VestaFq.montgomeryReduce constructor

VestaFq.montgomeryReduce(
  1. BigInt r0,
  2. BigInt r1,
  3. BigInt r2,
  4. BigInt r3,
  5. BigInt r4,
  6. BigInt r5,
  7. BigInt r6,
  8. BigInt r7,
)

Implementation

factory VestaFq.montgomeryReduce(
  BigInt r0,
  BigInt r1,
  BigInt r2,
  BigInt r3,
  BigInt r4,
  BigInt r5,
  BigInt r6,
  BigInt r7,
) {
  // Step 1
  BigInt k = r0 * VestaFQConst.inv & BinaryOps.maskBig64;
  var tmp = BigintUtils.mac(
    r0,
    k,
    VestaFQConst.modulus.limbs[0],
    BigInt.zero,
  );
  var carry = tmp[1];
  tmp = BigintUtils.mac(r1, k, VestaFQConst.modulus.limbs[1], carry);
  r1 = tmp[0];
  carry = tmp[1];
  tmp = BigintUtils.mac(r2, k, VestaFQConst.modulus.limbs[2], carry);
  r2 = tmp[0];
  carry = tmp[1];
  tmp = BigintUtils.mac(r3, k, VestaFQConst.modulus.limbs[3], carry);
  r3 = tmp[0];
  carry = tmp[1];
  var r4New = BigintUtils.adc(r4, BigInt.zero, carry);
  r4 = r4New[0];
  var carry2 = r4New[1];

  // Step 2
  k = r1 * VestaFQConst.inv & BinaryOps.maskBig64;
  tmp = BigintUtils.mac(r1, k, VestaFQConst.modulus.limbs[0], BigInt.zero);
  carry = tmp[1];
  tmp = BigintUtils.mac(r2, k, VestaFQConst.modulus.limbs[1], carry);
  r2 = tmp[0];
  carry = tmp[1];
  tmp = BigintUtils.mac(r3, k, VestaFQConst.modulus.limbs[2], carry);
  r3 = tmp[0];
  carry = tmp[1];
  tmp = BigintUtils.mac(r4, k, VestaFQConst.modulus.limbs[3], carry);
  r4 = tmp[0];
  carry = tmp[1];
  var r5New = BigintUtils.adc(r5, carry2, carry);
  r5 = r5New[0];
  carry2 = r5New[1];

  // Step 3
  k = r2 * VestaFQConst.inv & BinaryOps.maskBig64;
  tmp = BigintUtils.mac(r2, k, VestaFQConst.modulus.limbs[0], BigInt.zero);
  carry = tmp[1];
  tmp = BigintUtils.mac(r3, k, VestaFQConst.modulus.limbs[1], carry);
  r3 = tmp[0];
  carry = tmp[1];
  tmp = BigintUtils.mac(r4, k, VestaFQConst.modulus.limbs[2], carry);
  r4 = tmp[0];
  carry = tmp[1];
  tmp = BigintUtils.mac(r5, k, VestaFQConst.modulus.limbs[3], carry);
  r5 = tmp[0];
  carry = tmp[1];
  var r6New = BigintUtils.adc(r6, carry2, carry);
  r6 = r6New[0];
  carry2 = r6New[1];

  // Step 4
  k = r3 * VestaFQConst.inv & BinaryOps.maskBig64;
  tmp = BigintUtils.mac(r3, k, VestaFQConst.modulus.limbs[0], BigInt.zero);
  carry = tmp[1];
  tmp = BigintUtils.mac(r4, k, VestaFQConst.modulus.limbs[1], carry);
  r4 = tmp[0];
  carry = tmp[1];
  tmp = BigintUtils.mac(r5, k, VestaFQConst.modulus.limbs[2], carry);
  r5 = tmp[0];
  carry = tmp[1];
  tmp = BigintUtils.mac(r6, k, VestaFQConst.modulus.limbs[3], carry);
  r6 = tmp[0];
  carry = tmp[1];
  var r7New = BigintUtils.adc(r7, carry2, carry);
  r7 = r7New[0];
  // final carry ignored

  // Result may be within modulus of the correct value
  return VestaFq([r4, r5, r6, r7]).sub(VestaFQConst.modulus);
}