fiatScalarSub function
fiatScalarSub subtracts two field elements in the Montgomery domain.
Preconditions: 0 ≤ eval arg1 < m 0 ≤ eval arg2 < m Postconditions: eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) - eval (from_montgomery arg2)) mod m 0 ≤ eval out1 < m
Implementation
void fiatScalarSub(List<BigInt> out1, List<BigInt> arg1, List<BigInt> arg2) {
final (BigInt x1, int x2) = Bits.sub64(arg1[0], arg2[0], 0);
final (BigInt x3, int x4) = Bits.sub64(arg1[1], arg2[1], x2);
final (BigInt x5, int x6) = Bits.sub64(arg1[2], arg2[2], x4);
final (BigInt x7, int x8) = Bits.sub64(arg1[3], arg2[3], x6);
final x9 = fiatScalarCmovznzU64(
x8.toBigInt, BigInt.zero, '18446744073709551615'.toBigInt());
final (BigInt x10, int x11) =
Bits.add64(x1, (x9 & '6346243789798364141'.toBigInt()), 0);
final (BigInt x12, int x13) =
Bits.add64(x3, (x9 & '1503914060200516822'.toBigInt()), x11);
final (BigInt x14, int x15) = Bits.add64(x5, BigInt.zero, x13);
final (BigInt x16, int _) =
Bits.add64(x7, (x9 & '1152921504606846976'.toBigInt()), x15);
out1[0] = x10;
out1[1] = x12;
out1[2] = x14;
out1[3] = x16;
}