/// Reduce this `Scalar` modulo \\(\ell\\).
public Scalar reduce()
{
var x = unpack();
var xR = UnpackedScalar.mul_internal(x.Value, Constant.R.Value);
var x_mod_l = UnpackedScalar.montgomery_reduce(xR);
return(x_mod_l.pack());
}
/// Takes a Scalar64 out of Montgomery form, i.e. computes `a/R (mod l)`
public UnpackedScalar from_montgomery()
{
var limbs = new UInt128[9];
for (int i = 0; i < 5; i++)
{
limbs[i] = value.Span[i];
}
return(UnpackedScalar.montgomery_reduce(limbs));
}
/// Compute `(a^2) / R` (mod l) in Montgomery form, where R is the Montgomery modulus 2^260
public UnpackedScalar montgomery_square()
{
return(UnpackedScalar.montgomery_reduce(UnpackedScalar.square_internal(value.Span)));
}
/// Compute `(a * b) / R` (mod l), where R is the Montgomery modulus 2^260
public static UnpackedScalar montgomery_mul(UnpackedScalar a, UnpackedScalar b)
{
return(UnpackedScalar.montgomery_reduce(UnpackedScalar.mul_internal(a.value.Span, b.value.Span)));
}
/// Compute `a^2` (mod l)
// XXX we don't expose square() via the Scalar API
public UnpackedScalar square()
{
var aa = UnpackedScalar.montgomery_reduce(UnpackedScalar.square_internal(value.Span));
return(UnpackedScalar.montgomery_reduce(UnpackedScalar.mul_internal(aa.value.Span, Constant.RR.value.Span)));
}
/// Compute `a * b` (mod l)
public static UnpackedScalar mul(UnpackedScalar a, UnpackedScalar b)
{
var ab = UnpackedScalar.montgomery_reduce(UnpackedScalar.mul_internal(a.value.Span, b.value.Span));
return(UnpackedScalar.montgomery_reduce(UnpackedScalar.mul_internal(ab.value.Span, Constant.RR.value.Span)));
}