fiatScalarOpp function
fiatScalarOpp negates a field element in the Montgomery domain.
Preconditions: 0 ≤ eval arg1 < m Postconditions: eval (from_montgomery out1) mod m = -eval (from_montgomery arg1) mod m 0 ≤ eval out1 < m
Implementation
void fiatScalarOpp(List<BigInt> out1, List<BigInt> arg1) {
final (BigInt x1, int x2) = Bits.sub64(BigInt.zero, arg1[0], 0);
final (BigInt x3, int x4) = Bits.sub64(BigInt.zero, arg1[1], x2);
final (BigInt x5, int x6) = Bits.sub64(BigInt.zero, arg1[2], x4);
final (BigInt x7, int x8) = Bits.sub64(BigInt.zero, arg1[3], x6);
final BigInt x9 = fiatScalarCmovznzU64(
x8.toBigInt, BigInt.zero, '18446744073709551615'.toBigInt());
final (BigInt x10, int x11) =
Bits.add64(x1, (x9 & '6346243789798364141'.toBigInt()), 0);
final (BigInt x12, int x13) =
Bits.add64(x3, (x9 & '1503914060200516822'.toBigInt()), x11);
final (BigInt x14, int x15) = Bits.add64(x5, BigInt.zero, x13);
final (BigInt x16, int _) =
Bits.add64(x7, (x9 & '1152921504606846976'.toBigInt()), x15);
out1[0] = x10;
out1[1] = x12;
out1[2] = x14;
out1[3] = x16;
}