Botan 3.10.0
Crypto and TLS for C&
mp_monty_n.cpp
Go to the documentation of this file.
1/*
2* This file was automatically generated by ./src/scripts/dev_tools/gen_mp_monty.py on 2025-11-02
3* All manual changes will be lost. Edit the script instead.
4*
5* Botan is released under the Simplified BSD License (see license.txt)
6*/
7
8#include <botan/internal/mp_core.h>
9
10namespace Botan {
11
12void bigint_monty_redc_4(word r[4], const word z[8], const word p[4], word p_dash, word ws[4]) {
13 word3<word> accum;
14 accum.add(z[0]);
15 ws[0] = accum.monty_step(p[0], p_dash);
16 accum.mul(ws[0], p[1]);
17 accum.add(z[1]);
18 ws[1] = accum.monty_step(p[0], p_dash);
19 accum.mul(ws[0], p[2]);
20 accum.mul(ws[1], p[1]);
21 accum.add(z[2]);
22 ws[2] = accum.monty_step(p[0], p_dash);
23 accum.mul(ws[0], p[3]);
24 accum.mul(ws[1], p[2]);
25 accum.mul(ws[2], p[1]);
26 accum.add(z[3]);
27 ws[3] = accum.monty_step(p[0], p_dash);
28 accum.mul(ws[1], p[3]);
29 accum.mul(ws[2], p[2]);
30 accum.mul(ws[3], p[1]);
31 accum.add(z[4]);
32 ws[0] = accum.extract();
33 accum.mul(ws[2], p[3]);
34 accum.mul(ws[3], p[2]);
35 accum.add(z[5]);
36 ws[1] = accum.extract();
37 accum.mul(ws[3], p[3]);
38 accum.add(z[6]);
39 ws[2] = accum.extract();
40 accum.add(z[7]);
41 ws[3] = accum.extract();
42 word w1 = accum.extract();
43 bigint_monty_maybe_sub<4>(r, w1, ws, p);
44}
45
46void bigint_monty_redc_6(word r[6], const word z[12], const word p[6], word p_dash, word ws[6]) {
47 word3<word> accum;
48 accum.add(z[0]);
49 ws[0] = accum.monty_step(p[0], p_dash);
50 accum.mul(ws[0], p[1]);
51 accum.add(z[1]);
52 ws[1] = accum.monty_step(p[0], p_dash);
53 accum.mul(ws[0], p[2]);
54 accum.mul(ws[1], p[1]);
55 accum.add(z[2]);
56 ws[2] = accum.monty_step(p[0], p_dash);
57 accum.mul(ws[0], p[3]);
58 accum.mul(ws[1], p[2]);
59 accum.mul(ws[2], p[1]);
60 accum.add(z[3]);
61 ws[3] = accum.monty_step(p[0], p_dash);
62 accum.mul(ws[0], p[4]);
63 accum.mul(ws[1], p[3]);
64 accum.mul(ws[2], p[2]);
65 accum.mul(ws[3], p[1]);
66 accum.add(z[4]);
67 ws[4] = accum.monty_step(p[0], p_dash);
68 accum.mul(ws[0], p[5]);
69 accum.mul(ws[1], p[4]);
70 accum.mul(ws[2], p[3]);
71 accum.mul(ws[3], p[2]);
72 accum.mul(ws[4], p[1]);
73 accum.add(z[5]);
74 ws[5] = accum.monty_step(p[0], p_dash);
75 accum.mul(ws[1], p[5]);
76 accum.mul(ws[2], p[4]);
77 accum.mul(ws[3], p[3]);
78 accum.mul(ws[4], p[2]);
79 accum.mul(ws[5], p[1]);
80 accum.add(z[6]);
81 ws[0] = accum.extract();
82 accum.mul(ws[2], p[5]);
83 accum.mul(ws[3], p[4]);
84 accum.mul(ws[4], p[3]);
85 accum.mul(ws[5], p[2]);
86 accum.add(z[7]);
87 ws[1] = accum.extract();
88 accum.mul(ws[3], p[5]);
89 accum.mul(ws[4], p[4]);
90 accum.mul(ws[5], p[3]);
91 accum.add(z[8]);
92 ws[2] = accum.extract();
93 accum.mul(ws[4], p[5]);
94 accum.mul(ws[5], p[4]);
95 accum.add(z[9]);
96 ws[3] = accum.extract();
97 accum.mul(ws[5], p[5]);
98 accum.add(z[10]);
99 ws[4] = accum.extract();
100 accum.add(z[11]);
101 ws[5] = accum.extract();
102 word w1 = accum.extract();
103 bigint_monty_maybe_sub<6>(r, w1, ws, p);
104}
105
106void bigint_monty_redc_8(word r[8], const word z[16], const word p[8], word p_dash, word ws[8]) {
107 word3<word> accum;
108 accum.add(z[0]);
109 ws[0] = accum.monty_step(p[0], p_dash);
110 accum.mul(ws[0], p[1]);
111 accum.add(z[1]);
112 ws[1] = accum.monty_step(p[0], p_dash);
113 accum.mul(ws[0], p[2]);
114 accum.mul(ws[1], p[1]);
115 accum.add(z[2]);
116 ws[2] = accum.monty_step(p[0], p_dash);
117 accum.mul(ws[0], p[3]);
118 accum.mul(ws[1], p[2]);
119 accum.mul(ws[2], p[1]);
120 accum.add(z[3]);
121 ws[3] = accum.monty_step(p[0], p_dash);
122 accum.mul(ws[0], p[4]);
123 accum.mul(ws[1], p[3]);
124 accum.mul(ws[2], p[2]);
125 accum.mul(ws[3], p[1]);
126 accum.add(z[4]);
127 ws[4] = accum.monty_step(p[0], p_dash);
128 accum.mul(ws[0], p[5]);
129 accum.mul(ws[1], p[4]);
130 accum.mul(ws[2], p[3]);
131 accum.mul(ws[3], p[2]);
132 accum.mul(ws[4], p[1]);
133 accum.add(z[5]);
134 ws[5] = accum.monty_step(p[0], p_dash);
135 accum.mul(ws[0], p[6]);
136 accum.mul(ws[1], p[5]);
137 accum.mul(ws[2], p[4]);
138 accum.mul(ws[3], p[3]);
139 accum.mul(ws[4], p[2]);
140 accum.mul(ws[5], p[1]);
141 accum.add(z[6]);
142 ws[6] = accum.monty_step(p[0], p_dash);
143 accum.mul(ws[0], p[7]);
144 accum.mul(ws[1], p[6]);
145 accum.mul(ws[2], p[5]);
146 accum.mul(ws[3], p[4]);
147 accum.mul(ws[4], p[3]);
148 accum.mul(ws[5], p[2]);
149 accum.mul(ws[6], p[1]);
150 accum.add(z[7]);
151 ws[7] = accum.monty_step(p[0], p_dash);
152 accum.mul(ws[1], p[7]);
153 accum.mul(ws[2], p[6]);
154 accum.mul(ws[3], p[5]);
155 accum.mul(ws[4], p[4]);
156 accum.mul(ws[5], p[3]);
157 accum.mul(ws[6], p[2]);
158 accum.mul(ws[7], p[1]);
159 accum.add(z[8]);
160 ws[0] = accum.extract();
161 accum.mul(ws[2], p[7]);
162 accum.mul(ws[3], p[6]);
163 accum.mul(ws[4], p[5]);
164 accum.mul(ws[5], p[4]);
165 accum.mul(ws[6], p[3]);
166 accum.mul(ws[7], p[2]);
167 accum.add(z[9]);
168 ws[1] = accum.extract();
169 accum.mul(ws[3], p[7]);
170 accum.mul(ws[4], p[6]);
171 accum.mul(ws[5], p[5]);
172 accum.mul(ws[6], p[4]);
173 accum.mul(ws[7], p[3]);
174 accum.add(z[10]);
175 ws[2] = accum.extract();
176 accum.mul(ws[4], p[7]);
177 accum.mul(ws[5], p[6]);
178 accum.mul(ws[6], p[5]);
179 accum.mul(ws[7], p[4]);
180 accum.add(z[11]);
181 ws[3] = accum.extract();
182 accum.mul(ws[5], p[7]);
183 accum.mul(ws[6], p[6]);
184 accum.mul(ws[7], p[5]);
185 accum.add(z[12]);
186 ws[4] = accum.extract();
187 accum.mul(ws[6], p[7]);
188 accum.mul(ws[7], p[6]);
189 accum.add(z[13]);
190 ws[5] = accum.extract();
191 accum.mul(ws[7], p[7]);
192 accum.add(z[14]);
193 ws[6] = accum.extract();
194 accum.add(z[15]);
195 ws[7] = accum.extract();
196 word w1 = accum.extract();
197 bigint_monty_maybe_sub<8>(r, w1, ws, p);
198}
199
200void bigint_monty_redc_12(word r[12], const word z[24], const word p[12], word p_dash, word ws[12]) {
201 word3<word> accum;
202 accum.add(z[0]);
203 ws[0] = accum.monty_step(p[0], p_dash);
204 accum.mul(ws[0], p[1]);
205 accum.add(z[1]);
206 ws[1] = accum.monty_step(p[0], p_dash);
207 accum.mul(ws[0], p[2]);
208 accum.mul(ws[1], p[1]);
209 accum.add(z[2]);
210 ws[2] = accum.monty_step(p[0], p_dash);
211 accum.mul(ws[0], p[3]);
212 accum.mul(ws[1], p[2]);
213 accum.mul(ws[2], p[1]);
214 accum.add(z[3]);
215 ws[3] = accum.monty_step(p[0], p_dash);
216 accum.mul(ws[0], p[4]);
217 accum.mul(ws[1], p[3]);
218 accum.mul(ws[2], p[2]);
219 accum.mul(ws[3], p[1]);
220 accum.add(z[4]);
221 ws[4] = accum.monty_step(p[0], p_dash);
222 accum.mul(ws[0], p[5]);
223 accum.mul(ws[1], p[4]);
224 accum.mul(ws[2], p[3]);
225 accum.mul(ws[3], p[2]);
226 accum.mul(ws[4], p[1]);
227 accum.add(z[5]);
228 ws[5] = accum.monty_step(p[0], p_dash);
229 accum.mul(ws[0], p[6]);
230 accum.mul(ws[1], p[5]);
231 accum.mul(ws[2], p[4]);
232 accum.mul(ws[3], p[3]);
233 accum.mul(ws[4], p[2]);
234 accum.mul(ws[5], p[1]);
235 accum.add(z[6]);
236 ws[6] = accum.monty_step(p[0], p_dash);
237 accum.mul(ws[0], p[7]);
238 accum.mul(ws[1], p[6]);
239 accum.mul(ws[2], p[5]);
240 accum.mul(ws[3], p[4]);
241 accum.mul(ws[4], p[3]);
242 accum.mul(ws[5], p[2]);
243 accum.mul(ws[6], p[1]);
244 accum.add(z[7]);
245 ws[7] = accum.monty_step(p[0], p_dash);
246 accum.mul(ws[0], p[8]);
247 accum.mul(ws[1], p[7]);
248 accum.mul(ws[2], p[6]);
249 accum.mul(ws[3], p[5]);
250 accum.mul(ws[4], p[4]);
251 accum.mul(ws[5], p[3]);
252 accum.mul(ws[6], p[2]);
253 accum.mul(ws[7], p[1]);
254 accum.add(z[8]);
255 ws[8] = accum.monty_step(p[0], p_dash);
256 accum.mul(ws[0], p[9]);
257 accum.mul(ws[1], p[8]);
258 accum.mul(ws[2], p[7]);
259 accum.mul(ws[3], p[6]);
260 accum.mul(ws[4], p[5]);
261 accum.mul(ws[5], p[4]);
262 accum.mul(ws[6], p[3]);
263 accum.mul(ws[7], p[2]);
264 accum.mul(ws[8], p[1]);
265 accum.add(z[9]);
266 ws[9] = accum.monty_step(p[0], p_dash);
267 accum.mul(ws[0], p[10]);
268 accum.mul(ws[1], p[9]);
269 accum.mul(ws[2], p[8]);
270 accum.mul(ws[3], p[7]);
271 accum.mul(ws[4], p[6]);
272 accum.mul(ws[5], p[5]);
273 accum.mul(ws[6], p[4]);
274 accum.mul(ws[7], p[3]);
275 accum.mul(ws[8], p[2]);
276 accum.mul(ws[9], p[1]);
277 accum.add(z[10]);
278 ws[10] = accum.monty_step(p[0], p_dash);
279 accum.mul(ws[0], p[11]);
280 accum.mul(ws[1], p[10]);
281 accum.mul(ws[2], p[9]);
282 accum.mul(ws[3], p[8]);
283 accum.mul(ws[4], p[7]);
284 accum.mul(ws[5], p[6]);
285 accum.mul(ws[6], p[5]);
286 accum.mul(ws[7], p[4]);
287 accum.mul(ws[8], p[3]);
288 accum.mul(ws[9], p[2]);
289 accum.mul(ws[10], p[1]);
290 accum.add(z[11]);
291 ws[11] = accum.monty_step(p[0], p_dash);
292 accum.mul(ws[1], p[11]);
293 accum.mul(ws[2], p[10]);
294 accum.mul(ws[3], p[9]);
295 accum.mul(ws[4], p[8]);
296 accum.mul(ws[5], p[7]);
297 accum.mul(ws[6], p[6]);
298 accum.mul(ws[7], p[5]);
299 accum.mul(ws[8], p[4]);
300 accum.mul(ws[9], p[3]);
301 accum.mul(ws[10], p[2]);
302 accum.mul(ws[11], p[1]);
303 accum.add(z[12]);
304 ws[0] = accum.extract();
305 accum.mul(ws[2], p[11]);
306 accum.mul(ws[3], p[10]);
307 accum.mul(ws[4], p[9]);
308 accum.mul(ws[5], p[8]);
309 accum.mul(ws[6], p[7]);
310 accum.mul(ws[7], p[6]);
311 accum.mul(ws[8], p[5]);
312 accum.mul(ws[9], p[4]);
313 accum.mul(ws[10], p[3]);
314 accum.mul(ws[11], p[2]);
315 accum.add(z[13]);
316 ws[1] = accum.extract();
317 accum.mul(ws[3], p[11]);
318 accum.mul(ws[4], p[10]);
319 accum.mul(ws[5], p[9]);
320 accum.mul(ws[6], p[8]);
321 accum.mul(ws[7], p[7]);
322 accum.mul(ws[8], p[6]);
323 accum.mul(ws[9], p[5]);
324 accum.mul(ws[10], p[4]);
325 accum.mul(ws[11], p[3]);
326 accum.add(z[14]);
327 ws[2] = accum.extract();
328 accum.mul(ws[4], p[11]);
329 accum.mul(ws[5], p[10]);
330 accum.mul(ws[6], p[9]);
331 accum.mul(ws[7], p[8]);
332 accum.mul(ws[8], p[7]);
333 accum.mul(ws[9], p[6]);
334 accum.mul(ws[10], p[5]);
335 accum.mul(ws[11], p[4]);
336 accum.add(z[15]);
337 ws[3] = accum.extract();
338 accum.mul(ws[5], p[11]);
339 accum.mul(ws[6], p[10]);
340 accum.mul(ws[7], p[9]);
341 accum.mul(ws[8], p[8]);
342 accum.mul(ws[9], p[7]);
343 accum.mul(ws[10], p[6]);
344 accum.mul(ws[11], p[5]);
345 accum.add(z[16]);
346 ws[4] = accum.extract();
347 accum.mul(ws[6], p[11]);
348 accum.mul(ws[7], p[10]);
349 accum.mul(ws[8], p[9]);
350 accum.mul(ws[9], p[8]);
351 accum.mul(ws[10], p[7]);
352 accum.mul(ws[11], p[6]);
353 accum.add(z[17]);
354 ws[5] = accum.extract();
355 accum.mul(ws[7], p[11]);
356 accum.mul(ws[8], p[10]);
357 accum.mul(ws[9], p[9]);
358 accum.mul(ws[10], p[8]);
359 accum.mul(ws[11], p[7]);
360 accum.add(z[18]);
361 ws[6] = accum.extract();
362 accum.mul(ws[8], p[11]);
363 accum.mul(ws[9], p[10]);
364 accum.mul(ws[10], p[9]);
365 accum.mul(ws[11], p[8]);
366 accum.add(z[19]);
367 ws[7] = accum.extract();
368 accum.mul(ws[9], p[11]);
369 accum.mul(ws[10], p[10]);
370 accum.mul(ws[11], p[9]);
371 accum.add(z[20]);
372 ws[8] = accum.extract();
373 accum.mul(ws[10], p[11]);
374 accum.mul(ws[11], p[10]);
375 accum.add(z[21]);
376 ws[9] = accum.extract();
377 accum.mul(ws[11], p[11]);
378 accum.add(z[22]);
379 ws[10] = accum.extract();
380 accum.add(z[23]);
381 ws[11] = accum.extract();
382 word w1 = accum.extract();
383 bigint_monty_maybe_sub<12>(r, w1, ws, p);
384}
385
386void bigint_monty_redc_16(word r[16], const word z[32], const word p[16], word p_dash, word ws[16]) {
387 word3<word> accum;
388 accum.add(z[0]);
389 ws[0] = accum.monty_step(p[0], p_dash);
390 accum.mul(ws[0], p[1]);
391 accum.add(z[1]);
392 ws[1] = accum.monty_step(p[0], p_dash);
393 accum.mul(ws[0], p[2]);
394 accum.mul(ws[1], p[1]);
395 accum.add(z[2]);
396 ws[2] = accum.monty_step(p[0], p_dash);
397 accum.mul(ws[0], p[3]);
398 accum.mul(ws[1], p[2]);
399 accum.mul(ws[2], p[1]);
400 accum.add(z[3]);
401 ws[3] = accum.monty_step(p[0], p_dash);
402 accum.mul(ws[0], p[4]);
403 accum.mul(ws[1], p[3]);
404 accum.mul(ws[2], p[2]);
405 accum.mul(ws[3], p[1]);
406 accum.add(z[4]);
407 ws[4] = accum.monty_step(p[0], p_dash);
408 accum.mul(ws[0], p[5]);
409 accum.mul(ws[1], p[4]);
410 accum.mul(ws[2], p[3]);
411 accum.mul(ws[3], p[2]);
412 accum.mul(ws[4], p[1]);
413 accum.add(z[5]);
414 ws[5] = accum.monty_step(p[0], p_dash);
415 accum.mul(ws[0], p[6]);
416 accum.mul(ws[1], p[5]);
417 accum.mul(ws[2], p[4]);
418 accum.mul(ws[3], p[3]);
419 accum.mul(ws[4], p[2]);
420 accum.mul(ws[5], p[1]);
421 accum.add(z[6]);
422 ws[6] = accum.monty_step(p[0], p_dash);
423 accum.mul(ws[0], p[7]);
424 accum.mul(ws[1], p[6]);
425 accum.mul(ws[2], p[5]);
426 accum.mul(ws[3], p[4]);
427 accum.mul(ws[4], p[3]);
428 accum.mul(ws[5], p[2]);
429 accum.mul(ws[6], p[1]);
430 accum.add(z[7]);
431 ws[7] = accum.monty_step(p[0], p_dash);
432 accum.mul(ws[0], p[8]);
433 accum.mul(ws[1], p[7]);
434 accum.mul(ws[2], p[6]);
435 accum.mul(ws[3], p[5]);
436 accum.mul(ws[4], p[4]);
437 accum.mul(ws[5], p[3]);
438 accum.mul(ws[6], p[2]);
439 accum.mul(ws[7], p[1]);
440 accum.add(z[8]);
441 ws[8] = accum.monty_step(p[0], p_dash);
442 accum.mul(ws[0], p[9]);
443 accum.mul(ws[1], p[8]);
444 accum.mul(ws[2], p[7]);
445 accum.mul(ws[3], p[6]);
446 accum.mul(ws[4], p[5]);
447 accum.mul(ws[5], p[4]);
448 accum.mul(ws[6], p[3]);
449 accum.mul(ws[7], p[2]);
450 accum.mul(ws[8], p[1]);
451 accum.add(z[9]);
452 ws[9] = accum.monty_step(p[0], p_dash);
453 accum.mul(ws[0], p[10]);
454 accum.mul(ws[1], p[9]);
455 accum.mul(ws[2], p[8]);
456 accum.mul(ws[3], p[7]);
457 accum.mul(ws[4], p[6]);
458 accum.mul(ws[5], p[5]);
459 accum.mul(ws[6], p[4]);
460 accum.mul(ws[7], p[3]);
461 accum.mul(ws[8], p[2]);
462 accum.mul(ws[9], p[1]);
463 accum.add(z[10]);
464 ws[10] = accum.monty_step(p[0], p_dash);
465 accum.mul(ws[0], p[11]);
466 accum.mul(ws[1], p[10]);
467 accum.mul(ws[2], p[9]);
468 accum.mul(ws[3], p[8]);
469 accum.mul(ws[4], p[7]);
470 accum.mul(ws[5], p[6]);
471 accum.mul(ws[6], p[5]);
472 accum.mul(ws[7], p[4]);
473 accum.mul(ws[8], p[3]);
474 accum.mul(ws[9], p[2]);
475 accum.mul(ws[10], p[1]);
476 accum.add(z[11]);
477 ws[11] = accum.monty_step(p[0], p_dash);
478 accum.mul(ws[0], p[12]);
479 accum.mul(ws[1], p[11]);
480 accum.mul(ws[2], p[10]);
481 accum.mul(ws[3], p[9]);
482 accum.mul(ws[4], p[8]);
483 accum.mul(ws[5], p[7]);
484 accum.mul(ws[6], p[6]);
485 accum.mul(ws[7], p[5]);
486 accum.mul(ws[8], p[4]);
487 accum.mul(ws[9], p[3]);
488 accum.mul(ws[10], p[2]);
489 accum.mul(ws[11], p[1]);
490 accum.add(z[12]);
491 ws[12] = accum.monty_step(p[0], p_dash);
492 accum.mul(ws[0], p[13]);
493 accum.mul(ws[1], p[12]);
494 accum.mul(ws[2], p[11]);
495 accum.mul(ws[3], p[10]);
496 accum.mul(ws[4], p[9]);
497 accum.mul(ws[5], p[8]);
498 accum.mul(ws[6], p[7]);
499 accum.mul(ws[7], p[6]);
500 accum.mul(ws[8], p[5]);
501 accum.mul(ws[9], p[4]);
502 accum.mul(ws[10], p[3]);
503 accum.mul(ws[11], p[2]);
504 accum.mul(ws[12], p[1]);
505 accum.add(z[13]);
506 ws[13] = accum.monty_step(p[0], p_dash);
507 accum.mul(ws[0], p[14]);
508 accum.mul(ws[1], p[13]);
509 accum.mul(ws[2], p[12]);
510 accum.mul(ws[3], p[11]);
511 accum.mul(ws[4], p[10]);
512 accum.mul(ws[5], p[9]);
513 accum.mul(ws[6], p[8]);
514 accum.mul(ws[7], p[7]);
515 accum.mul(ws[8], p[6]);
516 accum.mul(ws[9], p[5]);
517 accum.mul(ws[10], p[4]);
518 accum.mul(ws[11], p[3]);
519 accum.mul(ws[12], p[2]);
520 accum.mul(ws[13], p[1]);
521 accum.add(z[14]);
522 ws[14] = accum.monty_step(p[0], p_dash);
523 accum.mul(ws[0], p[15]);
524 accum.mul(ws[1], p[14]);
525 accum.mul(ws[2], p[13]);
526 accum.mul(ws[3], p[12]);
527 accum.mul(ws[4], p[11]);
528 accum.mul(ws[5], p[10]);
529 accum.mul(ws[6], p[9]);
530 accum.mul(ws[7], p[8]);
531 accum.mul(ws[8], p[7]);
532 accum.mul(ws[9], p[6]);
533 accum.mul(ws[10], p[5]);
534 accum.mul(ws[11], p[4]);
535 accum.mul(ws[12], p[3]);
536 accum.mul(ws[13], p[2]);
537 accum.mul(ws[14], p[1]);
538 accum.add(z[15]);
539 ws[15] = accum.monty_step(p[0], p_dash);
540 accum.mul(ws[1], p[15]);
541 accum.mul(ws[2], p[14]);
542 accum.mul(ws[3], p[13]);
543 accum.mul(ws[4], p[12]);
544 accum.mul(ws[5], p[11]);
545 accum.mul(ws[6], p[10]);
546 accum.mul(ws[7], p[9]);
547 accum.mul(ws[8], p[8]);
548 accum.mul(ws[9], p[7]);
549 accum.mul(ws[10], p[6]);
550 accum.mul(ws[11], p[5]);
551 accum.mul(ws[12], p[4]);
552 accum.mul(ws[13], p[3]);
553 accum.mul(ws[14], p[2]);
554 accum.mul(ws[15], p[1]);
555 accum.add(z[16]);
556 ws[0] = accum.extract();
557 accum.mul(ws[2], p[15]);
558 accum.mul(ws[3], p[14]);
559 accum.mul(ws[4], p[13]);
560 accum.mul(ws[5], p[12]);
561 accum.mul(ws[6], p[11]);
562 accum.mul(ws[7], p[10]);
563 accum.mul(ws[8], p[9]);
564 accum.mul(ws[9], p[8]);
565 accum.mul(ws[10], p[7]);
566 accum.mul(ws[11], p[6]);
567 accum.mul(ws[12], p[5]);
568 accum.mul(ws[13], p[4]);
569 accum.mul(ws[14], p[3]);
570 accum.mul(ws[15], p[2]);
571 accum.add(z[17]);
572 ws[1] = accum.extract();
573 accum.mul(ws[3], p[15]);
574 accum.mul(ws[4], p[14]);
575 accum.mul(ws[5], p[13]);
576 accum.mul(ws[6], p[12]);
577 accum.mul(ws[7], p[11]);
578 accum.mul(ws[8], p[10]);
579 accum.mul(ws[9], p[9]);
580 accum.mul(ws[10], p[8]);
581 accum.mul(ws[11], p[7]);
582 accum.mul(ws[12], p[6]);
583 accum.mul(ws[13], p[5]);
584 accum.mul(ws[14], p[4]);
585 accum.mul(ws[15], p[3]);
586 accum.add(z[18]);
587 ws[2] = accum.extract();
588 accum.mul(ws[4], p[15]);
589 accum.mul(ws[5], p[14]);
590 accum.mul(ws[6], p[13]);
591 accum.mul(ws[7], p[12]);
592 accum.mul(ws[8], p[11]);
593 accum.mul(ws[9], p[10]);
594 accum.mul(ws[10], p[9]);
595 accum.mul(ws[11], p[8]);
596 accum.mul(ws[12], p[7]);
597 accum.mul(ws[13], p[6]);
598 accum.mul(ws[14], p[5]);
599 accum.mul(ws[15], p[4]);
600 accum.add(z[19]);
601 ws[3] = accum.extract();
602 accum.mul(ws[5], p[15]);
603 accum.mul(ws[6], p[14]);
604 accum.mul(ws[7], p[13]);
605 accum.mul(ws[8], p[12]);
606 accum.mul(ws[9], p[11]);
607 accum.mul(ws[10], p[10]);
608 accum.mul(ws[11], p[9]);
609 accum.mul(ws[12], p[8]);
610 accum.mul(ws[13], p[7]);
611 accum.mul(ws[14], p[6]);
612 accum.mul(ws[15], p[5]);
613 accum.add(z[20]);
614 ws[4] = accum.extract();
615 accum.mul(ws[6], p[15]);
616 accum.mul(ws[7], p[14]);
617 accum.mul(ws[8], p[13]);
618 accum.mul(ws[9], p[12]);
619 accum.mul(ws[10], p[11]);
620 accum.mul(ws[11], p[10]);
621 accum.mul(ws[12], p[9]);
622 accum.mul(ws[13], p[8]);
623 accum.mul(ws[14], p[7]);
624 accum.mul(ws[15], p[6]);
625 accum.add(z[21]);
626 ws[5] = accum.extract();
627 accum.mul(ws[7], p[15]);
628 accum.mul(ws[8], p[14]);
629 accum.mul(ws[9], p[13]);
630 accum.mul(ws[10], p[12]);
631 accum.mul(ws[11], p[11]);
632 accum.mul(ws[12], p[10]);
633 accum.mul(ws[13], p[9]);
634 accum.mul(ws[14], p[8]);
635 accum.mul(ws[15], p[7]);
636 accum.add(z[22]);
637 ws[6] = accum.extract();
638 accum.mul(ws[8], p[15]);
639 accum.mul(ws[9], p[14]);
640 accum.mul(ws[10], p[13]);
641 accum.mul(ws[11], p[12]);
642 accum.mul(ws[12], p[11]);
643 accum.mul(ws[13], p[10]);
644 accum.mul(ws[14], p[9]);
645 accum.mul(ws[15], p[8]);
646 accum.add(z[23]);
647 ws[7] = accum.extract();
648 accum.mul(ws[9], p[15]);
649 accum.mul(ws[10], p[14]);
650 accum.mul(ws[11], p[13]);
651 accum.mul(ws[12], p[12]);
652 accum.mul(ws[13], p[11]);
653 accum.mul(ws[14], p[10]);
654 accum.mul(ws[15], p[9]);
655 accum.add(z[24]);
656 ws[8] = accum.extract();
657 accum.mul(ws[10], p[15]);
658 accum.mul(ws[11], p[14]);
659 accum.mul(ws[12], p[13]);
660 accum.mul(ws[13], p[12]);
661 accum.mul(ws[14], p[11]);
662 accum.mul(ws[15], p[10]);
663 accum.add(z[25]);
664 ws[9] = accum.extract();
665 accum.mul(ws[11], p[15]);
666 accum.mul(ws[12], p[14]);
667 accum.mul(ws[13], p[13]);
668 accum.mul(ws[14], p[12]);
669 accum.mul(ws[15], p[11]);
670 accum.add(z[26]);
671 ws[10] = accum.extract();
672 accum.mul(ws[12], p[15]);
673 accum.mul(ws[13], p[14]);
674 accum.mul(ws[14], p[13]);
675 accum.mul(ws[15], p[12]);
676 accum.add(z[27]);
677 ws[11] = accum.extract();
678 accum.mul(ws[13], p[15]);
679 accum.mul(ws[14], p[14]);
680 accum.mul(ws[15], p[13]);
681 accum.add(z[28]);
682 ws[12] = accum.extract();
683 accum.mul(ws[14], p[15]);
684 accum.mul(ws[15], p[14]);
685 accum.add(z[29]);
686 ws[13] = accum.extract();
687 accum.mul(ws[15], p[15]);
688 accum.add(z[30]);
689 ws[14] = accum.extract();
690 accum.add(z[31]);
691 ws[15] = accum.extract();
692 word w1 = accum.extract();
693 bigint_monty_maybe_sub<16>(r, w1, ws, p);
694}
695
696void bigint_monty_redc_24(word r[24], const word z[48], const word p[24], word p_dash, word ws[24]) {
697 word3<word> accum;
698 accum.add(z[0]);
699 ws[0] = accum.monty_step(p[0], p_dash);
700 accum.mul(ws[0], p[1]);
701 accum.add(z[1]);
702 ws[1] = accum.monty_step(p[0], p_dash);
703 accum.mul(ws[0], p[2]);
704 accum.mul(ws[1], p[1]);
705 accum.add(z[2]);
706 ws[2] = accum.monty_step(p[0], p_dash);
707 accum.mul(ws[0], p[3]);
708 accum.mul(ws[1], p[2]);
709 accum.mul(ws[2], p[1]);
710 accum.add(z[3]);
711 ws[3] = accum.monty_step(p[0], p_dash);
712 accum.mul(ws[0], p[4]);
713 accum.mul(ws[1], p[3]);
714 accum.mul(ws[2], p[2]);
715 accum.mul(ws[3], p[1]);
716 accum.add(z[4]);
717 ws[4] = accum.monty_step(p[0], p_dash);
718 accum.mul(ws[0], p[5]);
719 accum.mul(ws[1], p[4]);
720 accum.mul(ws[2], p[3]);
721 accum.mul(ws[3], p[2]);
722 accum.mul(ws[4], p[1]);
723 accum.add(z[5]);
724 ws[5] = accum.monty_step(p[0], p_dash);
725 accum.mul(ws[0], p[6]);
726 accum.mul(ws[1], p[5]);
727 accum.mul(ws[2], p[4]);
728 accum.mul(ws[3], p[3]);
729 accum.mul(ws[4], p[2]);
730 accum.mul(ws[5], p[1]);
731 accum.add(z[6]);
732 ws[6] = accum.monty_step(p[0], p_dash);
733 accum.mul(ws[0], p[7]);
734 accum.mul(ws[1], p[6]);
735 accum.mul(ws[2], p[5]);
736 accum.mul(ws[3], p[4]);
737 accum.mul(ws[4], p[3]);
738 accum.mul(ws[5], p[2]);
739 accum.mul(ws[6], p[1]);
740 accum.add(z[7]);
741 ws[7] = accum.monty_step(p[0], p_dash);
742 accum.mul(ws[0], p[8]);
743 accum.mul(ws[1], p[7]);
744 accum.mul(ws[2], p[6]);
745 accum.mul(ws[3], p[5]);
746 accum.mul(ws[4], p[4]);
747 accum.mul(ws[5], p[3]);
748 accum.mul(ws[6], p[2]);
749 accum.mul(ws[7], p[1]);
750 accum.add(z[8]);
751 ws[8] = accum.monty_step(p[0], p_dash);
752 accum.mul(ws[0], p[9]);
753 accum.mul(ws[1], p[8]);
754 accum.mul(ws[2], p[7]);
755 accum.mul(ws[3], p[6]);
756 accum.mul(ws[4], p[5]);
757 accum.mul(ws[5], p[4]);
758 accum.mul(ws[6], p[3]);
759 accum.mul(ws[7], p[2]);
760 accum.mul(ws[8], p[1]);
761 accum.add(z[9]);
762 ws[9] = accum.monty_step(p[0], p_dash);
763 accum.mul(ws[0], p[10]);
764 accum.mul(ws[1], p[9]);
765 accum.mul(ws[2], p[8]);
766 accum.mul(ws[3], p[7]);
767 accum.mul(ws[4], p[6]);
768 accum.mul(ws[5], p[5]);
769 accum.mul(ws[6], p[4]);
770 accum.mul(ws[7], p[3]);
771 accum.mul(ws[8], p[2]);
772 accum.mul(ws[9], p[1]);
773 accum.add(z[10]);
774 ws[10] = accum.monty_step(p[0], p_dash);
775 accum.mul(ws[0], p[11]);
776 accum.mul(ws[1], p[10]);
777 accum.mul(ws[2], p[9]);
778 accum.mul(ws[3], p[8]);
779 accum.mul(ws[4], p[7]);
780 accum.mul(ws[5], p[6]);
781 accum.mul(ws[6], p[5]);
782 accum.mul(ws[7], p[4]);
783 accum.mul(ws[8], p[3]);
784 accum.mul(ws[9], p[2]);
785 accum.mul(ws[10], p[1]);
786 accum.add(z[11]);
787 ws[11] = accum.monty_step(p[0], p_dash);
788 accum.mul(ws[0], p[12]);
789 accum.mul(ws[1], p[11]);
790 accum.mul(ws[2], p[10]);
791 accum.mul(ws[3], p[9]);
792 accum.mul(ws[4], p[8]);
793 accum.mul(ws[5], p[7]);
794 accum.mul(ws[6], p[6]);
795 accum.mul(ws[7], p[5]);
796 accum.mul(ws[8], p[4]);
797 accum.mul(ws[9], p[3]);
798 accum.mul(ws[10], p[2]);
799 accum.mul(ws[11], p[1]);
800 accum.add(z[12]);
801 ws[12] = accum.monty_step(p[0], p_dash);
802 accum.mul(ws[0], p[13]);
803 accum.mul(ws[1], p[12]);
804 accum.mul(ws[2], p[11]);
805 accum.mul(ws[3], p[10]);
806 accum.mul(ws[4], p[9]);
807 accum.mul(ws[5], p[8]);
808 accum.mul(ws[6], p[7]);
809 accum.mul(ws[7], p[6]);
810 accum.mul(ws[8], p[5]);
811 accum.mul(ws[9], p[4]);
812 accum.mul(ws[10], p[3]);
813 accum.mul(ws[11], p[2]);
814 accum.mul(ws[12], p[1]);
815 accum.add(z[13]);
816 ws[13] = accum.monty_step(p[0], p_dash);
817 accum.mul(ws[0], p[14]);
818 accum.mul(ws[1], p[13]);
819 accum.mul(ws[2], p[12]);
820 accum.mul(ws[3], p[11]);
821 accum.mul(ws[4], p[10]);
822 accum.mul(ws[5], p[9]);
823 accum.mul(ws[6], p[8]);
824 accum.mul(ws[7], p[7]);
825 accum.mul(ws[8], p[6]);
826 accum.mul(ws[9], p[5]);
827 accum.mul(ws[10], p[4]);
828 accum.mul(ws[11], p[3]);
829 accum.mul(ws[12], p[2]);
830 accum.mul(ws[13], p[1]);
831 accum.add(z[14]);
832 ws[14] = accum.monty_step(p[0], p_dash);
833 accum.mul(ws[0], p[15]);
834 accum.mul(ws[1], p[14]);
835 accum.mul(ws[2], p[13]);
836 accum.mul(ws[3], p[12]);
837 accum.mul(ws[4], p[11]);
838 accum.mul(ws[5], p[10]);
839 accum.mul(ws[6], p[9]);
840 accum.mul(ws[7], p[8]);
841 accum.mul(ws[8], p[7]);
842 accum.mul(ws[9], p[6]);
843 accum.mul(ws[10], p[5]);
844 accum.mul(ws[11], p[4]);
845 accum.mul(ws[12], p[3]);
846 accum.mul(ws[13], p[2]);
847 accum.mul(ws[14], p[1]);
848 accum.add(z[15]);
849 ws[15] = accum.monty_step(p[0], p_dash);
850 accum.mul(ws[0], p[16]);
851 accum.mul(ws[1], p[15]);
852 accum.mul(ws[2], p[14]);
853 accum.mul(ws[3], p[13]);
854 accum.mul(ws[4], p[12]);
855 accum.mul(ws[5], p[11]);
856 accum.mul(ws[6], p[10]);
857 accum.mul(ws[7], p[9]);
858 accum.mul(ws[8], p[8]);
859 accum.mul(ws[9], p[7]);
860 accum.mul(ws[10], p[6]);
861 accum.mul(ws[11], p[5]);
862 accum.mul(ws[12], p[4]);
863 accum.mul(ws[13], p[3]);
864 accum.mul(ws[14], p[2]);
865 accum.mul(ws[15], p[1]);
866 accum.add(z[16]);
867 ws[16] = accum.monty_step(p[0], p_dash);
868 accum.mul(ws[0], p[17]);
869 accum.mul(ws[1], p[16]);
870 accum.mul(ws[2], p[15]);
871 accum.mul(ws[3], p[14]);
872 accum.mul(ws[4], p[13]);
873 accum.mul(ws[5], p[12]);
874 accum.mul(ws[6], p[11]);
875 accum.mul(ws[7], p[10]);
876 accum.mul(ws[8], p[9]);
877 accum.mul(ws[9], p[8]);
878 accum.mul(ws[10], p[7]);
879 accum.mul(ws[11], p[6]);
880 accum.mul(ws[12], p[5]);
881 accum.mul(ws[13], p[4]);
882 accum.mul(ws[14], p[3]);
883 accum.mul(ws[15], p[2]);
884 accum.mul(ws[16], p[1]);
885 accum.add(z[17]);
886 ws[17] = accum.monty_step(p[0], p_dash);
887 accum.mul(ws[0], p[18]);
888 accum.mul(ws[1], p[17]);
889 accum.mul(ws[2], p[16]);
890 accum.mul(ws[3], p[15]);
891 accum.mul(ws[4], p[14]);
892 accum.mul(ws[5], p[13]);
893 accum.mul(ws[6], p[12]);
894 accum.mul(ws[7], p[11]);
895 accum.mul(ws[8], p[10]);
896 accum.mul(ws[9], p[9]);
897 accum.mul(ws[10], p[8]);
898 accum.mul(ws[11], p[7]);
899 accum.mul(ws[12], p[6]);
900 accum.mul(ws[13], p[5]);
901 accum.mul(ws[14], p[4]);
902 accum.mul(ws[15], p[3]);
903 accum.mul(ws[16], p[2]);
904 accum.mul(ws[17], p[1]);
905 accum.add(z[18]);
906 ws[18] = accum.monty_step(p[0], p_dash);
907 accum.mul(ws[0], p[19]);
908 accum.mul(ws[1], p[18]);
909 accum.mul(ws[2], p[17]);
910 accum.mul(ws[3], p[16]);
911 accum.mul(ws[4], p[15]);
912 accum.mul(ws[5], p[14]);
913 accum.mul(ws[6], p[13]);
914 accum.mul(ws[7], p[12]);
915 accum.mul(ws[8], p[11]);
916 accum.mul(ws[9], p[10]);
917 accum.mul(ws[10], p[9]);
918 accum.mul(ws[11], p[8]);
919 accum.mul(ws[12], p[7]);
920 accum.mul(ws[13], p[6]);
921 accum.mul(ws[14], p[5]);
922 accum.mul(ws[15], p[4]);
923 accum.mul(ws[16], p[3]);
924 accum.mul(ws[17], p[2]);
925 accum.mul(ws[18], p[1]);
926 accum.add(z[19]);
927 ws[19] = accum.monty_step(p[0], p_dash);
928 accum.mul(ws[0], p[20]);
929 accum.mul(ws[1], p[19]);
930 accum.mul(ws[2], p[18]);
931 accum.mul(ws[3], p[17]);
932 accum.mul(ws[4], p[16]);
933 accum.mul(ws[5], p[15]);
934 accum.mul(ws[6], p[14]);
935 accum.mul(ws[7], p[13]);
936 accum.mul(ws[8], p[12]);
937 accum.mul(ws[9], p[11]);
938 accum.mul(ws[10], p[10]);
939 accum.mul(ws[11], p[9]);
940 accum.mul(ws[12], p[8]);
941 accum.mul(ws[13], p[7]);
942 accum.mul(ws[14], p[6]);
943 accum.mul(ws[15], p[5]);
944 accum.mul(ws[16], p[4]);
945 accum.mul(ws[17], p[3]);
946 accum.mul(ws[18], p[2]);
947 accum.mul(ws[19], p[1]);
948 accum.add(z[20]);
949 ws[20] = accum.monty_step(p[0], p_dash);
950 accum.mul(ws[0], p[21]);
951 accum.mul(ws[1], p[20]);
952 accum.mul(ws[2], p[19]);
953 accum.mul(ws[3], p[18]);
954 accum.mul(ws[4], p[17]);
955 accum.mul(ws[5], p[16]);
956 accum.mul(ws[6], p[15]);
957 accum.mul(ws[7], p[14]);
958 accum.mul(ws[8], p[13]);
959 accum.mul(ws[9], p[12]);
960 accum.mul(ws[10], p[11]);
961 accum.mul(ws[11], p[10]);
962 accum.mul(ws[12], p[9]);
963 accum.mul(ws[13], p[8]);
964 accum.mul(ws[14], p[7]);
965 accum.mul(ws[15], p[6]);
966 accum.mul(ws[16], p[5]);
967 accum.mul(ws[17], p[4]);
968 accum.mul(ws[18], p[3]);
969 accum.mul(ws[19], p[2]);
970 accum.mul(ws[20], p[1]);
971 accum.add(z[21]);
972 ws[21] = accum.monty_step(p[0], p_dash);
973 accum.mul(ws[0], p[22]);
974 accum.mul(ws[1], p[21]);
975 accum.mul(ws[2], p[20]);
976 accum.mul(ws[3], p[19]);
977 accum.mul(ws[4], p[18]);
978 accum.mul(ws[5], p[17]);
979 accum.mul(ws[6], p[16]);
980 accum.mul(ws[7], p[15]);
981 accum.mul(ws[8], p[14]);
982 accum.mul(ws[9], p[13]);
983 accum.mul(ws[10], p[12]);
984 accum.mul(ws[11], p[11]);
985 accum.mul(ws[12], p[10]);
986 accum.mul(ws[13], p[9]);
987 accum.mul(ws[14], p[8]);
988 accum.mul(ws[15], p[7]);
989 accum.mul(ws[16], p[6]);
990 accum.mul(ws[17], p[5]);
991 accum.mul(ws[18], p[4]);
992 accum.mul(ws[19], p[3]);
993 accum.mul(ws[20], p[2]);
994 accum.mul(ws[21], p[1]);
995 accum.add(z[22]);
996 ws[22] = accum.monty_step(p[0], p_dash);
997 accum.mul(ws[0], p[23]);
998 accum.mul(ws[1], p[22]);
999 accum.mul(ws[2], p[21]);
1000 accum.mul(ws[3], p[20]);
1001 accum.mul(ws[4], p[19]);
1002 accum.mul(ws[5], p[18]);
1003 accum.mul(ws[6], p[17]);
1004 accum.mul(ws[7], p[16]);
1005 accum.mul(ws[8], p[15]);
1006 accum.mul(ws[9], p[14]);
1007 accum.mul(ws[10], p[13]);
1008 accum.mul(ws[11], p[12]);
1009 accum.mul(ws[12], p[11]);
1010 accum.mul(ws[13], p[10]);
1011 accum.mul(ws[14], p[9]);
1012 accum.mul(ws[15], p[8]);
1013 accum.mul(ws[16], p[7]);
1014 accum.mul(ws[17], p[6]);
1015 accum.mul(ws[18], p[5]);
1016 accum.mul(ws[19], p[4]);
1017 accum.mul(ws[20], p[3]);
1018 accum.mul(ws[21], p[2]);
1019 accum.mul(ws[22], p[1]);
1020 accum.add(z[23]);
1021 ws[23] = accum.monty_step(p[0], p_dash);
1022 accum.mul(ws[1], p[23]);
1023 accum.mul(ws[2], p[22]);
1024 accum.mul(ws[3], p[21]);
1025 accum.mul(ws[4], p[20]);
1026 accum.mul(ws[5], p[19]);
1027 accum.mul(ws[6], p[18]);
1028 accum.mul(ws[7], p[17]);
1029 accum.mul(ws[8], p[16]);
1030 accum.mul(ws[9], p[15]);
1031 accum.mul(ws[10], p[14]);
1032 accum.mul(ws[11], p[13]);
1033 accum.mul(ws[12], p[12]);
1034 accum.mul(ws[13], p[11]);
1035 accum.mul(ws[14], p[10]);
1036 accum.mul(ws[15], p[9]);
1037 accum.mul(ws[16], p[8]);
1038 accum.mul(ws[17], p[7]);
1039 accum.mul(ws[18], p[6]);
1040 accum.mul(ws[19], p[5]);
1041 accum.mul(ws[20], p[4]);
1042 accum.mul(ws[21], p[3]);
1043 accum.mul(ws[22], p[2]);
1044 accum.mul(ws[23], p[1]);
1045 accum.add(z[24]);
1046 ws[0] = accum.extract();
1047 accum.mul(ws[2], p[23]);
1048 accum.mul(ws[3], p[22]);
1049 accum.mul(ws[4], p[21]);
1050 accum.mul(ws[5], p[20]);
1051 accum.mul(ws[6], p[19]);
1052 accum.mul(ws[7], p[18]);
1053 accum.mul(ws[8], p[17]);
1054 accum.mul(ws[9], p[16]);
1055 accum.mul(ws[10], p[15]);
1056 accum.mul(ws[11], p[14]);
1057 accum.mul(ws[12], p[13]);
1058 accum.mul(ws[13], p[12]);
1059 accum.mul(ws[14], p[11]);
1060 accum.mul(ws[15], p[10]);
1061 accum.mul(ws[16], p[9]);
1062 accum.mul(ws[17], p[8]);
1063 accum.mul(ws[18], p[7]);
1064 accum.mul(ws[19], p[6]);
1065 accum.mul(ws[20], p[5]);
1066 accum.mul(ws[21], p[4]);
1067 accum.mul(ws[22], p[3]);
1068 accum.mul(ws[23], p[2]);
1069 accum.add(z[25]);
1070 ws[1] = accum.extract();
1071 accum.mul(ws[3], p[23]);
1072 accum.mul(ws[4], p[22]);
1073 accum.mul(ws[5], p[21]);
1074 accum.mul(ws[6], p[20]);
1075 accum.mul(ws[7], p[19]);
1076 accum.mul(ws[8], p[18]);
1077 accum.mul(ws[9], p[17]);
1078 accum.mul(ws[10], p[16]);
1079 accum.mul(ws[11], p[15]);
1080 accum.mul(ws[12], p[14]);
1081 accum.mul(ws[13], p[13]);
1082 accum.mul(ws[14], p[12]);
1083 accum.mul(ws[15], p[11]);
1084 accum.mul(ws[16], p[10]);
1085 accum.mul(ws[17], p[9]);
1086 accum.mul(ws[18], p[8]);
1087 accum.mul(ws[19], p[7]);
1088 accum.mul(ws[20], p[6]);
1089 accum.mul(ws[21], p[5]);
1090 accum.mul(ws[22], p[4]);
1091 accum.mul(ws[23], p[3]);
1092 accum.add(z[26]);
1093 ws[2] = accum.extract();
1094 accum.mul(ws[4], p[23]);
1095 accum.mul(ws[5], p[22]);
1096 accum.mul(ws[6], p[21]);
1097 accum.mul(ws[7], p[20]);
1098 accum.mul(ws[8], p[19]);
1099 accum.mul(ws[9], p[18]);
1100 accum.mul(ws[10], p[17]);
1101 accum.mul(ws[11], p[16]);
1102 accum.mul(ws[12], p[15]);
1103 accum.mul(ws[13], p[14]);
1104 accum.mul(ws[14], p[13]);
1105 accum.mul(ws[15], p[12]);
1106 accum.mul(ws[16], p[11]);
1107 accum.mul(ws[17], p[10]);
1108 accum.mul(ws[18], p[9]);
1109 accum.mul(ws[19], p[8]);
1110 accum.mul(ws[20], p[7]);
1111 accum.mul(ws[21], p[6]);
1112 accum.mul(ws[22], p[5]);
1113 accum.mul(ws[23], p[4]);
1114 accum.add(z[27]);
1115 ws[3] = accum.extract();
1116 accum.mul(ws[5], p[23]);
1117 accum.mul(ws[6], p[22]);
1118 accum.mul(ws[7], p[21]);
1119 accum.mul(ws[8], p[20]);
1120 accum.mul(ws[9], p[19]);
1121 accum.mul(ws[10], p[18]);
1122 accum.mul(ws[11], p[17]);
1123 accum.mul(ws[12], p[16]);
1124 accum.mul(ws[13], p[15]);
1125 accum.mul(ws[14], p[14]);
1126 accum.mul(ws[15], p[13]);
1127 accum.mul(ws[16], p[12]);
1128 accum.mul(ws[17], p[11]);
1129 accum.mul(ws[18], p[10]);
1130 accum.mul(ws[19], p[9]);
1131 accum.mul(ws[20], p[8]);
1132 accum.mul(ws[21], p[7]);
1133 accum.mul(ws[22], p[6]);
1134 accum.mul(ws[23], p[5]);
1135 accum.add(z[28]);
1136 ws[4] = accum.extract();
1137 accum.mul(ws[6], p[23]);
1138 accum.mul(ws[7], p[22]);
1139 accum.mul(ws[8], p[21]);
1140 accum.mul(ws[9], p[20]);
1141 accum.mul(ws[10], p[19]);
1142 accum.mul(ws[11], p[18]);
1143 accum.mul(ws[12], p[17]);
1144 accum.mul(ws[13], p[16]);
1145 accum.mul(ws[14], p[15]);
1146 accum.mul(ws[15], p[14]);
1147 accum.mul(ws[16], p[13]);
1148 accum.mul(ws[17], p[12]);
1149 accum.mul(ws[18], p[11]);
1150 accum.mul(ws[19], p[10]);
1151 accum.mul(ws[20], p[9]);
1152 accum.mul(ws[21], p[8]);
1153 accum.mul(ws[22], p[7]);
1154 accum.mul(ws[23], p[6]);
1155 accum.add(z[29]);
1156 ws[5] = accum.extract();
1157 accum.mul(ws[7], p[23]);
1158 accum.mul(ws[8], p[22]);
1159 accum.mul(ws[9], p[21]);
1160 accum.mul(ws[10], p[20]);
1161 accum.mul(ws[11], p[19]);
1162 accum.mul(ws[12], p[18]);
1163 accum.mul(ws[13], p[17]);
1164 accum.mul(ws[14], p[16]);
1165 accum.mul(ws[15], p[15]);
1166 accum.mul(ws[16], p[14]);
1167 accum.mul(ws[17], p[13]);
1168 accum.mul(ws[18], p[12]);
1169 accum.mul(ws[19], p[11]);
1170 accum.mul(ws[20], p[10]);
1171 accum.mul(ws[21], p[9]);
1172 accum.mul(ws[22], p[8]);
1173 accum.mul(ws[23], p[7]);
1174 accum.add(z[30]);
1175 ws[6] = accum.extract();
1176 accum.mul(ws[8], p[23]);
1177 accum.mul(ws[9], p[22]);
1178 accum.mul(ws[10], p[21]);
1179 accum.mul(ws[11], p[20]);
1180 accum.mul(ws[12], p[19]);
1181 accum.mul(ws[13], p[18]);
1182 accum.mul(ws[14], p[17]);
1183 accum.mul(ws[15], p[16]);
1184 accum.mul(ws[16], p[15]);
1185 accum.mul(ws[17], p[14]);
1186 accum.mul(ws[18], p[13]);
1187 accum.mul(ws[19], p[12]);
1188 accum.mul(ws[20], p[11]);
1189 accum.mul(ws[21], p[10]);
1190 accum.mul(ws[22], p[9]);
1191 accum.mul(ws[23], p[8]);
1192 accum.add(z[31]);
1193 ws[7] = accum.extract();
1194 accum.mul(ws[9], p[23]);
1195 accum.mul(ws[10], p[22]);
1196 accum.mul(ws[11], p[21]);
1197 accum.mul(ws[12], p[20]);
1198 accum.mul(ws[13], p[19]);
1199 accum.mul(ws[14], p[18]);
1200 accum.mul(ws[15], p[17]);
1201 accum.mul(ws[16], p[16]);
1202 accum.mul(ws[17], p[15]);
1203 accum.mul(ws[18], p[14]);
1204 accum.mul(ws[19], p[13]);
1205 accum.mul(ws[20], p[12]);
1206 accum.mul(ws[21], p[11]);
1207 accum.mul(ws[22], p[10]);
1208 accum.mul(ws[23], p[9]);
1209 accum.add(z[32]);
1210 ws[8] = accum.extract();
1211 accum.mul(ws[10], p[23]);
1212 accum.mul(ws[11], p[22]);
1213 accum.mul(ws[12], p[21]);
1214 accum.mul(ws[13], p[20]);
1215 accum.mul(ws[14], p[19]);
1216 accum.mul(ws[15], p[18]);
1217 accum.mul(ws[16], p[17]);
1218 accum.mul(ws[17], p[16]);
1219 accum.mul(ws[18], p[15]);
1220 accum.mul(ws[19], p[14]);
1221 accum.mul(ws[20], p[13]);
1222 accum.mul(ws[21], p[12]);
1223 accum.mul(ws[22], p[11]);
1224 accum.mul(ws[23], p[10]);
1225 accum.add(z[33]);
1226 ws[9] = accum.extract();
1227 accum.mul(ws[11], p[23]);
1228 accum.mul(ws[12], p[22]);
1229 accum.mul(ws[13], p[21]);
1230 accum.mul(ws[14], p[20]);
1231 accum.mul(ws[15], p[19]);
1232 accum.mul(ws[16], p[18]);
1233 accum.mul(ws[17], p[17]);
1234 accum.mul(ws[18], p[16]);
1235 accum.mul(ws[19], p[15]);
1236 accum.mul(ws[20], p[14]);
1237 accum.mul(ws[21], p[13]);
1238 accum.mul(ws[22], p[12]);
1239 accum.mul(ws[23], p[11]);
1240 accum.add(z[34]);
1241 ws[10] = accum.extract();
1242 accum.mul(ws[12], p[23]);
1243 accum.mul(ws[13], p[22]);
1244 accum.mul(ws[14], p[21]);
1245 accum.mul(ws[15], p[20]);
1246 accum.mul(ws[16], p[19]);
1247 accum.mul(ws[17], p[18]);
1248 accum.mul(ws[18], p[17]);
1249 accum.mul(ws[19], p[16]);
1250 accum.mul(ws[20], p[15]);
1251 accum.mul(ws[21], p[14]);
1252 accum.mul(ws[22], p[13]);
1253 accum.mul(ws[23], p[12]);
1254 accum.add(z[35]);
1255 ws[11] = accum.extract();
1256 accum.mul(ws[13], p[23]);
1257 accum.mul(ws[14], p[22]);
1258 accum.mul(ws[15], p[21]);
1259 accum.mul(ws[16], p[20]);
1260 accum.mul(ws[17], p[19]);
1261 accum.mul(ws[18], p[18]);
1262 accum.mul(ws[19], p[17]);
1263 accum.mul(ws[20], p[16]);
1264 accum.mul(ws[21], p[15]);
1265 accum.mul(ws[22], p[14]);
1266 accum.mul(ws[23], p[13]);
1267 accum.add(z[36]);
1268 ws[12] = accum.extract();
1269 accum.mul(ws[14], p[23]);
1270 accum.mul(ws[15], p[22]);
1271 accum.mul(ws[16], p[21]);
1272 accum.mul(ws[17], p[20]);
1273 accum.mul(ws[18], p[19]);
1274 accum.mul(ws[19], p[18]);
1275 accum.mul(ws[20], p[17]);
1276 accum.mul(ws[21], p[16]);
1277 accum.mul(ws[22], p[15]);
1278 accum.mul(ws[23], p[14]);
1279 accum.add(z[37]);
1280 ws[13] = accum.extract();
1281 accum.mul(ws[15], p[23]);
1282 accum.mul(ws[16], p[22]);
1283 accum.mul(ws[17], p[21]);
1284 accum.mul(ws[18], p[20]);
1285 accum.mul(ws[19], p[19]);
1286 accum.mul(ws[20], p[18]);
1287 accum.mul(ws[21], p[17]);
1288 accum.mul(ws[22], p[16]);
1289 accum.mul(ws[23], p[15]);
1290 accum.add(z[38]);
1291 ws[14] = accum.extract();
1292 accum.mul(ws[16], p[23]);
1293 accum.mul(ws[17], p[22]);
1294 accum.mul(ws[18], p[21]);
1295 accum.mul(ws[19], p[20]);
1296 accum.mul(ws[20], p[19]);
1297 accum.mul(ws[21], p[18]);
1298 accum.mul(ws[22], p[17]);
1299 accum.mul(ws[23], p[16]);
1300 accum.add(z[39]);
1301 ws[15] = accum.extract();
1302 accum.mul(ws[17], p[23]);
1303 accum.mul(ws[18], p[22]);
1304 accum.mul(ws[19], p[21]);
1305 accum.mul(ws[20], p[20]);
1306 accum.mul(ws[21], p[19]);
1307 accum.mul(ws[22], p[18]);
1308 accum.mul(ws[23], p[17]);
1309 accum.add(z[40]);
1310 ws[16] = accum.extract();
1311 accum.mul(ws[18], p[23]);
1312 accum.mul(ws[19], p[22]);
1313 accum.mul(ws[20], p[21]);
1314 accum.mul(ws[21], p[20]);
1315 accum.mul(ws[22], p[19]);
1316 accum.mul(ws[23], p[18]);
1317 accum.add(z[41]);
1318 ws[17] = accum.extract();
1319 accum.mul(ws[19], p[23]);
1320 accum.mul(ws[20], p[22]);
1321 accum.mul(ws[21], p[21]);
1322 accum.mul(ws[22], p[20]);
1323 accum.mul(ws[23], p[19]);
1324 accum.add(z[42]);
1325 ws[18] = accum.extract();
1326 accum.mul(ws[20], p[23]);
1327 accum.mul(ws[21], p[22]);
1328 accum.mul(ws[22], p[21]);
1329 accum.mul(ws[23], p[20]);
1330 accum.add(z[43]);
1331 ws[19] = accum.extract();
1332 accum.mul(ws[21], p[23]);
1333 accum.mul(ws[22], p[22]);
1334 accum.mul(ws[23], p[21]);
1335 accum.add(z[44]);
1336 ws[20] = accum.extract();
1337 accum.mul(ws[22], p[23]);
1338 accum.mul(ws[23], p[22]);
1339 accum.add(z[45]);
1340 ws[21] = accum.extract();
1341 accum.mul(ws[23], p[23]);
1342 accum.add(z[46]);
1343 ws[22] = accum.extract();
1344 accum.add(z[47]);
1345 ws[23] = accum.extract();
1346 word w1 = accum.extract();
1347 bigint_monty_maybe_sub<24>(r, w1, ws, p);
1348}
1349
1350void bigint_monty_redc_32(word r[32], const word z[64], const word p[32], word p_dash, word ws[32]) {
1351 word3<word> accum;
1352 accum.add(z[0]);
1353 ws[0] = accum.monty_step(p[0], p_dash);
1354 accum.mul(ws[0], p[1]);
1355 accum.add(z[1]);
1356 ws[1] = accum.monty_step(p[0], p_dash);
1357 accum.mul(ws[0], p[2]);
1358 accum.mul(ws[1], p[1]);
1359 accum.add(z[2]);
1360 ws[2] = accum.monty_step(p[0], p_dash);
1361 accum.mul(ws[0], p[3]);
1362 accum.mul(ws[1], p[2]);
1363 accum.mul(ws[2], p[1]);
1364 accum.add(z[3]);
1365 ws[3] = accum.monty_step(p[0], p_dash);
1366 accum.mul(ws[0], p[4]);
1367 accum.mul(ws[1], p[3]);
1368 accum.mul(ws[2], p[2]);
1369 accum.mul(ws[3], p[1]);
1370 accum.add(z[4]);
1371 ws[4] = accum.monty_step(p[0], p_dash);
1372 accum.mul(ws[0], p[5]);
1373 accum.mul(ws[1], p[4]);
1374 accum.mul(ws[2], p[3]);
1375 accum.mul(ws[3], p[2]);
1376 accum.mul(ws[4], p[1]);
1377 accum.add(z[5]);
1378 ws[5] = accum.monty_step(p[0], p_dash);
1379 accum.mul(ws[0], p[6]);
1380 accum.mul(ws[1], p[5]);
1381 accum.mul(ws[2], p[4]);
1382 accum.mul(ws[3], p[3]);
1383 accum.mul(ws[4], p[2]);
1384 accum.mul(ws[5], p[1]);
1385 accum.add(z[6]);
1386 ws[6] = accum.monty_step(p[0], p_dash);
1387 accum.mul(ws[0], p[7]);
1388 accum.mul(ws[1], p[6]);
1389 accum.mul(ws[2], p[5]);
1390 accum.mul(ws[3], p[4]);
1391 accum.mul(ws[4], p[3]);
1392 accum.mul(ws[5], p[2]);
1393 accum.mul(ws[6], p[1]);
1394 accum.add(z[7]);
1395 ws[7] = accum.monty_step(p[0], p_dash);
1396 accum.mul(ws[0], p[8]);
1397 accum.mul(ws[1], p[7]);
1398 accum.mul(ws[2], p[6]);
1399 accum.mul(ws[3], p[5]);
1400 accum.mul(ws[4], p[4]);
1401 accum.mul(ws[5], p[3]);
1402 accum.mul(ws[6], p[2]);
1403 accum.mul(ws[7], p[1]);
1404 accum.add(z[8]);
1405 ws[8] = accum.monty_step(p[0], p_dash);
1406 accum.mul(ws[0], p[9]);
1407 accum.mul(ws[1], p[8]);
1408 accum.mul(ws[2], p[7]);
1409 accum.mul(ws[3], p[6]);
1410 accum.mul(ws[4], p[5]);
1411 accum.mul(ws[5], p[4]);
1412 accum.mul(ws[6], p[3]);
1413 accum.mul(ws[7], p[2]);
1414 accum.mul(ws[8], p[1]);
1415 accum.add(z[9]);
1416 ws[9] = accum.monty_step(p[0], p_dash);
1417 accum.mul(ws[0], p[10]);
1418 accum.mul(ws[1], p[9]);
1419 accum.mul(ws[2], p[8]);
1420 accum.mul(ws[3], p[7]);
1421 accum.mul(ws[4], p[6]);
1422 accum.mul(ws[5], p[5]);
1423 accum.mul(ws[6], p[4]);
1424 accum.mul(ws[7], p[3]);
1425 accum.mul(ws[8], p[2]);
1426 accum.mul(ws[9], p[1]);
1427 accum.add(z[10]);
1428 ws[10] = accum.monty_step(p[0], p_dash);
1429 accum.mul(ws[0], p[11]);
1430 accum.mul(ws[1], p[10]);
1431 accum.mul(ws[2], p[9]);
1432 accum.mul(ws[3], p[8]);
1433 accum.mul(ws[4], p[7]);
1434 accum.mul(ws[5], p[6]);
1435 accum.mul(ws[6], p[5]);
1436 accum.mul(ws[7], p[4]);
1437 accum.mul(ws[8], p[3]);
1438 accum.mul(ws[9], p[2]);
1439 accum.mul(ws[10], p[1]);
1440 accum.add(z[11]);
1441 ws[11] = accum.monty_step(p[0], p_dash);
1442 accum.mul(ws[0], p[12]);
1443 accum.mul(ws[1], p[11]);
1444 accum.mul(ws[2], p[10]);
1445 accum.mul(ws[3], p[9]);
1446 accum.mul(ws[4], p[8]);
1447 accum.mul(ws[5], p[7]);
1448 accum.mul(ws[6], p[6]);
1449 accum.mul(ws[7], p[5]);
1450 accum.mul(ws[8], p[4]);
1451 accum.mul(ws[9], p[3]);
1452 accum.mul(ws[10], p[2]);
1453 accum.mul(ws[11], p[1]);
1454 accum.add(z[12]);
1455 ws[12] = accum.monty_step(p[0], p_dash);
1456 accum.mul(ws[0], p[13]);
1457 accum.mul(ws[1], p[12]);
1458 accum.mul(ws[2], p[11]);
1459 accum.mul(ws[3], p[10]);
1460 accum.mul(ws[4], p[9]);
1461 accum.mul(ws[5], p[8]);
1462 accum.mul(ws[6], p[7]);
1463 accum.mul(ws[7], p[6]);
1464 accum.mul(ws[8], p[5]);
1465 accum.mul(ws[9], p[4]);
1466 accum.mul(ws[10], p[3]);
1467 accum.mul(ws[11], p[2]);
1468 accum.mul(ws[12], p[1]);
1469 accum.add(z[13]);
1470 ws[13] = accum.monty_step(p[0], p_dash);
1471 accum.mul(ws[0], p[14]);
1472 accum.mul(ws[1], p[13]);
1473 accum.mul(ws[2], p[12]);
1474 accum.mul(ws[3], p[11]);
1475 accum.mul(ws[4], p[10]);
1476 accum.mul(ws[5], p[9]);
1477 accum.mul(ws[6], p[8]);
1478 accum.mul(ws[7], p[7]);
1479 accum.mul(ws[8], p[6]);
1480 accum.mul(ws[9], p[5]);
1481 accum.mul(ws[10], p[4]);
1482 accum.mul(ws[11], p[3]);
1483 accum.mul(ws[12], p[2]);
1484 accum.mul(ws[13], p[1]);
1485 accum.add(z[14]);
1486 ws[14] = accum.monty_step(p[0], p_dash);
1487 accum.mul(ws[0], p[15]);
1488 accum.mul(ws[1], p[14]);
1489 accum.mul(ws[2], p[13]);
1490 accum.mul(ws[3], p[12]);
1491 accum.mul(ws[4], p[11]);
1492 accum.mul(ws[5], p[10]);
1493 accum.mul(ws[6], p[9]);
1494 accum.mul(ws[7], p[8]);
1495 accum.mul(ws[8], p[7]);
1496 accum.mul(ws[9], p[6]);
1497 accum.mul(ws[10], p[5]);
1498 accum.mul(ws[11], p[4]);
1499 accum.mul(ws[12], p[3]);
1500 accum.mul(ws[13], p[2]);
1501 accum.mul(ws[14], p[1]);
1502 accum.add(z[15]);
1503 ws[15] = accum.monty_step(p[0], p_dash);
1504 accum.mul(ws[0], p[16]);
1505 accum.mul(ws[1], p[15]);
1506 accum.mul(ws[2], p[14]);
1507 accum.mul(ws[3], p[13]);
1508 accum.mul(ws[4], p[12]);
1509 accum.mul(ws[5], p[11]);
1510 accum.mul(ws[6], p[10]);
1511 accum.mul(ws[7], p[9]);
1512 accum.mul(ws[8], p[8]);
1513 accum.mul(ws[9], p[7]);
1514 accum.mul(ws[10], p[6]);
1515 accum.mul(ws[11], p[5]);
1516 accum.mul(ws[12], p[4]);
1517 accum.mul(ws[13], p[3]);
1518 accum.mul(ws[14], p[2]);
1519 accum.mul(ws[15], p[1]);
1520 accum.add(z[16]);
1521 ws[16] = accum.monty_step(p[0], p_dash);
1522 accum.mul(ws[0], p[17]);
1523 accum.mul(ws[1], p[16]);
1524 accum.mul(ws[2], p[15]);
1525 accum.mul(ws[3], p[14]);
1526 accum.mul(ws[4], p[13]);
1527 accum.mul(ws[5], p[12]);
1528 accum.mul(ws[6], p[11]);
1529 accum.mul(ws[7], p[10]);
1530 accum.mul(ws[8], p[9]);
1531 accum.mul(ws[9], p[8]);
1532 accum.mul(ws[10], p[7]);
1533 accum.mul(ws[11], p[6]);
1534 accum.mul(ws[12], p[5]);
1535 accum.mul(ws[13], p[4]);
1536 accum.mul(ws[14], p[3]);
1537 accum.mul(ws[15], p[2]);
1538 accum.mul(ws[16], p[1]);
1539 accum.add(z[17]);
1540 ws[17] = accum.monty_step(p[0], p_dash);
1541 accum.mul(ws[0], p[18]);
1542 accum.mul(ws[1], p[17]);
1543 accum.mul(ws[2], p[16]);
1544 accum.mul(ws[3], p[15]);
1545 accum.mul(ws[4], p[14]);
1546 accum.mul(ws[5], p[13]);
1547 accum.mul(ws[6], p[12]);
1548 accum.mul(ws[7], p[11]);
1549 accum.mul(ws[8], p[10]);
1550 accum.mul(ws[9], p[9]);
1551 accum.mul(ws[10], p[8]);
1552 accum.mul(ws[11], p[7]);
1553 accum.mul(ws[12], p[6]);
1554 accum.mul(ws[13], p[5]);
1555 accum.mul(ws[14], p[4]);
1556 accum.mul(ws[15], p[3]);
1557 accum.mul(ws[16], p[2]);
1558 accum.mul(ws[17], p[1]);
1559 accum.add(z[18]);
1560 ws[18] = accum.monty_step(p[0], p_dash);
1561 accum.mul(ws[0], p[19]);
1562 accum.mul(ws[1], p[18]);
1563 accum.mul(ws[2], p[17]);
1564 accum.mul(ws[3], p[16]);
1565 accum.mul(ws[4], p[15]);
1566 accum.mul(ws[5], p[14]);
1567 accum.mul(ws[6], p[13]);
1568 accum.mul(ws[7], p[12]);
1569 accum.mul(ws[8], p[11]);
1570 accum.mul(ws[9], p[10]);
1571 accum.mul(ws[10], p[9]);
1572 accum.mul(ws[11], p[8]);
1573 accum.mul(ws[12], p[7]);
1574 accum.mul(ws[13], p[6]);
1575 accum.mul(ws[14], p[5]);
1576 accum.mul(ws[15], p[4]);
1577 accum.mul(ws[16], p[3]);
1578 accum.mul(ws[17], p[2]);
1579 accum.mul(ws[18], p[1]);
1580 accum.add(z[19]);
1581 ws[19] = accum.monty_step(p[0], p_dash);
1582 accum.mul(ws[0], p[20]);
1583 accum.mul(ws[1], p[19]);
1584 accum.mul(ws[2], p[18]);
1585 accum.mul(ws[3], p[17]);
1586 accum.mul(ws[4], p[16]);
1587 accum.mul(ws[5], p[15]);
1588 accum.mul(ws[6], p[14]);
1589 accum.mul(ws[7], p[13]);
1590 accum.mul(ws[8], p[12]);
1591 accum.mul(ws[9], p[11]);
1592 accum.mul(ws[10], p[10]);
1593 accum.mul(ws[11], p[9]);
1594 accum.mul(ws[12], p[8]);
1595 accum.mul(ws[13], p[7]);
1596 accum.mul(ws[14], p[6]);
1597 accum.mul(ws[15], p[5]);
1598 accum.mul(ws[16], p[4]);
1599 accum.mul(ws[17], p[3]);
1600 accum.mul(ws[18], p[2]);
1601 accum.mul(ws[19], p[1]);
1602 accum.add(z[20]);
1603 ws[20] = accum.monty_step(p[0], p_dash);
1604 accum.mul(ws[0], p[21]);
1605 accum.mul(ws[1], p[20]);
1606 accum.mul(ws[2], p[19]);
1607 accum.mul(ws[3], p[18]);
1608 accum.mul(ws[4], p[17]);
1609 accum.mul(ws[5], p[16]);
1610 accum.mul(ws[6], p[15]);
1611 accum.mul(ws[7], p[14]);
1612 accum.mul(ws[8], p[13]);
1613 accum.mul(ws[9], p[12]);
1614 accum.mul(ws[10], p[11]);
1615 accum.mul(ws[11], p[10]);
1616 accum.mul(ws[12], p[9]);
1617 accum.mul(ws[13], p[8]);
1618 accum.mul(ws[14], p[7]);
1619 accum.mul(ws[15], p[6]);
1620 accum.mul(ws[16], p[5]);
1621 accum.mul(ws[17], p[4]);
1622 accum.mul(ws[18], p[3]);
1623 accum.mul(ws[19], p[2]);
1624 accum.mul(ws[20], p[1]);
1625 accum.add(z[21]);
1626 ws[21] = accum.monty_step(p[0], p_dash);
1627 accum.mul(ws[0], p[22]);
1628 accum.mul(ws[1], p[21]);
1629 accum.mul(ws[2], p[20]);
1630 accum.mul(ws[3], p[19]);
1631 accum.mul(ws[4], p[18]);
1632 accum.mul(ws[5], p[17]);
1633 accum.mul(ws[6], p[16]);
1634 accum.mul(ws[7], p[15]);
1635 accum.mul(ws[8], p[14]);
1636 accum.mul(ws[9], p[13]);
1637 accum.mul(ws[10], p[12]);
1638 accum.mul(ws[11], p[11]);
1639 accum.mul(ws[12], p[10]);
1640 accum.mul(ws[13], p[9]);
1641 accum.mul(ws[14], p[8]);
1642 accum.mul(ws[15], p[7]);
1643 accum.mul(ws[16], p[6]);
1644 accum.mul(ws[17], p[5]);
1645 accum.mul(ws[18], p[4]);
1646 accum.mul(ws[19], p[3]);
1647 accum.mul(ws[20], p[2]);
1648 accum.mul(ws[21], p[1]);
1649 accum.add(z[22]);
1650 ws[22] = accum.monty_step(p[0], p_dash);
1651 accum.mul(ws[0], p[23]);
1652 accum.mul(ws[1], p[22]);
1653 accum.mul(ws[2], p[21]);
1654 accum.mul(ws[3], p[20]);
1655 accum.mul(ws[4], p[19]);
1656 accum.mul(ws[5], p[18]);
1657 accum.mul(ws[6], p[17]);
1658 accum.mul(ws[7], p[16]);
1659 accum.mul(ws[8], p[15]);
1660 accum.mul(ws[9], p[14]);
1661 accum.mul(ws[10], p[13]);
1662 accum.mul(ws[11], p[12]);
1663 accum.mul(ws[12], p[11]);
1664 accum.mul(ws[13], p[10]);
1665 accum.mul(ws[14], p[9]);
1666 accum.mul(ws[15], p[8]);
1667 accum.mul(ws[16], p[7]);
1668 accum.mul(ws[17], p[6]);
1669 accum.mul(ws[18], p[5]);
1670 accum.mul(ws[19], p[4]);
1671 accum.mul(ws[20], p[3]);
1672 accum.mul(ws[21], p[2]);
1673 accum.mul(ws[22], p[1]);
1674 accum.add(z[23]);
1675 ws[23] = accum.monty_step(p[0], p_dash);
1676 accum.mul(ws[0], p[24]);
1677 accum.mul(ws[1], p[23]);
1678 accum.mul(ws[2], p[22]);
1679 accum.mul(ws[3], p[21]);
1680 accum.mul(ws[4], p[20]);
1681 accum.mul(ws[5], p[19]);
1682 accum.mul(ws[6], p[18]);
1683 accum.mul(ws[7], p[17]);
1684 accum.mul(ws[8], p[16]);
1685 accum.mul(ws[9], p[15]);
1686 accum.mul(ws[10], p[14]);
1687 accum.mul(ws[11], p[13]);
1688 accum.mul(ws[12], p[12]);
1689 accum.mul(ws[13], p[11]);
1690 accum.mul(ws[14], p[10]);
1691 accum.mul(ws[15], p[9]);
1692 accum.mul(ws[16], p[8]);
1693 accum.mul(ws[17], p[7]);
1694 accum.mul(ws[18], p[6]);
1695 accum.mul(ws[19], p[5]);
1696 accum.mul(ws[20], p[4]);
1697 accum.mul(ws[21], p[3]);
1698 accum.mul(ws[22], p[2]);
1699 accum.mul(ws[23], p[1]);
1700 accum.add(z[24]);
1701 ws[24] = accum.monty_step(p[0], p_dash);
1702 accum.mul(ws[0], p[25]);
1703 accum.mul(ws[1], p[24]);
1704 accum.mul(ws[2], p[23]);
1705 accum.mul(ws[3], p[22]);
1706 accum.mul(ws[4], p[21]);
1707 accum.mul(ws[5], p[20]);
1708 accum.mul(ws[6], p[19]);
1709 accum.mul(ws[7], p[18]);
1710 accum.mul(ws[8], p[17]);
1711 accum.mul(ws[9], p[16]);
1712 accum.mul(ws[10], p[15]);
1713 accum.mul(ws[11], p[14]);
1714 accum.mul(ws[12], p[13]);
1715 accum.mul(ws[13], p[12]);
1716 accum.mul(ws[14], p[11]);
1717 accum.mul(ws[15], p[10]);
1718 accum.mul(ws[16], p[9]);
1719 accum.mul(ws[17], p[8]);
1720 accum.mul(ws[18], p[7]);
1721 accum.mul(ws[19], p[6]);
1722 accum.mul(ws[20], p[5]);
1723 accum.mul(ws[21], p[4]);
1724 accum.mul(ws[22], p[3]);
1725 accum.mul(ws[23], p[2]);
1726 accum.mul(ws[24], p[1]);
1727 accum.add(z[25]);
1728 ws[25] = accum.monty_step(p[0], p_dash);
1729 accum.mul(ws[0], p[26]);
1730 accum.mul(ws[1], p[25]);
1731 accum.mul(ws[2], p[24]);
1732 accum.mul(ws[3], p[23]);
1733 accum.mul(ws[4], p[22]);
1734 accum.mul(ws[5], p[21]);
1735 accum.mul(ws[6], p[20]);
1736 accum.mul(ws[7], p[19]);
1737 accum.mul(ws[8], p[18]);
1738 accum.mul(ws[9], p[17]);
1739 accum.mul(ws[10], p[16]);
1740 accum.mul(ws[11], p[15]);
1741 accum.mul(ws[12], p[14]);
1742 accum.mul(ws[13], p[13]);
1743 accum.mul(ws[14], p[12]);
1744 accum.mul(ws[15], p[11]);
1745 accum.mul(ws[16], p[10]);
1746 accum.mul(ws[17], p[9]);
1747 accum.mul(ws[18], p[8]);
1748 accum.mul(ws[19], p[7]);
1749 accum.mul(ws[20], p[6]);
1750 accum.mul(ws[21], p[5]);
1751 accum.mul(ws[22], p[4]);
1752 accum.mul(ws[23], p[3]);
1753 accum.mul(ws[24], p[2]);
1754 accum.mul(ws[25], p[1]);
1755 accum.add(z[26]);
1756 ws[26] = accum.monty_step(p[0], p_dash);
1757 accum.mul(ws[0], p[27]);
1758 accum.mul(ws[1], p[26]);
1759 accum.mul(ws[2], p[25]);
1760 accum.mul(ws[3], p[24]);
1761 accum.mul(ws[4], p[23]);
1762 accum.mul(ws[5], p[22]);
1763 accum.mul(ws[6], p[21]);
1764 accum.mul(ws[7], p[20]);
1765 accum.mul(ws[8], p[19]);
1766 accum.mul(ws[9], p[18]);
1767 accum.mul(ws[10], p[17]);
1768 accum.mul(ws[11], p[16]);
1769 accum.mul(ws[12], p[15]);
1770 accum.mul(ws[13], p[14]);
1771 accum.mul(ws[14], p[13]);
1772 accum.mul(ws[15], p[12]);
1773 accum.mul(ws[16], p[11]);
1774 accum.mul(ws[17], p[10]);
1775 accum.mul(ws[18], p[9]);
1776 accum.mul(ws[19], p[8]);
1777 accum.mul(ws[20], p[7]);
1778 accum.mul(ws[21], p[6]);
1779 accum.mul(ws[22], p[5]);
1780 accum.mul(ws[23], p[4]);
1781 accum.mul(ws[24], p[3]);
1782 accum.mul(ws[25], p[2]);
1783 accum.mul(ws[26], p[1]);
1784 accum.add(z[27]);
1785 ws[27] = accum.monty_step(p[0], p_dash);
1786 accum.mul(ws[0], p[28]);
1787 accum.mul(ws[1], p[27]);
1788 accum.mul(ws[2], p[26]);
1789 accum.mul(ws[3], p[25]);
1790 accum.mul(ws[4], p[24]);
1791 accum.mul(ws[5], p[23]);
1792 accum.mul(ws[6], p[22]);
1793 accum.mul(ws[7], p[21]);
1794 accum.mul(ws[8], p[20]);
1795 accum.mul(ws[9], p[19]);
1796 accum.mul(ws[10], p[18]);
1797 accum.mul(ws[11], p[17]);
1798 accum.mul(ws[12], p[16]);
1799 accum.mul(ws[13], p[15]);
1800 accum.mul(ws[14], p[14]);
1801 accum.mul(ws[15], p[13]);
1802 accum.mul(ws[16], p[12]);
1803 accum.mul(ws[17], p[11]);
1804 accum.mul(ws[18], p[10]);
1805 accum.mul(ws[19], p[9]);
1806 accum.mul(ws[20], p[8]);
1807 accum.mul(ws[21], p[7]);
1808 accum.mul(ws[22], p[6]);
1809 accum.mul(ws[23], p[5]);
1810 accum.mul(ws[24], p[4]);
1811 accum.mul(ws[25], p[3]);
1812 accum.mul(ws[26], p[2]);
1813 accum.mul(ws[27], p[1]);
1814 accum.add(z[28]);
1815 ws[28] = accum.monty_step(p[0], p_dash);
1816 accum.mul(ws[0], p[29]);
1817 accum.mul(ws[1], p[28]);
1818 accum.mul(ws[2], p[27]);
1819 accum.mul(ws[3], p[26]);
1820 accum.mul(ws[4], p[25]);
1821 accum.mul(ws[5], p[24]);
1822 accum.mul(ws[6], p[23]);
1823 accum.mul(ws[7], p[22]);
1824 accum.mul(ws[8], p[21]);
1825 accum.mul(ws[9], p[20]);
1826 accum.mul(ws[10], p[19]);
1827 accum.mul(ws[11], p[18]);
1828 accum.mul(ws[12], p[17]);
1829 accum.mul(ws[13], p[16]);
1830 accum.mul(ws[14], p[15]);
1831 accum.mul(ws[15], p[14]);
1832 accum.mul(ws[16], p[13]);
1833 accum.mul(ws[17], p[12]);
1834 accum.mul(ws[18], p[11]);
1835 accum.mul(ws[19], p[10]);
1836 accum.mul(ws[20], p[9]);
1837 accum.mul(ws[21], p[8]);
1838 accum.mul(ws[22], p[7]);
1839 accum.mul(ws[23], p[6]);
1840 accum.mul(ws[24], p[5]);
1841 accum.mul(ws[25], p[4]);
1842 accum.mul(ws[26], p[3]);
1843 accum.mul(ws[27], p[2]);
1844 accum.mul(ws[28], p[1]);
1845 accum.add(z[29]);
1846 ws[29] = accum.monty_step(p[0], p_dash);
1847 accum.mul(ws[0], p[30]);
1848 accum.mul(ws[1], p[29]);
1849 accum.mul(ws[2], p[28]);
1850 accum.mul(ws[3], p[27]);
1851 accum.mul(ws[4], p[26]);
1852 accum.mul(ws[5], p[25]);
1853 accum.mul(ws[6], p[24]);
1854 accum.mul(ws[7], p[23]);
1855 accum.mul(ws[8], p[22]);
1856 accum.mul(ws[9], p[21]);
1857 accum.mul(ws[10], p[20]);
1858 accum.mul(ws[11], p[19]);
1859 accum.mul(ws[12], p[18]);
1860 accum.mul(ws[13], p[17]);
1861 accum.mul(ws[14], p[16]);
1862 accum.mul(ws[15], p[15]);
1863 accum.mul(ws[16], p[14]);
1864 accum.mul(ws[17], p[13]);
1865 accum.mul(ws[18], p[12]);
1866 accum.mul(ws[19], p[11]);
1867 accum.mul(ws[20], p[10]);
1868 accum.mul(ws[21], p[9]);
1869 accum.mul(ws[22], p[8]);
1870 accum.mul(ws[23], p[7]);
1871 accum.mul(ws[24], p[6]);
1872 accum.mul(ws[25], p[5]);
1873 accum.mul(ws[26], p[4]);
1874 accum.mul(ws[27], p[3]);
1875 accum.mul(ws[28], p[2]);
1876 accum.mul(ws[29], p[1]);
1877 accum.add(z[30]);
1878 ws[30] = accum.monty_step(p[0], p_dash);
1879 accum.mul(ws[0], p[31]);
1880 accum.mul(ws[1], p[30]);
1881 accum.mul(ws[2], p[29]);
1882 accum.mul(ws[3], p[28]);
1883 accum.mul(ws[4], p[27]);
1884 accum.mul(ws[5], p[26]);
1885 accum.mul(ws[6], p[25]);
1886 accum.mul(ws[7], p[24]);
1887 accum.mul(ws[8], p[23]);
1888 accum.mul(ws[9], p[22]);
1889 accum.mul(ws[10], p[21]);
1890 accum.mul(ws[11], p[20]);
1891 accum.mul(ws[12], p[19]);
1892 accum.mul(ws[13], p[18]);
1893 accum.mul(ws[14], p[17]);
1894 accum.mul(ws[15], p[16]);
1895 accum.mul(ws[16], p[15]);
1896 accum.mul(ws[17], p[14]);
1897 accum.mul(ws[18], p[13]);
1898 accum.mul(ws[19], p[12]);
1899 accum.mul(ws[20], p[11]);
1900 accum.mul(ws[21], p[10]);
1901 accum.mul(ws[22], p[9]);
1902 accum.mul(ws[23], p[8]);
1903 accum.mul(ws[24], p[7]);
1904 accum.mul(ws[25], p[6]);
1905 accum.mul(ws[26], p[5]);
1906 accum.mul(ws[27], p[4]);
1907 accum.mul(ws[28], p[3]);
1908 accum.mul(ws[29], p[2]);
1909 accum.mul(ws[30], p[1]);
1910 accum.add(z[31]);
1911 ws[31] = accum.monty_step(p[0], p_dash);
1912 accum.mul(ws[1], p[31]);
1913 accum.mul(ws[2], p[30]);
1914 accum.mul(ws[3], p[29]);
1915 accum.mul(ws[4], p[28]);
1916 accum.mul(ws[5], p[27]);
1917 accum.mul(ws[6], p[26]);
1918 accum.mul(ws[7], p[25]);
1919 accum.mul(ws[8], p[24]);
1920 accum.mul(ws[9], p[23]);
1921 accum.mul(ws[10], p[22]);
1922 accum.mul(ws[11], p[21]);
1923 accum.mul(ws[12], p[20]);
1924 accum.mul(ws[13], p[19]);
1925 accum.mul(ws[14], p[18]);
1926 accum.mul(ws[15], p[17]);
1927 accum.mul(ws[16], p[16]);
1928 accum.mul(ws[17], p[15]);
1929 accum.mul(ws[18], p[14]);
1930 accum.mul(ws[19], p[13]);
1931 accum.mul(ws[20], p[12]);
1932 accum.mul(ws[21], p[11]);
1933 accum.mul(ws[22], p[10]);
1934 accum.mul(ws[23], p[9]);
1935 accum.mul(ws[24], p[8]);
1936 accum.mul(ws[25], p[7]);
1937 accum.mul(ws[26], p[6]);
1938 accum.mul(ws[27], p[5]);
1939 accum.mul(ws[28], p[4]);
1940 accum.mul(ws[29], p[3]);
1941 accum.mul(ws[30], p[2]);
1942 accum.mul(ws[31], p[1]);
1943 accum.add(z[32]);
1944 ws[0] = accum.extract();
1945 accum.mul(ws[2], p[31]);
1946 accum.mul(ws[3], p[30]);
1947 accum.mul(ws[4], p[29]);
1948 accum.mul(ws[5], p[28]);
1949 accum.mul(ws[6], p[27]);
1950 accum.mul(ws[7], p[26]);
1951 accum.mul(ws[8], p[25]);
1952 accum.mul(ws[9], p[24]);
1953 accum.mul(ws[10], p[23]);
1954 accum.mul(ws[11], p[22]);
1955 accum.mul(ws[12], p[21]);
1956 accum.mul(ws[13], p[20]);
1957 accum.mul(ws[14], p[19]);
1958 accum.mul(ws[15], p[18]);
1959 accum.mul(ws[16], p[17]);
1960 accum.mul(ws[17], p[16]);
1961 accum.mul(ws[18], p[15]);
1962 accum.mul(ws[19], p[14]);
1963 accum.mul(ws[20], p[13]);
1964 accum.mul(ws[21], p[12]);
1965 accum.mul(ws[22], p[11]);
1966 accum.mul(ws[23], p[10]);
1967 accum.mul(ws[24], p[9]);
1968 accum.mul(ws[25], p[8]);
1969 accum.mul(ws[26], p[7]);
1970 accum.mul(ws[27], p[6]);
1971 accum.mul(ws[28], p[5]);
1972 accum.mul(ws[29], p[4]);
1973 accum.mul(ws[30], p[3]);
1974 accum.mul(ws[31], p[2]);
1975 accum.add(z[33]);
1976 ws[1] = accum.extract();
1977 accum.mul(ws[3], p[31]);
1978 accum.mul(ws[4], p[30]);
1979 accum.mul(ws[5], p[29]);
1980 accum.mul(ws[6], p[28]);
1981 accum.mul(ws[7], p[27]);
1982 accum.mul(ws[8], p[26]);
1983 accum.mul(ws[9], p[25]);
1984 accum.mul(ws[10], p[24]);
1985 accum.mul(ws[11], p[23]);
1986 accum.mul(ws[12], p[22]);
1987 accum.mul(ws[13], p[21]);
1988 accum.mul(ws[14], p[20]);
1989 accum.mul(ws[15], p[19]);
1990 accum.mul(ws[16], p[18]);
1991 accum.mul(ws[17], p[17]);
1992 accum.mul(ws[18], p[16]);
1993 accum.mul(ws[19], p[15]);
1994 accum.mul(ws[20], p[14]);
1995 accum.mul(ws[21], p[13]);
1996 accum.mul(ws[22], p[12]);
1997 accum.mul(ws[23], p[11]);
1998 accum.mul(ws[24], p[10]);
1999 accum.mul(ws[25], p[9]);
2000 accum.mul(ws[26], p[8]);
2001 accum.mul(ws[27], p[7]);
2002 accum.mul(ws[28], p[6]);
2003 accum.mul(ws[29], p[5]);
2004 accum.mul(ws[30], p[4]);
2005 accum.mul(ws[31], p[3]);
2006 accum.add(z[34]);
2007 ws[2] = accum.extract();
2008 accum.mul(ws[4], p[31]);
2009 accum.mul(ws[5], p[30]);
2010 accum.mul(ws[6], p[29]);
2011 accum.mul(ws[7], p[28]);
2012 accum.mul(ws[8], p[27]);
2013 accum.mul(ws[9], p[26]);
2014 accum.mul(ws[10], p[25]);
2015 accum.mul(ws[11], p[24]);
2016 accum.mul(ws[12], p[23]);
2017 accum.mul(ws[13], p[22]);
2018 accum.mul(ws[14], p[21]);
2019 accum.mul(ws[15], p[20]);
2020 accum.mul(ws[16], p[19]);
2021 accum.mul(ws[17], p[18]);
2022 accum.mul(ws[18], p[17]);
2023 accum.mul(ws[19], p[16]);
2024 accum.mul(ws[20], p[15]);
2025 accum.mul(ws[21], p[14]);
2026 accum.mul(ws[22], p[13]);
2027 accum.mul(ws[23], p[12]);
2028 accum.mul(ws[24], p[11]);
2029 accum.mul(ws[25], p[10]);
2030 accum.mul(ws[26], p[9]);
2031 accum.mul(ws[27], p[8]);
2032 accum.mul(ws[28], p[7]);
2033 accum.mul(ws[29], p[6]);
2034 accum.mul(ws[30], p[5]);
2035 accum.mul(ws[31], p[4]);
2036 accum.add(z[35]);
2037 ws[3] = accum.extract();
2038 accum.mul(ws[5], p[31]);
2039 accum.mul(ws[6], p[30]);
2040 accum.mul(ws[7], p[29]);
2041 accum.mul(ws[8], p[28]);
2042 accum.mul(ws[9], p[27]);
2043 accum.mul(ws[10], p[26]);
2044 accum.mul(ws[11], p[25]);
2045 accum.mul(ws[12], p[24]);
2046 accum.mul(ws[13], p[23]);
2047 accum.mul(ws[14], p[22]);
2048 accum.mul(ws[15], p[21]);
2049 accum.mul(ws[16], p[20]);
2050 accum.mul(ws[17], p[19]);
2051 accum.mul(ws[18], p[18]);
2052 accum.mul(ws[19], p[17]);
2053 accum.mul(ws[20], p[16]);
2054 accum.mul(ws[21], p[15]);
2055 accum.mul(ws[22], p[14]);
2056 accum.mul(ws[23], p[13]);
2057 accum.mul(ws[24], p[12]);
2058 accum.mul(ws[25], p[11]);
2059 accum.mul(ws[26], p[10]);
2060 accum.mul(ws[27], p[9]);
2061 accum.mul(ws[28], p[8]);
2062 accum.mul(ws[29], p[7]);
2063 accum.mul(ws[30], p[6]);
2064 accum.mul(ws[31], p[5]);
2065 accum.add(z[36]);
2066 ws[4] = accum.extract();
2067 accum.mul(ws[6], p[31]);
2068 accum.mul(ws[7], p[30]);
2069 accum.mul(ws[8], p[29]);
2070 accum.mul(ws[9], p[28]);
2071 accum.mul(ws[10], p[27]);
2072 accum.mul(ws[11], p[26]);
2073 accum.mul(ws[12], p[25]);
2074 accum.mul(ws[13], p[24]);
2075 accum.mul(ws[14], p[23]);
2076 accum.mul(ws[15], p[22]);
2077 accum.mul(ws[16], p[21]);
2078 accum.mul(ws[17], p[20]);
2079 accum.mul(ws[18], p[19]);
2080 accum.mul(ws[19], p[18]);
2081 accum.mul(ws[20], p[17]);
2082 accum.mul(ws[21], p[16]);
2083 accum.mul(ws[22], p[15]);
2084 accum.mul(ws[23], p[14]);
2085 accum.mul(ws[24], p[13]);
2086 accum.mul(ws[25], p[12]);
2087 accum.mul(ws[26], p[11]);
2088 accum.mul(ws[27], p[10]);
2089 accum.mul(ws[28], p[9]);
2090 accum.mul(ws[29], p[8]);
2091 accum.mul(ws[30], p[7]);
2092 accum.mul(ws[31], p[6]);
2093 accum.add(z[37]);
2094 ws[5] = accum.extract();
2095 accum.mul(ws[7], p[31]);
2096 accum.mul(ws[8], p[30]);
2097 accum.mul(ws[9], p[29]);
2098 accum.mul(ws[10], p[28]);
2099 accum.mul(ws[11], p[27]);
2100 accum.mul(ws[12], p[26]);
2101 accum.mul(ws[13], p[25]);
2102 accum.mul(ws[14], p[24]);
2103 accum.mul(ws[15], p[23]);
2104 accum.mul(ws[16], p[22]);
2105 accum.mul(ws[17], p[21]);
2106 accum.mul(ws[18], p[20]);
2107 accum.mul(ws[19], p[19]);
2108 accum.mul(ws[20], p[18]);
2109 accum.mul(ws[21], p[17]);
2110 accum.mul(ws[22], p[16]);
2111 accum.mul(ws[23], p[15]);
2112 accum.mul(ws[24], p[14]);
2113 accum.mul(ws[25], p[13]);
2114 accum.mul(ws[26], p[12]);
2115 accum.mul(ws[27], p[11]);
2116 accum.mul(ws[28], p[10]);
2117 accum.mul(ws[29], p[9]);
2118 accum.mul(ws[30], p[8]);
2119 accum.mul(ws[31], p[7]);
2120 accum.add(z[38]);
2121 ws[6] = accum.extract();
2122 accum.mul(ws[8], p[31]);
2123 accum.mul(ws[9], p[30]);
2124 accum.mul(ws[10], p[29]);
2125 accum.mul(ws[11], p[28]);
2126 accum.mul(ws[12], p[27]);
2127 accum.mul(ws[13], p[26]);
2128 accum.mul(ws[14], p[25]);
2129 accum.mul(ws[15], p[24]);
2130 accum.mul(ws[16], p[23]);
2131 accum.mul(ws[17], p[22]);
2132 accum.mul(ws[18], p[21]);
2133 accum.mul(ws[19], p[20]);
2134 accum.mul(ws[20], p[19]);
2135 accum.mul(ws[21], p[18]);
2136 accum.mul(ws[22], p[17]);
2137 accum.mul(ws[23], p[16]);
2138 accum.mul(ws[24], p[15]);
2139 accum.mul(ws[25], p[14]);
2140 accum.mul(ws[26], p[13]);
2141 accum.mul(ws[27], p[12]);
2142 accum.mul(ws[28], p[11]);
2143 accum.mul(ws[29], p[10]);
2144 accum.mul(ws[30], p[9]);
2145 accum.mul(ws[31], p[8]);
2146 accum.add(z[39]);
2147 ws[7] = accum.extract();
2148 accum.mul(ws[9], p[31]);
2149 accum.mul(ws[10], p[30]);
2150 accum.mul(ws[11], p[29]);
2151 accum.mul(ws[12], p[28]);
2152 accum.mul(ws[13], p[27]);
2153 accum.mul(ws[14], p[26]);
2154 accum.mul(ws[15], p[25]);
2155 accum.mul(ws[16], p[24]);
2156 accum.mul(ws[17], p[23]);
2157 accum.mul(ws[18], p[22]);
2158 accum.mul(ws[19], p[21]);
2159 accum.mul(ws[20], p[20]);
2160 accum.mul(ws[21], p[19]);
2161 accum.mul(ws[22], p[18]);
2162 accum.mul(ws[23], p[17]);
2163 accum.mul(ws[24], p[16]);
2164 accum.mul(ws[25], p[15]);
2165 accum.mul(ws[26], p[14]);
2166 accum.mul(ws[27], p[13]);
2167 accum.mul(ws[28], p[12]);
2168 accum.mul(ws[29], p[11]);
2169 accum.mul(ws[30], p[10]);
2170 accum.mul(ws[31], p[9]);
2171 accum.add(z[40]);
2172 ws[8] = accum.extract();
2173 accum.mul(ws[10], p[31]);
2174 accum.mul(ws[11], p[30]);
2175 accum.mul(ws[12], p[29]);
2176 accum.mul(ws[13], p[28]);
2177 accum.mul(ws[14], p[27]);
2178 accum.mul(ws[15], p[26]);
2179 accum.mul(ws[16], p[25]);
2180 accum.mul(ws[17], p[24]);
2181 accum.mul(ws[18], p[23]);
2182 accum.mul(ws[19], p[22]);
2183 accum.mul(ws[20], p[21]);
2184 accum.mul(ws[21], p[20]);
2185 accum.mul(ws[22], p[19]);
2186 accum.mul(ws[23], p[18]);
2187 accum.mul(ws[24], p[17]);
2188 accum.mul(ws[25], p[16]);
2189 accum.mul(ws[26], p[15]);
2190 accum.mul(ws[27], p[14]);
2191 accum.mul(ws[28], p[13]);
2192 accum.mul(ws[29], p[12]);
2193 accum.mul(ws[30], p[11]);
2194 accum.mul(ws[31], p[10]);
2195 accum.add(z[41]);
2196 ws[9] = accum.extract();
2197 accum.mul(ws[11], p[31]);
2198 accum.mul(ws[12], p[30]);
2199 accum.mul(ws[13], p[29]);
2200 accum.mul(ws[14], p[28]);
2201 accum.mul(ws[15], p[27]);
2202 accum.mul(ws[16], p[26]);
2203 accum.mul(ws[17], p[25]);
2204 accum.mul(ws[18], p[24]);
2205 accum.mul(ws[19], p[23]);
2206 accum.mul(ws[20], p[22]);
2207 accum.mul(ws[21], p[21]);
2208 accum.mul(ws[22], p[20]);
2209 accum.mul(ws[23], p[19]);
2210 accum.mul(ws[24], p[18]);
2211 accum.mul(ws[25], p[17]);
2212 accum.mul(ws[26], p[16]);
2213 accum.mul(ws[27], p[15]);
2214 accum.mul(ws[28], p[14]);
2215 accum.mul(ws[29], p[13]);
2216 accum.mul(ws[30], p[12]);
2217 accum.mul(ws[31], p[11]);
2218 accum.add(z[42]);
2219 ws[10] = accum.extract();
2220 accum.mul(ws[12], p[31]);
2221 accum.mul(ws[13], p[30]);
2222 accum.mul(ws[14], p[29]);
2223 accum.mul(ws[15], p[28]);
2224 accum.mul(ws[16], p[27]);
2225 accum.mul(ws[17], p[26]);
2226 accum.mul(ws[18], p[25]);
2227 accum.mul(ws[19], p[24]);
2228 accum.mul(ws[20], p[23]);
2229 accum.mul(ws[21], p[22]);
2230 accum.mul(ws[22], p[21]);
2231 accum.mul(ws[23], p[20]);
2232 accum.mul(ws[24], p[19]);
2233 accum.mul(ws[25], p[18]);
2234 accum.mul(ws[26], p[17]);
2235 accum.mul(ws[27], p[16]);
2236 accum.mul(ws[28], p[15]);
2237 accum.mul(ws[29], p[14]);
2238 accum.mul(ws[30], p[13]);
2239 accum.mul(ws[31], p[12]);
2240 accum.add(z[43]);
2241 ws[11] = accum.extract();
2242 accum.mul(ws[13], p[31]);
2243 accum.mul(ws[14], p[30]);
2244 accum.mul(ws[15], p[29]);
2245 accum.mul(ws[16], p[28]);
2246 accum.mul(ws[17], p[27]);
2247 accum.mul(ws[18], p[26]);
2248 accum.mul(ws[19], p[25]);
2249 accum.mul(ws[20], p[24]);
2250 accum.mul(ws[21], p[23]);
2251 accum.mul(ws[22], p[22]);
2252 accum.mul(ws[23], p[21]);
2253 accum.mul(ws[24], p[20]);
2254 accum.mul(ws[25], p[19]);
2255 accum.mul(ws[26], p[18]);
2256 accum.mul(ws[27], p[17]);
2257 accum.mul(ws[28], p[16]);
2258 accum.mul(ws[29], p[15]);
2259 accum.mul(ws[30], p[14]);
2260 accum.mul(ws[31], p[13]);
2261 accum.add(z[44]);
2262 ws[12] = accum.extract();
2263 accum.mul(ws[14], p[31]);
2264 accum.mul(ws[15], p[30]);
2265 accum.mul(ws[16], p[29]);
2266 accum.mul(ws[17], p[28]);
2267 accum.mul(ws[18], p[27]);
2268 accum.mul(ws[19], p[26]);
2269 accum.mul(ws[20], p[25]);
2270 accum.mul(ws[21], p[24]);
2271 accum.mul(ws[22], p[23]);
2272 accum.mul(ws[23], p[22]);
2273 accum.mul(ws[24], p[21]);
2274 accum.mul(ws[25], p[20]);
2275 accum.mul(ws[26], p[19]);
2276 accum.mul(ws[27], p[18]);
2277 accum.mul(ws[28], p[17]);
2278 accum.mul(ws[29], p[16]);
2279 accum.mul(ws[30], p[15]);
2280 accum.mul(ws[31], p[14]);
2281 accum.add(z[45]);
2282 ws[13] = accum.extract();
2283 accum.mul(ws[15], p[31]);
2284 accum.mul(ws[16], p[30]);
2285 accum.mul(ws[17], p[29]);
2286 accum.mul(ws[18], p[28]);
2287 accum.mul(ws[19], p[27]);
2288 accum.mul(ws[20], p[26]);
2289 accum.mul(ws[21], p[25]);
2290 accum.mul(ws[22], p[24]);
2291 accum.mul(ws[23], p[23]);
2292 accum.mul(ws[24], p[22]);
2293 accum.mul(ws[25], p[21]);
2294 accum.mul(ws[26], p[20]);
2295 accum.mul(ws[27], p[19]);
2296 accum.mul(ws[28], p[18]);
2297 accum.mul(ws[29], p[17]);
2298 accum.mul(ws[30], p[16]);
2299 accum.mul(ws[31], p[15]);
2300 accum.add(z[46]);
2301 ws[14] = accum.extract();
2302 accum.mul(ws[16], p[31]);
2303 accum.mul(ws[17], p[30]);
2304 accum.mul(ws[18], p[29]);
2305 accum.mul(ws[19], p[28]);
2306 accum.mul(ws[20], p[27]);
2307 accum.mul(ws[21], p[26]);
2308 accum.mul(ws[22], p[25]);
2309 accum.mul(ws[23], p[24]);
2310 accum.mul(ws[24], p[23]);
2311 accum.mul(ws[25], p[22]);
2312 accum.mul(ws[26], p[21]);
2313 accum.mul(ws[27], p[20]);
2314 accum.mul(ws[28], p[19]);
2315 accum.mul(ws[29], p[18]);
2316 accum.mul(ws[30], p[17]);
2317 accum.mul(ws[31], p[16]);
2318 accum.add(z[47]);
2319 ws[15] = accum.extract();
2320 accum.mul(ws[17], p[31]);
2321 accum.mul(ws[18], p[30]);
2322 accum.mul(ws[19], p[29]);
2323 accum.mul(ws[20], p[28]);
2324 accum.mul(ws[21], p[27]);
2325 accum.mul(ws[22], p[26]);
2326 accum.mul(ws[23], p[25]);
2327 accum.mul(ws[24], p[24]);
2328 accum.mul(ws[25], p[23]);
2329 accum.mul(ws[26], p[22]);
2330 accum.mul(ws[27], p[21]);
2331 accum.mul(ws[28], p[20]);
2332 accum.mul(ws[29], p[19]);
2333 accum.mul(ws[30], p[18]);
2334 accum.mul(ws[31], p[17]);
2335 accum.add(z[48]);
2336 ws[16] = accum.extract();
2337 accum.mul(ws[18], p[31]);
2338 accum.mul(ws[19], p[30]);
2339 accum.mul(ws[20], p[29]);
2340 accum.mul(ws[21], p[28]);
2341 accum.mul(ws[22], p[27]);
2342 accum.mul(ws[23], p[26]);
2343 accum.mul(ws[24], p[25]);
2344 accum.mul(ws[25], p[24]);
2345 accum.mul(ws[26], p[23]);
2346 accum.mul(ws[27], p[22]);
2347 accum.mul(ws[28], p[21]);
2348 accum.mul(ws[29], p[20]);
2349 accum.mul(ws[30], p[19]);
2350 accum.mul(ws[31], p[18]);
2351 accum.add(z[49]);
2352 ws[17] = accum.extract();
2353 accum.mul(ws[19], p[31]);
2354 accum.mul(ws[20], p[30]);
2355 accum.mul(ws[21], p[29]);
2356 accum.mul(ws[22], p[28]);
2357 accum.mul(ws[23], p[27]);
2358 accum.mul(ws[24], p[26]);
2359 accum.mul(ws[25], p[25]);
2360 accum.mul(ws[26], p[24]);
2361 accum.mul(ws[27], p[23]);
2362 accum.mul(ws[28], p[22]);
2363 accum.mul(ws[29], p[21]);
2364 accum.mul(ws[30], p[20]);
2365 accum.mul(ws[31], p[19]);
2366 accum.add(z[50]);
2367 ws[18] = accum.extract();
2368 accum.mul(ws[20], p[31]);
2369 accum.mul(ws[21], p[30]);
2370 accum.mul(ws[22], p[29]);
2371 accum.mul(ws[23], p[28]);
2372 accum.mul(ws[24], p[27]);
2373 accum.mul(ws[25], p[26]);
2374 accum.mul(ws[26], p[25]);
2375 accum.mul(ws[27], p[24]);
2376 accum.mul(ws[28], p[23]);
2377 accum.mul(ws[29], p[22]);
2378 accum.mul(ws[30], p[21]);
2379 accum.mul(ws[31], p[20]);
2380 accum.add(z[51]);
2381 ws[19] = accum.extract();
2382 accum.mul(ws[21], p[31]);
2383 accum.mul(ws[22], p[30]);
2384 accum.mul(ws[23], p[29]);
2385 accum.mul(ws[24], p[28]);
2386 accum.mul(ws[25], p[27]);
2387 accum.mul(ws[26], p[26]);
2388 accum.mul(ws[27], p[25]);
2389 accum.mul(ws[28], p[24]);
2390 accum.mul(ws[29], p[23]);
2391 accum.mul(ws[30], p[22]);
2392 accum.mul(ws[31], p[21]);
2393 accum.add(z[52]);
2394 ws[20] = accum.extract();
2395 accum.mul(ws[22], p[31]);
2396 accum.mul(ws[23], p[30]);
2397 accum.mul(ws[24], p[29]);
2398 accum.mul(ws[25], p[28]);
2399 accum.mul(ws[26], p[27]);
2400 accum.mul(ws[27], p[26]);
2401 accum.mul(ws[28], p[25]);
2402 accum.mul(ws[29], p[24]);
2403 accum.mul(ws[30], p[23]);
2404 accum.mul(ws[31], p[22]);
2405 accum.add(z[53]);
2406 ws[21] = accum.extract();
2407 accum.mul(ws[23], p[31]);
2408 accum.mul(ws[24], p[30]);
2409 accum.mul(ws[25], p[29]);
2410 accum.mul(ws[26], p[28]);
2411 accum.mul(ws[27], p[27]);
2412 accum.mul(ws[28], p[26]);
2413 accum.mul(ws[29], p[25]);
2414 accum.mul(ws[30], p[24]);
2415 accum.mul(ws[31], p[23]);
2416 accum.add(z[54]);
2417 ws[22] = accum.extract();
2418 accum.mul(ws[24], p[31]);
2419 accum.mul(ws[25], p[30]);
2420 accum.mul(ws[26], p[29]);
2421 accum.mul(ws[27], p[28]);
2422 accum.mul(ws[28], p[27]);
2423 accum.mul(ws[29], p[26]);
2424 accum.mul(ws[30], p[25]);
2425 accum.mul(ws[31], p[24]);
2426 accum.add(z[55]);
2427 ws[23] = accum.extract();
2428 accum.mul(ws[25], p[31]);
2429 accum.mul(ws[26], p[30]);
2430 accum.mul(ws[27], p[29]);
2431 accum.mul(ws[28], p[28]);
2432 accum.mul(ws[29], p[27]);
2433 accum.mul(ws[30], p[26]);
2434 accum.mul(ws[31], p[25]);
2435 accum.add(z[56]);
2436 ws[24] = accum.extract();
2437 accum.mul(ws[26], p[31]);
2438 accum.mul(ws[27], p[30]);
2439 accum.mul(ws[28], p[29]);
2440 accum.mul(ws[29], p[28]);
2441 accum.mul(ws[30], p[27]);
2442 accum.mul(ws[31], p[26]);
2443 accum.add(z[57]);
2444 ws[25] = accum.extract();
2445 accum.mul(ws[27], p[31]);
2446 accum.mul(ws[28], p[30]);
2447 accum.mul(ws[29], p[29]);
2448 accum.mul(ws[30], p[28]);
2449 accum.mul(ws[31], p[27]);
2450 accum.add(z[58]);
2451 ws[26] = accum.extract();
2452 accum.mul(ws[28], p[31]);
2453 accum.mul(ws[29], p[30]);
2454 accum.mul(ws[30], p[29]);
2455 accum.mul(ws[31], p[28]);
2456 accum.add(z[59]);
2457 ws[27] = accum.extract();
2458 accum.mul(ws[29], p[31]);
2459 accum.mul(ws[30], p[30]);
2460 accum.mul(ws[31], p[29]);
2461 accum.add(z[60]);
2462 ws[28] = accum.extract();
2463 accum.mul(ws[30], p[31]);
2464 accum.mul(ws[31], p[30]);
2465 accum.add(z[61]);
2466 ws[29] = accum.extract();
2467 accum.mul(ws[31], p[31]);
2468 accum.add(z[62]);
2469 ws[30] = accum.extract();
2470 accum.add(z[63]);
2471 ws[31] = accum.extract();
2472 word w1 = accum.extract();
2473 bigint_monty_maybe_sub<32>(r, w1, ws, p);
2474}
2475
2476} // namespace Botan
Botan::word3::add
constexpr void add(W x)
Definition mp_asmi.h:520
Botan::word3::monty_step
constexpr W monty_step(W p0, W p_dash)
Definition mp_asmi.h:537
Botan::word3::extract
constexpr W extract()
Definition mp_asmi.h:529
Botan::word3::mul
constexpr void mul(W x, W y)
Definition mp_asmi.h:455
Botan::bigint_monty_redc_6
BOTAN_FUZZER_API void bigint_monty_redc_6(word r[6], const word z[12], const word p[6], word p_dash, word ws[6])
Definition mp_monty_n.cpp:46
Botan::bigint_monty_redc_24
BOTAN_FUZZER_API void bigint_monty_redc_24(word r[24], const word z[48], const word p[24], word p_dash, word ws[24])
Definition mp_monty_n.cpp:696
Botan::bigint_monty_redc_4
BOTAN_FUZZER_API void bigint_monty_redc_4(word r[4], const word z[8], const word p[4], word p_dash, word ws[4])
Definition mp_monty_n.cpp:12
Botan::bigint_monty_maybe_sub
constexpr void bigint_monty_maybe_sub(size_t N, W z[], W x0, const W x[], const W p[])
Definition mp_core.h:227
Botan::bigint_monty_redc_12
BOTAN_FUZZER_API void bigint_monty_redc_12(word r[12], const word z[24], const word p[12], word p_dash, word ws[12])
Definition mp_monty_n.cpp:200
Botan::bigint_monty_redc_16
BOTAN_FUZZER_API void bigint_monty_redc_16(word r[16], const word z[32], const word p[16], word p_dash, word ws[16])
Definition mp_monty_n.cpp:386
Botan::word
std::conditional_t< HasNative64BitRegisters, std::uint64_t, uint32_t > word
Definition types.h:119
Botan::bigint_monty_redc_8
BOTAN_FUZZER_API void bigint_monty_redc_8(word r[8], const word z[16], const word p[8], word p_dash, word ws[8])
Definition mp_monty_n.cpp:106
Botan::bigint_monty_redc_32
BOTAN_FUZZER_API void bigint_monty_redc_32(word r[32], const word z[64], const word p[32], word p_dash, word ws[32])
Definition mp_monty_n.cpp:1350
Generated by doxygen 1.15.0