| Compute the inverse of x modulo modinfo->modulus,
| and replace x with it (constant time
| in x).
|
| Same as secp256k1_modinv32_var, but
| constant time in x (not in the modulus).
|
| Compute the transition matrix and zeta for 30
| divsteps.
|
| Input: zeta: initial zeta
| f0: bottom limb of initial f
| g0: bottom limb of initial g
| Output: t: transition matrix
| Return: final zeta
|
| Implements the divsteps_n_matrix function from
| the explanation.
| Compute the transition matrix and eta for 30
| divsteps (variable time).
|
| Input: eta: initial eta
| f0: bottom limb of initial f
| g0: bottom limb of initial g
| Output: t: transition matrix
| Return: final eta
|
| Implements the divsteps_n_matrix_var function
| from the explanation.
| Take as input a signed30 number in range
| (-2*modulus,modulus), and add a multiple of the
| modulus to it to bring it to range [0,modulus).
|
| If sign < 0, the input will also be negated in
| the process.
|
| The input must have limbs in range
| (-2^30,2^30). The output will have limbs in
| range [0,2^30).
| Compute (t/2^30) * [d, e] mod modulus,
| where t is a transition matrix for 30 divsteps.
|
| On input and output, d and e are in range
| (-2*modulus,modulus). All output limbs will be
| in range
|
| (-2^30,2^30).
|
| This implements the update_de function from the
| explanation.
| Compute (t/2^30) * [f, g],
| where t is a transition matrix for 30 divsteps.
|
| Version that operates on a variable number of
| limbs in f and g.
|
| This implements the update_fg function from the
| explanation in modinv64_impl.h.