z = ( -2, -1, 0, 1, 2, -2, -1, 0, 1, 2, -2, -1, 0, 1, 2 ) // if b > 14 { return 0, false } // Calculate b % 5 with Barrett reduction, to avoid a potentially // variable-time division. const barrettMultiplier = 0x3334 // ⌈2¹⁶ / 5⌉ const barrettShift = 16 // log₂(2¹⁶) quotient := (uint32(b) * barrettMultiplier) >> barrettShift remainder := uint32(b) - quotient*5 return fieldSubToMontgomery(2, remainder), true case 4: // Return z = 4 − b, which maps from // // b = ( 8, 7, 6, 5, 4, 3, 2, 1, 0 ) // //...

} func fieldSub(a, b fieldElement) fieldElement { x := uint16(a - b + q) return fieldReduceOnce(x) } const ( barrettMultiplier = 5039 // 2¹² * 2¹² / q barrettShift = 24 // log₂(2¹² * 2¹²) ) // fieldReduce reduces a value a < 2q² using Barrett reduction, to avoid // potentially variable-time division. func fieldReduce(a uint32) fieldElement { quotient := uint32((uint64(a) * barrettMultiplier) >> barrettShift) return fieldReduceOnce(uint16(a - quotient*q)) } func fieldMul(a, b fieldElement) fieldElement...