Torbjorn Granlund <t...@gmplib.org> writes: > Compute T = 2 x A using mpn_add_n or mpn_lshift. > Use mpn_cnd_sub_n with A, T as arguments.
Should work (except if T is computed mod B^n, one doesn't get the correct carry out, but that isn't needed here). But it's a bit awkward, and this is a performacne critical function; some 30% of the time to create a side-channel silent ecdsa signature is spent doing the modular inversion. Regards, /Niels -- Niels Möller. PGP-encrypted email is preferred. Keyid C0B98E26. Internet email is subject to wholesale government surveillance. _______________________________________________ gmp-devel mailing list gmp-devel@gmplib.org https://gmplib.org/mailman/listinfo/gmp-devel
