Botan 3.5.0
Crypto and TLS for C&
mp_comba.cpp
Go to the documentation of this file.
1/*
2* Comba Multiplication and Squaring
3*
4* This file was automatically generated by ./src/scripts/dev_tools/gen_mp_comba.py on 2024-06-27
5*
6* Botan is released under the Simplified BSD License (see license.txt)
7*/
8
9#include <botan/internal/mp_core.h>
10
11namespace Botan {
12
13/*
14* Comba 4x4 Squaring
15*/
16void bigint_comba_sqr4(word z[8], const word x[4]) {
17 word3<word> accum;
18
19 accum.mul(x[0], x[0]);
20 z[0] = accum.extract();
21 accum.mul_x2(x[0], x[1]);
22 z[1] = accum.extract();
23 accum.mul_x2(x[0], x[2]);
24 accum.mul(x[1], x[1]);
25 z[2] = accum.extract();
26 accum.mul_x2(x[0], x[3]);
27 accum.mul_x2(x[1], x[2]);
28 z[3] = accum.extract();
29 accum.mul_x2(x[1], x[3]);
30 accum.mul(x[2], x[2]);
31 z[4] = accum.extract();
32 accum.mul_x2(x[2], x[3]);
33 z[5] = accum.extract();
34 accum.mul(x[3], x[3]);
35 z[6] = accum.extract();
36 z[7] = accum.extract();
37}
38
39/*
40* Comba 4x4 Multiplication
41*/
42void bigint_comba_mul4(word z[8], const word x[4], const word y[4]) {
43 word3<word> accum;
44
45 accum.mul(x[0], y[0]);
46 z[0] = accum.extract();
47 accum.mul(x[0], y[1]);
48 accum.mul(x[1], y[0]);
49 z[1] = accum.extract();
50 accum.mul(x[0], y[2]);
51 accum.mul(x[1], y[1]);
52 accum.mul(x[2], y[0]);
53 z[2] = accum.extract();
54 accum.mul(x[0], y[3]);
55 accum.mul(x[1], y[2]);
56 accum.mul(x[2], y[1]);
57 accum.mul(x[3], y[0]);
58 z[3] = accum.extract();
59 accum.mul(x[1], y[3]);
60 accum.mul(x[2], y[2]);
61 accum.mul(x[3], y[1]);
62 z[4] = accum.extract();
63 accum.mul(x[2], y[3]);
64 accum.mul(x[3], y[2]);
65 z[5] = accum.extract();
66 accum.mul(x[3], y[3]);
67 z[6] = accum.extract();
68 z[7] = accum.extract();
69}
70
71/*
72* Comba 6x6 Squaring
73*/
74void bigint_comba_sqr6(word z[12], const word x[6]) {
75 word3<word> accum;
76
77 accum.mul(x[0], x[0]);
78 z[0] = accum.extract();
79 accum.mul_x2(x[0], x[1]);
80 z[1] = accum.extract();
81 accum.mul_x2(x[0], x[2]);
82 accum.mul(x[1], x[1]);
83 z[2] = accum.extract();
84 accum.mul_x2(x[0], x[3]);
85 accum.mul_x2(x[1], x[2]);
86 z[3] = accum.extract();
87 accum.mul_x2(x[0], x[4]);
88 accum.mul_x2(x[1], x[3]);
89 accum.mul(x[2], x[2]);
90 z[4] = accum.extract();
91 accum.mul_x2(x[0], x[5]);
92 accum.mul_x2(x[1], x[4]);
93 accum.mul_x2(x[2], x[3]);
94 z[5] = accum.extract();
95 accum.mul_x2(x[1], x[5]);
96 accum.mul_x2(x[2], x[4]);
97 accum.mul(x[3], x[3]);
98 z[6] = accum.extract();
99 accum.mul_x2(x[2], x[5]);
100 accum.mul_x2(x[3], x[4]);
101 z[7] = accum.extract();
102 accum.mul_x2(x[3], x[5]);
103 accum.mul(x[4], x[4]);
104 z[8] = accum.extract();
105 accum.mul_x2(x[4], x[5]);
106 z[9] = accum.extract();
107 accum.mul(x[5], x[5]);
108 z[10] = accum.extract();
109 z[11] = accum.extract();
110}
111
112/*
113* Comba 6x6 Multiplication
114*/
115void bigint_comba_mul6(word z[12], const word x[6], const word y[6]) {
116 word3<word> accum;
117
118 accum.mul(x[0], y[0]);
119 z[0] = accum.extract();
120 accum.mul(x[0], y[1]);
121 accum.mul(x[1], y[0]);
122 z[1] = accum.extract();
123 accum.mul(x[0], y[2]);
124 accum.mul(x[1], y[1]);
125 accum.mul(x[2], y[0]);
126 z[2] = accum.extract();
127 accum.mul(x[0], y[3]);
128 accum.mul(x[1], y[2]);
129 accum.mul(x[2], y[1]);
130 accum.mul(x[3], y[0]);
131 z[3] = accum.extract();
132 accum.mul(x[0], y[4]);
133 accum.mul(x[1], y[3]);
134 accum.mul(x[2], y[2]);
135 accum.mul(x[3], y[1]);
136 accum.mul(x[4], y[0]);
137 z[4] = accum.extract();
138 accum.mul(x[0], y[5]);
139 accum.mul(x[1], y[4]);
140 accum.mul(x[2], y[3]);
141 accum.mul(x[3], y[2]);
142 accum.mul(x[4], y[1]);
143 accum.mul(x[5], y[0]);
144 z[5] = accum.extract();
145 accum.mul(x[1], y[5]);
146 accum.mul(x[2], y[4]);
147 accum.mul(x[3], y[3]);
148 accum.mul(x[4], y[2]);
149 accum.mul(x[5], y[1]);
150 z[6] = accum.extract();
151 accum.mul(x[2], y[5]);
152 accum.mul(x[3], y[4]);
153 accum.mul(x[4], y[3]);
154 accum.mul(x[5], y[2]);
155 z[7] = accum.extract();
156 accum.mul(x[3], y[5]);
157 accum.mul(x[4], y[4]);
158 accum.mul(x[5], y[3]);
159 z[8] = accum.extract();
160 accum.mul(x[4], y[5]);
161 accum.mul(x[5], y[4]);
162 z[9] = accum.extract();
163 accum.mul(x[5], y[5]);
164 z[10] = accum.extract();
165 z[11] = accum.extract();
166}
167
168/*
169* Comba 7x7 Squaring
170*/
171void bigint_comba_sqr7(word z[14], const word x[7]) {
172 word3<word> accum;
173
174 accum.mul(x[0], x[0]);
175 z[0] = accum.extract();
176 accum.mul_x2(x[0], x[1]);
177 z[1] = accum.extract();
178 accum.mul_x2(x[0], x[2]);
179 accum.mul(x[1], x[1]);
180 z[2] = accum.extract();
181 accum.mul_x2(x[0], x[3]);
182 accum.mul_x2(x[1], x[2]);
183 z[3] = accum.extract();
184 accum.mul_x2(x[0], x[4]);
185 accum.mul_x2(x[1], x[3]);
186 accum.mul(x[2], x[2]);
187 z[4] = accum.extract();
188 accum.mul_x2(x[0], x[5]);
189 accum.mul_x2(x[1], x[4]);
190 accum.mul_x2(x[2], x[3]);
191 z[5] = accum.extract();
192 accum.mul_x2(x[0], x[6]);
193 accum.mul_x2(x[1], x[5]);
194 accum.mul_x2(x[2], x[4]);
195 accum.mul(x[3], x[3]);
196 z[6] = accum.extract();
197 accum.mul_x2(x[1], x[6]);
198 accum.mul_x2(x[2], x[5]);
199 accum.mul_x2(x[3], x[4]);
200 z[7] = accum.extract();
201 accum.mul_x2(x[2], x[6]);
202 accum.mul_x2(x[3], x[5]);
203 accum.mul(x[4], x[4]);
204 z[8] = accum.extract();
205 accum.mul_x2(x[3], x[6]);
206 accum.mul_x2(x[4], x[5]);
207 z[9] = accum.extract();
208 accum.mul_x2(x[4], x[6]);
209 accum.mul(x[5], x[5]);
210 z[10] = accum.extract();
211 accum.mul_x2(x[5], x[6]);
212 z[11] = accum.extract();
213 accum.mul(x[6], x[6]);
214 z[12] = accum.extract();
215 z[13] = accum.extract();
216}
217
218/*
219* Comba 7x7 Multiplication
220*/
221void bigint_comba_mul7(word z[14], const word x[7], const word y[7]) {
222 word3<word> accum;
223
224 accum.mul(x[0], y[0]);
225 z[0] = accum.extract();
226 accum.mul(x[0], y[1]);
227 accum.mul(x[1], y[0]);
228 z[1] = accum.extract();
229 accum.mul(x[0], y[2]);
230 accum.mul(x[1], y[1]);
231 accum.mul(x[2], y[0]);
232 z[2] = accum.extract();
233 accum.mul(x[0], y[3]);
234 accum.mul(x[1], y[2]);
235 accum.mul(x[2], y[1]);
236 accum.mul(x[3], y[0]);
237 z[3] = accum.extract();
238 accum.mul(x[0], y[4]);
239 accum.mul(x[1], y[3]);
240 accum.mul(x[2], y[2]);
241 accum.mul(x[3], y[1]);
242 accum.mul(x[4], y[0]);
243 z[4] = accum.extract();
244 accum.mul(x[0], y[5]);
245 accum.mul(x[1], y[4]);
246 accum.mul(x[2], y[3]);
247 accum.mul(x[3], y[2]);
248 accum.mul(x[4], y[1]);
249 accum.mul(x[5], y[0]);
250 z[5] = accum.extract();
251 accum.mul(x[0], y[6]);
252 accum.mul(x[1], y[5]);
253 accum.mul(x[2], y[4]);
254 accum.mul(x[3], y[3]);
255 accum.mul(x[4], y[2]);
256 accum.mul(x[5], y[1]);
257 accum.mul(x[6], y[0]);
258 z[6] = accum.extract();
259 accum.mul(x[1], y[6]);
260 accum.mul(x[2], y[5]);
261 accum.mul(x[3], y[4]);
262 accum.mul(x[4], y[3]);
263 accum.mul(x[5], y[2]);
264 accum.mul(x[6], y[1]);
265 z[7] = accum.extract();
266 accum.mul(x[2], y[6]);
267 accum.mul(x[3], y[5]);
268 accum.mul(x[4], y[4]);
269 accum.mul(x[5], y[3]);
270 accum.mul(x[6], y[2]);
271 z[8] = accum.extract();
272 accum.mul(x[3], y[6]);
273 accum.mul(x[4], y[5]);
274 accum.mul(x[5], y[4]);
275 accum.mul(x[6], y[3]);
276 z[9] = accum.extract();
277 accum.mul(x[4], y[6]);
278 accum.mul(x[5], y[5]);
279 accum.mul(x[6], y[4]);
280 z[10] = accum.extract();
281 accum.mul(x[5], y[6]);
282 accum.mul(x[6], y[5]);
283 z[11] = accum.extract();
284 accum.mul(x[6], y[6]);
285 z[12] = accum.extract();
286 z[13] = accum.extract();
287}
288
289/*
290* Comba 8x8 Squaring
291*/
292void bigint_comba_sqr8(word z[16], const word x[8]) {
293 word3<word> accum;
294
295 accum.mul(x[0], x[0]);
296 z[0] = accum.extract();
297 accum.mul_x2(x[0], x[1]);
298 z[1] = accum.extract();
299 accum.mul_x2(x[0], x[2]);
300 accum.mul(x[1], x[1]);
301 z[2] = accum.extract();
302 accum.mul_x2(x[0], x[3]);
303 accum.mul_x2(x[1], x[2]);
304 z[3] = accum.extract();
305 accum.mul_x2(x[0], x[4]);
306 accum.mul_x2(x[1], x[3]);
307 accum.mul(x[2], x[2]);
308 z[4] = accum.extract();
309 accum.mul_x2(x[0], x[5]);
310 accum.mul_x2(x[1], x[4]);
311 accum.mul_x2(x[2], x[3]);
312 z[5] = accum.extract();
313 accum.mul_x2(x[0], x[6]);
314 accum.mul_x2(x[1], x[5]);
315 accum.mul_x2(x[2], x[4]);
316 accum.mul(x[3], x[3]);
317 z[6] = accum.extract();
318 accum.mul_x2(x[0], x[7]);
319 accum.mul_x2(x[1], x[6]);
320 accum.mul_x2(x[2], x[5]);
321 accum.mul_x2(x[3], x[4]);
322 z[7] = accum.extract();
323 accum.mul_x2(x[1], x[7]);
324 accum.mul_x2(x[2], x[6]);
325 accum.mul_x2(x[3], x[5]);
326 accum.mul(x[4], x[4]);
327 z[8] = accum.extract();
328 accum.mul_x2(x[2], x[7]);
329 accum.mul_x2(x[3], x[6]);
330 accum.mul_x2(x[4], x[5]);
331 z[9] = accum.extract();
332 accum.mul_x2(x[3], x[7]);
333 accum.mul_x2(x[4], x[6]);
334 accum.mul(x[5], x[5]);
335 z[10] = accum.extract();
336 accum.mul_x2(x[4], x[7]);
337 accum.mul_x2(x[5], x[6]);
338 z[11] = accum.extract();
339 accum.mul_x2(x[5], x[7]);
340 accum.mul(x[6], x[6]);
341 z[12] = accum.extract();
342 accum.mul_x2(x[6], x[7]);
343 z[13] = accum.extract();
344 accum.mul(x[7], x[7]);
345 z[14] = accum.extract();
346 z[15] = accum.extract();
347}
348
349/*
350* Comba 8x8 Multiplication
351*/
352void bigint_comba_mul8(word z[16], const word x[8], const word y[8]) {
353 word3<word> accum;
354
355 accum.mul(x[0], y[0]);
356 z[0] = accum.extract();
357 accum.mul(x[0], y[1]);
358 accum.mul(x[1], y[0]);
359 z[1] = accum.extract();
360 accum.mul(x[0], y[2]);
361 accum.mul(x[1], y[1]);
362 accum.mul(x[2], y[0]);
363 z[2] = accum.extract();
364 accum.mul(x[0], y[3]);
365 accum.mul(x[1], y[2]);
366 accum.mul(x[2], y[1]);
367 accum.mul(x[3], y[0]);
368 z[3] = accum.extract();
369 accum.mul(x[0], y[4]);
370 accum.mul(x[1], y[3]);
371 accum.mul(x[2], y[2]);
372 accum.mul(x[3], y[1]);
373 accum.mul(x[4], y[0]);
374 z[4] = accum.extract();
375 accum.mul(x[0], y[5]);
376 accum.mul(x[1], y[4]);
377 accum.mul(x[2], y[3]);
378 accum.mul(x[3], y[2]);
379 accum.mul(x[4], y[1]);
380 accum.mul(x[5], y[0]);
381 z[5] = accum.extract();
382 accum.mul(x[0], y[6]);
383 accum.mul(x[1], y[5]);
384 accum.mul(x[2], y[4]);
385 accum.mul(x[3], y[3]);
386 accum.mul(x[4], y[2]);
387 accum.mul(x[5], y[1]);
388 accum.mul(x[6], y[0]);
389 z[6] = accum.extract();
390 accum.mul(x[0], y[7]);
391 accum.mul(x[1], y[6]);
392 accum.mul(x[2], y[5]);
393 accum.mul(x[3], y[4]);
394 accum.mul(x[4], y[3]);
395 accum.mul(x[5], y[2]);
396 accum.mul(x[6], y[1]);
397 accum.mul(x[7], y[0]);
398 z[7] = accum.extract();
399 accum.mul(x[1], y[7]);
400 accum.mul(x[2], y[6]);
401 accum.mul(x[3], y[5]);
402 accum.mul(x[4], y[4]);
403 accum.mul(x[5], y[3]);
404 accum.mul(x[6], y[2]);
405 accum.mul(x[7], y[1]);
406 z[8] = accum.extract();
407 accum.mul(x[2], y[7]);
408 accum.mul(x[3], y[6]);
409 accum.mul(x[4], y[5]);
410 accum.mul(x[5], y[4]);
411 accum.mul(x[6], y[3]);
412 accum.mul(x[7], y[2]);
413 z[9] = accum.extract();
414 accum.mul(x[3], y[7]);
415 accum.mul(x[4], y[6]);
416 accum.mul(x[5], y[5]);
417 accum.mul(x[6], y[4]);
418 accum.mul(x[7], y[3]);
419 z[10] = accum.extract();
420 accum.mul(x[4], y[7]);
421 accum.mul(x[5], y[6]);
422 accum.mul(x[6], y[5]);
423 accum.mul(x[7], y[4]);
424 z[11] = accum.extract();
425 accum.mul(x[5], y[7]);
426 accum.mul(x[6], y[6]);
427 accum.mul(x[7], y[5]);
428 z[12] = accum.extract();
429 accum.mul(x[6], y[7]);
430 accum.mul(x[7], y[6]);
431 z[13] = accum.extract();
432 accum.mul(x[7], y[7]);
433 z[14] = accum.extract();
434 z[15] = accum.extract();
435}
436
437/*
438* Comba 9x9 Squaring
439*/
440void bigint_comba_sqr9(word z[18], const word x[9]) {
441 word3<word> accum;
442
443 accum.mul(x[0], x[0]);
444 z[0] = accum.extract();
445 accum.mul_x2(x[0], x[1]);
446 z[1] = accum.extract();
447 accum.mul_x2(x[0], x[2]);
448 accum.mul(x[1], x[1]);
449 z[2] = accum.extract();
450 accum.mul_x2(x[0], x[3]);
451 accum.mul_x2(x[1], x[2]);
452 z[3] = accum.extract();
453 accum.mul_x2(x[0], x[4]);
454 accum.mul_x2(x[1], x[3]);
455 accum.mul(x[2], x[2]);
456 z[4] = accum.extract();
457 accum.mul_x2(x[0], x[5]);
458 accum.mul_x2(x[1], x[4]);
459 accum.mul_x2(x[2], x[3]);
460 z[5] = accum.extract();
461 accum.mul_x2(x[0], x[6]);
462 accum.mul_x2(x[1], x[5]);
463 accum.mul_x2(x[2], x[4]);
464 accum.mul(x[3], x[3]);
465 z[6] = accum.extract();
466 accum.mul_x2(x[0], x[7]);
467 accum.mul_x2(x[1], x[6]);
468 accum.mul_x2(x[2], x[5]);
469 accum.mul_x2(x[3], x[4]);
470 z[7] = accum.extract();
471 accum.mul_x2(x[0], x[8]);
472 accum.mul_x2(x[1], x[7]);
473 accum.mul_x2(x[2], x[6]);
474 accum.mul_x2(x[3], x[5]);
475 accum.mul(x[4], x[4]);
476 z[8] = accum.extract();
477 accum.mul_x2(x[1], x[8]);
478 accum.mul_x2(x[2], x[7]);
479 accum.mul_x2(x[3], x[6]);
480 accum.mul_x2(x[4], x[5]);
481 z[9] = accum.extract();
482 accum.mul_x2(x[2], x[8]);
483 accum.mul_x2(x[3], x[7]);
484 accum.mul_x2(x[4], x[6]);
485 accum.mul(x[5], x[5]);
486 z[10] = accum.extract();
487 accum.mul_x2(x[3], x[8]);
488 accum.mul_x2(x[4], x[7]);
489 accum.mul_x2(x[5], x[6]);
490 z[11] = accum.extract();
491 accum.mul_x2(x[4], x[8]);
492 accum.mul_x2(x[5], x[7]);
493 accum.mul(x[6], x[6]);
494 z[12] = accum.extract();
495 accum.mul_x2(x[5], x[8]);
496 accum.mul_x2(x[6], x[7]);
497 z[13] = accum.extract();
498 accum.mul_x2(x[6], x[8]);
499 accum.mul(x[7], x[7]);
500 z[14] = accum.extract();
501 accum.mul_x2(x[7], x[8]);
502 z[15] = accum.extract();
503 accum.mul(x[8], x[8]);
504 z[16] = accum.extract();
505 z[17] = accum.extract();
506}
507
508/*
509* Comba 9x9 Multiplication
510*/
511void bigint_comba_mul9(word z[18], const word x[9], const word y[9]) {
512 word3<word> accum;
513
514 accum.mul(x[0], y[0]);
515 z[0] = accum.extract();
516 accum.mul(x[0], y[1]);
517 accum.mul(x[1], y[0]);
518 z[1] = accum.extract();
519 accum.mul(x[0], y[2]);
520 accum.mul(x[1], y[1]);
521 accum.mul(x[2], y[0]);
522 z[2] = accum.extract();
523 accum.mul(x[0], y[3]);
524 accum.mul(x[1], y[2]);
525 accum.mul(x[2], y[1]);
526 accum.mul(x[3], y[0]);
527 z[3] = accum.extract();
528 accum.mul(x[0], y[4]);
529 accum.mul(x[1], y[3]);
530 accum.mul(x[2], y[2]);
531 accum.mul(x[3], y[1]);
532 accum.mul(x[4], y[0]);
533 z[4] = accum.extract();
534 accum.mul(x[0], y[5]);
535 accum.mul(x[1], y[4]);
536 accum.mul(x[2], y[3]);
537 accum.mul(x[3], y[2]);
538 accum.mul(x[4], y[1]);
539 accum.mul(x[5], y[0]);
540 z[5] = accum.extract();
541 accum.mul(x[0], y[6]);
542 accum.mul(x[1], y[5]);
543 accum.mul(x[2], y[4]);
544 accum.mul(x[3], y[3]);
545 accum.mul(x[4], y[2]);
546 accum.mul(x[5], y[1]);
547 accum.mul(x[6], y[0]);
548 z[6] = accum.extract();
549 accum.mul(x[0], y[7]);
550 accum.mul(x[1], y[6]);
551 accum.mul(x[2], y[5]);
552 accum.mul(x[3], y[4]);
553 accum.mul(x[4], y[3]);
554 accum.mul(x[5], y[2]);
555 accum.mul(x[6], y[1]);
556 accum.mul(x[7], y[0]);
557 z[7] = accum.extract();
558 accum.mul(x[0], y[8]);
559 accum.mul(x[1], y[7]);
560 accum.mul(x[2], y[6]);
561 accum.mul(x[3], y[5]);
562 accum.mul(x[4], y[4]);
563 accum.mul(x[5], y[3]);
564 accum.mul(x[6], y[2]);
565 accum.mul(x[7], y[1]);
566 accum.mul(x[8], y[0]);
567 z[8] = accum.extract();
568 accum.mul(x[1], y[8]);
569 accum.mul(x[2], y[7]);
570 accum.mul(x[3], y[6]);
571 accum.mul(x[4], y[5]);
572 accum.mul(x[5], y[4]);
573 accum.mul(x[6], y[3]);
574 accum.mul(x[7], y[2]);
575 accum.mul(x[8], y[1]);
576 z[9] = accum.extract();
577 accum.mul(x[2], y[8]);
578 accum.mul(x[3], y[7]);
579 accum.mul(x[4], y[6]);
580 accum.mul(x[5], y[5]);
581 accum.mul(x[6], y[4]);
582 accum.mul(x[7], y[3]);
583 accum.mul(x[8], y[2]);
584 z[10] = accum.extract();
585 accum.mul(x[3], y[8]);
586 accum.mul(x[4], y[7]);
587 accum.mul(x[5], y[6]);
588 accum.mul(x[6], y[5]);
589 accum.mul(x[7], y[4]);
590 accum.mul(x[8], y[3]);
591 z[11] = accum.extract();
592 accum.mul(x[4], y[8]);
593 accum.mul(x[5], y[7]);
594 accum.mul(x[6], y[6]);
595 accum.mul(x[7], y[5]);
596 accum.mul(x[8], y[4]);
597 z[12] = accum.extract();
598 accum.mul(x[5], y[8]);
599 accum.mul(x[6], y[7]);
600 accum.mul(x[7], y[6]);
601 accum.mul(x[8], y[5]);
602 z[13] = accum.extract();
603 accum.mul(x[6], y[8]);
604 accum.mul(x[7], y[7]);
605 accum.mul(x[8], y[6]);
606 z[14] = accum.extract();
607 accum.mul(x[7], y[8]);
608 accum.mul(x[8], y[7]);
609 z[15] = accum.extract();
610 accum.mul(x[8], y[8]);
611 z[16] = accum.extract();
612 z[17] = accum.extract();
613}
614
615/*
616* Comba 16x16 Squaring
617*/
618void bigint_comba_sqr16(word z[32], const word x[16]) {
619 word3<word> accum;
620
621 accum.mul(x[0], x[0]);
622 z[0] = accum.extract();
623 accum.mul_x2(x[0], x[1]);
624 z[1] = accum.extract();
625 accum.mul_x2(x[0], x[2]);
626 accum.mul(x[1], x[1]);
627 z[2] = accum.extract();
628 accum.mul_x2(x[0], x[3]);
629 accum.mul_x2(x[1], x[2]);
630 z[3] = accum.extract();
631 accum.mul_x2(x[0], x[4]);
632 accum.mul_x2(x[1], x[3]);
633 accum.mul(x[2], x[2]);
634 z[4] = accum.extract();
635 accum.mul_x2(x[0], x[5]);
636 accum.mul_x2(x[1], x[4]);
637 accum.mul_x2(x[2], x[3]);
638 z[5] = accum.extract();
639 accum.mul_x2(x[0], x[6]);
640 accum.mul_x2(x[1], x[5]);
641 accum.mul_x2(x[2], x[4]);
642 accum.mul(x[3], x[3]);
643 z[6] = accum.extract();
644 accum.mul_x2(x[0], x[7]);
645 accum.mul_x2(x[1], x[6]);
646 accum.mul_x2(x[2], x[5]);
647 accum.mul_x2(x[3], x[4]);
648 z[7] = accum.extract();
649 accum.mul_x2(x[0], x[8]);
650 accum.mul_x2(x[1], x[7]);
651 accum.mul_x2(x[2], x[6]);
652 accum.mul_x2(x[3], x[5]);
653 accum.mul(x[4], x[4]);
654 z[8] = accum.extract();
655 accum.mul_x2(x[0], x[9]);
656 accum.mul_x2(x[1], x[8]);
657 accum.mul_x2(x[2], x[7]);
658 accum.mul_x2(x[3], x[6]);
659 accum.mul_x2(x[4], x[5]);
660 z[9] = accum.extract();
661 accum.mul_x2(x[0], x[10]);
662 accum.mul_x2(x[1], x[9]);
663 accum.mul_x2(x[2], x[8]);
664 accum.mul_x2(x[3], x[7]);
665 accum.mul_x2(x[4], x[6]);
666 accum.mul(x[5], x[5]);
667 z[10] = accum.extract();
668 accum.mul_x2(x[0], x[11]);
669 accum.mul_x2(x[1], x[10]);
670 accum.mul_x2(x[2], x[9]);
671 accum.mul_x2(x[3], x[8]);
672 accum.mul_x2(x[4], x[7]);
673 accum.mul_x2(x[5], x[6]);
674 z[11] = accum.extract();
675 accum.mul_x2(x[0], x[12]);
676 accum.mul_x2(x[1], x[11]);
677 accum.mul_x2(x[2], x[10]);
678 accum.mul_x2(x[3], x[9]);
679 accum.mul_x2(x[4], x[8]);
680 accum.mul_x2(x[5], x[7]);
681 accum.mul(x[6], x[6]);
682 z[12] = accum.extract();
683 accum.mul_x2(x[0], x[13]);
684 accum.mul_x2(x[1], x[12]);
685 accum.mul_x2(x[2], x[11]);
686 accum.mul_x2(x[3], x[10]);
687 accum.mul_x2(x[4], x[9]);
688 accum.mul_x2(x[5], x[8]);
689 accum.mul_x2(x[6], x[7]);
690 z[13] = accum.extract();
691 accum.mul_x2(x[0], x[14]);
692 accum.mul_x2(x[1], x[13]);
693 accum.mul_x2(x[2], x[12]);
694 accum.mul_x2(x[3], x[11]);
695 accum.mul_x2(x[4], x[10]);
696 accum.mul_x2(x[5], x[9]);
697 accum.mul_x2(x[6], x[8]);
698 accum.mul(x[7], x[7]);
699 z[14] = accum.extract();
700 accum.mul_x2(x[0], x[15]);
701 accum.mul_x2(x[1], x[14]);
702 accum.mul_x2(x[2], x[13]);
703 accum.mul_x2(x[3], x[12]);
704 accum.mul_x2(x[4], x[11]);
705 accum.mul_x2(x[5], x[10]);
706 accum.mul_x2(x[6], x[9]);
707 accum.mul_x2(x[7], x[8]);
708 z[15] = accum.extract();
709 accum.mul_x2(x[1], x[15]);
710 accum.mul_x2(x[2], x[14]);
711 accum.mul_x2(x[3], x[13]);
712 accum.mul_x2(x[4], x[12]);
713 accum.mul_x2(x[5], x[11]);
714 accum.mul_x2(x[6], x[10]);
715 accum.mul_x2(x[7], x[9]);
716 accum.mul(x[8], x[8]);
717 z[16] = accum.extract();
718 accum.mul_x2(x[2], x[15]);
719 accum.mul_x2(x[3], x[14]);
720 accum.mul_x2(x[4], x[13]);
721 accum.mul_x2(x[5], x[12]);
722 accum.mul_x2(x[6], x[11]);
723 accum.mul_x2(x[7], x[10]);
724 accum.mul_x2(x[8], x[9]);
725 z[17] = accum.extract();
726 accum.mul_x2(x[3], x[15]);
727 accum.mul_x2(x[4], x[14]);
728 accum.mul_x2(x[5], x[13]);
729 accum.mul_x2(x[6], x[12]);
730 accum.mul_x2(x[7], x[11]);
731 accum.mul_x2(x[8], x[10]);
732 accum.mul(x[9], x[9]);
733 z[18] = accum.extract();
734 accum.mul_x2(x[4], x[15]);
735 accum.mul_x2(x[5], x[14]);
736 accum.mul_x2(x[6], x[13]);
737 accum.mul_x2(x[7], x[12]);
738 accum.mul_x2(x[8], x[11]);
739 accum.mul_x2(x[9], x[10]);
740 z[19] = accum.extract();
741 accum.mul_x2(x[5], x[15]);
742 accum.mul_x2(x[6], x[14]);
743 accum.mul_x2(x[7], x[13]);
744 accum.mul_x2(x[8], x[12]);
745 accum.mul_x2(x[9], x[11]);
746 accum.mul(x[10], x[10]);
747 z[20] = accum.extract();
748 accum.mul_x2(x[6], x[15]);
749 accum.mul_x2(x[7], x[14]);
750 accum.mul_x2(x[8], x[13]);
751 accum.mul_x2(x[9], x[12]);
752 accum.mul_x2(x[10], x[11]);
753 z[21] = accum.extract();
754 accum.mul_x2(x[7], x[15]);
755 accum.mul_x2(x[8], x[14]);
756 accum.mul_x2(x[9], x[13]);
757 accum.mul_x2(x[10], x[12]);
758 accum.mul(x[11], x[11]);
759 z[22] = accum.extract();
760 accum.mul_x2(x[8], x[15]);
761 accum.mul_x2(x[9], x[14]);
762 accum.mul_x2(x[10], x[13]);
763 accum.mul_x2(x[11], x[12]);
764 z[23] = accum.extract();
765 accum.mul_x2(x[9], x[15]);
766 accum.mul_x2(x[10], x[14]);
767 accum.mul_x2(x[11], x[13]);
768 accum.mul(x[12], x[12]);
769 z[24] = accum.extract();
770 accum.mul_x2(x[10], x[15]);
771 accum.mul_x2(x[11], x[14]);
772 accum.mul_x2(x[12], x[13]);
773 z[25] = accum.extract();
774 accum.mul_x2(x[11], x[15]);
775 accum.mul_x2(x[12], x[14]);
776 accum.mul(x[13], x[13]);
777 z[26] = accum.extract();
778 accum.mul_x2(x[12], x[15]);
779 accum.mul_x2(x[13], x[14]);
780 z[27] = accum.extract();
781 accum.mul_x2(x[13], x[15]);
782 accum.mul(x[14], x[14]);
783 z[28] = accum.extract();
784 accum.mul_x2(x[14], x[15]);
785 z[29] = accum.extract();
786 accum.mul(x[15], x[15]);
787 z[30] = accum.extract();
788 z[31] = accum.extract();
789}
790
791/*
792* Comba 16x16 Multiplication
793*/
794void bigint_comba_mul16(word z[32], const word x[16], const word y[16]) {
795 word3<word> accum;
796
797 accum.mul(x[0], y[0]);
798 z[0] = accum.extract();
799 accum.mul(x[0], y[1]);
800 accum.mul(x[1], y[0]);
801 z[1] = accum.extract();
802 accum.mul(x[0], y[2]);
803 accum.mul(x[1], y[1]);
804 accum.mul(x[2], y[0]);
805 z[2] = accum.extract();
806 accum.mul(x[0], y[3]);
807 accum.mul(x[1], y[2]);
808 accum.mul(x[2], y[1]);
809 accum.mul(x[3], y[0]);
810 z[3] = accum.extract();
811 accum.mul(x[0], y[4]);
812 accum.mul(x[1], y[3]);
813 accum.mul(x[2], y[2]);
814 accum.mul(x[3], y[1]);
815 accum.mul(x[4], y[0]);
816 z[4] = accum.extract();
817 accum.mul(x[0], y[5]);
818 accum.mul(x[1], y[4]);
819 accum.mul(x[2], y[3]);
820 accum.mul(x[3], y[2]);
821 accum.mul(x[4], y[1]);
822 accum.mul(x[5], y[0]);
823 z[5] = accum.extract();
824 accum.mul(x[0], y[6]);
825 accum.mul(x[1], y[5]);
826 accum.mul(x[2], y[4]);
827 accum.mul(x[3], y[3]);
828 accum.mul(x[4], y[2]);
829 accum.mul(x[5], y[1]);
830 accum.mul(x[6], y[0]);
831 z[6] = accum.extract();
832 accum.mul(x[0], y[7]);
833 accum.mul(x[1], y[6]);
834 accum.mul(x[2], y[5]);
835 accum.mul(x[3], y[4]);
836 accum.mul(x[4], y[3]);
837 accum.mul(x[5], y[2]);
838 accum.mul(x[6], y[1]);
839 accum.mul(x[7], y[0]);
840 z[7] = accum.extract();
841 accum.mul(x[0], y[8]);
842 accum.mul(x[1], y[7]);
843 accum.mul(x[2], y[6]);
844 accum.mul(x[3], y[5]);
845 accum.mul(x[4], y[4]);
846 accum.mul(x[5], y[3]);
847 accum.mul(x[6], y[2]);
848 accum.mul(x[7], y[1]);
849 accum.mul(x[8], y[0]);
850 z[8] = accum.extract();
851 accum.mul(x[0], y[9]);
852 accum.mul(x[1], y[8]);
853 accum.mul(x[2], y[7]);
854 accum.mul(x[3], y[6]);
855 accum.mul(x[4], y[5]);
856 accum.mul(x[5], y[4]);
857 accum.mul(x[6], y[3]);
858 accum.mul(x[7], y[2]);
859 accum.mul(x[8], y[1]);
860 accum.mul(x[9], y[0]);
861 z[9] = accum.extract();
862 accum.mul(x[0], y[10]);
863 accum.mul(x[1], y[9]);
864 accum.mul(x[2], y[8]);
865 accum.mul(x[3], y[7]);
866 accum.mul(x[4], y[6]);
867 accum.mul(x[5], y[5]);
868 accum.mul(x[6], y[4]);
869 accum.mul(x[7], y[3]);
870 accum.mul(x[8], y[2]);
871 accum.mul(x[9], y[1]);
872 accum.mul(x[10], y[0]);
873 z[10] = accum.extract();
874 accum.mul(x[0], y[11]);
875 accum.mul(x[1], y[10]);
876 accum.mul(x[2], y[9]);
877 accum.mul(x[3], y[8]);
878 accum.mul(x[4], y[7]);
879 accum.mul(x[5], y[6]);
880 accum.mul(x[6], y[5]);
881 accum.mul(x[7], y[4]);
882 accum.mul(x[8], y[3]);
883 accum.mul(x[9], y[2]);
884 accum.mul(x[10], y[1]);
885 accum.mul(x[11], y[0]);
886 z[11] = accum.extract();
887 accum.mul(x[0], y[12]);
888 accum.mul(x[1], y[11]);
889 accum.mul(x[2], y[10]);
890 accum.mul(x[3], y[9]);
891 accum.mul(x[4], y[8]);
892 accum.mul(x[5], y[7]);
893 accum.mul(x[6], y[6]);
894 accum.mul(x[7], y[5]);
895 accum.mul(x[8], y[4]);
896 accum.mul(x[9], y[3]);
897 accum.mul(x[10], y[2]);
898 accum.mul(x[11], y[1]);
899 accum.mul(x[12], y[0]);
900 z[12] = accum.extract();
901 accum.mul(x[0], y[13]);
902 accum.mul(x[1], y[12]);
903 accum.mul(x[2], y[11]);
904 accum.mul(x[3], y[10]);
905 accum.mul(x[4], y[9]);
906 accum.mul(x[5], y[8]);
907 accum.mul(x[6], y[7]);
908 accum.mul(x[7], y[6]);
909 accum.mul(x[8], y[5]);
910 accum.mul(x[9], y[4]);
911 accum.mul(x[10], y[3]);
912 accum.mul(x[11], y[2]);
913 accum.mul(x[12], y[1]);
914 accum.mul(x[13], y[0]);
915 z[13] = accum.extract();
916 accum.mul(x[0], y[14]);
917 accum.mul(x[1], y[13]);
918 accum.mul(x[2], y[12]);
919 accum.mul(x[3], y[11]);
920 accum.mul(x[4], y[10]);
921 accum.mul(x[5], y[9]);
922 accum.mul(x[6], y[8]);
923 accum.mul(x[7], y[7]);
924 accum.mul(x[8], y[6]);
925 accum.mul(x[9], y[5]);
926 accum.mul(x[10], y[4]);
927 accum.mul(x[11], y[3]);
928 accum.mul(x[12], y[2]);
929 accum.mul(x[13], y[1]);
930 accum.mul(x[14], y[0]);
931 z[14] = accum.extract();
932 accum.mul(x[0], y[15]);
933 accum.mul(x[1], y[14]);
934 accum.mul(x[2], y[13]);
935 accum.mul(x[3], y[12]);
936 accum.mul(x[4], y[11]);
937 accum.mul(x[5], y[10]);
938 accum.mul(x[6], y[9]);
939 accum.mul(x[7], y[8]);
940 accum.mul(x[8], y[7]);
941 accum.mul(x[9], y[6]);
942 accum.mul(x[10], y[5]);
943 accum.mul(x[11], y[4]);
944 accum.mul(x[12], y[3]);
945 accum.mul(x[13], y[2]);
946 accum.mul(x[14], y[1]);
947 accum.mul(x[15], y[0]);
948 z[15] = accum.extract();
949 accum.mul(x[1], y[15]);
950 accum.mul(x[2], y[14]);
951 accum.mul(x[3], y[13]);
952 accum.mul(x[4], y[12]);
953 accum.mul(x[5], y[11]);
954 accum.mul(x[6], y[10]);
955 accum.mul(x[7], y[9]);
956 accum.mul(x[8], y[8]);
957 accum.mul(x[9], y[7]);
958 accum.mul(x[10], y[6]);
959 accum.mul(x[11], y[5]);
960 accum.mul(x[12], y[4]);
961 accum.mul(x[13], y[3]);
962 accum.mul(x[14], y[2]);
963 accum.mul(x[15], y[1]);
964 z[16] = accum.extract();
965 accum.mul(x[2], y[15]);
966 accum.mul(x[3], y[14]);
967 accum.mul(x[4], y[13]);
968 accum.mul(x[5], y[12]);
969 accum.mul(x[6], y[11]);
970 accum.mul(x[7], y[10]);
971 accum.mul(x[8], y[9]);
972 accum.mul(x[9], y[8]);
973 accum.mul(x[10], y[7]);
974 accum.mul(x[11], y[6]);
975 accum.mul(x[12], y[5]);
976 accum.mul(x[13], y[4]);
977 accum.mul(x[14], y[3]);
978 accum.mul(x[15], y[2]);
979 z[17] = accum.extract();
980 accum.mul(x[3], y[15]);
981 accum.mul(x[4], y[14]);
982 accum.mul(x[5], y[13]);
983 accum.mul(x[6], y[12]);
984 accum.mul(x[7], y[11]);
985 accum.mul(x[8], y[10]);
986 accum.mul(x[9], y[9]);
987 accum.mul(x[10], y[8]);
988 accum.mul(x[11], y[7]);
989 accum.mul(x[12], y[6]);
990 accum.mul(x[13], y[5]);
991 accum.mul(x[14], y[4]);
992 accum.mul(x[15], y[3]);
993 z[18] = accum.extract();
994 accum.mul(x[4], y[15]);
995 accum.mul(x[5], y[14]);
996 accum.mul(x[6], y[13]);
997 accum.mul(x[7], y[12]);
998 accum.mul(x[8], y[11]);
999 accum.mul(x[9], y[10]);
1000 accum.mul(x[10], y[9]);
1001 accum.mul(x[11], y[8]);
1002 accum.mul(x[12], y[7]);
1003 accum.mul(x[13], y[6]);
1004 accum.mul(x[14], y[5]);
1005 accum.mul(x[15], y[4]);
1006 z[19] = accum.extract();
1007 accum.mul(x[5], y[15]);
1008 accum.mul(x[6], y[14]);
1009 accum.mul(x[7], y[13]);
1010 accum.mul(x[8], y[12]);
1011 accum.mul(x[9], y[11]);
1012 accum.mul(x[10], y[10]);
1013 accum.mul(x[11], y[9]);
1014 accum.mul(x[12], y[8]);
1015 accum.mul(x[13], y[7]);
1016 accum.mul(x[14], y[6]);
1017 accum.mul(x[15], y[5]);
1018 z[20] = accum.extract();
1019 accum.mul(x[6], y[15]);
1020 accum.mul(x[7], y[14]);
1021 accum.mul(x[8], y[13]);
1022 accum.mul(x[9], y[12]);
1023 accum.mul(x[10], y[11]);
1024 accum.mul(x[11], y[10]);
1025 accum.mul(x[12], y[9]);
1026 accum.mul(x[13], y[8]);
1027 accum.mul(x[14], y[7]);
1028 accum.mul(x[15], y[6]);
1029 z[21] = accum.extract();
1030 accum.mul(x[7], y[15]);
1031 accum.mul(x[8], y[14]);
1032 accum.mul(x[9], y[13]);
1033 accum.mul(x[10], y[12]);
1034 accum.mul(x[11], y[11]);
1035 accum.mul(x[12], y[10]);
1036 accum.mul(x[13], y[9]);
1037 accum.mul(x[14], y[8]);
1038 accum.mul(x[15], y[7]);
1039 z[22] = accum.extract();
1040 accum.mul(x[8], y[15]);
1041 accum.mul(x[9], y[14]);
1042 accum.mul(x[10], y[13]);
1043 accum.mul(x[11], y[12]);
1044 accum.mul(x[12], y[11]);
1045 accum.mul(x[13], y[10]);
1046 accum.mul(x[14], y[9]);
1047 accum.mul(x[15], y[8]);
1048 z[23] = accum.extract();
1049 accum.mul(x[9], y[15]);
1050 accum.mul(x[10], y[14]);
1051 accum.mul(x[11], y[13]);
1052 accum.mul(x[12], y[12]);
1053 accum.mul(x[13], y[11]);
1054 accum.mul(x[14], y[10]);
1055 accum.mul(x[15], y[9]);
1056 z[24] = accum.extract();
1057 accum.mul(x[10], y[15]);
1058 accum.mul(x[11], y[14]);
1059 accum.mul(x[12], y[13]);
1060 accum.mul(x[13], y[12]);
1061 accum.mul(x[14], y[11]);
1062 accum.mul(x[15], y[10]);
1063 z[25] = accum.extract();
1064 accum.mul(x[11], y[15]);
1065 accum.mul(x[12], y[14]);
1066 accum.mul(x[13], y[13]);
1067 accum.mul(x[14], y[12]);
1068 accum.mul(x[15], y[11]);
1069 z[26] = accum.extract();
1070 accum.mul(x[12], y[15]);
1071 accum.mul(x[13], y[14]);
1072 accum.mul(x[14], y[13]);
1073 accum.mul(x[15], y[12]);
1074 z[27] = accum.extract();
1075 accum.mul(x[13], y[15]);
1076 accum.mul(x[14], y[14]);
1077 accum.mul(x[15], y[13]);
1078 z[28] = accum.extract();
1079 accum.mul(x[14], y[15]);
1080 accum.mul(x[15], y[14]);
1081 z[29] = accum.extract();
1082 accum.mul(x[15], y[15]);
1083 z[30] = accum.extract();
1084 z[31] = accum.extract();
1085}
1086
1087/*
1088* Comba 24x24 Squaring
1089*/
1090void bigint_comba_sqr24(word z[48], const word x[24]) {
1091 word3<word> accum;
1092
1093 accum.mul(x[0], x[0]);
1094 z[0] = accum.extract();
1095 accum.mul_x2(x[0], x[1]);
1096 z[1] = accum.extract();
1097 accum.mul_x2(x[0], x[2]);
1098 accum.mul(x[1], x[1]);
1099 z[2] = accum.extract();
1100 accum.mul_x2(x[0], x[3]);
1101 accum.mul_x2(x[1], x[2]);
1102 z[3] = accum.extract();
1103 accum.mul_x2(x[0], x[4]);
1104 accum.mul_x2(x[1], x[3]);
1105 accum.mul(x[2], x[2]);
1106 z[4] = accum.extract();
1107 accum.mul_x2(x[0], x[5]);
1108 accum.mul_x2(x[1], x[4]);
1109 accum.mul_x2(x[2], x[3]);
1110 z[5] = accum.extract();
1111 accum.mul_x2(x[0], x[6]);
1112 accum.mul_x2(x[1], x[5]);
1113 accum.mul_x2(x[2], x[4]);
1114 accum.mul(x[3], x[3]);
1115 z[6] = accum.extract();
1116 accum.mul_x2(x[0], x[7]);
1117 accum.mul_x2(x[1], x[6]);
1118 accum.mul_x2(x[2], x[5]);
1119 accum.mul_x2(x[3], x[4]);
1120 z[7] = accum.extract();
1121 accum.mul_x2(x[0], x[8]);
1122 accum.mul_x2(x[1], x[7]);
1123 accum.mul_x2(x[2], x[6]);
1124 accum.mul_x2(x[3], x[5]);
1125 accum.mul(x[4], x[4]);
1126 z[8] = accum.extract();
1127 accum.mul_x2(x[0], x[9]);
1128 accum.mul_x2(x[1], x[8]);
1129 accum.mul_x2(x[2], x[7]);
1130 accum.mul_x2(x[3], x[6]);
1131 accum.mul_x2(x[4], x[5]);
1132 z[9] = accum.extract();
1133 accum.mul_x2(x[0], x[10]);
1134 accum.mul_x2(x[1], x[9]);
1135 accum.mul_x2(x[2], x[8]);
1136 accum.mul_x2(x[3], x[7]);
1137 accum.mul_x2(x[4], x[6]);
1138 accum.mul(x[5], x[5]);
1139 z[10] = accum.extract();
1140 accum.mul_x2(x[0], x[11]);
1141 accum.mul_x2(x[1], x[10]);
1142 accum.mul_x2(x[2], x[9]);
1143 accum.mul_x2(x[3], x[8]);
1144 accum.mul_x2(x[4], x[7]);
1145 accum.mul_x2(x[5], x[6]);
1146 z[11] = accum.extract();
1147 accum.mul_x2(x[0], x[12]);
1148 accum.mul_x2(x[1], x[11]);
1149 accum.mul_x2(x[2], x[10]);
1150 accum.mul_x2(x[3], x[9]);
1151 accum.mul_x2(x[4], x[8]);
1152 accum.mul_x2(x[5], x[7]);
1153 accum.mul(x[6], x[6]);
1154 z[12] = accum.extract();
1155 accum.mul_x2(x[0], x[13]);
1156 accum.mul_x2(x[1], x[12]);
1157 accum.mul_x2(x[2], x[11]);
1158 accum.mul_x2(x[3], x[10]);
1159 accum.mul_x2(x[4], x[9]);
1160 accum.mul_x2(x[5], x[8]);
1161 accum.mul_x2(x[6], x[7]);
1162 z[13] = accum.extract();
1163 accum.mul_x2(x[0], x[14]);
1164 accum.mul_x2(x[1], x[13]);
1165 accum.mul_x2(x[2], x[12]);
1166 accum.mul_x2(x[3], x[11]);
1167 accum.mul_x2(x[4], x[10]);
1168 accum.mul_x2(x[5], x[9]);
1169 accum.mul_x2(x[6], x[8]);
1170 accum.mul(x[7], x[7]);
1171 z[14] = accum.extract();
1172 accum.mul_x2(x[0], x[15]);
1173 accum.mul_x2(x[1], x[14]);
1174 accum.mul_x2(x[2], x[13]);
1175 accum.mul_x2(x[3], x[12]);
1176 accum.mul_x2(x[4], x[11]);
1177 accum.mul_x2(x[5], x[10]);
1178 accum.mul_x2(x[6], x[9]);
1179 accum.mul_x2(x[7], x[8]);
1180 z[15] = accum.extract();
1181 accum.mul_x2(x[0], x[16]);
1182 accum.mul_x2(x[1], x[15]);
1183 accum.mul_x2(x[2], x[14]);
1184 accum.mul_x2(x[3], x[13]);
1185 accum.mul_x2(x[4], x[12]);
1186 accum.mul_x2(x[5], x[11]);
1187 accum.mul_x2(x[6], x[10]);
1188 accum.mul_x2(x[7], x[9]);
1189 accum.mul(x[8], x[8]);
1190 z[16] = accum.extract();
1191 accum.mul_x2(x[0], x[17]);
1192 accum.mul_x2(x[1], x[16]);
1193 accum.mul_x2(x[2], x[15]);
1194 accum.mul_x2(x[3], x[14]);
1195 accum.mul_x2(x[4], x[13]);
1196 accum.mul_x2(x[5], x[12]);
1197 accum.mul_x2(x[6], x[11]);
1198 accum.mul_x2(x[7], x[10]);
1199 accum.mul_x2(x[8], x[9]);
1200 z[17] = accum.extract();
1201 accum.mul_x2(x[0], x[18]);
1202 accum.mul_x2(x[1], x[17]);
1203 accum.mul_x2(x[2], x[16]);
1204 accum.mul_x2(x[3], x[15]);
1205 accum.mul_x2(x[4], x[14]);
1206 accum.mul_x2(x[5], x[13]);
1207 accum.mul_x2(x[6], x[12]);
1208 accum.mul_x2(x[7], x[11]);
1209 accum.mul_x2(x[8], x[10]);
1210 accum.mul(x[9], x[9]);
1211 z[18] = accum.extract();
1212 accum.mul_x2(x[0], x[19]);
1213 accum.mul_x2(x[1], x[18]);
1214 accum.mul_x2(x[2], x[17]);
1215 accum.mul_x2(x[3], x[16]);
1216 accum.mul_x2(x[4], x[15]);
1217 accum.mul_x2(x[5], x[14]);
1218 accum.mul_x2(x[6], x[13]);
1219 accum.mul_x2(x[7], x[12]);
1220 accum.mul_x2(x[8], x[11]);
1221 accum.mul_x2(x[9], x[10]);
1222 z[19] = accum.extract();
1223 accum.mul_x2(x[0], x[20]);
1224 accum.mul_x2(x[1], x[19]);
1225 accum.mul_x2(x[2], x[18]);
1226 accum.mul_x2(x[3], x[17]);
1227 accum.mul_x2(x[4], x[16]);
1228 accum.mul_x2(x[5], x[15]);
1229 accum.mul_x2(x[6], x[14]);
1230 accum.mul_x2(x[7], x[13]);
1231 accum.mul_x2(x[8], x[12]);
1232 accum.mul_x2(x[9], x[11]);
1233 accum.mul(x[10], x[10]);
1234 z[20] = accum.extract();
1235 accum.mul_x2(x[0], x[21]);
1236 accum.mul_x2(x[1], x[20]);
1237 accum.mul_x2(x[2], x[19]);
1238 accum.mul_x2(x[3], x[18]);
1239 accum.mul_x2(x[4], x[17]);
1240 accum.mul_x2(x[5], x[16]);
1241 accum.mul_x2(x[6], x[15]);
1242 accum.mul_x2(x[7], x[14]);
1243 accum.mul_x2(x[8], x[13]);
1244 accum.mul_x2(x[9], x[12]);
1245 accum.mul_x2(x[10], x[11]);
1246 z[21] = accum.extract();
1247 accum.mul_x2(x[0], x[22]);
1248 accum.mul_x2(x[1], x[21]);
1249 accum.mul_x2(x[2], x[20]);
1250 accum.mul_x2(x[3], x[19]);
1251 accum.mul_x2(x[4], x[18]);
1252 accum.mul_x2(x[5], x[17]);
1253 accum.mul_x2(x[6], x[16]);
1254 accum.mul_x2(x[7], x[15]);
1255 accum.mul_x2(x[8], x[14]);
1256 accum.mul_x2(x[9], x[13]);
1257 accum.mul_x2(x[10], x[12]);
1258 accum.mul(x[11], x[11]);
1259 z[22] = accum.extract();
1260 accum.mul_x2(x[0], x[23]);
1261 accum.mul_x2(x[1], x[22]);
1262 accum.mul_x2(x[2], x[21]);
1263 accum.mul_x2(x[3], x[20]);
1264 accum.mul_x2(x[4], x[19]);
1265 accum.mul_x2(x[5], x[18]);
1266 accum.mul_x2(x[6], x[17]);
1267 accum.mul_x2(x[7], x[16]);
1268 accum.mul_x2(x[8], x[15]);
1269 accum.mul_x2(x[9], x[14]);
1270 accum.mul_x2(x[10], x[13]);
1271 accum.mul_x2(x[11], x[12]);
1272 z[23] = accum.extract();
1273 accum.mul_x2(x[1], x[23]);
1274 accum.mul_x2(x[2], x[22]);
1275 accum.mul_x2(x[3], x[21]);
1276 accum.mul_x2(x[4], x[20]);
1277 accum.mul_x2(x[5], x[19]);
1278 accum.mul_x2(x[6], x[18]);
1279 accum.mul_x2(x[7], x[17]);
1280 accum.mul_x2(x[8], x[16]);
1281 accum.mul_x2(x[9], x[15]);
1282 accum.mul_x2(x[10], x[14]);
1283 accum.mul_x2(x[11], x[13]);
1284 accum.mul(x[12], x[12]);
1285 z[24] = accum.extract();
1286 accum.mul_x2(x[2], x[23]);
1287 accum.mul_x2(x[3], x[22]);
1288 accum.mul_x2(x[4], x[21]);
1289 accum.mul_x2(x[5], x[20]);
1290 accum.mul_x2(x[6], x[19]);
1291 accum.mul_x2(x[7], x[18]);
1292 accum.mul_x2(x[8], x[17]);
1293 accum.mul_x2(x[9], x[16]);
1294 accum.mul_x2(x[10], x[15]);
1295 accum.mul_x2(x[11], x[14]);
1296 accum.mul_x2(x[12], x[13]);
1297 z[25] = accum.extract();
1298 accum.mul_x2(x[3], x[23]);
1299 accum.mul_x2(x[4], x[22]);
1300 accum.mul_x2(x[5], x[21]);
1301 accum.mul_x2(x[6], x[20]);
1302 accum.mul_x2(x[7], x[19]);
1303 accum.mul_x2(x[8], x[18]);
1304 accum.mul_x2(x[9], x[17]);
1305 accum.mul_x2(x[10], x[16]);
1306 accum.mul_x2(x[11], x[15]);
1307 accum.mul_x2(x[12], x[14]);
1308 accum.mul(x[13], x[13]);
1309 z[26] = accum.extract();
1310 accum.mul_x2(x[4], x[23]);
1311 accum.mul_x2(x[5], x[22]);
1312 accum.mul_x2(x[6], x[21]);
1313 accum.mul_x2(x[7], x[20]);
1314 accum.mul_x2(x[8], x[19]);
1315 accum.mul_x2(x[9], x[18]);
1316 accum.mul_x2(x[10], x[17]);
1317 accum.mul_x2(x[11], x[16]);
1318 accum.mul_x2(x[12], x[15]);
1319 accum.mul_x2(x[13], x[14]);
1320 z[27] = accum.extract();
1321 accum.mul_x2(x[5], x[23]);
1322 accum.mul_x2(x[6], x[22]);
1323 accum.mul_x2(x[7], x[21]);
1324 accum.mul_x2(x[8], x[20]);
1325 accum.mul_x2(x[9], x[19]);
1326 accum.mul_x2(x[10], x[18]);
1327 accum.mul_x2(x[11], x[17]);
1328 accum.mul_x2(x[12], x[16]);
1329 accum.mul_x2(x[13], x[15]);
1330 accum.mul(x[14], x[14]);
1331 z[28] = accum.extract();
1332 accum.mul_x2(x[6], x[23]);
1333 accum.mul_x2(x[7], x[22]);
1334 accum.mul_x2(x[8], x[21]);
1335 accum.mul_x2(x[9], x[20]);
1336 accum.mul_x2(x[10], x[19]);
1337 accum.mul_x2(x[11], x[18]);
1338 accum.mul_x2(x[12], x[17]);
1339 accum.mul_x2(x[13], x[16]);
1340 accum.mul_x2(x[14], x[15]);
1341 z[29] = accum.extract();
1342 accum.mul_x2(x[7], x[23]);
1343 accum.mul_x2(x[8], x[22]);
1344 accum.mul_x2(x[9], x[21]);
1345 accum.mul_x2(x[10], x[20]);
1346 accum.mul_x2(x[11], x[19]);
1347 accum.mul_x2(x[12], x[18]);
1348 accum.mul_x2(x[13], x[17]);
1349 accum.mul_x2(x[14], x[16]);
1350 accum.mul(x[15], x[15]);
1351 z[30] = accum.extract();
1352 accum.mul_x2(x[8], x[23]);
1353 accum.mul_x2(x[9], x[22]);
1354 accum.mul_x2(x[10], x[21]);
1355 accum.mul_x2(x[11], x[20]);
1356 accum.mul_x2(x[12], x[19]);
1357 accum.mul_x2(x[13], x[18]);
1358 accum.mul_x2(x[14], x[17]);
1359 accum.mul_x2(x[15], x[16]);
1360 z[31] = accum.extract();
1361 accum.mul_x2(x[9], x[23]);
1362 accum.mul_x2(x[10], x[22]);
1363 accum.mul_x2(x[11], x[21]);
1364 accum.mul_x2(x[12], x[20]);
1365 accum.mul_x2(x[13], x[19]);
1366 accum.mul_x2(x[14], x[18]);
1367 accum.mul_x2(x[15], x[17]);
1368 accum.mul(x[16], x[16]);
1369 z[32] = accum.extract();
1370 accum.mul_x2(x[10], x[23]);
1371 accum.mul_x2(x[11], x[22]);
1372 accum.mul_x2(x[12], x[21]);
1373 accum.mul_x2(x[13], x[20]);
1374 accum.mul_x2(x[14], x[19]);
1375 accum.mul_x2(x[15], x[18]);
1376 accum.mul_x2(x[16], x[17]);
1377 z[33] = accum.extract();
1378 accum.mul_x2(x[11], x[23]);
1379 accum.mul_x2(x[12], x[22]);
1380 accum.mul_x2(x[13], x[21]);
1381 accum.mul_x2(x[14], x[20]);
1382 accum.mul_x2(x[15], x[19]);
1383 accum.mul_x2(x[16], x[18]);
1384 accum.mul(x[17], x[17]);
1385 z[34] = accum.extract();
1386 accum.mul_x2(x[12], x[23]);
1387 accum.mul_x2(x[13], x[22]);
1388 accum.mul_x2(x[14], x[21]);
1389 accum.mul_x2(x[15], x[20]);
1390 accum.mul_x2(x[16], x[19]);
1391 accum.mul_x2(x[17], x[18]);
1392 z[35] = accum.extract();
1393 accum.mul_x2(x[13], x[23]);
1394 accum.mul_x2(x[14], x[22]);
1395 accum.mul_x2(x[15], x[21]);
1396 accum.mul_x2(x[16], x[20]);
1397 accum.mul_x2(x[17], x[19]);
1398 accum.mul(x[18], x[18]);
1399 z[36] = accum.extract();
1400 accum.mul_x2(x[14], x[23]);
1401 accum.mul_x2(x[15], x[22]);
1402 accum.mul_x2(x[16], x[21]);
1403 accum.mul_x2(x[17], x[20]);
1404 accum.mul_x2(x[18], x[19]);
1405 z[37] = accum.extract();
1406 accum.mul_x2(x[15], x[23]);
1407 accum.mul_x2(x[16], x[22]);
1408 accum.mul_x2(x[17], x[21]);
1409 accum.mul_x2(x[18], x[20]);
1410 accum.mul(x[19], x[19]);
1411 z[38] = accum.extract();
1412 accum.mul_x2(x[16], x[23]);
1413 accum.mul_x2(x[17], x[22]);
1414 accum.mul_x2(x[18], x[21]);
1415 accum.mul_x2(x[19], x[20]);
1416 z[39] = accum.extract();
1417 accum.mul_x2(x[17], x[23]);
1418 accum.mul_x2(x[18], x[22]);
1419 accum.mul_x2(x[19], x[21]);
1420 accum.mul(x[20], x[20]);
1421 z[40] = accum.extract();
1422 accum.mul_x2(x[18], x[23]);
1423 accum.mul_x2(x[19], x[22]);
1424 accum.mul_x2(x[20], x[21]);
1425 z[41] = accum.extract();
1426 accum.mul_x2(x[19], x[23]);
1427 accum.mul_x2(x[20], x[22]);
1428 accum.mul(x[21], x[21]);
1429 z[42] = accum.extract();
1430 accum.mul_x2(x[20], x[23]);
1431 accum.mul_x2(x[21], x[22]);
1432 z[43] = accum.extract();
1433 accum.mul_x2(x[21], x[23]);
1434 accum.mul(x[22], x[22]);
1435 z[44] = accum.extract();
1436 accum.mul_x2(x[22], x[23]);
1437 z[45] = accum.extract();
1438 accum.mul(x[23], x[23]);
1439 z[46] = accum.extract();
1440 z[47] = accum.extract();
1441}
1442
1443/*
1444* Comba 24x24 Multiplication
1445*/
1446void bigint_comba_mul24(word z[48], const word x[24], const word y[24]) {
1447 word3<word> accum;
1448
1449 accum.mul(x[0], y[0]);
1450 z[0] = accum.extract();
1451 accum.mul(x[0], y[1]);
1452 accum.mul(x[1], y[0]);
1453 z[1] = accum.extract();
1454 accum.mul(x[0], y[2]);
1455 accum.mul(x[1], y[1]);
1456 accum.mul(x[2], y[0]);
1457 z[2] = accum.extract();
1458 accum.mul(x[0], y[3]);
1459 accum.mul(x[1], y[2]);
1460 accum.mul(x[2], y[1]);
1461 accum.mul(x[3], y[0]);
1462 z[3] = accum.extract();
1463 accum.mul(x[0], y[4]);
1464 accum.mul(x[1], y[3]);
1465 accum.mul(x[2], y[2]);
1466 accum.mul(x[3], y[1]);
1467 accum.mul(x[4], y[0]);
1468 z[4] = accum.extract();
1469 accum.mul(x[0], y[5]);
1470 accum.mul(x[1], y[4]);
1471 accum.mul(x[2], y[3]);
1472 accum.mul(x[3], y[2]);
1473 accum.mul(x[4], y[1]);
1474 accum.mul(x[5], y[0]);
1475 z[5] = accum.extract();
1476 accum.mul(x[0], y[6]);
1477 accum.mul(x[1], y[5]);
1478 accum.mul(x[2], y[4]);
1479 accum.mul(x[3], y[3]);
1480 accum.mul(x[4], y[2]);
1481 accum.mul(x[5], y[1]);
1482 accum.mul(x[6], y[0]);
1483 z[6] = accum.extract();
1484 accum.mul(x[0], y[7]);
1485 accum.mul(x[1], y[6]);
1486 accum.mul(x[2], y[5]);
1487 accum.mul(x[3], y[4]);
1488 accum.mul(x[4], y[3]);
1489 accum.mul(x[5], y[2]);
1490 accum.mul(x[6], y[1]);
1491 accum.mul(x[7], y[0]);
1492 z[7] = accum.extract();
1493 accum.mul(x[0], y[8]);
1494 accum.mul(x[1], y[7]);
1495 accum.mul(x[2], y[6]);
1496 accum.mul(x[3], y[5]);
1497 accum.mul(x[4], y[4]);
1498 accum.mul(x[5], y[3]);
1499 accum.mul(x[6], y[2]);
1500 accum.mul(x[7], y[1]);
1501 accum.mul(x[8], y[0]);
1502 z[8] = accum.extract();
1503 accum.mul(x[0], y[9]);
1504 accum.mul(x[1], y[8]);
1505 accum.mul(x[2], y[7]);
1506 accum.mul(x[3], y[6]);
1507 accum.mul(x[4], y[5]);
1508 accum.mul(x[5], y[4]);
1509 accum.mul(x[6], y[3]);
1510 accum.mul(x[7], y[2]);
1511 accum.mul(x[8], y[1]);
1512 accum.mul(x[9], y[0]);
1513 z[9] = accum.extract();
1514 accum.mul(x[0], y[10]);
1515 accum.mul(x[1], y[9]);
1516 accum.mul(x[2], y[8]);
1517 accum.mul(x[3], y[7]);
1518 accum.mul(x[4], y[6]);
1519 accum.mul(x[5], y[5]);
1520 accum.mul(x[6], y[4]);
1521 accum.mul(x[7], y[3]);
1522 accum.mul(x[8], y[2]);
1523 accum.mul(x[9], y[1]);
1524 accum.mul(x[10], y[0]);
1525 z[10] = accum.extract();
1526 accum.mul(x[0], y[11]);
1527 accum.mul(x[1], y[10]);
1528 accum.mul(x[2], y[9]);
1529 accum.mul(x[3], y[8]);
1530 accum.mul(x[4], y[7]);
1531 accum.mul(x[5], y[6]);
1532 accum.mul(x[6], y[5]);
1533 accum.mul(x[7], y[4]);
1534 accum.mul(x[8], y[3]);
1535 accum.mul(x[9], y[2]);
1536 accum.mul(x[10], y[1]);
1537 accum.mul(x[11], y[0]);
1538 z[11] = accum.extract();
1539 accum.mul(x[0], y[12]);
1540 accum.mul(x[1], y[11]);
1541 accum.mul(x[2], y[10]);
1542 accum.mul(x[3], y[9]);
1543 accum.mul(x[4], y[8]);
1544 accum.mul(x[5], y[7]);
1545 accum.mul(x[6], y[6]);
1546 accum.mul(x[7], y[5]);
1547 accum.mul(x[8], y[4]);
1548 accum.mul(x[9], y[3]);
1549 accum.mul(x[10], y[2]);
1550 accum.mul(x[11], y[1]);
1551 accum.mul(x[12], y[0]);
1552 z[12] = accum.extract();
1553 accum.mul(x[0], y[13]);
1554 accum.mul(x[1], y[12]);
1555 accum.mul(x[2], y[11]);
1556 accum.mul(x[3], y[10]);
1557 accum.mul(x[4], y[9]);
1558 accum.mul(x[5], y[8]);
1559 accum.mul(x[6], y[7]);
1560 accum.mul(x[7], y[6]);
1561 accum.mul(x[8], y[5]);
1562 accum.mul(x[9], y[4]);
1563 accum.mul(x[10], y[3]);
1564 accum.mul(x[11], y[2]);
1565 accum.mul(x[12], y[1]);
1566 accum.mul(x[13], y[0]);
1567 z[13] = accum.extract();
1568 accum.mul(x[0], y[14]);
1569 accum.mul(x[1], y[13]);
1570 accum.mul(x[2], y[12]);
1571 accum.mul(x[3], y[11]);
1572 accum.mul(x[4], y[10]);
1573 accum.mul(x[5], y[9]);
1574 accum.mul(x[6], y[8]);
1575 accum.mul(x[7], y[7]);
1576 accum.mul(x[8], y[6]);
1577 accum.mul(x[9], y[5]);
1578 accum.mul(x[10], y[4]);
1579 accum.mul(x[11], y[3]);
1580 accum.mul(x[12], y[2]);
1581 accum.mul(x[13], y[1]);
1582 accum.mul(x[14], y[0]);
1583 z[14] = accum.extract();
1584 accum.mul(x[0], y[15]);
1585 accum.mul(x[1], y[14]);
1586 accum.mul(x[2], y[13]);
1587 accum.mul(x[3], y[12]);
1588 accum.mul(x[4], y[11]);
1589 accum.mul(x[5], y[10]);
1590 accum.mul(x[6], y[9]);
1591 accum.mul(x[7], y[8]);
1592 accum.mul(x[8], y[7]);
1593 accum.mul(x[9], y[6]);
1594 accum.mul(x[10], y[5]);
1595 accum.mul(x[11], y[4]);
1596 accum.mul(x[12], y[3]);
1597 accum.mul(x[13], y[2]);
1598 accum.mul(x[14], y[1]);
1599 accum.mul(x[15], y[0]);
1600 z[15] = accum.extract();
1601 accum.mul(x[0], y[16]);
1602 accum.mul(x[1], y[15]);
1603 accum.mul(x[2], y[14]);
1604 accum.mul(x[3], y[13]);
1605 accum.mul(x[4], y[12]);
1606 accum.mul(x[5], y[11]);
1607 accum.mul(x[6], y[10]);
1608 accum.mul(x[7], y[9]);
1609 accum.mul(x[8], y[8]);
1610 accum.mul(x[9], y[7]);
1611 accum.mul(x[10], y[6]);
1612 accum.mul(x[11], y[5]);
1613 accum.mul(x[12], y[4]);
1614 accum.mul(x[13], y[3]);
1615 accum.mul(x[14], y[2]);
1616 accum.mul(x[15], y[1]);
1617 accum.mul(x[16], y[0]);
1618 z[16] = accum.extract();
1619 accum.mul(x[0], y[17]);
1620 accum.mul(x[1], y[16]);
1621 accum.mul(x[2], y[15]);
1622 accum.mul(x[3], y[14]);
1623 accum.mul(x[4], y[13]);
1624 accum.mul(x[5], y[12]);
1625 accum.mul(x[6], y[11]);
1626 accum.mul(x[7], y[10]);
1627 accum.mul(x[8], y[9]);
1628 accum.mul(x[9], y[8]);
1629 accum.mul(x[10], y[7]);
1630 accum.mul(x[11], y[6]);
1631 accum.mul(x[12], y[5]);
1632 accum.mul(x[13], y[4]);
1633 accum.mul(x[14], y[3]);
1634 accum.mul(x[15], y[2]);
1635 accum.mul(x[16], y[1]);
1636 accum.mul(x[17], y[0]);
1637 z[17] = accum.extract();
1638 accum.mul(x[0], y[18]);
1639 accum.mul(x[1], y[17]);
1640 accum.mul(x[2], y[16]);
1641 accum.mul(x[3], y[15]);
1642 accum.mul(x[4], y[14]);
1643 accum.mul(x[5], y[13]);
1644 accum.mul(x[6], y[12]);
1645 accum.mul(x[7], y[11]);
1646 accum.mul(x[8], y[10]);
1647 accum.mul(x[9], y[9]);
1648 accum.mul(x[10], y[8]);
1649 accum.mul(x[11], y[7]);
1650 accum.mul(x[12], y[6]);
1651 accum.mul(x[13], y[5]);
1652 accum.mul(x[14], y[4]);
1653 accum.mul(x[15], y[3]);
1654 accum.mul(x[16], y[2]);
1655 accum.mul(x[17], y[1]);
1656 accum.mul(x[18], y[0]);
1657 z[18] = accum.extract();
1658 accum.mul(x[0], y[19]);
1659 accum.mul(x[1], y[18]);
1660 accum.mul(x[2], y[17]);
1661 accum.mul(x[3], y[16]);
1662 accum.mul(x[4], y[15]);
1663 accum.mul(x[5], y[14]);
1664 accum.mul(x[6], y[13]);
1665 accum.mul(x[7], y[12]);
1666 accum.mul(x[8], y[11]);
1667 accum.mul(x[9], y[10]);
1668 accum.mul(x[10], y[9]);
1669 accum.mul(x[11], y[8]);
1670 accum.mul(x[12], y[7]);
1671 accum.mul(x[13], y[6]);
1672 accum.mul(x[14], y[5]);
1673 accum.mul(x[15], y[4]);
1674 accum.mul(x[16], y[3]);
1675 accum.mul(x[17], y[2]);
1676 accum.mul(x[18], y[1]);
1677 accum.mul(x[19], y[0]);
1678 z[19] = accum.extract();
1679 accum.mul(x[0], y[20]);
1680 accum.mul(x[1], y[19]);
1681 accum.mul(x[2], y[18]);
1682 accum.mul(x[3], y[17]);
1683 accum.mul(x[4], y[16]);
1684 accum.mul(x[5], y[15]);
1685 accum.mul(x[6], y[14]);
1686 accum.mul(x[7], y[13]);
1687 accum.mul(x[8], y[12]);
1688 accum.mul(x[9], y[11]);
1689 accum.mul(x[10], y[10]);
1690 accum.mul(x[11], y[9]);
1691 accum.mul(x[12], y[8]);
1692 accum.mul(x[13], y[7]);
1693 accum.mul(x[14], y[6]);
1694 accum.mul(x[15], y[5]);
1695 accum.mul(x[16], y[4]);
1696 accum.mul(x[17], y[3]);
1697 accum.mul(x[18], y[2]);
1698 accum.mul(x[19], y[1]);
1699 accum.mul(x[20], y[0]);
1700 z[20] = accum.extract();
1701 accum.mul(x[0], y[21]);
1702 accum.mul(x[1], y[20]);
1703 accum.mul(x[2], y[19]);
1704 accum.mul(x[3], y[18]);
1705 accum.mul(x[4], y[17]);
1706 accum.mul(x[5], y[16]);
1707 accum.mul(x[6], y[15]);
1708 accum.mul(x[7], y[14]);
1709 accum.mul(x[8], y[13]);
1710 accum.mul(x[9], y[12]);
1711 accum.mul(x[10], y[11]);
1712 accum.mul(x[11], y[10]);
1713 accum.mul(x[12], y[9]);
1714 accum.mul(x[13], y[8]);
1715 accum.mul(x[14], y[7]);
1716 accum.mul(x[15], y[6]);
1717 accum.mul(x[16], y[5]);
1718 accum.mul(x[17], y[4]);
1719 accum.mul(x[18], y[3]);
1720 accum.mul(x[19], y[2]);
1721 accum.mul(x[20], y[1]);
1722 accum.mul(x[21], y[0]);
1723 z[21] = accum.extract();
1724 accum.mul(x[0], y[22]);
1725 accum.mul(x[1], y[21]);
1726 accum.mul(x[2], y[20]);
1727 accum.mul(x[3], y[19]);
1728 accum.mul(x[4], y[18]);
1729 accum.mul(x[5], y[17]);
1730 accum.mul(x[6], y[16]);
1731 accum.mul(x[7], y[15]);
1732 accum.mul(x[8], y[14]);
1733 accum.mul(x[9], y[13]);
1734 accum.mul(x[10], y[12]);
1735 accum.mul(x[11], y[11]);
1736 accum.mul(x[12], y[10]);
1737 accum.mul(x[13], y[9]);
1738 accum.mul(x[14], y[8]);
1739 accum.mul(x[15], y[7]);
1740 accum.mul(x[16], y[6]);
1741 accum.mul(x[17], y[5]);
1742 accum.mul(x[18], y[4]);
1743 accum.mul(x[19], y[3]);
1744 accum.mul(x[20], y[2]);
1745 accum.mul(x[21], y[1]);
1746 accum.mul(x[22], y[0]);
1747 z[22] = accum.extract();
1748 accum.mul(x[0], y[23]);
1749 accum.mul(x[1], y[22]);
1750 accum.mul(x[2], y[21]);
1751 accum.mul(x[3], y[20]);
1752 accum.mul(x[4], y[19]);
1753 accum.mul(x[5], y[18]);
1754 accum.mul(x[6], y[17]);
1755 accum.mul(x[7], y[16]);
1756 accum.mul(x[8], y[15]);
1757 accum.mul(x[9], y[14]);
1758 accum.mul(x[10], y[13]);
1759 accum.mul(x[11], y[12]);
1760 accum.mul(x[12], y[11]);
1761 accum.mul(x[13], y[10]);
1762 accum.mul(x[14], y[9]);
1763 accum.mul(x[15], y[8]);
1764 accum.mul(x[16], y[7]);
1765 accum.mul(x[17], y[6]);
1766 accum.mul(x[18], y[5]);
1767 accum.mul(x[19], y[4]);
1768 accum.mul(x[20], y[3]);
1769 accum.mul(x[21], y[2]);
1770 accum.mul(x[22], y[1]);
1771 accum.mul(x[23], y[0]);
1772 z[23] = accum.extract();
1773 accum.mul(x[1], y[23]);
1774 accum.mul(x[2], y[22]);
1775 accum.mul(x[3], y[21]);
1776 accum.mul(x[4], y[20]);
1777 accum.mul(x[5], y[19]);
1778 accum.mul(x[6], y[18]);
1779 accum.mul(x[7], y[17]);
1780 accum.mul(x[8], y[16]);
1781 accum.mul(x[9], y[15]);
1782 accum.mul(x[10], y[14]);
1783 accum.mul(x[11], y[13]);
1784 accum.mul(x[12], y[12]);
1785 accum.mul(x[13], y[11]);
1786 accum.mul(x[14], y[10]);
1787 accum.mul(x[15], y[9]);
1788 accum.mul(x[16], y[8]);
1789 accum.mul(x[17], y[7]);
1790 accum.mul(x[18], y[6]);
1791 accum.mul(x[19], y[5]);
1792 accum.mul(x[20], y[4]);
1793 accum.mul(x[21], y[3]);
1794 accum.mul(x[22], y[2]);
1795 accum.mul(x[23], y[1]);
1796 z[24] = accum.extract();
1797 accum.mul(x[2], y[23]);
1798 accum.mul(x[3], y[22]);
1799 accum.mul(x[4], y[21]);
1800 accum.mul(x[5], y[20]);
1801 accum.mul(x[6], y[19]);
1802 accum.mul(x[7], y[18]);
1803 accum.mul(x[8], y[17]);
1804 accum.mul(x[9], y[16]);
1805 accum.mul(x[10], y[15]);
1806 accum.mul(x[11], y[14]);
1807 accum.mul(x[12], y[13]);
1808 accum.mul(x[13], y[12]);
1809 accum.mul(x[14], y[11]);
1810 accum.mul(x[15], y[10]);
1811 accum.mul(x[16], y[9]);
1812 accum.mul(x[17], y[8]);
1813 accum.mul(x[18], y[7]);
1814 accum.mul(x[19], y[6]);
1815 accum.mul(x[20], y[5]);
1816 accum.mul(x[21], y[4]);
1817 accum.mul(x[22], y[3]);
1818 accum.mul(x[23], y[2]);
1819 z[25] = accum.extract();
1820 accum.mul(x[3], y[23]);
1821 accum.mul(x[4], y[22]);
1822 accum.mul(x[5], y[21]);
1823 accum.mul(x[6], y[20]);
1824 accum.mul(x[7], y[19]);
1825 accum.mul(x[8], y[18]);
1826 accum.mul(x[9], y[17]);
1827 accum.mul(x[10], y[16]);
1828 accum.mul(x[11], y[15]);
1829 accum.mul(x[12], y[14]);
1830 accum.mul(x[13], y[13]);
1831 accum.mul(x[14], y[12]);
1832 accum.mul(x[15], y[11]);
1833 accum.mul(x[16], y[10]);
1834 accum.mul(x[17], y[9]);
1835 accum.mul(x[18], y[8]);
1836 accum.mul(x[19], y[7]);
1837 accum.mul(x[20], y[6]);
1838 accum.mul(x[21], y[5]);
1839 accum.mul(x[22], y[4]);
1840 accum.mul(x[23], y[3]);
1841 z[26] = accum.extract();
1842 accum.mul(x[4], y[23]);
1843 accum.mul(x[5], y[22]);
1844 accum.mul(x[6], y[21]);
1845 accum.mul(x[7], y[20]);
1846 accum.mul(x[8], y[19]);
1847 accum.mul(x[9], y[18]);
1848 accum.mul(x[10], y[17]);
1849 accum.mul(x[11], y[16]);
1850 accum.mul(x[12], y[15]);
1851 accum.mul(x[13], y[14]);
1852 accum.mul(x[14], y[13]);
1853 accum.mul(x[15], y[12]);
1854 accum.mul(x[16], y[11]);
1855 accum.mul(x[17], y[10]);
1856 accum.mul(x[18], y[9]);
1857 accum.mul(x[19], y[8]);
1858 accum.mul(x[20], y[7]);
1859 accum.mul(x[21], y[6]);
1860 accum.mul(x[22], y[5]);
1861 accum.mul(x[23], y[4]);
1862 z[27] = accum.extract();
1863 accum.mul(x[5], y[23]);
1864 accum.mul(x[6], y[22]);
1865 accum.mul(x[7], y[21]);
1866 accum.mul(x[8], y[20]);
1867 accum.mul(x[9], y[19]);
1868 accum.mul(x[10], y[18]);
1869 accum.mul(x[11], y[17]);
1870 accum.mul(x[12], y[16]);
1871 accum.mul(x[13], y[15]);
1872 accum.mul(x[14], y[14]);
1873 accum.mul(x[15], y[13]);
1874 accum.mul(x[16], y[12]);
1875 accum.mul(x[17], y[11]);
1876 accum.mul(x[18], y[10]);
1877 accum.mul(x[19], y[9]);
1878 accum.mul(x[20], y[8]);
1879 accum.mul(x[21], y[7]);
1880 accum.mul(x[22], y[6]);
1881 accum.mul(x[23], y[5]);
1882 z[28] = accum.extract();
1883 accum.mul(x[6], y[23]);
1884 accum.mul(x[7], y[22]);
1885 accum.mul(x[8], y[21]);
1886 accum.mul(x[9], y[20]);
1887 accum.mul(x[10], y[19]);
1888 accum.mul(x[11], y[18]);
1889 accum.mul(x[12], y[17]);
1890 accum.mul(x[13], y[16]);
1891 accum.mul(x[14], y[15]);
1892 accum.mul(x[15], y[14]);
1893 accum.mul(x[16], y[13]);
1894 accum.mul(x[17], y[12]);
1895 accum.mul(x[18], y[11]);
1896 accum.mul(x[19], y[10]);
1897 accum.mul(x[20], y[9]);
1898 accum.mul(x[21], y[8]);
1899 accum.mul(x[22], y[7]);
1900 accum.mul(x[23], y[6]);
1901 z[29] = accum.extract();
1902 accum.mul(x[7], y[23]);
1903 accum.mul(x[8], y[22]);
1904 accum.mul(x[9], y[21]);
1905 accum.mul(x[10], y[20]);
1906 accum.mul(x[11], y[19]);
1907 accum.mul(x[12], y[18]);
1908 accum.mul(x[13], y[17]);
1909 accum.mul(x[14], y[16]);
1910 accum.mul(x[15], y[15]);
1911 accum.mul(x[16], y[14]);
1912 accum.mul(x[17], y[13]);
1913 accum.mul(x[18], y[12]);
1914 accum.mul(x[19], y[11]);
1915 accum.mul(x[20], y[10]);
1916 accum.mul(x[21], y[9]);
1917 accum.mul(x[22], y[8]);
1918 accum.mul(x[23], y[7]);
1919 z[30] = accum.extract();
1920 accum.mul(x[8], y[23]);
1921 accum.mul(x[9], y[22]);
1922 accum.mul(x[10], y[21]);
1923 accum.mul(x[11], y[20]);
1924 accum.mul(x[12], y[19]);
1925 accum.mul(x[13], y[18]);
1926 accum.mul(x[14], y[17]);
1927 accum.mul(x[15], y[16]);
1928 accum.mul(x[16], y[15]);
1929 accum.mul(x[17], y[14]);
1930 accum.mul(x[18], y[13]);
1931 accum.mul(x[19], y[12]);
1932 accum.mul(x[20], y[11]);
1933 accum.mul(x[21], y[10]);
1934 accum.mul(x[22], y[9]);
1935 accum.mul(x[23], y[8]);
1936 z[31] = accum.extract();
1937 accum.mul(x[9], y[23]);
1938 accum.mul(x[10], y[22]);
1939 accum.mul(x[11], y[21]);
1940 accum.mul(x[12], y[20]);
1941 accum.mul(x[13], y[19]);
1942 accum.mul(x[14], y[18]);
1943 accum.mul(x[15], y[17]);
1944 accum.mul(x[16], y[16]);
1945 accum.mul(x[17], y[15]);
1946 accum.mul(x[18], y[14]);
1947 accum.mul(x[19], y[13]);
1948 accum.mul(x[20], y[12]);
1949 accum.mul(x[21], y[11]);
1950 accum.mul(x[22], y[10]);
1951 accum.mul(x[23], y[9]);
1952 z[32] = accum.extract();
1953 accum.mul(x[10], y[23]);
1954 accum.mul(x[11], y[22]);
1955 accum.mul(x[12], y[21]);
1956 accum.mul(x[13], y[20]);
1957 accum.mul(x[14], y[19]);
1958 accum.mul(x[15], y[18]);
1959 accum.mul(x[16], y[17]);
1960 accum.mul(x[17], y[16]);
1961 accum.mul(x[18], y[15]);
1962 accum.mul(x[19], y[14]);
1963 accum.mul(x[20], y[13]);
1964 accum.mul(x[21], y[12]);
1965 accum.mul(x[22], y[11]);
1966 accum.mul(x[23], y[10]);
1967 z[33] = accum.extract();
1968 accum.mul(x[11], y[23]);
1969 accum.mul(x[12], y[22]);
1970 accum.mul(x[13], y[21]);
1971 accum.mul(x[14], y[20]);
1972 accum.mul(x[15], y[19]);
1973 accum.mul(x[16], y[18]);
1974 accum.mul(x[17], y[17]);
1975 accum.mul(x[18], y[16]);
1976 accum.mul(x[19], y[15]);
1977 accum.mul(x[20], y[14]);
1978 accum.mul(x[21], y[13]);
1979 accum.mul(x[22], y[12]);
1980 accum.mul(x[23], y[11]);
1981 z[34] = accum.extract();
1982 accum.mul(x[12], y[23]);
1983 accum.mul(x[13], y[22]);
1984 accum.mul(x[14], y[21]);
1985 accum.mul(x[15], y[20]);
1986 accum.mul(x[16], y[19]);
1987 accum.mul(x[17], y[18]);
1988 accum.mul(x[18], y[17]);
1989 accum.mul(x[19], y[16]);
1990 accum.mul(x[20], y[15]);
1991 accum.mul(x[21], y[14]);
1992 accum.mul(x[22], y[13]);
1993 accum.mul(x[23], y[12]);
1994 z[35] = accum.extract();
1995 accum.mul(x[13], y[23]);
1996 accum.mul(x[14], y[22]);
1997 accum.mul(x[15], y[21]);
1998 accum.mul(x[16], y[20]);
1999 accum.mul(x[17], y[19]);
2000 accum.mul(x[18], y[18]);
2001 accum.mul(x[19], y[17]);
2002 accum.mul(x[20], y[16]);
2003 accum.mul(x[21], y[15]);
2004 accum.mul(x[22], y[14]);
2005 accum.mul(x[23], y[13]);
2006 z[36] = accum.extract();
2007 accum.mul(x[14], y[23]);
2008 accum.mul(x[15], y[22]);
2009 accum.mul(x[16], y[21]);
2010 accum.mul(x[17], y[20]);
2011 accum.mul(x[18], y[19]);
2012 accum.mul(x[19], y[18]);
2013 accum.mul(x[20], y[17]);
2014 accum.mul(x[21], y[16]);
2015 accum.mul(x[22], y[15]);
2016 accum.mul(x[23], y[14]);
2017 z[37] = accum.extract();
2018 accum.mul(x[15], y[23]);
2019 accum.mul(x[16], y[22]);
2020 accum.mul(x[17], y[21]);
2021 accum.mul(x[18], y[20]);
2022 accum.mul(x[19], y[19]);
2023 accum.mul(x[20], y[18]);
2024 accum.mul(x[21], y[17]);
2025 accum.mul(x[22], y[16]);
2026 accum.mul(x[23], y[15]);
2027 z[38] = accum.extract();
2028 accum.mul(x[16], y[23]);
2029 accum.mul(x[17], y[22]);
2030 accum.mul(x[18], y[21]);
2031 accum.mul(x[19], y[20]);
2032 accum.mul(x[20], y[19]);
2033 accum.mul(x[21], y[18]);
2034 accum.mul(x[22], y[17]);
2035 accum.mul(x[23], y[16]);
2036 z[39] = accum.extract();
2037 accum.mul(x[17], y[23]);
2038 accum.mul(x[18], y[22]);
2039 accum.mul(x[19], y[21]);
2040 accum.mul(x[20], y[20]);
2041 accum.mul(x[21], y[19]);
2042 accum.mul(x[22], y[18]);
2043 accum.mul(x[23], y[17]);
2044 z[40] = accum.extract();
2045 accum.mul(x[18], y[23]);
2046 accum.mul(x[19], y[22]);
2047 accum.mul(x[20], y[21]);
2048 accum.mul(x[21], y[20]);
2049 accum.mul(x[22], y[19]);
2050 accum.mul(x[23], y[18]);
2051 z[41] = accum.extract();
2052 accum.mul(x[19], y[23]);
2053 accum.mul(x[20], y[22]);
2054 accum.mul(x[21], y[21]);
2055 accum.mul(x[22], y[20]);
2056 accum.mul(x[23], y[19]);
2057 z[42] = accum.extract();
2058 accum.mul(x[20], y[23]);
2059 accum.mul(x[21], y[22]);
2060 accum.mul(x[22], y[21]);
2061 accum.mul(x[23], y[20]);
2062 z[43] = accum.extract();
2063 accum.mul(x[21], y[23]);
2064 accum.mul(x[22], y[22]);
2065 accum.mul(x[23], y[21]);
2066 z[44] = accum.extract();
2067 accum.mul(x[22], y[23]);
2068 accum.mul(x[23], y[22]);
2069 z[45] = accum.extract();
2070 accum.mul(x[23], y[23]);
2071 z[46] = accum.extract();
2072 z[47] = accum.extract();
2073}
2074
2075} // namespace Botan
Botan::word3::extract
constexpr W extract()
Definition mp_asmi.h:647
Botan::word3::mul
constexpr void mul(W x, W y)
Definition mp_asmi.h:641
Botan::word3::mul_x2
constexpr void mul_x2(W x, W y)
Definition mp_asmi.h:643
Botan::bigint_comba_sqr4
void bigint_comba_sqr4(word z[8], const word x[4])
Definition mp_comba.cpp:16
Botan::bigint_comba_sqr6
void bigint_comba_sqr6(word z[12], const word x[6])
Definition mp_comba.cpp:74
Botan::bigint_comba_sqr7
void bigint_comba_sqr7(word z[14], const word x[7])
Definition mp_comba.cpp:171
Botan::bigint_comba_mul4
void bigint_comba_mul4(word z[8], const word x[4], const word y[4])
Definition mp_comba.cpp:42
Botan::bigint_comba_mul16
void bigint_comba_mul16(word z[32], const word x[16], const word y[16])
Definition mp_comba.cpp:794
Botan::bigint_comba_mul6
void bigint_comba_mul6(word z[12], const word x[6], const word y[6])
Definition mp_comba.cpp:115
Botan::bigint_comba_mul7
void bigint_comba_mul7(word z[14], const word x[7], const word y[7])
Definition mp_comba.cpp:221
Botan::bigint_comba_mul9
void bigint_comba_mul9(word z[18], const word x[9], const word y[9])
Definition mp_comba.cpp:511
Botan::bigint_comba_mul24
void bigint_comba_mul24(word z[48], const word x[24], const word y[24])
Definition mp_comba.cpp:1446
Botan::bigint_comba_sqr8
void bigint_comba_sqr8(word z[16], const word x[8])
Definition mp_comba.cpp:292
Botan::bigint_comba_sqr16
void bigint_comba_sqr16(word z[32], const word x[16])
Definition mp_comba.cpp:618
Botan::bigint_comba_sqr9
void bigint_comba_sqr9(word z[18], const word x[9])
Definition mp_comba.cpp:440
Botan::bigint_comba_sqr24
void bigint_comba_sqr24(word z[48], const word x[24])
Definition mp_comba.cpp:1090
Botan::bigint_comba_mul8
void bigint_comba_mul8(word z[16], const word x[8], const word y[8])
Definition mp_comba.cpp:352
Generated by doxygen 1.11.0