From aca73e2d79ca84ac57498d3520cce3ce9ae95260 Mon Sep 17 00:00:00 2001
From: Sun Yimin <emmansun@users.noreply.github.com>
Date: Thu, 22 Feb 2024 11:04:39 +0800
Subject: [PATCH] Updated SM2 MFMM (2) (markdown)

---
 SM2-MFMM-(2).md | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/SM2-MFMM-(2).md b/SM2-MFMM-(2).md
index 2ff4fe0..34e82ab 100644
--- a/SM2-MFMM-(2).md
+++ b/SM2-MFMM-(2).md
@@ -97,6 +97,8 @@ $t_2=t_2 - a_1$
 $t_3=t_3 - a_0$  
 $t_0=t_0 - a_1$  
 
+**减法显然是安全的（因为第四步的结果显然是>=0的，而且为零的情况仅限于 $t_0==0$ 的情况 ），所以调整为先做减法，再做加法，确保第四步加法不会产生进位。**。
+
 伪代码： 
 ```asm
 	\ // First reduction step, [p3, p2, p1, p0] = [1, -0x100000000, 0, (1 - 0x100000000), -1]
@@ -104,17 +106,17 @@ $t_0=t_0 - a_1$
 	MOVQ acc0, DX           \
 	SHLQ $32, AX            \  // AX = L(acc0 * 2^32), low part
 	SHRQ $32, DX            \  // DX = H(acc0 * 2^32), high part
-	\ // calculate the positive part first: [1, 0, 0, 1] * acc0 + [0, acc3, acc2, acc1], 
-	\ // due to (-1) * acc0 + acc0 == 0, so last lowest lamb 0 is dropped directly, no carry.
-	ADDQ acc0, acc1          \ // acc1' = L (acc0 + acc1)
-	ADCQ $0, acc2            \ // acc2' = acc2 + carry1
-	ADCQ $0, acc3            \ // acc3' = acc3 + carry2
-	ADCQ $0, acc0            \ // acc0' = acc0 + carry3
 	\// calculate the negative part: [0, -0x100000000, 0, -0x100000000] * acc0
 	SUBQ AX, acc1            \ 
 	SBBQ DX, acc2            \
 	SBBQ AX, acc3            \
 	SBBQ DX, acc0            \
+	\ // calculate the positive part: [1, 0, 0, 1] * acc0 + [0, acc3, acc2, acc1], 
+	\ // due to (-1) * acc0 + acc0 == 0, so last lowest lamb 0 is dropped directly, no carry.
+	ADDQ acc0, acc1          \ // acc1' = L (acc0 + acc1)
+	ADCQ $0, acc2            \ // acc2' = acc2 + carry1
+	ADCQ $0, acc3            \ // acc3' = acc3 + carry2
+	ADCQ $0, acc0            \ // acc0' = acc0 + carry3
 ```
 移位: 2  
 加法：4