Optimize Skipping of 0-bits In mulmuladd

rdubois-crypto · Jan 15, 2024 · a5625b5 · a5625b5
1 parent d9bb3b0
commit a5625b5
Showing 1 changed file with 4 additions and 6 deletions.
diff --git a/solidity/src/FCL_elliptic.sol b/solidity/src/FCL_elliptic.sol
@@ -366,11 +366,10 @@ function SqrtMod(uint256 self) internal view returns (uint256 result){
 
             }
             assembly {
-                for { let T4 := add(shl(1, and(shr(index, scalar_v), 1)), and(shr(index, scalar_u), 1)) } eq(T4, 0) {
+                for { zz := add(shl(1, and(shr(index, scalar_v), 1)), and(shr(index, scalar_u), 1)) } iszero(zz) {
                     index := sub(index, 1)
-                    T4 := add(shl(1, and(shr(index, scalar_v), 1)), and(shr(index, scalar_u), 1))
+                    zz := add(shl(1, and(shr(index, scalar_v), 1)), and(shr(index, scalar_u), 1))
                 } {}
-                zz := add(shl(1, and(shr(index, scalar_v), 1)), and(shr(index, scalar_u), 1))
 
                 if eq(zz, 1) {
                     X := gx
@@ -522,11 +521,10 @@ function SqrtMod(uint256 self) internal view returns (uint256 result){
             (H[0], H[1]) = ecAff_add(gx, gy, Q0, Q1); //will not work if Q=P, obvious forbidden private key
 
             assembly {
-                for { let T4 := add(shl(1, and(shr(index, scalar_v), 1)), and(shr(index, scalar_u), 1)) } eq(T4, 0) {
+                for { zz := add(shl(1, and(shr(index, scalar_v), 1)), and(shr(index, scalar_u), 1)) } iszero(zz) {
                     index := sub(index, 1)
-                    T4 := add(shl(1, and(shr(index, scalar_v), 1)), and(shr(index, scalar_u), 1))
+                    zz := add(shl(1, and(shr(index, scalar_v), 1)), and(shr(index, scalar_u), 1))
                 } {}
-                zz := add(shl(1, and(shr(index, scalar_v), 1)), and(shr(index, scalar_u), 1))
 
                 if eq(zz, 1) {
                     X := gx