From 2579d1e7aab9841c8926984bd4571c3a5249bf25 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Olivier=20Ch=C3=A9ron?= <olivier.cheron@gmail.com>
Date: Tue, 14 Jan 2020 21:11:51 +0100
Subject: [PATCH] Use smaller value in felem_diff

---
 cbits/include64/p256/p256_gf.h | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/cbits/include64/p256/p256_gf.h b/cbits/include64/p256/p256_gf.h
index 9920ab3..28b869a 100644
--- a/cbits/include64/p256/p256_gf.h
+++ b/cbits/include64/p256/p256_gf.h
@@ -229,8 +229,14 @@ static void felem_sum(felem out, const felem in, const felem in2) {
   felem_reduce_carry(out, carry);
 }
 
-/* zero31 is 0 mod p. */
-static const felem zero31 = { 0xffffffffffffc0, 0x1f7ffffffffffe0, 0xf7ffffffffffe1, 0x1f00fffffffffe1, 0xfffffffeffffe1 };
+#define two53m3 (((limb)1) << 53) - (((limb)1) << 3)
+#define two54m52p48m2 (((limb)1) << 54) - (((limb)1) << 52) + (((limb)1) << 48) - (((limb)1) << 2)
+#define two53m2p0 (((limb)1) << 53) - (((limb)1) << 2) + (((limb)1) << 0)
+#define two54m52p41m2 (((limb)1) << 54) - (((limb)1) << 52) + (((limb)1) << 41) - (((limb)1) << 2)
+#define two53m21m2p0 (((limb)1) << 53) - (((limb)1) << 21) - (((limb)1) << 2) + (((limb)1) << 0)
+
+/* zero53 is 0 mod p. */
+static const felem zero53 = { two53m3, two54m52p48m2, two53m2p0, two54m52p41m2, two53m21m2p0 };
 
 /* felem_diff sets out = in-in2.
  *
@@ -243,7 +249,7 @@ static void felem_diff(felem out, const felem in, const felem in2) {
 
    for (i = 0;; i++) {
     out[i] = in[i] - in2[i];
-    out[i] += zero31[i];
+    out[i] += zero53[i];
     out[i] += carry;
     carry = out[i] >> 51;
     out[i] &= kBottom51Bits;
@@ -253,7 +259,7 @@ static void felem_diff(felem out, const felem in, const felem in2) {
       break;
 
     out[i] = in[i] - in2[i];
-    out[i] += zero31[i];
+    out[i] += zero53[i];
     out[i] += carry;
     carry = out[i] >> 52;
     out[i] &= kBottom52Bits;