From a5625b58dd1b0a6c84957d3ee2f20129c54f4c05 Mon Sep 17 00:00:00 2001
From: Nicholas Rodrigues Lordello <nick@safe.global>
Date: Fri, 15 Dec 2023 09:57:56 +0100
Subject: [PATCH] Optimize Skipping of 0-bits In mulmuladd

---
 solidity/src/FCL_elliptic.sol | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

diff --git a/solidity/src/FCL_elliptic.sol b/solidity/src/FCL_elliptic.sol
index fdb79b6a..f88c0971 100644
--- a/solidity/src/FCL_elliptic.sol
+++ b/solidity/src/FCL_elliptic.sol
@@ -366,11 +366,10 @@ function SqrtMod(uint256 self) internal view returns (uint256 result){
 
             }
             assembly {
-                for { let T4 := add(shl(1, and(shr(index, scalar_v), 1)), and(shr(index, scalar_u), 1)) } eq(T4, 0) {
+                for { zz := add(shl(1, and(shr(index, scalar_v), 1)), and(shr(index, scalar_u), 1)) } iszero(zz) {
                     index := sub(index, 1)
-                    T4 := add(shl(1, and(shr(index, scalar_v), 1)), and(shr(index, scalar_u), 1))
+                    zz := add(shl(1, and(shr(index, scalar_v), 1)), and(shr(index, scalar_u), 1))
                 } {}
-                zz := add(shl(1, and(shr(index, scalar_v), 1)), and(shr(index, scalar_u), 1))
 
                 if eq(zz, 1) {
                     X := gx
@@ -522,11 +521,10 @@ function SqrtMod(uint256 self) internal view returns (uint256 result){
             (H[0], H[1]) = ecAff_add(gx, gy, Q0, Q1); //will not work if Q=P, obvious forbidden private key
 
             assembly {
-                for { let T4 := add(shl(1, and(shr(index, scalar_v), 1)), and(shr(index, scalar_u), 1)) } eq(T4, 0) {
+                for { zz := add(shl(1, and(shr(index, scalar_v), 1)), and(shr(index, scalar_u), 1)) } iszero(zz) {
                     index := sub(index, 1)
-                    T4 := add(shl(1, and(shr(index, scalar_v), 1)), and(shr(index, scalar_u), 1))
+                    zz := add(shl(1, and(shr(index, scalar_v), 1)), and(shr(index, scalar_u), 1))
                 } {}
-                zz := add(shl(1, and(shr(index, scalar_v), 1)), and(shr(index, scalar_u), 1))
 
                 if eq(zz, 1) {
                     X := gx