summary refs log tree commit diff
path: root/crypto/src
diff options
context:
space:
mode:
authorPeter Dettman <peter.dettman@bouncycastle.org>2014-03-03 14:53:32 +0700
committerPeter Dettman <peter.dettman@bouncycastle.org>2014-03-03 14:53:32 +0700
commit208038d681e1ee46d33079e9221e10fe4a6aa25c (patch)
tree9ea820b68d29437204b044b8939afe6e4fd79046 /crypto/src
parentAdd/rename MulAddTo variations (diff)
downloadBouncyCastle.NET-ed25519-208038d681e1ee46d33079e9221e10fe4a6aa25c.tar.xz
Refactor reduction methods and change scope of PExt fields
Diffstat (limited to 'crypto/src')
-rw-r--r--crypto/src/math/ec/custom/sec/SecP192K1Field.cs15
-rw-r--r--crypto/src/math/ec/custom/sec/SecP192R1Field.cs42
-rw-r--r--crypto/src/math/ec/custom/sec/SecP224K1Field.cs15
-rw-r--r--crypto/src/math/ec/custom/sec/SecP224R1Field.cs10
-rw-r--r--crypto/src/math/ec/custom/sec/SecP256K1Field.cs15
-rw-r--r--crypto/src/math/ec/custom/sec/SecP256R1Field.cs66
-rw-r--r--crypto/src/math/ec/custom/sec/SecP384R1Field.cs55
7 files changed, 103 insertions, 115 deletions
diff --git a/crypto/src/math/ec/custom/sec/SecP192K1Field.cs b/crypto/src/math/ec/custom/sec/SecP192K1Field.cs
index 9b24adecd..bdcf0319e 100644
--- a/crypto/src/math/ec/custom/sec/SecP192K1Field.cs
+++ b/crypto/src/math/ec/custom/sec/SecP192K1Field.cs
@@ -7,9 +7,9 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
     {
         // 2^192 - 2^32 - 2^12 - 2^8 - 2^7 - 2^6 - 2^3 - 1
         internal static readonly uint[] P = new uint[]{ 0xFFFFEE37, 0xFFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF };
-        private const uint P5 = 0xFFFFFFFF;
-        private static readonly uint[] PExt = new uint[]{ 0x013C4FD1, 0x00002392, 0x00000001, 0x00000000, 0x00000000,
+        internal static readonly uint[] PExt = new uint[]{ 0x013C4FD1, 0x00002392, 0x00000001, 0x00000000, 0x00000000,
             0x00000000, 0xFFFFDC6E, 0xFFFFFFFD, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF };
+        private const uint P5 = 0xFFFFFFFF;
         private const uint PExt11 = 0xFFFFFFFF;
         private const ulong PInv = 0x00000001000011C9L;
         private const uint PInv33 = 0x11C9;
@@ -86,8 +86,8 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
 
         public static void Reduce(uint[] xx, uint[] z)
         {
-            ulong c = Nat192.Mul33Add(PInv33, xx, 6, xx, 0, z, 0);
-            c = Nat192.Mul33DWordAdd(PInv33, c, z, 0);
+            ulong cc = Nat192.Mul33Add(PInv33, xx, 6, xx, 0, z, 0);
+            uint c = Nat192.Mul33DWordAdd(PInv33, cc, z, 0);
 
             Debug.Assert(c == 0 || c == 1);
 
@@ -99,11 +99,8 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
 
         public static void Reduce32(uint x, uint[] z)
         {
-            uint c = Nat192.Mul33WordAdd(PInv33, x, z, 0);
-
-            Debug.Assert(c == 0 || c == 1);
-
-            if (c != 0 || (z[5] == P5 && Nat192.Gte(z, P)))
+            if ((x != 0 && Nat192.Mul33WordAdd(PInv33, x, z, 0) != 0)
+                || (z[5] == P5 && Nat192.Gte(z, P)))
             {
                 Nat192.AddDWord(PInv, z, 0);
             }
diff --git a/crypto/src/math/ec/custom/sec/SecP192R1Field.cs b/crypto/src/math/ec/custom/sec/SecP192R1Field.cs
index 37bbb8d68..c338911e3 100644
--- a/crypto/src/math/ec/custom/sec/SecP192R1Field.cs
+++ b/crypto/src/math/ec/custom/sec/SecP192R1Field.cs
@@ -7,9 +7,9 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
     {
         // 2^192 - 2^64 - 1
         internal static readonly uint[] P = new uint[]{ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF };
-        private const uint P5 = 0xFFFFFFFF;
-        private static readonly uint[] PExt = new uint[]{ 0x00000001, 0x00000000, 0x00000002, 0x00000000, 0x00000001,
+        internal static readonly uint[] PExt = new uint[]{ 0x00000001, 0x00000000, 0x00000002, 0x00000000, 0x00000001,
             0x00000000, 0xFFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFD, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF };
+        private const uint P5 = 0xFFFFFFFF;
         private const uint PExt11 = 0xFFFFFFFF;
 
         public static void Add(uint[] x, uint[] y, uint[] z)
@@ -84,57 +84,47 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
 
         public static void Reduce(uint[] xx, uint[] z)
         {
-            long xx06 = xx[6], xx07 = xx[7], xx08 = xx[8];
-            long xx09 = xx[9], xx10 = xx[10], xx11 = xx[11];
+            ulong xx06 = xx[6], xx07 = xx[7], xx08 = xx[8];
+            ulong xx09 = xx[9], xx10 = xx[10], xx11 = xx[11];
 
-            long t0 = xx06 + xx10;
-            long t1 = xx07 + xx11;
+            ulong t0 = xx06 + xx10;
+            ulong t1 = xx07 + xx11;
 
-            long cc = 0;
-            cc += (long)xx[0] + t0;
+            ulong cc = 0;
+            cc += (ulong)xx[0] + t0;
             z[0] = (uint)cc;
             cc >>= 32;
-            cc += (long)xx[1] + t1;
+            cc += (ulong)xx[1] + t1;
             z[1] = (uint)cc;
             cc >>= 32;
 
             t0 += xx08;
             t1 += xx09;
 
-            cc += (long)xx[2] + t0;
+            cc += (ulong)xx[2] + t0;
             z[2] = (uint)cc;
             cc >>= 32;
-            cc += (long)xx[3] + t1;
+            cc += (ulong)xx[3] + t1;
             z[3] = (uint)cc;
             cc >>= 32;
 
             t0 -= xx06;
             t1 -= xx07;
 
-            cc += (long)xx[4] + t0;
+            cc += (ulong)xx[4] + t0;
             z[4] = (uint)cc;
             cc >>= 32;
-            cc += (long)xx[5] + t1;
+            cc += (ulong)xx[5] + t1;
             z[5] = (uint)cc;
             cc >>= 32;
 
-            int c = (int)cc;
-            Debug.Assert(c >= 0);
-            while (c > 0)
-            {
-                c += Nat192.Sub(z, P, z);
-            }
-
-            if (z[5] == P5 && Nat192.Gte(z, P))
-            {
-                Nat192.Sub(z, P, z);
-            }
+            Reduce32((uint)cc, z);
         }
 
         public static void Reduce32(uint x, uint[] z)
         {
-            uint c = Nat192.AddWord(x, z, 0) + Nat192.AddWord(x, z, 2);
-            if (c != 0 || (z[5] == P5 && Nat192.Gte(z, P)))
+            if ((x != 0 && (Nat192.AddWord(x, z, 0) + Nat192.AddWord(x, z, 2) != 0))
+                || (z[5] == P5 && Nat192.Gte(z, P)))
             {
                 Nat192.Sub(z, P, z);
             }
diff --git a/crypto/src/math/ec/custom/sec/SecP224K1Field.cs b/crypto/src/math/ec/custom/sec/SecP224K1Field.cs
index 92f6b4ba1..dd754e80e 100644
--- a/crypto/src/math/ec/custom/sec/SecP224K1Field.cs
+++ b/crypto/src/math/ec/custom/sec/SecP224K1Field.cs
@@ -8,9 +8,9 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
         // 2^224 - 2^32 - 2^12 - 2^11 - 2^9 - 2^7 - 2^4 - 2 - 1
         internal static readonly uint[] P = new uint[]{ 0xFFFFE56D, 0xFFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
             0xFFFFFFFF };
-        private const uint P6 = 0xFFFFFFFF;
-        private static readonly uint[] PExt = new uint[]{ 0x02C23069, 0x00003526, 0x00000001, 0x00000000, 0x00000000,
+        internal static readonly uint[] PExt = new uint[]{ 0x02C23069, 0x00003526, 0x00000001, 0x00000000, 0x00000000,
             0x00000000, 0x00000000, 0xFFFFCADA, 0xFFFFFFFD, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF };
+        private const uint P6 = 0xFFFFFFFF;
         private const uint PExt13 = 0xFFFFFFFF;
         private const ulong PInv = 0x0000000100001A93L; 
         private const uint PInv33 = 0x1A93;
@@ -87,8 +87,8 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
 
         public static void Reduce(uint[] xx, uint[] z)
         {
-            ulong c = Nat224.Mul33Add(PInv33, xx, 7, xx, 0, z, 0);
-            c = Nat224.Mul33DWordAdd(PInv33, c, z, 0);
+            ulong cc = Nat224.Mul33Add(PInv33, xx, 7, xx, 0, z, 0);
+            uint c = Nat224.Mul33DWordAdd(PInv33, cc, z, 0);
 
             Debug.Assert(c == 0 || c == 1);
 
@@ -100,11 +100,8 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
 
         public static void Reduce32(uint x, uint[] z)
         {
-            uint c = Nat224.Mul33WordAdd(PInv33, x, z, 0);
-
-            Debug.Assert(c == 0 || c == 1);
-
-            if (c != 0 || (z[6] == P6 && Nat224.Gte(z, P)))
+            if ((x != 0 && Nat224.Mul33WordAdd(PInv33, x, z, 0) != 0)
+                || (z[6] == P6 && Nat224.Gte(z, P)))
             {
                 Nat224.AddDWord(PInv, z, 0);
             }
diff --git a/crypto/src/math/ec/custom/sec/SecP224R1Field.cs b/crypto/src/math/ec/custom/sec/SecP224R1Field.cs
index da01cb742..bd6656b27 100644
--- a/crypto/src/math/ec/custom/sec/SecP224R1Field.cs
+++ b/crypto/src/math/ec/custom/sec/SecP224R1Field.cs
@@ -7,9 +7,9 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
     {
         // 2^224 - 2^96 + 1
         internal static readonly uint[] P = new uint[] { 0x00000001, 0x00000000, 0x00000000, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF };
-        private const uint P6 = 0xFFFFFFFF;
-        private static readonly uint[] PExt = new uint[]{ 0x00000001, 0x00000000, 0x00000000, 0xFFFFFFFE, 0xFFFFFFFF,
+        internal static readonly uint[] PExt = new uint[]{ 0x00000001, 0x00000000, 0x00000000, 0xFFFFFFFE, 0xFFFFFFFF,
             0xFFFFFFFF, 0x00000000, 0x00000002, 0x00000000, 0x00000000, 0xFFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF };
+        private const uint P6 = 0xFFFFFFFF;
         private const uint PExt13 = 0xFFFFFFFF;
 
         public static void Add(uint[] x, uint[] y, uint[] z)
@@ -115,7 +115,7 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
             cc >>= 32;
 
             int c = (int)cc;
-            if (c > 0)
+            if (c >= 0)
             {
                 Reduce32((uint)c, z);
             }
@@ -130,8 +130,8 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
 
         public static void Reduce32(uint x, uint[] z)
         {
-            int c = Nat224.SubWord(x, z, 0) + (int)Nat224.AddWord(x, z, 3);
-            if (c != 0 || (z[6] == P6 && Nat224.Gte(z, P)))
+            if ((x != 0 && (Nat224.SubWord(x, z, 0) + Nat224.AddWord(x, z, 3) != 0))
+                || (z[6] == P6 && Nat224.Gte(z, P)))
             {
                 Nat224.Sub(z, P, z);
             }
diff --git a/crypto/src/math/ec/custom/sec/SecP256K1Field.cs b/crypto/src/math/ec/custom/sec/SecP256K1Field.cs
index cf918a67f..13938da54 100644
--- a/crypto/src/math/ec/custom/sec/SecP256K1Field.cs
+++ b/crypto/src/math/ec/custom/sec/SecP256K1Field.cs
@@ -8,10 +8,10 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
         // 2^256 - 2^32 - 2^9 - 2^8 - 2^7 - 2^6 - 2^4 - 1
         internal static readonly uint[] P = new uint[]{ 0xFFFFFC2F, 0xFFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
             0xFFFFFFFF, 0xFFFFFFFF };
-        private const uint P7 = 0xFFFFFFFF;
-        private static readonly uint[] PExt = new uint[]{ 0x000E90A1, 0x000007A2, 0x00000001, 0x00000000, 0x00000000,
+        internal static readonly uint[] PExt = new uint[]{ 0x000E90A1, 0x000007A2, 0x00000001, 0x00000000, 0x00000000,
             0x00000000, 0x00000000, 0x00000000, 0xFFFFF85E, 0xFFFFFFFD, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF,
             0xFFFFFFFF, 0xFFFFFFFF };
+        private const uint P7 = 0xFFFFFFFF;
         private const uint PExt15 = 0xFFFFFFFF;
         private const ulong PInv = 0x00000001000003D1UL;
         private const uint PInv33 = 0x3D1;
@@ -88,8 +88,8 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
 
         public static void Reduce(uint[] xx, uint[] z)
         {
-            ulong c = Nat256.Mul33Add(PInv33, xx, 8, xx, 0, z, 0);
-            c = Nat256.Mul33DWordAdd(PInv33, c, z, 0);
+            ulong cc = Nat256.Mul33Add(PInv33, xx, 8, xx, 0, z, 0);
+            uint c = Nat256.Mul33DWordAdd(PInv33, cc, z, 0);
 
             Debug.Assert(c == 0 || c == 1);
 
@@ -101,11 +101,8 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
 
         public static void Reduce32(uint x, uint[] z)
         {
-            uint c = Nat256.Mul33WordAdd(PInv33, x, z, 0);
-
-            Debug.Assert(c == 0 || c == 1);
-
-            if (c != 0 || (z[7] == P7 && Nat256.Gte(z, P)))
+            if ((x != 0 && Nat256.Mul33WordAdd(PInv33, x, z, 0) != 0)
+                || (z[7] == P7 && Nat256.Gte(z, P)))
             {
                 Nat256.AddDWord(PInv, z, 0);
             }
diff --git a/crypto/src/math/ec/custom/sec/SecP256R1Field.cs b/crypto/src/math/ec/custom/sec/SecP256R1Field.cs
index a01cb5840..4d98b5508 100644
--- a/crypto/src/math/ec/custom/sec/SecP256R1Field.cs
+++ b/crypto/src/math/ec/custom/sec/SecP256R1Field.cs
@@ -8,12 +8,12 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
         // 2^256 - 2^224 + 2^192 + 2^96 - 1
         internal static readonly uint[] P = new uint[]{ 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000000, 0x00000000, 0x00000000,
             0x00000001, 0xFFFFFFFF };
+        internal static readonly uint[] PExt = new uint[]{ 0x00000001, 0x00000000, 0x00000000, 0xFFFFFFFE, 0xFFFFFFFF,
+            0xFFFFFFFF, 0xFFFFFFFE, 0x00000001, 0xFFFFFFFE, 0x00000001, 0xFFFFFFFE, 0x00000001, 0x00000001, 0xFFFFFFFE,
+            0x00000002, 0xFFFFFFFE };
         private static readonly uint[] _2P = new uint[]{ 0xFFFFFFFE, 0xFFFFFFFF, 0xFFFFFFFF, 0x00000001, 0x00000000, 0x00000000,
             0x00000002, 0xFFFFFFFE, 0x00000001 };
         private const uint P7 = 0xFFFFFFFF;
-        private static readonly uint[] PExt = new uint[]{ 0x00000001, 0x00000000, 0x00000000, 0xFFFFFFFE, 0xFFFFFFFF,
-            0xFFFFFFFF, 0xFFFFFFFE, 0x00000001, 0xFFFFFFFE, 0x00000001, 0xFFFFFFFE, 0x00000001, 0x00000001, 0xFFFFFFFE,
-            0x00000002, 0xFFFFFFFE };
 
         public static void Add(uint[] x, uint[] y, uint[] z)
         {
@@ -125,7 +125,7 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
             cc >>= 32;
 
             int c = (int)cc;
-            if (c > 0)
+            if (c >= 0)
             {
                 Reduce32((uint)c, z);
             }
@@ -144,33 +144,39 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
 
         public static void Reduce32(uint x, uint[] z)
         {
-            long xx08 = x;
-
             long cc = 0;
-            cc += (long)z[0] + xx08;
-            z[0] = (uint)cc;
-            cc >>= 32;
-            cc += (long)z[1];
-            z[1] = (uint)cc;
-            cc >>= 32;
-            cc += (long)z[2];
-            z[2] = (uint)cc;
-            cc >>= 32;
-            cc += (long)z[3] - xx08;
-            z[3] = (uint)cc;
-            cc >>= 32;
-            cc += (long)z[4];
-            z[4] = (uint)cc;
-            cc >>= 32;
-            cc += (long)z[5];
-            z[5] = (uint)cc;
-            cc >>= 32;
-            cc += (long)z[6] - xx08;
-            z[6] = (uint)cc;
-            cc >>= 32;
-            cc += (long)z[7] + xx08;
-            z[7] = (uint)cc;
-            cc >>= 32;
+
+            if (x != 0)
+            {
+                long xx08 = x;
+
+                cc += (long)z[0] + xx08;
+                z[0] = (uint)cc;
+                cc >>= 32;
+                cc += (long)z[1];
+                z[1] = (uint)cc;
+                cc >>= 32;
+                cc += (long)z[2];
+                z[2] = (uint)cc;
+                cc >>= 32;
+                cc += (long)z[3] - xx08;
+                z[3] = (uint)cc;
+                cc >>= 32;
+                cc += (long)z[4];
+                z[4] = (uint)cc;
+                cc >>= 32;
+                cc += (long)z[5];
+                z[5] = (uint)cc;
+                cc >>= 32;
+                cc += (long)z[6] - xx08;
+                z[6] = (uint)cc;
+                cc >>= 32;
+                cc += (long)z[7] + xx08;
+                z[7] = (uint)cc;
+                cc >>= 32;
+
+                Debug.Assert(cc == 0 || cc == 1);
+            }
 
             if (cc != 0 || (z[7] == P7 && Nat256.Gte(z, P)))
             {
diff --git a/crypto/src/math/ec/custom/sec/SecP384R1Field.cs b/crypto/src/math/ec/custom/sec/SecP384R1Field.cs
index 8f9094b5b..91c5dd81d 100644
--- a/crypto/src/math/ec/custom/sec/SecP384R1Field.cs
+++ b/crypto/src/math/ec/custom/sec/SecP384R1Field.cs
@@ -8,10 +8,10 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
             // 2^384 - 2^128 - 2^96 + 2^32 - 1
         internal static readonly uint[] P = new uint[]{ 0xFFFFFFFF, 0x00000000, 0x00000000, 0xFFFFFFFF, 0xFFFFFFFE, 0xFFFFFFFF,
             0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF };
-        private const uint P11 = 0xFFFFFFFF;
-        private static readonly uint[] PExt = new uint[]{ 0x00000001, 0xFFFFFFFE, 0x00000000, 0x00000002, 0x00000000, 0xFFFFFFFE,
+        internal static readonly uint[] PExt = new uint[]{ 0x00000001, 0xFFFFFFFE, 0x00000000, 0x00000002, 0x00000000, 0xFFFFFFFE,
             0x00000000, 0x00000002, 0x00000001, 0x00000000, 0x00000000, 0x00000000, 0xFFFFFFFE, 0x00000001, 0x00000000,
             0xFFFFFFFE, 0xFFFFFFFD, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF, 0xFFFFFFFF };
+        private const uint P11 = 0xFFFFFFFF;
         private const uint PExt23 = 0xFFFFFFFF;
 
         public static void Add(uint[] x, uint[] y, uint[] z)
@@ -129,7 +129,7 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
             cc >>= 32;
 
             int c = (int)cc;
-            if (c > 0)
+            if (c >= 0)
             {
                 Reduce32((uint)c, z);
             }
@@ -144,34 +144,35 @@ namespace Org.BouncyCastle.Math.EC.Custom.Sec
 
         public static void Reduce32(uint x, uint[] z)
         {
-            long xx12 = x;
-
             long cc = 0;
-            cc += (long)z[0] + xx12;
-            z[0] = (uint)cc;
-            cc >>= 32;
-            cc += (long)z[1] - xx12;
-            z[1] = (uint)cc;
-            cc >>= 32;
-            cc += (long)z[2];
-            z[2] = (uint)cc;
-            cc >>= 32;
-            cc += (long)z[3] + xx12;
-            z[3] = (uint)cc;
-            cc >>= 32;
-            cc += (long)z[4] + xx12;
-            z[4] = (uint)cc;
-            cc >>= 32;
 
-            Debug.Assert(cc >= 0);
+            if (x != 0)
+            {
+                long xx12 = x;
+
+                cc += (long)z[0] + xx12;
+                z[0] = (uint)cc;
+                cc >>= 32;
+                cc += (long)z[1] - xx12;
+                z[1] = (uint)cc;
+                cc >>= 32;
+                cc += (long)z[2];
+                z[2] = (uint)cc;
+                cc >>= 32;
+                cc += (long)z[3] + xx12;
+                z[3] = (uint)cc;
+                cc >>= 32;
+                cc += (long)z[4] + xx12;
+                z[4] = (uint)cc;
+                cc >>= 32;
+
+                Debug.Assert(cc == 0 || cc == 1);
+            }
 
-            if (cc > 0)
+            if ((cc != 0 && Nat.Inc(12, z, 5) != 0)
+                || (z[11] == P11 && Nat.Gte(12, z, P)))
             {
-                uint c = Nat.AddWord(12, (uint)cc, z, 5);
-                if (c != 0 || (z[11] == P11 && Nat.Gte(12, z, P)))
-                {
-                    Nat.Sub(12, z, P, z);
-                }
+                Nat.Sub(12, z, P, z);
             }
         }