to conditionally add modulus.

  // Add modulus if borrow mask is nonzero
  var a0 = BigintUtils.adc(
    d0,
    PallasFPConst.modulus.limbs[0] & borrow,
    BigInt.zero,
  );
  d0 = a0[0];
  var carry = a0[1];

  var a1 = BigintUtils.adc(
    d1,
    PallasFPConst.modulus.limbs[1] & borrow,
    carry,
  );
  d1 = a1[0];
  carry = a1[1];

  var a2 = BigintUtils.adc(
    d2,
    PallasFPConst.modulus.limbs[2] & borrow,
    carry,
  );
  d2 = a2[0];
  carry = a2[1];

  var a3 = BigintUtils.adc(
    d3,
    PallasFPConst.modulus.limbs[3] & borrow,
    carry,
  );
  d3 = a3[0];

  return PallasFp([d0, d1, d2, d3]);
}