Botan 3.12.0
Crypto and TLS for C&
mp_comba.cpp
Go to the documentation of this file.
1/*
2* Comba Multiplication and Squaring
3*
4* This file was automatically generated by ./src/scripts/dev_tools/gen_mp_comba.py on 2026-04-24
5* All manual changes will be lost. Edit the script instead.
6*
7* Botan is released under the Simplified BSD License (see license.txt)
8*/
9
10#include <botan/internal/mp_core.h>
11
12namespace Botan {
13
14/*
15* Comba 4x4 Squaring
16*/
17void bigint_comba_sqr4(word z[8], const word x[4]) {
18 word3<word> accum;
19
20 accum.mul(x[0], x[0]);
21 z[0] = accum.extract();
22 accum.mul_x2(x[0], x[1]);
23 z[1] = accum.extract();
24 accum.mul_x2(x[0], x[2]);
25 accum.mul(x[1], x[1]);
26 z[2] = accum.extract();
27 accum.mul_x2(x[0], x[3]);
28 accum.mul_x2(x[1], x[2]);
29 z[3] = accum.extract();
30 accum.mul_x2(x[1], x[3]);
31 accum.mul(x[2], x[2]);
32 z[4] = accum.extract();
33 accum.mul_x2(x[2], x[3]);
34 z[5] = accum.extract();
35 accum.mul(x[3], x[3]);
36 z[6] = accum.extract();
37 z[7] = accum.extract();
38}
39
40/*
41* Comba 4x4 Multiplication
42*/
43void bigint_comba_mul4(word z[8], const word x[4], const word y[4]) {
44 word3<word> accum;
45
46 accum.mul(x[0], y[0]);
47 z[0] = accum.extract();
48 accum.mul(x[0], y[1]);
49 accum.mul(x[1], y[0]);
50 z[1] = accum.extract();
51 accum.mul(x[0], y[2]);
52 accum.mul(x[1], y[1]);
53 accum.mul(x[2], y[0]);
54 z[2] = accum.extract();
55 accum.mul(x[0], y[3]);
56 accum.mul(x[1], y[2]);
57 accum.mul(x[2], y[1]);
58 accum.mul(x[3], y[0]);
59 z[3] = accum.extract();
60 accum.mul(x[1], y[3]);
61 accum.mul(x[2], y[2]);
62 accum.mul(x[3], y[1]);
63 z[4] = accum.extract();
64 accum.mul(x[2], y[3]);
65 accum.mul(x[3], y[2]);
66 z[5] = accum.extract();
67 accum.mul(x[3], y[3]);
68 z[6] = accum.extract();
69 z[7] = accum.extract();
70}
71
72/*
73* Comba 6x6 Squaring
74*/
75void bigint_comba_sqr6(word z[12], const word x[6]) {
76 word3<word> accum;
77
78 accum.mul(x[0], x[0]);
79 z[0] = accum.extract();
80 accum.mul_x2(x[0], x[1]);
81 z[1] = accum.extract();
82 accum.mul_x2(x[0], x[2]);
83 accum.mul(x[1], x[1]);
84 z[2] = accum.extract();
85 accum.mul_x2(x[0], x[3]);
86 accum.mul_x2(x[1], x[2]);
87 z[3] = accum.extract();
88 accum.mul_x2(x[0], x[4]);
89 accum.mul_x2(x[1], x[3]);
90 accum.mul(x[2], x[2]);
91 z[4] = accum.extract();
92 accum.mul_x2(x[0], x[5]);
93 accum.mul_x2(x[1], x[4]);
94 accum.mul_x2(x[2], x[3]);
95 z[5] = accum.extract();
96 accum.mul_x2(x[1], x[5]);
97 accum.mul_x2(x[2], x[4]);
98 accum.mul(x[3], x[3]);
99 z[6] = accum.extract();
100 accum.mul_x2(x[2], x[5]);
101 accum.mul_x2(x[3], x[4]);
102 z[7] = accum.extract();
103 accum.mul_x2(x[3], x[5]);
104 accum.mul(x[4], x[4]);
105 z[8] = accum.extract();
106 accum.mul_x2(x[4], x[5]);
107 z[9] = accum.extract();
108 accum.mul(x[5], x[5]);
109 z[10] = accum.extract();
110 z[11] = accum.extract();
111}
112
113/*
114* Comba 6x6 Multiplication
115*/
116void bigint_comba_mul6(word z[12], const word x[6], const word y[6]) {
117 word3<word> accum;
118
119 accum.mul(x[0], y[0]);
120 z[0] = accum.extract();
121 accum.mul(x[0], y[1]);
122 accum.mul(x[1], y[0]);
123 z[1] = accum.extract();
124 accum.mul(x[0], y[2]);
125 accum.mul(x[1], y[1]);
126 accum.mul(x[2], y[0]);
127 z[2] = accum.extract();
128 accum.mul(x[0], y[3]);
129 accum.mul(x[1], y[2]);
130 accum.mul(x[2], y[1]);
131 accum.mul(x[3], y[0]);
132 z[3] = accum.extract();
133 accum.mul(x[0], y[4]);
134 accum.mul(x[1], y[3]);
135 accum.mul(x[2], y[2]);
136 accum.mul(x[3], y[1]);
137 accum.mul(x[4], y[0]);
138 z[4] = accum.extract();
139 accum.mul(x[0], y[5]);
140 accum.mul(x[1], y[4]);
141 accum.mul(x[2], y[3]);
142 accum.mul(x[3], y[2]);
143 accum.mul(x[4], y[1]);
144 accum.mul(x[5], y[0]);
145 z[5] = accum.extract();
146 accum.mul(x[1], y[5]);
147 accum.mul(x[2], y[4]);
148 accum.mul(x[3], y[3]);
149 accum.mul(x[4], y[2]);
150 accum.mul(x[5], y[1]);
151 z[6] = accum.extract();
152 accum.mul(x[2], y[5]);
153 accum.mul(x[3], y[4]);
154 accum.mul(x[4], y[3]);
155 accum.mul(x[5], y[2]);
156 z[7] = accum.extract();
157 accum.mul(x[3], y[5]);
158 accum.mul(x[4], y[4]);
159 accum.mul(x[5], y[3]);
160 z[8] = accum.extract();
161 accum.mul(x[4], y[5]);
162 accum.mul(x[5], y[4]);
163 z[9] = accum.extract();
164 accum.mul(x[5], y[5]);
165 z[10] = accum.extract();
166 z[11] = accum.extract();
167}
168
169/*
170* Comba 7x7 Squaring
171*/
172void bigint_comba_sqr7(word z[14], const word x[7]) {
173 word3<word> accum;
174
175 accum.mul(x[0], x[0]);
176 z[0] = accum.extract();
177 accum.mul_x2(x[0], x[1]);
178 z[1] = accum.extract();
179 accum.mul_x2(x[0], x[2]);
180 accum.mul(x[1], x[1]);
181 z[2] = accum.extract();
182 accum.mul_x2(x[0], x[3]);
183 accum.mul_x2(x[1], x[2]);
184 z[3] = accum.extract();
185 accum.mul_x2(x[0], x[4]);
186 accum.mul_x2(x[1], x[3]);
187 accum.mul(x[2], x[2]);
188 z[4] = accum.extract();
189 accum.mul_x2(x[0], x[5]);
190 accum.mul_x2(x[1], x[4]);
191 accum.mul_x2(x[2], x[3]);
192 z[5] = accum.extract();
193 accum.mul_x2(x[0], x[6]);
194 accum.mul_x2(x[1], x[5]);
195 accum.mul_x2(x[2], x[4]);
196 accum.mul(x[3], x[3]);
197 z[6] = accum.extract();
198 accum.mul_x2(x[1], x[6]);
199 accum.mul_x2(x[2], x[5]);
200 accum.mul_x2(x[3], x[4]);
201 z[7] = accum.extract();
202 accum.mul_x2(x[2], x[6]);
203 accum.mul_x2(x[3], x[5]);
204 accum.mul(x[4], x[4]);
205 z[8] = accum.extract();
206 accum.mul_x2(x[3], x[6]);
207 accum.mul_x2(x[4], x[5]);
208 z[9] = accum.extract();
209 accum.mul_x2(x[4], x[6]);
210 accum.mul(x[5], x[5]);
211 z[10] = accum.extract();
212 accum.mul_x2(x[5], x[6]);
213 z[11] = accum.extract();
214 accum.mul(x[6], x[6]);
215 z[12] = accum.extract();
216 z[13] = accum.extract();
217}
218
219/*
220* Comba 7x7 Multiplication
221*/
222void bigint_comba_mul7(word z[14], const word x[7], const word y[7]) {
223 word3<word> accum;
224
225 accum.mul(x[0], y[0]);
226 z[0] = accum.extract();
227 accum.mul(x[0], y[1]);
228 accum.mul(x[1], y[0]);
229 z[1] = accum.extract();
230 accum.mul(x[0], y[2]);
231 accum.mul(x[1], y[1]);
232 accum.mul(x[2], y[0]);
233 z[2] = accum.extract();
234 accum.mul(x[0], y[3]);
235 accum.mul(x[1], y[2]);
236 accum.mul(x[2], y[1]);
237 accum.mul(x[3], y[0]);
238 z[3] = accum.extract();
239 accum.mul(x[0], y[4]);
240 accum.mul(x[1], y[3]);
241 accum.mul(x[2], y[2]);
242 accum.mul(x[3], y[1]);
243 accum.mul(x[4], y[0]);
244 z[4] = accum.extract();
245 accum.mul(x[0], y[5]);
246 accum.mul(x[1], y[4]);
247 accum.mul(x[2], y[3]);
248 accum.mul(x[3], y[2]);
249 accum.mul(x[4], y[1]);
250 accum.mul(x[5], y[0]);
251 z[5] = accum.extract();
252 accum.mul(x[0], y[6]);
253 accum.mul(x[1], y[5]);
254 accum.mul(x[2], y[4]);
255 accum.mul(x[3], y[3]);
256 accum.mul(x[4], y[2]);
257 accum.mul(x[5], y[1]);
258 accum.mul(x[6], y[0]);
259 z[6] = accum.extract();
260 accum.mul(x[1], y[6]);
261 accum.mul(x[2], y[5]);
262 accum.mul(x[3], y[4]);
263 accum.mul(x[4], y[3]);
264 accum.mul(x[5], y[2]);
265 accum.mul(x[6], y[1]);
266 z[7] = accum.extract();
267 accum.mul(x[2], y[6]);
268 accum.mul(x[3], y[5]);
269 accum.mul(x[4], y[4]);
270 accum.mul(x[5], y[3]);
271 accum.mul(x[6], y[2]);
272 z[8] = accum.extract();
273 accum.mul(x[3], y[6]);
274 accum.mul(x[4], y[5]);
275 accum.mul(x[5], y[4]);
276 accum.mul(x[6], y[3]);
277 z[9] = accum.extract();
278 accum.mul(x[4], y[6]);
279 accum.mul(x[5], y[5]);
280 accum.mul(x[6], y[4]);
281 z[10] = accum.extract();
282 accum.mul(x[5], y[6]);
283 accum.mul(x[6], y[5]);
284 z[11] = accum.extract();
285 accum.mul(x[6], y[6]);
286 z[12] = accum.extract();
287 z[13] = accum.extract();
288}
289
290/*
291* Comba 8x8 Squaring
292*/
293void bigint_comba_sqr8(word z[16], const word x[8]) {
294 word3<word> accum;
295
296 accum.mul(x[0], x[0]);
297 z[0] = accum.extract();
298 accum.mul_x2(x[0], x[1]);
299 z[1] = accum.extract();
300 accum.mul_x2(x[0], x[2]);
301 accum.mul(x[1], x[1]);
302 z[2] = accum.extract();
303 accum.mul_x2(x[0], x[3]);
304 accum.mul_x2(x[1], x[2]);
305 z[3] = accum.extract();
306 accum.mul_x2(x[0], x[4]);
307 accum.mul_x2(x[1], x[3]);
308 accum.mul(x[2], x[2]);
309 z[4] = accum.extract();
310 accum.mul_x2(x[0], x[5]);
311 accum.mul_x2(x[1], x[4]);
312 accum.mul_x2(x[2], x[3]);
313 z[5] = accum.extract();
314 accum.mul_x2(x[0], x[6]);
315 accum.mul_x2(x[1], x[5]);
316 accum.mul_x2(x[2], x[4]);
317 accum.mul(x[3], x[3]);
318 z[6] = accum.extract();
319 accum.mul_x2(x[0], x[7]);
320 accum.mul_x2(x[1], x[6]);
321 accum.mul_x2(x[2], x[5]);
322 accum.mul_x2(x[3], x[4]);
323 z[7] = accum.extract();
324 accum.mul_x2(x[1], x[7]);
325 accum.mul_x2(x[2], x[6]);
326 accum.mul_x2(x[3], x[5]);
327 accum.mul(x[4], x[4]);
328 z[8] = accum.extract();
329 accum.mul_x2(x[2], x[7]);
330 accum.mul_x2(x[3], x[6]);
331 accum.mul_x2(x[4], x[5]);
332 z[9] = accum.extract();
333 accum.mul_x2(x[3], x[7]);
334 accum.mul_x2(x[4], x[6]);
335 accum.mul(x[5], x[5]);
336 z[10] = accum.extract();
337 accum.mul_x2(x[4], x[7]);
338 accum.mul_x2(x[5], x[6]);
339 z[11] = accum.extract();
340 accum.mul_x2(x[5], x[7]);
341 accum.mul(x[6], x[6]);
342 z[12] = accum.extract();
343 accum.mul_x2(x[6], x[7]);
344 z[13] = accum.extract();
345 accum.mul(x[7], x[7]);
346 z[14] = accum.extract();
347 z[15] = accum.extract();
348}
349
350/*
351* Comba 8x8 Multiplication
352*/
353void bigint_comba_mul8(word z[16], const word x[8], const word y[8]) {
354 word3<word> accum;
355
356 accum.mul(x[0], y[0]);
357 z[0] = accum.extract();
358 accum.mul(x[0], y[1]);
359 accum.mul(x[1], y[0]);
360 z[1] = accum.extract();
361 accum.mul(x[0], y[2]);
362 accum.mul(x[1], y[1]);
363 accum.mul(x[2], y[0]);
364 z[2] = accum.extract();
365 accum.mul(x[0], y[3]);
366 accum.mul(x[1], y[2]);
367 accum.mul(x[2], y[1]);
368 accum.mul(x[3], y[0]);
369 z[3] = accum.extract();
370 accum.mul(x[0], y[4]);
371 accum.mul(x[1], y[3]);
372 accum.mul(x[2], y[2]);
373 accum.mul(x[3], y[1]);
374 accum.mul(x[4], y[0]);
375 z[4] = accum.extract();
376 accum.mul(x[0], y[5]);
377 accum.mul(x[1], y[4]);
378 accum.mul(x[2], y[3]);
379 accum.mul(x[3], y[2]);
380 accum.mul(x[4], y[1]);
381 accum.mul(x[5], y[0]);
382 z[5] = accum.extract();
383 accum.mul(x[0], y[6]);
384 accum.mul(x[1], y[5]);
385 accum.mul(x[2], y[4]);
386 accum.mul(x[3], y[3]);
387 accum.mul(x[4], y[2]);
388 accum.mul(x[5], y[1]);
389 accum.mul(x[6], y[0]);
390 z[6] = accum.extract();
391 accum.mul(x[0], y[7]);
392 accum.mul(x[1], y[6]);
393 accum.mul(x[2], y[5]);
394 accum.mul(x[3], y[4]);
395 accum.mul(x[4], y[3]);
396 accum.mul(x[5], y[2]);
397 accum.mul(x[6], y[1]);
398 accum.mul(x[7], y[0]);
399 z[7] = accum.extract();
400 accum.mul(x[1], y[7]);
401 accum.mul(x[2], y[6]);
402 accum.mul(x[3], y[5]);
403 accum.mul(x[4], y[4]);
404 accum.mul(x[5], y[3]);
405 accum.mul(x[6], y[2]);
406 accum.mul(x[7], y[1]);
407 z[8] = accum.extract();
408 accum.mul(x[2], y[7]);
409 accum.mul(x[3], y[6]);
410 accum.mul(x[4], y[5]);
411 accum.mul(x[5], y[4]);
412 accum.mul(x[6], y[3]);
413 accum.mul(x[7], y[2]);
414 z[9] = accum.extract();
415 accum.mul(x[3], y[7]);
416 accum.mul(x[4], y[6]);
417 accum.mul(x[5], y[5]);
418 accum.mul(x[6], y[4]);
419 accum.mul(x[7], y[3]);
420 z[10] = accum.extract();
421 accum.mul(x[4], y[7]);
422 accum.mul(x[5], y[6]);
423 accum.mul(x[6], y[5]);
424 accum.mul(x[7], y[4]);
425 z[11] = accum.extract();
426 accum.mul(x[5], y[7]);
427 accum.mul(x[6], y[6]);
428 accum.mul(x[7], y[5]);
429 z[12] = accum.extract();
430 accum.mul(x[6], y[7]);
431 accum.mul(x[7], y[6]);
432 z[13] = accum.extract();
433 accum.mul(x[7], y[7]);
434 z[14] = accum.extract();
435 z[15] = accum.extract();
436}
437
438/*
439* Comba 9x9 Squaring
440*/
441void bigint_comba_sqr9(word z[18], const word x[9]) {
442 word3<word> accum;
443
444 accum.mul(x[0], x[0]);
445 z[0] = accum.extract();
446 accum.mul_x2(x[0], x[1]);
447 z[1] = accum.extract();
448 accum.mul_x2(x[0], x[2]);
449 accum.mul(x[1], x[1]);
450 z[2] = accum.extract();
451 accum.mul_x2(x[0], x[3]);
452 accum.mul_x2(x[1], x[2]);
453 z[3] = accum.extract();
454 accum.mul_x2(x[0], x[4]);
455 accum.mul_x2(x[1], x[3]);
456 accum.mul(x[2], x[2]);
457 z[4] = accum.extract();
458 accum.mul_x2(x[0], x[5]);
459 accum.mul_x2(x[1], x[4]);
460 accum.mul_x2(x[2], x[3]);
461 z[5] = accum.extract();
462 accum.mul_x2(x[0], x[6]);
463 accum.mul_x2(x[1], x[5]);
464 accum.mul_x2(x[2], x[4]);
465 accum.mul(x[3], x[3]);
466 z[6] = accum.extract();
467 accum.mul_x2(x[0], x[7]);
468 accum.mul_x2(x[1], x[6]);
469 accum.mul_x2(x[2], x[5]);
470 accum.mul_x2(x[3], x[4]);
471 z[7] = accum.extract();
472 accum.mul_x2(x[0], x[8]);
473 accum.mul_x2(x[1], x[7]);
474 accum.mul_x2(x[2], x[6]);
475 accum.mul_x2(x[3], x[5]);
476 accum.mul(x[4], x[4]);
477 z[8] = accum.extract();
478 accum.mul_x2(x[1], x[8]);
479 accum.mul_x2(x[2], x[7]);
480 accum.mul_x2(x[3], x[6]);
481 accum.mul_x2(x[4], x[5]);
482 z[9] = accum.extract();
483 accum.mul_x2(x[2], x[8]);
484 accum.mul_x2(x[3], x[7]);
485 accum.mul_x2(x[4], x[6]);
486 accum.mul(x[5], x[5]);
487 z[10] = accum.extract();
488 accum.mul_x2(x[3], x[8]);
489 accum.mul_x2(x[4], x[7]);
490 accum.mul_x2(x[5], x[6]);
491 z[11] = accum.extract();
492 accum.mul_x2(x[4], x[8]);
493 accum.mul_x2(x[5], x[7]);
494 accum.mul(x[6], x[6]);
495 z[12] = accum.extract();
496 accum.mul_x2(x[5], x[8]);
497 accum.mul_x2(x[6], x[7]);
498 z[13] = accum.extract();
499 accum.mul_x2(x[6], x[8]);
500 accum.mul(x[7], x[7]);
501 z[14] = accum.extract();
502 accum.mul_x2(x[7], x[8]);
503 z[15] = accum.extract();
504 accum.mul(x[8], x[8]);
505 z[16] = accum.extract();
506 z[17] = accum.extract();
507}
508
509/*
510* Comba 9x9 Multiplication
511*/
512void bigint_comba_mul9(word z[18], const word x[9], const word y[9]) {
513 word3<word> accum;
514
515 accum.mul(x[0], y[0]);
516 z[0] = accum.extract();
517 accum.mul(x[0], y[1]);
518 accum.mul(x[1], y[0]);
519 z[1] = accum.extract();
520 accum.mul(x[0], y[2]);
521 accum.mul(x[1], y[1]);
522 accum.mul(x[2], y[0]);
523 z[2] = accum.extract();
524 accum.mul(x[0], y[3]);
525 accum.mul(x[1], y[2]);
526 accum.mul(x[2], y[1]);
527 accum.mul(x[3], y[0]);
528 z[3] = accum.extract();
529 accum.mul(x[0], y[4]);
530 accum.mul(x[1], y[3]);
531 accum.mul(x[2], y[2]);
532 accum.mul(x[3], y[1]);
533 accum.mul(x[4], y[0]);
534 z[4] = accum.extract();
535 accum.mul(x[0], y[5]);
536 accum.mul(x[1], y[4]);
537 accum.mul(x[2], y[3]);
538 accum.mul(x[3], y[2]);
539 accum.mul(x[4], y[1]);
540 accum.mul(x[5], y[0]);
541 z[5] = accum.extract();
542 accum.mul(x[0], y[6]);
543 accum.mul(x[1], y[5]);
544 accum.mul(x[2], y[4]);
545 accum.mul(x[3], y[3]);
546 accum.mul(x[4], y[2]);
547 accum.mul(x[5], y[1]);
548 accum.mul(x[6], y[0]);
549 z[6] = accum.extract();
550 accum.mul(x[0], y[7]);
551 accum.mul(x[1], y[6]);
552 accum.mul(x[2], y[5]);
553 accum.mul(x[3], y[4]);
554 accum.mul(x[4], y[3]);
555 accum.mul(x[5], y[2]);
556 accum.mul(x[6], y[1]);
557 accum.mul(x[7], y[0]);
558 z[7] = accum.extract();
559 accum.mul(x[0], y[8]);
560 accum.mul(x[1], y[7]);
561 accum.mul(x[2], y[6]);
562 accum.mul(x[3], y[5]);
563 accum.mul(x[4], y[4]);
564 accum.mul(x[5], y[3]);
565 accum.mul(x[6], y[2]);
566 accum.mul(x[7], y[1]);
567 accum.mul(x[8], y[0]);
568 z[8] = accum.extract();
569 accum.mul(x[1], y[8]);
570 accum.mul(x[2], y[7]);
571 accum.mul(x[3], y[6]);
572 accum.mul(x[4], y[5]);
573 accum.mul(x[5], y[4]);
574 accum.mul(x[6], y[3]);
575 accum.mul(x[7], y[2]);
576 accum.mul(x[8], y[1]);
577 z[9] = accum.extract();
578 accum.mul(x[2], y[8]);
579 accum.mul(x[3], y[7]);
580 accum.mul(x[4], y[6]);
581 accum.mul(x[5], y[5]);
582 accum.mul(x[6], y[4]);
583 accum.mul(x[7], y[3]);
584 accum.mul(x[8], y[2]);
585 z[10] = accum.extract();
586 accum.mul(x[3], y[8]);
587 accum.mul(x[4], y[7]);
588 accum.mul(x[5], y[6]);
589 accum.mul(x[6], y[5]);
590 accum.mul(x[7], y[4]);
591 accum.mul(x[8], y[3]);
592 z[11] = accum.extract();
593 accum.mul(x[4], y[8]);
594 accum.mul(x[5], y[7]);
595 accum.mul(x[6], y[6]);
596 accum.mul(x[7], y[5]);
597 accum.mul(x[8], y[4]);
598 z[12] = accum.extract();
599 accum.mul(x[5], y[8]);
600 accum.mul(x[6], y[7]);
601 accum.mul(x[7], y[6]);
602 accum.mul(x[8], y[5]);
603 z[13] = accum.extract();
604 accum.mul(x[6], y[8]);
605 accum.mul(x[7], y[7]);
606 accum.mul(x[8], y[6]);
607 z[14] = accum.extract();
608 accum.mul(x[7], y[8]);
609 accum.mul(x[8], y[7]);
610 z[15] = accum.extract();
611 accum.mul(x[8], y[8]);
612 z[16] = accum.extract();
613 z[17] = accum.extract();
614}
615
616/*
617* Comba 16x16 Squaring
618*/
619void bigint_comba_sqr16(word z[32], const word x[16]) {
620 word3<word> accum;
621
622 accum.mul(x[0], x[0]);
623 z[0] = accum.extract();
624 accum.mul_x2(x[0], x[1]);
625 z[1] = accum.extract();
626 accum.mul_x2(x[0], x[2]);
627 accum.mul(x[1], x[1]);
628 z[2] = accum.extract();
629 accum.mul_x2(x[0], x[3]);
630 accum.mul_x2(x[1], x[2]);
631 z[3] = accum.extract();
632 accum.mul_x2(x[0], x[4]);
633 accum.mul_x2(x[1], x[3]);
634 accum.mul(x[2], x[2]);
635 z[4] = accum.extract();
636 accum.mul_x2(x[0], x[5]);
637 accum.mul_x2(x[1], x[4]);
638 accum.mul_x2(x[2], x[3]);
639 z[5] = accum.extract();
640 accum.mul_x2(x[0], x[6]);
641 accum.mul_x2(x[1], x[5]);
642 accum.mul_x2(x[2], x[4]);
643 accum.mul(x[3], x[3]);
644 z[6] = accum.extract();
645 accum.mul_x2(x[0], x[7]);
646 accum.mul_x2(x[1], x[6]);
647 accum.mul_x2(x[2], x[5]);
648 accum.mul_x2(x[3], x[4]);
649 z[7] = accum.extract();
650 accum.mul_x2(x[0], x[8]);
651 accum.mul_x2(x[1], x[7]);
652 accum.mul_x2(x[2], x[6]);
653 accum.mul_x2(x[3], x[5]);
654 accum.mul(x[4], x[4]);
655 z[8] = accum.extract();
656 accum.mul_x2(x[0], x[9]);
657 accum.mul_x2(x[1], x[8]);
658 accum.mul_x2(x[2], x[7]);
659 accum.mul_x2(x[3], x[6]);
660 accum.mul_x2(x[4], x[5]);
661 z[9] = accum.extract();
662 accum.mul_x2(x[0], x[10]);
663 accum.mul_x2(x[1], x[9]);
664 accum.mul_x2(x[2], x[8]);
665 accum.mul_x2(x[3], x[7]);
666 accum.mul_x2(x[4], x[6]);
667 accum.mul(x[5], x[5]);
668 z[10] = accum.extract();
669 accum.mul_x2(x[0], x[11]);
670 accum.mul_x2(x[1], x[10]);
671 accum.mul_x2(x[2], x[9]);
672 accum.mul_x2(x[3], x[8]);
673 accum.mul_x2(x[4], x[7]);
674 accum.mul_x2(x[5], x[6]);
675 z[11] = accum.extract();
676 accum.mul_x2(x[0], x[12]);
677 accum.mul_x2(x[1], x[11]);
678 accum.mul_x2(x[2], x[10]);
679 accum.mul_x2(x[3], x[9]);
680 accum.mul_x2(x[4], x[8]);
681 accum.mul_x2(x[5], x[7]);
682 accum.mul(x[6], x[6]);
683 z[12] = accum.extract();
684 accum.mul_x2(x[0], x[13]);
685 accum.mul_x2(x[1], x[12]);
686 accum.mul_x2(x[2], x[11]);
687 accum.mul_x2(x[3], x[10]);
688 accum.mul_x2(x[4], x[9]);
689 accum.mul_x2(x[5], x[8]);
690 accum.mul_x2(x[6], x[7]);
691 z[13] = accum.extract();
692 accum.mul_x2(x[0], x[14]);
693 accum.mul_x2(x[1], x[13]);
694 accum.mul_x2(x[2], x[12]);
695 accum.mul_x2(x[3], x[11]);
696 accum.mul_x2(x[4], x[10]);
697 accum.mul_x2(x[5], x[9]);
698 accum.mul_x2(x[6], x[8]);
699 accum.mul(x[7], x[7]);
700 z[14] = accum.extract();
701 accum.mul_x2(x[0], x[15]);
702 accum.mul_x2(x[1], x[14]);
703 accum.mul_x2(x[2], x[13]);
704 accum.mul_x2(x[3], x[12]);
705 accum.mul_x2(x[4], x[11]);
706 accum.mul_x2(x[5], x[10]);
707 accum.mul_x2(x[6], x[9]);
708 accum.mul_x2(x[7], x[8]);
709 z[15] = accum.extract();
710 accum.mul_x2(x[1], x[15]);
711 accum.mul_x2(x[2], x[14]);
712 accum.mul_x2(x[3], x[13]);
713 accum.mul_x2(x[4], x[12]);
714 accum.mul_x2(x[5], x[11]);
715 accum.mul_x2(x[6], x[10]);
716 accum.mul_x2(x[7], x[9]);
717 accum.mul(x[8], x[8]);
718 z[16] = accum.extract();
719 accum.mul_x2(x[2], x[15]);
720 accum.mul_x2(x[3], x[14]);
721 accum.mul_x2(x[4], x[13]);
722 accum.mul_x2(x[5], x[12]);
723 accum.mul_x2(x[6], x[11]);
724 accum.mul_x2(x[7], x[10]);
725 accum.mul_x2(x[8], x[9]);
726 z[17] = accum.extract();
727 accum.mul_x2(x[3], x[15]);
728 accum.mul_x2(x[4], x[14]);
729 accum.mul_x2(x[5], x[13]);
730 accum.mul_x2(x[6], x[12]);
731 accum.mul_x2(x[7], x[11]);
732 accum.mul_x2(x[8], x[10]);
733 accum.mul(x[9], x[9]);
734 z[18] = accum.extract();
735 accum.mul_x2(x[4], x[15]);
736 accum.mul_x2(x[5], x[14]);
737 accum.mul_x2(x[6], x[13]);
738 accum.mul_x2(x[7], x[12]);
739 accum.mul_x2(x[8], x[11]);
740 accum.mul_x2(x[9], x[10]);
741 z[19] = accum.extract();
742 accum.mul_x2(x[5], x[15]);
743 accum.mul_x2(x[6], x[14]);
744 accum.mul_x2(x[7], x[13]);
745 accum.mul_x2(x[8], x[12]);
746 accum.mul_x2(x[9], x[11]);
747 accum.mul(x[10], x[10]);
748 z[20] = accum.extract();
749 accum.mul_x2(x[6], x[15]);
750 accum.mul_x2(x[7], x[14]);
751 accum.mul_x2(x[8], x[13]);
752 accum.mul_x2(x[9], x[12]);
753 accum.mul_x2(x[10], x[11]);
754 z[21] = accum.extract();
755 accum.mul_x2(x[7], x[15]);
756 accum.mul_x2(x[8], x[14]);
757 accum.mul_x2(x[9], x[13]);
758 accum.mul_x2(x[10], x[12]);
759 accum.mul(x[11], x[11]);
760 z[22] = accum.extract();
761 accum.mul_x2(x[8], x[15]);
762 accum.mul_x2(x[9], x[14]);
763 accum.mul_x2(x[10], x[13]);
764 accum.mul_x2(x[11], x[12]);
765 z[23] = accum.extract();
766 accum.mul_x2(x[9], x[15]);
767 accum.mul_x2(x[10], x[14]);
768 accum.mul_x2(x[11], x[13]);
769 accum.mul(x[12], x[12]);
770 z[24] = accum.extract();
771 accum.mul_x2(x[10], x[15]);
772 accum.mul_x2(x[11], x[14]);
773 accum.mul_x2(x[12], x[13]);
774 z[25] = accum.extract();
775 accum.mul_x2(x[11], x[15]);
776 accum.mul_x2(x[12], x[14]);
777 accum.mul(x[13], x[13]);
778 z[26] = accum.extract();
779 accum.mul_x2(x[12], x[15]);
780 accum.mul_x2(x[13], x[14]);
781 z[27] = accum.extract();
782 accum.mul_x2(x[13], x[15]);
783 accum.mul(x[14], x[14]);
784 z[28] = accum.extract();
785 accum.mul_x2(x[14], x[15]);
786 z[29] = accum.extract();
787 accum.mul(x[15], x[15]);
788 z[30] = accum.extract();
789 z[31] = accum.extract();
790}
791
792/*
793* Comba 16x16 Multiplication
794*/
795void bigint_comba_mul16(word z[32], const word x[16], const word y[16]) {
796 word3<word> accum;
797
798 accum.mul(x[0], y[0]);
799 z[0] = accum.extract();
800 accum.mul(x[0], y[1]);
801 accum.mul(x[1], y[0]);
802 z[1] = accum.extract();
803 accum.mul(x[0], y[2]);
804 accum.mul(x[1], y[1]);
805 accum.mul(x[2], y[0]);
806 z[2] = accum.extract();
807 accum.mul(x[0], y[3]);
808 accum.mul(x[1], y[2]);
809 accum.mul(x[2], y[1]);
810 accum.mul(x[3], y[0]);
811 z[3] = accum.extract();
812 accum.mul(x[0], y[4]);
813 accum.mul(x[1], y[3]);
814 accum.mul(x[2], y[2]);
815 accum.mul(x[3], y[1]);
816 accum.mul(x[4], y[0]);
817 z[4] = accum.extract();
818 accum.mul(x[0], y[5]);
819 accum.mul(x[1], y[4]);
820 accum.mul(x[2], y[3]);
821 accum.mul(x[3], y[2]);
822 accum.mul(x[4], y[1]);
823 accum.mul(x[5], y[0]);
824 z[5] = accum.extract();
825 accum.mul(x[0], y[6]);
826 accum.mul(x[1], y[5]);
827 accum.mul(x[2], y[4]);
828 accum.mul(x[3], y[3]);
829 accum.mul(x[4], y[2]);
830 accum.mul(x[5], y[1]);
831 accum.mul(x[6], y[0]);
832 z[6] = accum.extract();
833 accum.mul(x[0], y[7]);
834 accum.mul(x[1], y[6]);
835 accum.mul(x[2], y[5]);
836 accum.mul(x[3], y[4]);
837 accum.mul(x[4], y[3]);
838 accum.mul(x[5], y[2]);
839 accum.mul(x[6], y[1]);
840 accum.mul(x[7], y[0]);
841 z[7] = accum.extract();
842 accum.mul(x[0], y[8]);
843 accum.mul(x[1], y[7]);
844 accum.mul(x[2], y[6]);
845 accum.mul(x[3], y[5]);
846 accum.mul(x[4], y[4]);
847 accum.mul(x[5], y[3]);
848 accum.mul(x[6], y[2]);
849 accum.mul(x[7], y[1]);
850 accum.mul(x[8], y[0]);
851 z[8] = accum.extract();
852 accum.mul(x[0], y[9]);
853 accum.mul(x[1], y[8]);
854 accum.mul(x[2], y[7]);
855 accum.mul(x[3], y[6]);
856 accum.mul(x[4], y[5]);
857 accum.mul(x[5], y[4]);
858 accum.mul(x[6], y[3]);
859 accum.mul(x[7], y[2]);
860 accum.mul(x[8], y[1]);
861 accum.mul(x[9], y[0]);
862 z[9] = accum.extract();
863 accum.mul(x[0], y[10]);
864 accum.mul(x[1], y[9]);
865 accum.mul(x[2], y[8]);
866 accum.mul(x[3], y[7]);
867 accum.mul(x[4], y[6]);
868 accum.mul(x[5], y[5]);
869 accum.mul(x[6], y[4]);
870 accum.mul(x[7], y[3]);
871 accum.mul(x[8], y[2]);
872 accum.mul(x[9], y[1]);
873 accum.mul(x[10], y[0]);
874 z[10] = accum.extract();
875 accum.mul(x[0], y[11]);
876 accum.mul(x[1], y[10]);
877 accum.mul(x[2], y[9]);
878 accum.mul(x[3], y[8]);
879 accum.mul(x[4], y[7]);
880 accum.mul(x[5], y[6]);
881 accum.mul(x[6], y[5]);
882 accum.mul(x[7], y[4]);
883 accum.mul(x[8], y[3]);
884 accum.mul(x[9], y[2]);
885 accum.mul(x[10], y[1]);
886 accum.mul(x[11], y[0]);
887 z[11] = accum.extract();
888 accum.mul(x[0], y[12]);
889 accum.mul(x[1], y[11]);
890 accum.mul(x[2], y[10]);
891 accum.mul(x[3], y[9]);
892 accum.mul(x[4], y[8]);
893 accum.mul(x[5], y[7]);
894 accum.mul(x[6], y[6]);
895 accum.mul(x[7], y[5]);
896 accum.mul(x[8], y[4]);
897 accum.mul(x[9], y[3]);
898 accum.mul(x[10], y[2]);
899 accum.mul(x[11], y[1]);
900 accum.mul(x[12], y[0]);
901 z[12] = accum.extract();
902 accum.mul(x[0], y[13]);
903 accum.mul(x[1], y[12]);
904 accum.mul(x[2], y[11]);
905 accum.mul(x[3], y[10]);
906 accum.mul(x[4], y[9]);
907 accum.mul(x[5], y[8]);
908 accum.mul(x[6], y[7]);
909 accum.mul(x[7], y[6]);
910 accum.mul(x[8], y[5]);
911 accum.mul(x[9], y[4]);
912 accum.mul(x[10], y[3]);
913 accum.mul(x[11], y[2]);
914 accum.mul(x[12], y[1]);
915 accum.mul(x[13], y[0]);
916 z[13] = accum.extract();
917 accum.mul(x[0], y[14]);
918 accum.mul(x[1], y[13]);
919 accum.mul(x[2], y[12]);
920 accum.mul(x[3], y[11]);
921 accum.mul(x[4], y[10]);
922 accum.mul(x[5], y[9]);
923 accum.mul(x[6], y[8]);
924 accum.mul(x[7], y[7]);
925 accum.mul(x[8], y[6]);
926 accum.mul(x[9], y[5]);
927 accum.mul(x[10], y[4]);
928 accum.mul(x[11], y[3]);
929 accum.mul(x[12], y[2]);
930 accum.mul(x[13], y[1]);
931 accum.mul(x[14], y[0]);
932 z[14] = accum.extract();
933 accum.mul(x[0], y[15]);
934 accum.mul(x[1], y[14]);
935 accum.mul(x[2], y[13]);
936 accum.mul(x[3], y[12]);
937 accum.mul(x[4], y[11]);
938 accum.mul(x[5], y[10]);
939 accum.mul(x[6], y[9]);
940 accum.mul(x[7], y[8]);
941 accum.mul(x[8], y[7]);
942 accum.mul(x[9], y[6]);
943 accum.mul(x[10], y[5]);
944 accum.mul(x[11], y[4]);
945 accum.mul(x[12], y[3]);
946 accum.mul(x[13], y[2]);
947 accum.mul(x[14], y[1]);
948 accum.mul(x[15], y[0]);
949 z[15] = accum.extract();
950 accum.mul(x[1], y[15]);
951 accum.mul(x[2], y[14]);
952 accum.mul(x[3], y[13]);
953 accum.mul(x[4], y[12]);
954 accum.mul(x[5], y[11]);
955 accum.mul(x[6], y[10]);
956 accum.mul(x[7], y[9]);
957 accum.mul(x[8], y[8]);
958 accum.mul(x[9], y[7]);
959 accum.mul(x[10], y[6]);
960 accum.mul(x[11], y[5]);
961 accum.mul(x[12], y[4]);
962 accum.mul(x[13], y[3]);
963 accum.mul(x[14], y[2]);
964 accum.mul(x[15], y[1]);
965 z[16] = accum.extract();
966 accum.mul(x[2], y[15]);
967 accum.mul(x[3], y[14]);
968 accum.mul(x[4], y[13]);
969 accum.mul(x[5], y[12]);
970 accum.mul(x[6], y[11]);
971 accum.mul(x[7], y[10]);
972 accum.mul(x[8], y[9]);
973 accum.mul(x[9], y[8]);
974 accum.mul(x[10], y[7]);
975 accum.mul(x[11], y[6]);
976 accum.mul(x[12], y[5]);
977 accum.mul(x[13], y[4]);
978 accum.mul(x[14], y[3]);
979 accum.mul(x[15], y[2]);
980 z[17] = accum.extract();
981 accum.mul(x[3], y[15]);
982 accum.mul(x[4], y[14]);
983 accum.mul(x[5], y[13]);
984 accum.mul(x[6], y[12]);
985 accum.mul(x[7], y[11]);
986 accum.mul(x[8], y[10]);
987 accum.mul(x[9], y[9]);
988 accum.mul(x[10], y[8]);
989 accum.mul(x[11], y[7]);
990 accum.mul(x[12], y[6]);
991 accum.mul(x[13], y[5]);
992 accum.mul(x[14], y[4]);
993 accum.mul(x[15], y[3]);
994 z[18] = accum.extract();
995 accum.mul(x[4], y[15]);
996 accum.mul(x[5], y[14]);
997 accum.mul(x[6], y[13]);
998 accum.mul(x[7], y[12]);
999 accum.mul(x[8], y[11]);
1000 accum.mul(x[9], y[10]);
1001 accum.mul(x[10], y[9]);
1002 accum.mul(x[11], y[8]);
1003 accum.mul(x[12], y[7]);
1004 accum.mul(x[13], y[6]);
1005 accum.mul(x[14], y[5]);
1006 accum.mul(x[15], y[4]);
1007 z[19] = accum.extract();
1008 accum.mul(x[5], y[15]);
1009 accum.mul(x[6], y[14]);
1010 accum.mul(x[7], y[13]);
1011 accum.mul(x[8], y[12]);
1012 accum.mul(x[9], y[11]);
1013 accum.mul(x[10], y[10]);
1014 accum.mul(x[11], y[9]);
1015 accum.mul(x[12], y[8]);
1016 accum.mul(x[13], y[7]);
1017 accum.mul(x[14], y[6]);
1018 accum.mul(x[15], y[5]);
1019 z[20] = accum.extract();
1020 accum.mul(x[6], y[15]);
1021 accum.mul(x[7], y[14]);
1022 accum.mul(x[8], y[13]);
1023 accum.mul(x[9], y[12]);
1024 accum.mul(x[10], y[11]);
1025 accum.mul(x[11], y[10]);
1026 accum.mul(x[12], y[9]);
1027 accum.mul(x[13], y[8]);
1028 accum.mul(x[14], y[7]);
1029 accum.mul(x[15], y[6]);
1030 z[21] = accum.extract();
1031 accum.mul(x[7], y[15]);
1032 accum.mul(x[8], y[14]);
1033 accum.mul(x[9], y[13]);
1034 accum.mul(x[10], y[12]);
1035 accum.mul(x[11], y[11]);
1036 accum.mul(x[12], y[10]);
1037 accum.mul(x[13], y[9]);
1038 accum.mul(x[14], y[8]);
1039 accum.mul(x[15], y[7]);
1040 z[22] = accum.extract();
1041 accum.mul(x[8], y[15]);
1042 accum.mul(x[9], y[14]);
1043 accum.mul(x[10], y[13]);
1044 accum.mul(x[11], y[12]);
1045 accum.mul(x[12], y[11]);
1046 accum.mul(x[13], y[10]);
1047 accum.mul(x[14], y[9]);
1048 accum.mul(x[15], y[8]);
1049 z[23] = accum.extract();
1050 accum.mul(x[9], y[15]);
1051 accum.mul(x[10], y[14]);
1052 accum.mul(x[11], y[13]);
1053 accum.mul(x[12], y[12]);
1054 accum.mul(x[13], y[11]);
1055 accum.mul(x[14], y[10]);
1056 accum.mul(x[15], y[9]);
1057 z[24] = accum.extract();
1058 accum.mul(x[10], y[15]);
1059 accum.mul(x[11], y[14]);
1060 accum.mul(x[12], y[13]);
1061 accum.mul(x[13], y[12]);
1062 accum.mul(x[14], y[11]);
1063 accum.mul(x[15], y[10]);
1064 z[25] = accum.extract();
1065 accum.mul(x[11], y[15]);
1066 accum.mul(x[12], y[14]);
1067 accum.mul(x[13], y[13]);
1068 accum.mul(x[14], y[12]);
1069 accum.mul(x[15], y[11]);
1070 z[26] = accum.extract();
1071 accum.mul(x[12], y[15]);
1072 accum.mul(x[13], y[14]);
1073 accum.mul(x[14], y[13]);
1074 accum.mul(x[15], y[12]);
1075 z[27] = accum.extract();
1076 accum.mul(x[13], y[15]);
1077 accum.mul(x[14], y[14]);
1078 accum.mul(x[15], y[13]);
1079 z[28] = accum.extract();
1080 accum.mul(x[14], y[15]);
1081 accum.mul(x[15], y[14]);
1082 z[29] = accum.extract();
1083 accum.mul(x[15], y[15]);
1084 z[30] = accum.extract();
1085 z[31] = accum.extract();
1086}
1087
1088/*
1089* Comba 24x24 Squaring
1090*/
1091void bigint_comba_sqr24(word z[48], const word x[24]) {
1092 word3<word> accum;
1093
1094 accum.mul(x[0], x[0]);
1095 z[0] = accum.extract();
1096 accum.mul_x2(x[0], x[1]);
1097 z[1] = accum.extract();
1098 accum.mul_x2(x[0], x[2]);
1099 accum.mul(x[1], x[1]);
1100 z[2] = accum.extract();
1101 accum.mul_x2(x[0], x[3]);
1102 accum.mul_x2(x[1], x[2]);
1103 z[3] = accum.extract();
1104 accum.mul_x2(x[0], x[4]);
1105 accum.mul_x2(x[1], x[3]);
1106 accum.mul(x[2], x[2]);
1107 z[4] = accum.extract();
1108 accum.mul_x2(x[0], x[5]);
1109 accum.mul_x2(x[1], x[4]);
1110 accum.mul_x2(x[2], x[3]);
1111 z[5] = accum.extract();
1112 accum.mul_x2(x[0], x[6]);
1113 accum.mul_x2(x[1], x[5]);
1114 accum.mul_x2(x[2], x[4]);
1115 accum.mul(x[3], x[3]);
1116 z[6] = accum.extract();
1117 accum.mul_x2(x[0], x[7]);
1118 accum.mul_x2(x[1], x[6]);
1119 accum.mul_x2(x[2], x[5]);
1120 accum.mul_x2(x[3], x[4]);
1121 z[7] = accum.extract();
1122 accum.mul_x2(x[0], x[8]);
1123 accum.mul_x2(x[1], x[7]);
1124 accum.mul_x2(x[2], x[6]);
1125 accum.mul_x2(x[3], x[5]);
1126 accum.mul(x[4], x[4]);
1127 z[8] = accum.extract();
1128 accum.mul_x2(x[0], x[9]);
1129 accum.mul_x2(x[1], x[8]);
1130 accum.mul_x2(x[2], x[7]);
1131 accum.mul_x2(x[3], x[6]);
1132 accum.mul_x2(x[4], x[5]);
1133 z[9] = accum.extract();
1134 accum.mul_x2(x[0], x[10]);
1135 accum.mul_x2(x[1], x[9]);
1136 accum.mul_x2(x[2], x[8]);
1137 accum.mul_x2(x[3], x[7]);
1138 accum.mul_x2(x[4], x[6]);
1139 accum.mul(x[5], x[5]);
1140 z[10] = accum.extract();
1141 accum.mul_x2(x[0], x[11]);
1142 accum.mul_x2(x[1], x[10]);
1143 accum.mul_x2(x[2], x[9]);
1144 accum.mul_x2(x[3], x[8]);
1145 accum.mul_x2(x[4], x[7]);
1146 accum.mul_x2(x[5], x[6]);
1147 z[11] = accum.extract();
1148 accum.mul_x2(x[0], x[12]);
1149 accum.mul_x2(x[1], x[11]);
1150 accum.mul_x2(x[2], x[10]);
1151 accum.mul_x2(x[3], x[9]);
1152 accum.mul_x2(x[4], x[8]);
1153 accum.mul_x2(x[5], x[7]);
1154 accum.mul(x[6], x[6]);
1155 z[12] = accum.extract();
1156 accum.mul_x2(x[0], x[13]);
1157 accum.mul_x2(x[1], x[12]);
1158 accum.mul_x2(x[2], x[11]);
1159 accum.mul_x2(x[3], x[10]);
1160 accum.mul_x2(x[4], x[9]);
1161 accum.mul_x2(x[5], x[8]);
1162 accum.mul_x2(x[6], x[7]);
1163 z[13] = accum.extract();
1164 accum.mul_x2(x[0], x[14]);
1165 accum.mul_x2(x[1], x[13]);
1166 accum.mul_x2(x[2], x[12]);
1167 accum.mul_x2(x[3], x[11]);
1168 accum.mul_x2(x[4], x[10]);
1169 accum.mul_x2(x[5], x[9]);
1170 accum.mul_x2(x[6], x[8]);
1171 accum.mul(x[7], x[7]);
1172 z[14] = accum.extract();
1173 accum.mul_x2(x[0], x[15]);
1174 accum.mul_x2(x[1], x[14]);
1175 accum.mul_x2(x[2], x[13]);
1176 accum.mul_x2(x[3], x[12]);
1177 accum.mul_x2(x[4], x[11]);
1178 accum.mul_x2(x[5], x[10]);
1179 accum.mul_x2(x[6], x[9]);
1180 accum.mul_x2(x[7], x[8]);
1181 z[15] = accum.extract();
1182 accum.mul_x2(x[0], x[16]);
1183 accum.mul_x2(x[1], x[15]);
1184 accum.mul_x2(x[2], x[14]);
1185 accum.mul_x2(x[3], x[13]);
1186 accum.mul_x2(x[4], x[12]);
1187 accum.mul_x2(x[5], x[11]);
1188 accum.mul_x2(x[6], x[10]);
1189 accum.mul_x2(x[7], x[9]);
1190 accum.mul(x[8], x[8]);
1191 z[16] = accum.extract();
1192 accum.mul_x2(x[0], x[17]);
1193 accum.mul_x2(x[1], x[16]);
1194 accum.mul_x2(x[2], x[15]);
1195 accum.mul_x2(x[3], x[14]);
1196 accum.mul_x2(x[4], x[13]);
1197 accum.mul_x2(x[5], x[12]);
1198 accum.mul_x2(x[6], x[11]);
1199 accum.mul_x2(x[7], x[10]);
1200 accum.mul_x2(x[8], x[9]);
1201 z[17] = accum.extract();
1202 accum.mul_x2(x[0], x[18]);
1203 accum.mul_x2(x[1], x[17]);
1204 accum.mul_x2(x[2], x[16]);
1205 accum.mul_x2(x[3], x[15]);
1206 accum.mul_x2(x[4], x[14]);
1207 accum.mul_x2(x[5], x[13]);
1208 accum.mul_x2(x[6], x[12]);
1209 accum.mul_x2(x[7], x[11]);
1210 accum.mul_x2(x[8], x[10]);
1211 accum.mul(x[9], x[9]);
1212 z[18] = accum.extract();
1213 accum.mul_x2(x[0], x[19]);
1214 accum.mul_x2(x[1], x[18]);
1215 accum.mul_x2(x[2], x[17]);
1216 accum.mul_x2(x[3], x[16]);
1217 accum.mul_x2(x[4], x[15]);
1218 accum.mul_x2(x[5], x[14]);
1219 accum.mul_x2(x[6], x[13]);
1220 accum.mul_x2(x[7], x[12]);
1221 accum.mul_x2(x[8], x[11]);
1222 accum.mul_x2(x[9], x[10]);
1223 z[19] = accum.extract();
1224 accum.mul_x2(x[0], x[20]);
1225 accum.mul_x2(x[1], x[19]);
1226 accum.mul_x2(x[2], x[18]);
1227 accum.mul_x2(x[3], x[17]);
1228 accum.mul_x2(x[4], x[16]);
1229 accum.mul_x2(x[5], x[15]);
1230 accum.mul_x2(x[6], x[14]);
1231 accum.mul_x2(x[7], x[13]);
1232 accum.mul_x2(x[8], x[12]);
1233 accum.mul_x2(x[9], x[11]);
1234 accum.mul(x[10], x[10]);
1235 z[20] = accum.extract();
1236 accum.mul_x2(x[0], x[21]);
1237 accum.mul_x2(x[1], x[20]);
1238 accum.mul_x2(x[2], x[19]);
1239 accum.mul_x2(x[3], x[18]);
1240 accum.mul_x2(x[4], x[17]);
1241 accum.mul_x2(x[5], x[16]);
1242 accum.mul_x2(x[6], x[15]);
1243 accum.mul_x2(x[7], x[14]);
1244 accum.mul_x2(x[8], x[13]);
1245 accum.mul_x2(x[9], x[12]);
1246 accum.mul_x2(x[10], x[11]);
1247 z[21] = accum.extract();
1248 accum.mul_x2(x[0], x[22]);
1249 accum.mul_x2(x[1], x[21]);
1250 accum.mul_x2(x[2], x[20]);
1251 accum.mul_x2(x[3], x[19]);
1252 accum.mul_x2(x[4], x[18]);
1253 accum.mul_x2(x[5], x[17]);
1254 accum.mul_x2(x[6], x[16]);
1255 accum.mul_x2(x[7], x[15]);
1256 accum.mul_x2(x[8], x[14]);
1257 accum.mul_x2(x[9], x[13]);
1258 accum.mul_x2(x[10], x[12]);
1259 accum.mul(x[11], x[11]);
1260 z[22] = accum.extract();
1261 accum.mul_x2(x[0], x[23]);
1262 accum.mul_x2(x[1], x[22]);
1263 accum.mul_x2(x[2], x[21]);
1264 accum.mul_x2(x[3], x[20]);
1265 accum.mul_x2(x[4], x[19]);
1266 accum.mul_x2(x[5], x[18]);
1267 accum.mul_x2(x[6], x[17]);
1268 accum.mul_x2(x[7], x[16]);
1269 accum.mul_x2(x[8], x[15]);
1270 accum.mul_x2(x[9], x[14]);
1271 accum.mul_x2(x[10], x[13]);
1272 accum.mul_x2(x[11], x[12]);
1273 z[23] = accum.extract();
1274 accum.mul_x2(x[1], x[23]);
1275 accum.mul_x2(x[2], x[22]);
1276 accum.mul_x2(x[3], x[21]);
1277 accum.mul_x2(x[4], x[20]);
1278 accum.mul_x2(x[5], x[19]);
1279 accum.mul_x2(x[6], x[18]);
1280 accum.mul_x2(x[7], x[17]);
1281 accum.mul_x2(x[8], x[16]);
1282 accum.mul_x2(x[9], x[15]);
1283 accum.mul_x2(x[10], x[14]);
1284 accum.mul_x2(x[11], x[13]);
1285 accum.mul(x[12], x[12]);
1286 z[24] = accum.extract();
1287 accum.mul_x2(x[2], x[23]);
1288 accum.mul_x2(x[3], x[22]);
1289 accum.mul_x2(x[4], x[21]);
1290 accum.mul_x2(x[5], x[20]);
1291 accum.mul_x2(x[6], x[19]);
1292 accum.mul_x2(x[7], x[18]);
1293 accum.mul_x2(x[8], x[17]);
1294 accum.mul_x2(x[9], x[16]);
1295 accum.mul_x2(x[10], x[15]);
1296 accum.mul_x2(x[11], x[14]);
1297 accum.mul_x2(x[12], x[13]);
1298 z[25] = accum.extract();
1299 accum.mul_x2(x[3], x[23]);
1300 accum.mul_x2(x[4], x[22]);
1301 accum.mul_x2(x[5], x[21]);
1302 accum.mul_x2(x[6], x[20]);
1303 accum.mul_x2(x[7], x[19]);
1304 accum.mul_x2(x[8], x[18]);
1305 accum.mul_x2(x[9], x[17]);
1306 accum.mul_x2(x[10], x[16]);
1307 accum.mul_x2(x[11], x[15]);
1308 accum.mul_x2(x[12], x[14]);
1309 accum.mul(x[13], x[13]);
1310 z[26] = accum.extract();
1311 accum.mul_x2(x[4], x[23]);
1312 accum.mul_x2(x[5], x[22]);
1313 accum.mul_x2(x[6], x[21]);
1314 accum.mul_x2(x[7], x[20]);
1315 accum.mul_x2(x[8], x[19]);
1316 accum.mul_x2(x[9], x[18]);
1317 accum.mul_x2(x[10], x[17]);
1318 accum.mul_x2(x[11], x[16]);
1319 accum.mul_x2(x[12], x[15]);
1320 accum.mul_x2(x[13], x[14]);
1321 z[27] = accum.extract();
1322 accum.mul_x2(x[5], x[23]);
1323 accum.mul_x2(x[6], x[22]);
1324 accum.mul_x2(x[7], x[21]);
1325 accum.mul_x2(x[8], x[20]);
1326 accum.mul_x2(x[9], x[19]);
1327 accum.mul_x2(x[10], x[18]);
1328 accum.mul_x2(x[11], x[17]);
1329 accum.mul_x2(x[12], x[16]);
1330 accum.mul_x2(x[13], x[15]);
1331 accum.mul(x[14], x[14]);
1332 z[28] = accum.extract();
1333 accum.mul_x2(x[6], x[23]);
1334 accum.mul_x2(x[7], x[22]);
1335 accum.mul_x2(x[8], x[21]);
1336 accum.mul_x2(x[9], x[20]);
1337 accum.mul_x2(x[10], x[19]);
1338 accum.mul_x2(x[11], x[18]);
1339 accum.mul_x2(x[12], x[17]);
1340 accum.mul_x2(x[13], x[16]);
1341 accum.mul_x2(x[14], x[15]);
1342 z[29] = accum.extract();
1343 accum.mul_x2(x[7], x[23]);
1344 accum.mul_x2(x[8], x[22]);
1345 accum.mul_x2(x[9], x[21]);
1346 accum.mul_x2(x[10], x[20]);
1347 accum.mul_x2(x[11], x[19]);
1348 accum.mul_x2(x[12], x[18]);
1349 accum.mul_x2(x[13], x[17]);
1350 accum.mul_x2(x[14], x[16]);
1351 accum.mul(x[15], x[15]);
1352 z[30] = accum.extract();
1353 accum.mul_x2(x[8], x[23]);
1354 accum.mul_x2(x[9], x[22]);
1355 accum.mul_x2(x[10], x[21]);
1356 accum.mul_x2(x[11], x[20]);
1357 accum.mul_x2(x[12], x[19]);
1358 accum.mul_x2(x[13], x[18]);
1359 accum.mul_x2(x[14], x[17]);
1360 accum.mul_x2(x[15], x[16]);
1361 z[31] = accum.extract();
1362 accum.mul_x2(x[9], x[23]);
1363 accum.mul_x2(x[10], x[22]);
1364 accum.mul_x2(x[11], x[21]);
1365 accum.mul_x2(x[12], x[20]);
1366 accum.mul_x2(x[13], x[19]);
1367 accum.mul_x2(x[14], x[18]);
1368 accum.mul_x2(x[15], x[17]);
1369 accum.mul(x[16], x[16]);
1370 z[32] = accum.extract();
1371 accum.mul_x2(x[10], x[23]);
1372 accum.mul_x2(x[11], x[22]);
1373 accum.mul_x2(x[12], x[21]);
1374 accum.mul_x2(x[13], x[20]);
1375 accum.mul_x2(x[14], x[19]);
1376 accum.mul_x2(x[15], x[18]);
1377 accum.mul_x2(x[16], x[17]);
1378 z[33] = accum.extract();
1379 accum.mul_x2(x[11], x[23]);
1380 accum.mul_x2(x[12], x[22]);
1381 accum.mul_x2(x[13], x[21]);
1382 accum.mul_x2(x[14], x[20]);
1383 accum.mul_x2(x[15], x[19]);
1384 accum.mul_x2(x[16], x[18]);
1385 accum.mul(x[17], x[17]);
1386 z[34] = accum.extract();
1387 accum.mul_x2(x[12], x[23]);
1388 accum.mul_x2(x[13], x[22]);
1389 accum.mul_x2(x[14], x[21]);
1390 accum.mul_x2(x[15], x[20]);
1391 accum.mul_x2(x[16], x[19]);
1392 accum.mul_x2(x[17], x[18]);
1393 z[35] = accum.extract();
1394 accum.mul_x2(x[13], x[23]);
1395 accum.mul_x2(x[14], x[22]);
1396 accum.mul_x2(x[15], x[21]);
1397 accum.mul_x2(x[16], x[20]);
1398 accum.mul_x2(x[17], x[19]);
1399 accum.mul(x[18], x[18]);
1400 z[36] = accum.extract();
1401 accum.mul_x2(x[14], x[23]);
1402 accum.mul_x2(x[15], x[22]);
1403 accum.mul_x2(x[16], x[21]);
1404 accum.mul_x2(x[17], x[20]);
1405 accum.mul_x2(x[18], x[19]);
1406 z[37] = accum.extract();
1407 accum.mul_x2(x[15], x[23]);
1408 accum.mul_x2(x[16], x[22]);
1409 accum.mul_x2(x[17], x[21]);
1410 accum.mul_x2(x[18], x[20]);
1411 accum.mul(x[19], x[19]);
1412 z[38] = accum.extract();
1413 accum.mul_x2(x[16], x[23]);
1414 accum.mul_x2(x[17], x[22]);
1415 accum.mul_x2(x[18], x[21]);
1416 accum.mul_x2(x[19], x[20]);
1417 z[39] = accum.extract();
1418 accum.mul_x2(x[17], x[23]);
1419 accum.mul_x2(x[18], x[22]);
1420 accum.mul_x2(x[19], x[21]);
1421 accum.mul(x[20], x[20]);
1422 z[40] = accum.extract();
1423 accum.mul_x2(x[18], x[23]);
1424 accum.mul_x2(x[19], x[22]);
1425 accum.mul_x2(x[20], x[21]);
1426 z[41] = accum.extract();
1427 accum.mul_x2(x[19], x[23]);
1428 accum.mul_x2(x[20], x[22]);
1429 accum.mul(x[21], x[21]);
1430 z[42] = accum.extract();
1431 accum.mul_x2(x[20], x[23]);
1432 accum.mul_x2(x[21], x[22]);
1433 z[43] = accum.extract();
1434 accum.mul_x2(x[21], x[23]);
1435 accum.mul(x[22], x[22]);
1436 z[44] = accum.extract();
1437 accum.mul_x2(x[22], x[23]);
1438 z[45] = accum.extract();
1439 accum.mul(x[23], x[23]);
1440 z[46] = accum.extract();
1441 z[47] = accum.extract();
1442}
1443
1444/*
1445* Comba 24x24 Multiplication
1446*/
1447void bigint_comba_mul24(word z[48], const word x[24], const word y[24]) {
1448 word3<word> accum;
1449
1450 accum.mul(x[0], y[0]);
1451 z[0] = accum.extract();
1452 accum.mul(x[0], y[1]);
1453 accum.mul(x[1], y[0]);
1454 z[1] = accum.extract();
1455 accum.mul(x[0], y[2]);
1456 accum.mul(x[1], y[1]);
1457 accum.mul(x[2], y[0]);
1458 z[2] = accum.extract();
1459 accum.mul(x[0], y[3]);
1460 accum.mul(x[1], y[2]);
1461 accum.mul(x[2], y[1]);
1462 accum.mul(x[3], y[0]);
1463 z[3] = accum.extract();
1464 accum.mul(x[0], y[4]);
1465 accum.mul(x[1], y[3]);
1466 accum.mul(x[2], y[2]);
1467 accum.mul(x[3], y[1]);
1468 accum.mul(x[4], y[0]);
1469 z[4] = accum.extract();
1470 accum.mul(x[0], y[5]);
1471 accum.mul(x[1], y[4]);
1472 accum.mul(x[2], y[3]);
1473 accum.mul(x[3], y[2]);
1474 accum.mul(x[4], y[1]);
1475 accum.mul(x[5], y[0]);
1476 z[5] = accum.extract();
1477 accum.mul(x[0], y[6]);
1478 accum.mul(x[1], y[5]);
1479 accum.mul(x[2], y[4]);
1480 accum.mul(x[3], y[3]);
1481 accum.mul(x[4], y[2]);
1482 accum.mul(x[5], y[1]);
1483 accum.mul(x[6], y[0]);
1484 z[6] = accum.extract();
1485 accum.mul(x[0], y[7]);
1486 accum.mul(x[1], y[6]);
1487 accum.mul(x[2], y[5]);
1488 accum.mul(x[3], y[4]);
1489 accum.mul(x[4], y[3]);
1490 accum.mul(x[5], y[2]);
1491 accum.mul(x[6], y[1]);
1492 accum.mul(x[7], y[0]);
1493 z[7] = accum.extract();
1494 accum.mul(x[0], y[8]);
1495 accum.mul(x[1], y[7]);
1496 accum.mul(x[2], y[6]);
1497 accum.mul(x[3], y[5]);
1498 accum.mul(x[4], y[4]);
1499 accum.mul(x[5], y[3]);
1500 accum.mul(x[6], y[2]);
1501 accum.mul(x[7], y[1]);
1502 accum.mul(x[8], y[0]);
1503 z[8] = accum.extract();
1504 accum.mul(x[0], y[9]);
1505 accum.mul(x[1], y[8]);
1506 accum.mul(x[2], y[7]);
1507 accum.mul(x[3], y[6]);
1508 accum.mul(x[4], y[5]);
1509 accum.mul(x[5], y[4]);
1510 accum.mul(x[6], y[3]);
1511 accum.mul(x[7], y[2]);
1512 accum.mul(x[8], y[1]);
1513 accum.mul(x[9], y[0]);
1514 z[9] = accum.extract();
1515 accum.mul(x[0], y[10]);
1516 accum.mul(x[1], y[9]);
1517 accum.mul(x[2], y[8]);
1518 accum.mul(x[3], y[7]);
1519 accum.mul(x[4], y[6]);
1520 accum.mul(x[5], y[5]);
1521 accum.mul(x[6], y[4]);
1522 accum.mul(x[7], y[3]);
1523 accum.mul(x[8], y[2]);
1524 accum.mul(x[9], y[1]);
1525 accum.mul(x[10], y[0]);
1526 z[10] = accum.extract();
1527 accum.mul(x[0], y[11]);
1528 accum.mul(x[1], y[10]);
1529 accum.mul(x[2], y[9]);
1530 accum.mul(x[3], y[8]);
1531 accum.mul(x[4], y[7]);
1532 accum.mul(x[5], y[6]);
1533 accum.mul(x[6], y[5]);
1534 accum.mul(x[7], y[4]);
1535 accum.mul(x[8], y[3]);
1536 accum.mul(x[9], y[2]);
1537 accum.mul(x[10], y[1]);
1538 accum.mul(x[11], y[0]);
1539 z[11] = accum.extract();
1540 accum.mul(x[0], y[12]);
1541 accum.mul(x[1], y[11]);
1542 accum.mul(x[2], y[10]);
1543 accum.mul(x[3], y[9]);
1544 accum.mul(x[4], y[8]);
1545 accum.mul(x[5], y[7]);
1546 accum.mul(x[6], y[6]);
1547 accum.mul(x[7], y[5]);
1548 accum.mul(x[8], y[4]);
1549 accum.mul(x[9], y[3]);
1550 accum.mul(x[10], y[2]);
1551 accum.mul(x[11], y[1]);
1552 accum.mul(x[12], y[0]);
1553 z[12] = accum.extract();
1554 accum.mul(x[0], y[13]);
1555 accum.mul(x[1], y[12]);
1556 accum.mul(x[2], y[11]);
1557 accum.mul(x[3], y[10]);
1558 accum.mul(x[4], y[9]);
1559 accum.mul(x[5], y[8]);
1560 accum.mul(x[6], y[7]);
1561 accum.mul(x[7], y[6]);
1562 accum.mul(x[8], y[5]);
1563 accum.mul(x[9], y[4]);
1564 accum.mul(x[10], y[3]);
1565 accum.mul(x[11], y[2]);
1566 accum.mul(x[12], y[1]);
1567 accum.mul(x[13], y[0]);
1568 z[13] = accum.extract();
1569 accum.mul(x[0], y[14]);
1570 accum.mul(x[1], y[13]);
1571 accum.mul(x[2], y[12]);
1572 accum.mul(x[3], y[11]);
1573 accum.mul(x[4], y[10]);
1574 accum.mul(x[5], y[9]);
1575 accum.mul(x[6], y[8]);
1576 accum.mul(x[7], y[7]);
1577 accum.mul(x[8], y[6]);
1578 accum.mul(x[9], y[5]);
1579 accum.mul(x[10], y[4]);
1580 accum.mul(x[11], y[3]);
1581 accum.mul(x[12], y[2]);
1582 accum.mul(x[13], y[1]);
1583 accum.mul(x[14], y[0]);
1584 z[14] = accum.extract();
1585 accum.mul(x[0], y[15]);
1586 accum.mul(x[1], y[14]);
1587 accum.mul(x[2], y[13]);
1588 accum.mul(x[3], y[12]);
1589 accum.mul(x[4], y[11]);
1590 accum.mul(x[5], y[10]);
1591 accum.mul(x[6], y[9]);
1592 accum.mul(x[7], y[8]);
1593 accum.mul(x[8], y[7]);
1594 accum.mul(x[9], y[6]);
1595 accum.mul(x[10], y[5]);
1596 accum.mul(x[11], y[4]);
1597 accum.mul(x[12], y[3]);
1598 accum.mul(x[13], y[2]);
1599 accum.mul(x[14], y[1]);
1600 accum.mul(x[15], y[0]);
1601 z[15] = accum.extract();
1602 accum.mul(x[0], y[16]);
1603 accum.mul(x[1], y[15]);
1604 accum.mul(x[2], y[14]);
1605 accum.mul(x[3], y[13]);
1606 accum.mul(x[4], y[12]);
1607 accum.mul(x[5], y[11]);
1608 accum.mul(x[6], y[10]);
1609 accum.mul(x[7], y[9]);
1610 accum.mul(x[8], y[8]);
1611 accum.mul(x[9], y[7]);
1612 accum.mul(x[10], y[6]);
1613 accum.mul(x[11], y[5]);
1614 accum.mul(x[12], y[4]);
1615 accum.mul(x[13], y[3]);
1616 accum.mul(x[14], y[2]);
1617 accum.mul(x[15], y[1]);
1618 accum.mul(x[16], y[0]);
1619 z[16] = accum.extract();
1620 accum.mul(x[0], y[17]);
1621 accum.mul(x[1], y[16]);
1622 accum.mul(x[2], y[15]);
1623 accum.mul(x[3], y[14]);
1624 accum.mul(x[4], y[13]);
1625 accum.mul(x[5], y[12]);
1626 accum.mul(x[6], y[11]);
1627 accum.mul(x[7], y[10]);
1628 accum.mul(x[8], y[9]);
1629 accum.mul(x[9], y[8]);
1630 accum.mul(x[10], y[7]);
1631 accum.mul(x[11], y[6]);
1632 accum.mul(x[12], y[5]);
1633 accum.mul(x[13], y[4]);
1634 accum.mul(x[14], y[3]);
1635 accum.mul(x[15], y[2]);
1636 accum.mul(x[16], y[1]);
1637 accum.mul(x[17], y[0]);
1638 z[17] = accum.extract();
1639 accum.mul(x[0], y[18]);
1640 accum.mul(x[1], y[17]);
1641 accum.mul(x[2], y[16]);
1642 accum.mul(x[3], y[15]);
1643 accum.mul(x[4], y[14]);
1644 accum.mul(x[5], y[13]);
1645 accum.mul(x[6], y[12]);
1646 accum.mul(x[7], y[11]);
1647 accum.mul(x[8], y[10]);
1648 accum.mul(x[9], y[9]);
1649 accum.mul(x[10], y[8]);
1650 accum.mul(x[11], y[7]);
1651 accum.mul(x[12], y[6]);
1652 accum.mul(x[13], y[5]);
1653 accum.mul(x[14], y[4]);
1654 accum.mul(x[15], y[3]);
1655 accum.mul(x[16], y[2]);
1656 accum.mul(x[17], y[1]);
1657 accum.mul(x[18], y[0]);
1658 z[18] = accum.extract();
1659 accum.mul(x[0], y[19]);
1660 accum.mul(x[1], y[18]);
1661 accum.mul(x[2], y[17]);
1662 accum.mul(x[3], y[16]);
1663 accum.mul(x[4], y[15]);
1664 accum.mul(x[5], y[14]);
1665 accum.mul(x[6], y[13]);
1666 accum.mul(x[7], y[12]);
1667 accum.mul(x[8], y[11]);
1668 accum.mul(x[9], y[10]);
1669 accum.mul(x[10], y[9]);
1670 accum.mul(x[11], y[8]);
1671 accum.mul(x[12], y[7]);
1672 accum.mul(x[13], y[6]);
1673 accum.mul(x[14], y[5]);
1674 accum.mul(x[15], y[4]);
1675 accum.mul(x[16], y[3]);
1676 accum.mul(x[17], y[2]);
1677 accum.mul(x[18], y[1]);
1678 accum.mul(x[19], y[0]);
1679 z[19] = accum.extract();
1680 accum.mul(x[0], y[20]);
1681 accum.mul(x[1], y[19]);
1682 accum.mul(x[2], y[18]);
1683 accum.mul(x[3], y[17]);
1684 accum.mul(x[4], y[16]);
1685 accum.mul(x[5], y[15]);
1686 accum.mul(x[6], y[14]);
1687 accum.mul(x[7], y[13]);
1688 accum.mul(x[8], y[12]);
1689 accum.mul(x[9], y[11]);
1690 accum.mul(x[10], y[10]);
1691 accum.mul(x[11], y[9]);
1692 accum.mul(x[12], y[8]);
1693 accum.mul(x[13], y[7]);
1694 accum.mul(x[14], y[6]);
1695 accum.mul(x[15], y[5]);
1696 accum.mul(x[16], y[4]);
1697 accum.mul(x[17], y[3]);
1698 accum.mul(x[18], y[2]);
1699 accum.mul(x[19], y[1]);
1700 accum.mul(x[20], y[0]);
1701 z[20] = accum.extract();
1702 accum.mul(x[0], y[21]);
1703 accum.mul(x[1], y[20]);
1704 accum.mul(x[2], y[19]);
1705 accum.mul(x[3], y[18]);
1706 accum.mul(x[4], y[17]);
1707 accum.mul(x[5], y[16]);
1708 accum.mul(x[6], y[15]);
1709 accum.mul(x[7], y[14]);
1710 accum.mul(x[8], y[13]);
1711 accum.mul(x[9], y[12]);
1712 accum.mul(x[10], y[11]);
1713 accum.mul(x[11], y[10]);
1714 accum.mul(x[12], y[9]);
1715 accum.mul(x[13], y[8]);
1716 accum.mul(x[14], y[7]);
1717 accum.mul(x[15], y[6]);
1718 accum.mul(x[16], y[5]);
1719 accum.mul(x[17], y[4]);
1720 accum.mul(x[18], y[3]);
1721 accum.mul(x[19], y[2]);
1722 accum.mul(x[20], y[1]);
1723 accum.mul(x[21], y[0]);
1724 z[21] = accum.extract();
1725 accum.mul(x[0], y[22]);
1726 accum.mul(x[1], y[21]);
1727 accum.mul(x[2], y[20]);
1728 accum.mul(x[3], y[19]);
1729 accum.mul(x[4], y[18]);
1730 accum.mul(x[5], y[17]);
1731 accum.mul(x[6], y[16]);
1732 accum.mul(x[7], y[15]);
1733 accum.mul(x[8], y[14]);
1734 accum.mul(x[9], y[13]);
1735 accum.mul(x[10], y[12]);
1736 accum.mul(x[11], y[11]);
1737 accum.mul(x[12], y[10]);
1738 accum.mul(x[13], y[9]);
1739 accum.mul(x[14], y[8]);
1740 accum.mul(x[15], y[7]);
1741 accum.mul(x[16], y[6]);
1742 accum.mul(x[17], y[5]);
1743 accum.mul(x[18], y[4]);
1744 accum.mul(x[19], y[3]);
1745 accum.mul(x[20], y[2]);
1746 accum.mul(x[21], y[1]);
1747 accum.mul(x[22], y[0]);
1748 z[22] = accum.extract();
1749 accum.mul(x[0], y[23]);
1750 accum.mul(x[1], y[22]);
1751 accum.mul(x[2], y[21]);
1752 accum.mul(x[3], y[20]);
1753 accum.mul(x[4], y[19]);
1754 accum.mul(x[5], y[18]);
1755 accum.mul(x[6], y[17]);
1756 accum.mul(x[7], y[16]);
1757 accum.mul(x[8], y[15]);
1758 accum.mul(x[9], y[14]);
1759 accum.mul(x[10], y[13]);
1760 accum.mul(x[11], y[12]);
1761 accum.mul(x[12], y[11]);
1762 accum.mul(x[13], y[10]);
1763 accum.mul(x[14], y[9]);
1764 accum.mul(x[15], y[8]);
1765 accum.mul(x[16], y[7]);
1766 accum.mul(x[17], y[6]);
1767 accum.mul(x[18], y[5]);
1768 accum.mul(x[19], y[4]);
1769 accum.mul(x[20], y[3]);
1770 accum.mul(x[21], y[2]);
1771 accum.mul(x[22], y[1]);
1772 accum.mul(x[23], y[0]);
1773 z[23] = accum.extract();
1774 accum.mul(x[1], y[23]);
1775 accum.mul(x[2], y[22]);
1776 accum.mul(x[3], y[21]);
1777 accum.mul(x[4], y[20]);
1778 accum.mul(x[5], y[19]);
1779 accum.mul(x[6], y[18]);
1780 accum.mul(x[7], y[17]);
1781 accum.mul(x[8], y[16]);
1782 accum.mul(x[9], y[15]);
1783 accum.mul(x[10], y[14]);
1784 accum.mul(x[11], y[13]);
1785 accum.mul(x[12], y[12]);
1786 accum.mul(x[13], y[11]);
1787 accum.mul(x[14], y[10]);
1788 accum.mul(x[15], y[9]);
1789 accum.mul(x[16], y[8]);
1790 accum.mul(x[17], y[7]);
1791 accum.mul(x[18], y[6]);
1792 accum.mul(x[19], y[5]);
1793 accum.mul(x[20], y[4]);
1794 accum.mul(x[21], y[3]);
1795 accum.mul(x[22], y[2]);
1796 accum.mul(x[23], y[1]);
1797 z[24] = accum.extract();
1798 accum.mul(x[2], y[23]);
1799 accum.mul(x[3], y[22]);
1800 accum.mul(x[4], y[21]);
1801 accum.mul(x[5], y[20]);
1802 accum.mul(x[6], y[19]);
1803 accum.mul(x[7], y[18]);
1804 accum.mul(x[8], y[17]);
1805 accum.mul(x[9], y[16]);
1806 accum.mul(x[10], y[15]);
1807 accum.mul(x[11], y[14]);
1808 accum.mul(x[12], y[13]);
1809 accum.mul(x[13], y[12]);
1810 accum.mul(x[14], y[11]);
1811 accum.mul(x[15], y[10]);
1812 accum.mul(x[16], y[9]);
1813 accum.mul(x[17], y[8]);
1814 accum.mul(x[18], y[7]);
1815 accum.mul(x[19], y[6]);
1816 accum.mul(x[20], y[5]);
1817 accum.mul(x[21], y[4]);
1818 accum.mul(x[22], y[3]);
1819 accum.mul(x[23], y[2]);
1820 z[25] = accum.extract();
1821 accum.mul(x[3], y[23]);
1822 accum.mul(x[4], y[22]);
1823 accum.mul(x[5], y[21]);
1824 accum.mul(x[6], y[20]);
1825 accum.mul(x[7], y[19]);
1826 accum.mul(x[8], y[18]);
1827 accum.mul(x[9], y[17]);
1828 accum.mul(x[10], y[16]);
1829 accum.mul(x[11], y[15]);
1830 accum.mul(x[12], y[14]);
1831 accum.mul(x[13], y[13]);
1832 accum.mul(x[14], y[12]);
1833 accum.mul(x[15], y[11]);
1834 accum.mul(x[16], y[10]);
1835 accum.mul(x[17], y[9]);
1836 accum.mul(x[18], y[8]);
1837 accum.mul(x[19], y[7]);
1838 accum.mul(x[20], y[6]);
1839 accum.mul(x[21], y[5]);
1840 accum.mul(x[22], y[4]);
1841 accum.mul(x[23], y[3]);
1842 z[26] = accum.extract();
1843 accum.mul(x[4], y[23]);
1844 accum.mul(x[5], y[22]);
1845 accum.mul(x[6], y[21]);
1846 accum.mul(x[7], y[20]);
1847 accum.mul(x[8], y[19]);
1848 accum.mul(x[9], y[18]);
1849 accum.mul(x[10], y[17]);
1850 accum.mul(x[11], y[16]);
1851 accum.mul(x[12], y[15]);
1852 accum.mul(x[13], y[14]);
1853 accum.mul(x[14], y[13]);
1854 accum.mul(x[15], y[12]);
1855 accum.mul(x[16], y[11]);
1856 accum.mul(x[17], y[10]);
1857 accum.mul(x[18], y[9]);
1858 accum.mul(x[19], y[8]);
1859 accum.mul(x[20], y[7]);
1860 accum.mul(x[21], y[6]);
1861 accum.mul(x[22], y[5]);
1862 accum.mul(x[23], y[4]);
1863 z[27] = accum.extract();
1864 accum.mul(x[5], y[23]);
1865 accum.mul(x[6], y[22]);
1866 accum.mul(x[7], y[21]);
1867 accum.mul(x[8], y[20]);
1868 accum.mul(x[9], y[19]);
1869 accum.mul(x[10], y[18]);
1870 accum.mul(x[11], y[17]);
1871 accum.mul(x[12], y[16]);
1872 accum.mul(x[13], y[15]);
1873 accum.mul(x[14], y[14]);
1874 accum.mul(x[15], y[13]);
1875 accum.mul(x[16], y[12]);
1876 accum.mul(x[17], y[11]);
1877 accum.mul(x[18], y[10]);
1878 accum.mul(x[19], y[9]);
1879 accum.mul(x[20], y[8]);
1880 accum.mul(x[21], y[7]);
1881 accum.mul(x[22], y[6]);
1882 accum.mul(x[23], y[5]);
1883 z[28] = accum.extract();
1884 accum.mul(x[6], y[23]);
1885 accum.mul(x[7], y[22]);
1886 accum.mul(x[8], y[21]);
1887 accum.mul(x[9], y[20]);
1888 accum.mul(x[10], y[19]);
1889 accum.mul(x[11], y[18]);
1890 accum.mul(x[12], y[17]);
1891 accum.mul(x[13], y[16]);
1892 accum.mul(x[14], y[15]);
1893 accum.mul(x[15], y[14]);
1894 accum.mul(x[16], y[13]);
1895 accum.mul(x[17], y[12]);
1896 accum.mul(x[18], y[11]);
1897 accum.mul(x[19], y[10]);
1898 accum.mul(x[20], y[9]);
1899 accum.mul(x[21], y[8]);
1900 accum.mul(x[22], y[7]);
1901 accum.mul(x[23], y[6]);
1902 z[29] = accum.extract();
1903 accum.mul(x[7], y[23]);
1904 accum.mul(x[8], y[22]);
1905 accum.mul(x[9], y[21]);
1906 accum.mul(x[10], y[20]);
1907 accum.mul(x[11], y[19]);
1908 accum.mul(x[12], y[18]);
1909 accum.mul(x[13], y[17]);
1910 accum.mul(x[14], y[16]);
1911 accum.mul(x[15], y[15]);
1912 accum.mul(x[16], y[14]);
1913 accum.mul(x[17], y[13]);
1914 accum.mul(x[18], y[12]);
1915 accum.mul(x[19], y[11]);
1916 accum.mul(x[20], y[10]);
1917 accum.mul(x[21], y[9]);
1918 accum.mul(x[22], y[8]);
1919 accum.mul(x[23], y[7]);
1920 z[30] = accum.extract();
1921 accum.mul(x[8], y[23]);
1922 accum.mul(x[9], y[22]);
1923 accum.mul(x[10], y[21]);
1924 accum.mul(x[11], y[20]);
1925 accum.mul(x[12], y[19]);
1926 accum.mul(x[13], y[18]);
1927 accum.mul(x[14], y[17]);
1928 accum.mul(x[15], y[16]);
1929 accum.mul(x[16], y[15]);
1930 accum.mul(x[17], y[14]);
1931 accum.mul(x[18], y[13]);
1932 accum.mul(x[19], y[12]);
1933 accum.mul(x[20], y[11]);
1934 accum.mul(x[21], y[10]);
1935 accum.mul(x[22], y[9]);
1936 accum.mul(x[23], y[8]);
1937 z[31] = accum.extract();
1938 accum.mul(x[9], y[23]);
1939 accum.mul(x[10], y[22]);
1940 accum.mul(x[11], y[21]);
1941 accum.mul(x[12], y[20]);
1942 accum.mul(x[13], y[19]);
1943 accum.mul(x[14], y[18]);
1944 accum.mul(x[15], y[17]);
1945 accum.mul(x[16], y[16]);
1946 accum.mul(x[17], y[15]);
1947 accum.mul(x[18], y[14]);
1948 accum.mul(x[19], y[13]);
1949 accum.mul(x[20], y[12]);
1950 accum.mul(x[21], y[11]);
1951 accum.mul(x[22], y[10]);
1952 accum.mul(x[23], y[9]);
1953 z[32] = accum.extract();
1954 accum.mul(x[10], y[23]);
1955 accum.mul(x[11], y[22]);
1956 accum.mul(x[12], y[21]);
1957 accum.mul(x[13], y[20]);
1958 accum.mul(x[14], y[19]);
1959 accum.mul(x[15], y[18]);
1960 accum.mul(x[16], y[17]);
1961 accum.mul(x[17], y[16]);
1962 accum.mul(x[18], y[15]);
1963 accum.mul(x[19], y[14]);
1964 accum.mul(x[20], y[13]);
1965 accum.mul(x[21], y[12]);
1966 accum.mul(x[22], y[11]);
1967 accum.mul(x[23], y[10]);
1968 z[33] = accum.extract();
1969 accum.mul(x[11], y[23]);
1970 accum.mul(x[12], y[22]);
1971 accum.mul(x[13], y[21]);
1972 accum.mul(x[14], y[20]);
1973 accum.mul(x[15], y[19]);
1974 accum.mul(x[16], y[18]);
1975 accum.mul(x[17], y[17]);
1976 accum.mul(x[18], y[16]);
1977 accum.mul(x[19], y[15]);
1978 accum.mul(x[20], y[14]);
1979 accum.mul(x[21], y[13]);
1980 accum.mul(x[22], y[12]);
1981 accum.mul(x[23], y[11]);
1982 z[34] = accum.extract();
1983 accum.mul(x[12], y[23]);
1984 accum.mul(x[13], y[22]);
1985 accum.mul(x[14], y[21]);
1986 accum.mul(x[15], y[20]);
1987 accum.mul(x[16], y[19]);
1988 accum.mul(x[17], y[18]);
1989 accum.mul(x[18], y[17]);
1990 accum.mul(x[19], y[16]);
1991 accum.mul(x[20], y[15]);
1992 accum.mul(x[21], y[14]);
1993 accum.mul(x[22], y[13]);
1994 accum.mul(x[23], y[12]);
1995 z[35] = accum.extract();
1996 accum.mul(x[13], y[23]);
1997 accum.mul(x[14], y[22]);
1998 accum.mul(x[15], y[21]);
1999 accum.mul(x[16], y[20]);
2000 accum.mul(x[17], y[19]);
2001 accum.mul(x[18], y[18]);
2002 accum.mul(x[19], y[17]);
2003 accum.mul(x[20], y[16]);
2004 accum.mul(x[21], y[15]);
2005 accum.mul(x[22], y[14]);
2006 accum.mul(x[23], y[13]);
2007 z[36] = accum.extract();
2008 accum.mul(x[14], y[23]);
2009 accum.mul(x[15], y[22]);
2010 accum.mul(x[16], y[21]);
2011 accum.mul(x[17], y[20]);
2012 accum.mul(x[18], y[19]);
2013 accum.mul(x[19], y[18]);
2014 accum.mul(x[20], y[17]);
2015 accum.mul(x[21], y[16]);
2016 accum.mul(x[22], y[15]);
2017 accum.mul(x[23], y[14]);
2018 z[37] = accum.extract();
2019 accum.mul(x[15], y[23]);
2020 accum.mul(x[16], y[22]);
2021 accum.mul(x[17], y[21]);
2022 accum.mul(x[18], y[20]);
2023 accum.mul(x[19], y[19]);
2024 accum.mul(x[20], y[18]);
2025 accum.mul(x[21], y[17]);
2026 accum.mul(x[22], y[16]);
2027 accum.mul(x[23], y[15]);
2028 z[38] = accum.extract();
2029 accum.mul(x[16], y[23]);
2030 accum.mul(x[17], y[22]);
2031 accum.mul(x[18], y[21]);
2032 accum.mul(x[19], y[20]);
2033 accum.mul(x[20], y[19]);
2034 accum.mul(x[21], y[18]);
2035 accum.mul(x[22], y[17]);
2036 accum.mul(x[23], y[16]);
2037 z[39] = accum.extract();
2038 accum.mul(x[17], y[23]);
2039 accum.mul(x[18], y[22]);
2040 accum.mul(x[19], y[21]);
2041 accum.mul(x[20], y[20]);
2042 accum.mul(x[21], y[19]);
2043 accum.mul(x[22], y[18]);
2044 accum.mul(x[23], y[17]);
2045 z[40] = accum.extract();
2046 accum.mul(x[18], y[23]);
2047 accum.mul(x[19], y[22]);
2048 accum.mul(x[20], y[21]);
2049 accum.mul(x[21], y[20]);
2050 accum.mul(x[22], y[19]);
2051 accum.mul(x[23], y[18]);
2052 z[41] = accum.extract();
2053 accum.mul(x[19], y[23]);
2054 accum.mul(x[20], y[22]);
2055 accum.mul(x[21], y[21]);
2056 accum.mul(x[22], y[20]);
2057 accum.mul(x[23], y[19]);
2058 z[42] = accum.extract();
2059 accum.mul(x[20], y[23]);
2060 accum.mul(x[21], y[22]);
2061 accum.mul(x[22], y[21]);
2062 accum.mul(x[23], y[20]);
2063 z[43] = accum.extract();
2064 accum.mul(x[21], y[23]);
2065 accum.mul(x[22], y[22]);
2066 accum.mul(x[23], y[21]);
2067 z[44] = accum.extract();
2068 accum.mul(x[22], y[23]);
2069 accum.mul(x[23], y[22]);
2070 z[45] = accum.extract();
2071 accum.mul(x[23], y[23]);
2072 z[46] = accum.extract();
2073 z[47] = accum.extract();
2074}
2075
2076} // namespace Botan
Botan::word3::extract
constexpr W extract()
Definition mp_asmi.h:610
Botan::word3::mul
constexpr void mul(W x, W y)
Definition mp_asmi.h:495
Botan::word3::mul_x2
constexpr void mul_x2(W x, W y)
Definition mp_asmi.h:542
Botan::bigint_comba_sqr4
void bigint_comba_sqr4(word z[8], const word x[4])
Definition mp_comba.cpp:17
Botan::bigint_comba_sqr6
void bigint_comba_sqr6(word z[12], const word x[6])
Definition mp_comba.cpp:75
Botan::bigint_comba_sqr7
void bigint_comba_sqr7(word z[14], const word x[7])
Definition mp_comba.cpp:172
Botan::bigint_comba_mul4
void bigint_comba_mul4(word z[8], const word x[4], const word y[4])
Definition mp_comba.cpp:43
Botan::bigint_comba_mul16
void bigint_comba_mul16(word z[32], const word x[16], const word y[16])
Definition mp_comba.cpp:795
Botan::bigint_comba_mul6
void bigint_comba_mul6(word z[12], const word x[6], const word y[6])
Definition mp_comba.cpp:116
Botan::bigint_comba_mul7
void bigint_comba_mul7(word z[14], const word x[7], const word y[7])
Definition mp_comba.cpp:222
Botan::bigint_comba_mul9
void bigint_comba_mul9(word z[18], const word x[9], const word y[9])
Definition mp_comba.cpp:512
Botan::bigint_comba_mul24
void bigint_comba_mul24(word z[48], const word x[24], const word y[24])
Definition mp_comba.cpp:1447
Botan::bigint_comba_sqr8
void bigint_comba_sqr8(word z[16], const word x[8])
Definition mp_comba.cpp:293
Botan::bigint_comba_sqr16
void bigint_comba_sqr16(word z[32], const word x[16])
Definition mp_comba.cpp:619
Botan::bigint_comba_sqr9
void bigint_comba_sqr9(word z[18], const word x[9])
Definition mp_comba.cpp:441
Botan::word
std::conditional_t< HasNative64BitRegisters, std::uint64_t, uint32_t > word
Definition types.h:119
Botan::bigint_comba_sqr24
void bigint_comba_sqr24(word z[48], const word x[24])
Definition mp_comba.cpp:1091
Botan::bigint_comba_mul8
void bigint_comba_mul8(word z[16], const word x[8], const word y[8])
Definition mp_comba.cpp:353
Generated by doxygen 1.16.1