From 2a42057906d15f8b9a471fb27ab058fa7ea5feb4 Mon Sep 17 00:00:00 2001
From: renaud dubois <renaud.dubois.fr@gmail.com>
Date: Fri, 23 Aug 2024 11:08:34 +0200
Subject: [PATCH] remove litterals

remove litterals of scalar field modular reduction
- use of n
- define 2^256 mod n for high part of integer to reduce
---
 src/fields/SCL_wei25519.sol | 3 +++
 src/lib/libSCL_EIP665.sol   | 9 +++------
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/src/fields/SCL_wei25519.sol b/src/fields/SCL_wei25519.sol
index ffee1bc..da17c85 100644
--- a/src/fields/SCL_wei25519.sol
+++ b/src/fields/SCL_wei25519.sol
@@ -26,6 +26,9 @@ uint256 constant a = 19298681539552699237261830834781317975544997444273427339909
 // short weierstrass second coefficient 0x41a3b6bfc668778ebe2954a4b1df36d1485ecef1ea614295796e102240891faa
 uint256 constant b =55751746669818908907645289078257140818241103727901012315294400837956729358436;
 uint256 constant n = 0x1000000000000000000000000000000014def9dea2f79cd65812631a5cf5d3ed;
+//2^256 mod n used for big integer reduction modulo n
+uint256 constant _2pow256modn = 0xffffffffffffffffffffffffffffffec6ef5bf4737dcf70d6ec31748d98951d;
+
 uint256 constant nMINUS_2 = 0x1000000000000000000000000000000014def9dea2f79cd65812631a5cf5d3eb;
 
 uint256 constant gx=0x2aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaad245a;
diff --git a/src/lib/libSCL_EIP665.sol b/src/lib/libSCL_EIP665.sol
index b7646f0..d5bf519 100644
--- a/src/lib/libSCL_EIP665.sol
+++ b/src/lib/libSCL_EIP665.sol
@@ -15,7 +15,7 @@
 
 pragma solidity >=0.8.19 <0.9.0;
 
-import { delta, A, c, a,b,d, p,n, gx, gy, gpow2p128_x, gpow2p128_y, pMINUS_1} from "../fields/SCL_wei25519.sol";
+import { _2pow256modn, delta, A, c, a,b,d, p,n, gx, gy, gpow2p128_x, gpow2p128_y, pMINUS_1} from "../fields/SCL_wei25519.sol";
 import "../modular/SCL_sqrtMod_5mod8.sol";
 
 
@@ -148,14 +148,11 @@ function SHA512_modq(bytes memory m) internal pure returns (uint256 h)
  return h;
 }
 
-/* reduce a 512 bit number modulo curve order*/
+/* reduce a 512 bit number modulo curve order, val being interpreted as the number val[0]<<256+val*/
 function Red512Modq(uint256[2] memory val) internal pure returns (uint256 h)
 {
 
-  return addmod(mulmod(val[0],
-  0xffffffffffffffffffffffffffffffec6ef5bf4737dcf70d6ec31748d98951d, 
-  0x1000000000000000000000000000000014def9dea2f79cd65812631a5cf5d3ed)
-                ,val[1],0x1000000000000000000000000000000014def9dea2f79cd65812631a5cf5d3ed);
+  return addmod(mulmod(val[0],_2pow256modn, n),val[1],n);
 
 }