fiatScalarAdd function
fiatScalarAdd adds two field elements in the Montgomery domain.
Preconditions: 0 ≤ eval arg1 < m 0 ≤ eval arg2 < m Postconditions: eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) + eval (from_montgomery arg2)) mod m 0 ≤ eval out1 < m
Implementation
void fiatScalarAdd(List<BigInt> out1, List<BigInt> arg1, List<BigInt> arg2) {
final (BigInt x1, int x2) = Bits.add64(arg1[0], arg2[0], 0);
final (BigInt x3, int x4) = Bits.add64(arg1[1], arg2[1], x2);
final (BigInt x5, int x6) = Bits.add64(arg1[2], arg2[2], x4);
final (BigInt x7, int x8) = Bits.add64(arg1[3], arg2[3], x6);
final (BigInt x9, int x10) =
Bits.sub64(x1, '6346243789798364141'.toBigInt(), 0);
final (BigInt x11, int x12) =
Bits.sub64(x3, '1503914060200516822'.toBigInt(), x10);
final (BigInt x13, int x14) = Bits.sub64(x5, BigInt.zero, x12);
final (BigInt x15, int x16) =
Bits.sub64(x7, '1152921504606846976'.toBigInt(), x14);
final (_, int x18) = Bits.sub64(x8.toBigInt, BigInt.zero, x16);
final BigInt x19 = fiatScalarCmovznzU64(x18.toBigInt, x9, x1);
final BigInt x20 = fiatScalarCmovznzU64(x18.toBigInt, x11, x3);
final BigInt x21 = fiatScalarCmovznzU64(x18.toBigInt, x13, x5);
final BigInt x22 = fiatScalarCmovznzU64(x18.toBigInt, x15, x7);
out1[0] = x19;
out1[1] = x20;
out1[2] = x21;
out1[3] = x22;
}