Skip to main content

montgomery_retrieve_inner

Function montgomery_retrieve_inner 

Source
pub const fn montgomery_retrieve_inner(
    x: &[Limb],
    out: &mut [Limb],
    modulus: &[Limb],
    mod_neg_inv: Limb,
)
Expand description

This algorithm corresponds to a Montgomery reduction of the wide input (x, 0), Algorithm 14.32 in Handbook of Applied Cryptography https://cacr.uwaterloo.ca/hac/about/chap14.pdf Or to a Montgomery multiplication of x by 1 (Algorithm 14.36). This version does not produce a carry and does not need further correction by subtracting the modulus as long as x < modulus. This is guaranteed because x < modulus => u < modulus => ((x + u•modulus) << N) < modulus.