From: Chris Duncan <chris@zoso.dev>
Date: Fri, 5 Dec 2025 18:19:37 +0000 (-0800)
Subject: Unroll addition steps for legibility.
X-Git-Url: https://git.codecow.com/?a=commitdiff_plain;h=67f663981497c7e948f3496b79a70d5259d3a943;p=libnemo.git

Unroll addition steps for legibility.
---

diff --git a/src/lib/crypto/secp256k1.ts b/src/lib/crypto/secp256k1.ts
index 8f92f27..30a7961 100644
--- a/src/lib/crypto/secp256k1.ts
+++ b/src/lib/crypto/secp256k1.ts
@@ -189,7 +189,6 @@ export class Secp256k1 {
 			 * (Renes-Costello-Batina, algo 1 of [2015/1060](https://eprint.iacr.org/2015/1060)).
 			 * Cost: `12M + 0S + 3*a + 3*b3 + 23add`.
 			 */
-			// prettier-ignore
 			add (other: Point): Point {
 				const M = (v: bigint): bigint => secp256k1.modP(v)
 				const { X: X1, Y: Y1, Z: Z1 } = { X, Y, Z }
@@ -198,21 +197,45 @@ export class Secp256k1 {
 				const b = secp256k1.b
 				const b3 = M(b * 3n)
 				let X3 = 0n, Y3 = 0n, Z3 = 0n
-				let t0 = M(X1 * X2), t1 = M(Y1 * Y2), t2 = M(Z1 * Z2), t3 = M(X1 + Y1) // step 1
+				let t0 = M(X1 * X2) // step 1
+				let t1 = M(Y1 * Y2)
+				let t2 = M(Z1 * Z2)
+				let t3 = M(X1 + Y1)
 				let t4 = M(X2 + Y2) // step 5
-				t3 = M(t3 * t4); t4 = M(t0 + t1); t3 = M(t3 - t4); t4 = M(X1 + Z1)
+				t3 = M(t3 * t4)
+				t4 = M(t0 + t1)
+				t3 = M(t3 - t4)
+				t4 = M(X1 + Z1)
 				let t5 = M(X2 + Z2) // step 10
-				t4 = M(t4 * t5); t5 = M(t0 + t2); t4 = M(t4 - t5); t5 = M(Y1 + Z1)
+				t4 = M(t4 * t5)
+				t5 = M(t0 + t2)
+				t4 = M(t4 - t5)
+				t5 = M(Y1 + Z1)
 				X3 = M(Y2 + Z2) // step 15
-				t5 = M(t5 * X3); X3 = M(t1 + t2); t5 = M(t5 - X3); Z3 = M(a * t4)
+				t5 = M(t5 * X3)
+				X3 = M(t1 + t2)
+				t5 = M(t5 - X3)
+				Z3 = M(a * t4)
 				X3 = M(b3 * t2) // step 20
-				Z3 = M(X3 + Z3); X3 = M(t1 - Z3); Z3 = M(t1 + Z3); Y3 = M(X3 * Z3)
+				Z3 = M(X3 + Z3)
+				X3 = M(t1 - Z3)
+				Z3 = M(t1 + Z3)
+				Y3 = M(X3 * Z3)
 				t1 = M(t0 + t0) // step 25
-				t1 = M(t1 + t0); t2 = M(a * t2); t4 = M(b3 * t4); t1 = M(t1 + t2)
+				t1 = M(t1 + t0)
+				t2 = M(a * t2)
+				t4 = M(b3 * t4)
+				t1 = M(t1 + t2)
 				t2 = M(t0 - t2) // step 30
-				t2 = M(a * t2); t4 = M(t4 + t2); t0 = M(t1 * t4); Y3 = M(Y3 + t0)
+				t2 = M(a * t2)
+				t4 = M(t4 + t2)
+				t0 = M(t1 * t4)
+				Y3 = M(Y3 + t0)
 				t0 = M(t5 * t4) // step 35
-				X3 = M(t3 * X3); X3 = M(X3 - t0); t0 = M(t3 * t1); Z3 = M(t5 * Z3)
+				X3 = M(t3 * X3)
+				X3 = M(X3 - t0)
+				t0 = M(t3 * t1)
+				Z3 = M(t5 * Z3)
 				Z3 = M(Z3 + t0) // step 40
 				return secp256k1.Point(X3, Y3, Z3)
 			},