From 23c411188cc092ae78c1c7ddbf038cf91efbdb48 Mon Sep 17 00:00:00 2001
From: NIIBE Yutaka <gniibe@fsij.org>
Date: Tue, 11 Oct 2011 22:46:39 +0900
Subject: [PATCH] fast reduction for modp256_shift

---
 src/modp256.c | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/src/modp256.c b/src/modp256.c
index be392af..69ced35 100644
--- a/src/modp256.c
+++ b/src/modp256.c
@@ -274,19 +274,23 @@ modp256_inv (bn256 *C, const bn256 *a)
 void
 modp256_shift (bn256 *X, const bn256 *A, int shift)
 {
-  int carry;
+  uint32_t carry;
+  bn256 tmp[1];
 
   carry = bn256_shift (X, A, shift);
   if (shift < 0)
     return;
 
-  while (carry)
-    {
-      int borrow;
+  memset (tmp, 0, sizeof (bn256));
+  tmp->words[7] = carry;
+  tmp->words[0] = carry;
+  modp256_add (X, X, tmp);
 
-      borrow = bn256_sub (X, X, P256);
-      carry -= borrow;
-    }
+  tmp->words[7] = 0;
+  tmp->words[0] = 0;
+  tmp->words[6] = carry;
+  tmp->words[3] = carry;
+  modp256_sub (X, X, tmp);
 
   if (bn256_is_ge (X, P256))
     bn256_sub (X, X, P256);