Botan 3.8.1
Crypto and TLS for C&
mp_monty_n.cpp
Go to the documentation of this file.
1/*
2* This file was automatically generated by ./src/scripts/dev_tools/gen_mp_monty.py on 2025-02-01
3* All manual changes will be lost. Edit the script instead.
4*
5* Botan is released under the Simplified BSD License (see license.txt)
6*/
7
8#include <botan/internal/mp_core.h>
9
10#include <botan/internal/ct_utils.h>
11
12namespace Botan {
13
14void bigint_monty_redc_4(word r[4], const word z[8], const word p[4], word p_dash, word ws[4]) {
15 word3<word> accum;
16 accum.add(z[0]);
17 ws[0] = accum.monty_step(p[0], p_dash);
18 accum.mul(ws[0], p[1]);
19 accum.add(z[1]);
20 ws[1] = accum.monty_step(p[0], p_dash);
21 accum.mul(ws[0], p[2]);
22 accum.mul(ws[1], p[1]);
23 accum.add(z[2]);
24 ws[2] = accum.monty_step(p[0], p_dash);
25 accum.mul(ws[0], p[3]);
26 accum.mul(ws[1], p[2]);
27 accum.mul(ws[2], p[1]);
28 accum.add(z[3]);
29 ws[3] = accum.monty_step(p[0], p_dash);
30 accum.mul(ws[1], p[3]);
31 accum.mul(ws[2], p[2]);
32 accum.mul(ws[3], p[1]);
33 accum.add(z[4]);
34 ws[0] = accum.extract();
35 accum.mul(ws[2], p[3]);
36 accum.mul(ws[3], p[2]);
37 accum.add(z[5]);
38 ws[1] = accum.extract();
39 accum.mul(ws[3], p[3]);
40 accum.add(z[6]);
41 ws[2] = accum.extract();
42 accum.add(z[7]);
43 ws[3] = accum.extract();
44 word w1 = accum.extract();
45 bigint_monty_maybe_sub<4>(r, w1, ws, p);
46}
47
48void bigint_monty_redc_6(word r[6], const word z[12], const word p[6], word p_dash, word ws[6]) {
49 word3<word> accum;
50 accum.add(z[0]);
51 ws[0] = accum.monty_step(p[0], p_dash);
52 accum.mul(ws[0], p[1]);
53 accum.add(z[1]);
54 ws[1] = accum.monty_step(p[0], p_dash);
55 accum.mul(ws[0], p[2]);
56 accum.mul(ws[1], p[1]);
57 accum.add(z[2]);
58 ws[2] = accum.monty_step(p[0], p_dash);
59 accum.mul(ws[0], p[3]);
60 accum.mul(ws[1], p[2]);
61 accum.mul(ws[2], p[1]);
62 accum.add(z[3]);
63 ws[3] = accum.monty_step(p[0], p_dash);
64 accum.mul(ws[0], p[4]);
65 accum.mul(ws[1], p[3]);
66 accum.mul(ws[2], p[2]);
67 accum.mul(ws[3], p[1]);
68 accum.add(z[4]);
69 ws[4] = accum.monty_step(p[0], p_dash);
70 accum.mul(ws[0], p[5]);
71 accum.mul(ws[1], p[4]);
72 accum.mul(ws[2], p[3]);
73 accum.mul(ws[3], p[2]);
74 accum.mul(ws[4], p[1]);
75 accum.add(z[5]);
76 ws[5] = accum.monty_step(p[0], p_dash);
77 accum.mul(ws[1], p[5]);
78 accum.mul(ws[2], p[4]);
79 accum.mul(ws[3], p[3]);
80 accum.mul(ws[4], p[2]);
81 accum.mul(ws[5], p[1]);
82 accum.add(z[6]);
83 ws[0] = accum.extract();
84 accum.mul(ws[2], p[5]);
85 accum.mul(ws[3], p[4]);
86 accum.mul(ws[4], p[3]);
87 accum.mul(ws[5], p[2]);
88 accum.add(z[7]);
89 ws[1] = accum.extract();
90 accum.mul(ws[3], p[5]);
91 accum.mul(ws[4], p[4]);
92 accum.mul(ws[5], p[3]);
93 accum.add(z[8]);
94 ws[2] = accum.extract();
95 accum.mul(ws[4], p[5]);
96 accum.mul(ws[5], p[4]);
97 accum.add(z[9]);
98 ws[3] = accum.extract();
99 accum.mul(ws[5], p[5]);
100 accum.add(z[10]);
101 ws[4] = accum.extract();
102 accum.add(z[11]);
103 ws[5] = accum.extract();
104 word w1 = accum.extract();
105 bigint_monty_maybe_sub<6>(r, w1, ws, p);
106}
107
108void bigint_monty_redc_8(word r[8], const word z[16], const word p[8], word p_dash, word ws[8]) {
109 word3<word> accum;
110 accum.add(z[0]);
111 ws[0] = accum.monty_step(p[0], p_dash);
112 accum.mul(ws[0], p[1]);
113 accum.add(z[1]);
114 ws[1] = accum.monty_step(p[0], p_dash);
115 accum.mul(ws[0], p[2]);
116 accum.mul(ws[1], p[1]);
117 accum.add(z[2]);
118 ws[2] = accum.monty_step(p[0], p_dash);
119 accum.mul(ws[0], p[3]);
120 accum.mul(ws[1], p[2]);
121 accum.mul(ws[2], p[1]);
122 accum.add(z[3]);
123 ws[3] = accum.monty_step(p[0], p_dash);
124 accum.mul(ws[0], p[4]);
125 accum.mul(ws[1], p[3]);
126 accum.mul(ws[2], p[2]);
127 accum.mul(ws[3], p[1]);
128 accum.add(z[4]);
129 ws[4] = accum.monty_step(p[0], p_dash);
130 accum.mul(ws[0], p[5]);
131 accum.mul(ws[1], p[4]);
132 accum.mul(ws[2], p[3]);
133 accum.mul(ws[3], p[2]);
134 accum.mul(ws[4], p[1]);
135 accum.add(z[5]);
136 ws[5] = accum.monty_step(p[0], p_dash);
137 accum.mul(ws[0], p[6]);
138 accum.mul(ws[1], p[5]);
139 accum.mul(ws[2], p[4]);
140 accum.mul(ws[3], p[3]);
141 accum.mul(ws[4], p[2]);
142 accum.mul(ws[5], p[1]);
143 accum.add(z[6]);
144 ws[6] = accum.monty_step(p[0], p_dash);
145 accum.mul(ws[0], p[7]);
146 accum.mul(ws[1], p[6]);
147 accum.mul(ws[2], p[5]);
148 accum.mul(ws[3], p[4]);
149 accum.mul(ws[4], p[3]);
150 accum.mul(ws[5], p[2]);
151 accum.mul(ws[6], p[1]);
152 accum.add(z[7]);
153 ws[7] = accum.monty_step(p[0], p_dash);
154 accum.mul(ws[1], p[7]);
155 accum.mul(ws[2], p[6]);
156 accum.mul(ws[3], p[5]);
157 accum.mul(ws[4], p[4]);
158 accum.mul(ws[5], p[3]);
159 accum.mul(ws[6], p[2]);
160 accum.mul(ws[7], p[1]);
161 accum.add(z[8]);
162 ws[0] = accum.extract();
163 accum.mul(ws[2], p[7]);
164 accum.mul(ws[3], p[6]);
165 accum.mul(ws[4], p[5]);
166 accum.mul(ws[5], p[4]);
167 accum.mul(ws[6], p[3]);
168 accum.mul(ws[7], p[2]);
169 accum.add(z[9]);
170 ws[1] = accum.extract();
171 accum.mul(ws[3], p[7]);
172 accum.mul(ws[4], p[6]);
173 accum.mul(ws[5], p[5]);
174 accum.mul(ws[6], p[4]);
175 accum.mul(ws[7], p[3]);
176 accum.add(z[10]);
177 ws[2] = accum.extract();
178 accum.mul(ws[4], p[7]);
179 accum.mul(ws[5], p[6]);
180 accum.mul(ws[6], p[5]);
181 accum.mul(ws[7], p[4]);
182 accum.add(z[11]);
183 ws[3] = accum.extract();
184 accum.mul(ws[5], p[7]);
185 accum.mul(ws[6], p[6]);
186 accum.mul(ws[7], p[5]);
187 accum.add(z[12]);
188 ws[4] = accum.extract();
189 accum.mul(ws[6], p[7]);
190 accum.mul(ws[7], p[6]);
191 accum.add(z[13]);
192 ws[5] = accum.extract();
193 accum.mul(ws[7], p[7]);
194 accum.add(z[14]);
195 ws[6] = accum.extract();
196 accum.add(z[15]);
197 ws[7] = accum.extract();
198 word w1 = accum.extract();
199 bigint_monty_maybe_sub<8>(r, w1, ws, p);
200}
201
202void bigint_monty_redc_12(word r[12], const word z[24], const word p[12], word p_dash, word ws[12]) {
203 word3<word> accum;
204 accum.add(z[0]);
205 ws[0] = accum.monty_step(p[0], p_dash);
206 accum.mul(ws[0], p[1]);
207 accum.add(z[1]);
208 ws[1] = accum.monty_step(p[0], p_dash);
209 accum.mul(ws[0], p[2]);
210 accum.mul(ws[1], p[1]);
211 accum.add(z[2]);
212 ws[2] = accum.monty_step(p[0], p_dash);
213 accum.mul(ws[0], p[3]);
214 accum.mul(ws[1], p[2]);
215 accum.mul(ws[2], p[1]);
216 accum.add(z[3]);
217 ws[3] = accum.monty_step(p[0], p_dash);
218 accum.mul(ws[0], p[4]);
219 accum.mul(ws[1], p[3]);
220 accum.mul(ws[2], p[2]);
221 accum.mul(ws[3], p[1]);
222 accum.add(z[4]);
223 ws[4] = accum.monty_step(p[0], p_dash);
224 accum.mul(ws[0], p[5]);
225 accum.mul(ws[1], p[4]);
226 accum.mul(ws[2], p[3]);
227 accum.mul(ws[3], p[2]);
228 accum.mul(ws[4], p[1]);
229 accum.add(z[5]);
230 ws[5] = accum.monty_step(p[0], p_dash);
231 accum.mul(ws[0], p[6]);
232 accum.mul(ws[1], p[5]);
233 accum.mul(ws[2], p[4]);
234 accum.mul(ws[3], p[3]);
235 accum.mul(ws[4], p[2]);
236 accum.mul(ws[5], p[1]);
237 accum.add(z[6]);
238 ws[6] = accum.monty_step(p[0], p_dash);
239 accum.mul(ws[0], p[7]);
240 accum.mul(ws[1], p[6]);
241 accum.mul(ws[2], p[5]);
242 accum.mul(ws[3], p[4]);
243 accum.mul(ws[4], p[3]);
244 accum.mul(ws[5], p[2]);
245 accum.mul(ws[6], p[1]);
246 accum.add(z[7]);
247 ws[7] = accum.monty_step(p[0], p_dash);
248 accum.mul(ws[0], p[8]);
249 accum.mul(ws[1], p[7]);
250 accum.mul(ws[2], p[6]);
251 accum.mul(ws[3], p[5]);
252 accum.mul(ws[4], p[4]);
253 accum.mul(ws[5], p[3]);
254 accum.mul(ws[6], p[2]);
255 accum.mul(ws[7], p[1]);
256 accum.add(z[8]);
257 ws[8] = accum.monty_step(p[0], p_dash);
258 accum.mul(ws[0], p[9]);
259 accum.mul(ws[1], p[8]);
260 accum.mul(ws[2], p[7]);
261 accum.mul(ws[3], p[6]);
262 accum.mul(ws[4], p[5]);
263 accum.mul(ws[5], p[4]);
264 accum.mul(ws[6], p[3]);
265 accum.mul(ws[7], p[2]);
266 accum.mul(ws[8], p[1]);
267 accum.add(z[9]);
268 ws[9] = accum.monty_step(p[0], p_dash);
269 accum.mul(ws[0], p[10]);
270 accum.mul(ws[1], p[9]);
271 accum.mul(ws[2], p[8]);
272 accum.mul(ws[3], p[7]);
273 accum.mul(ws[4], p[6]);
274 accum.mul(ws[5], p[5]);
275 accum.mul(ws[6], p[4]);
276 accum.mul(ws[7], p[3]);
277 accum.mul(ws[8], p[2]);
278 accum.mul(ws[9], p[1]);
279 accum.add(z[10]);
280 ws[10] = accum.monty_step(p[0], p_dash);
281 accum.mul(ws[0], p[11]);
282 accum.mul(ws[1], p[10]);
283 accum.mul(ws[2], p[9]);
284 accum.mul(ws[3], p[8]);
285 accum.mul(ws[4], p[7]);
286 accum.mul(ws[5], p[6]);
287 accum.mul(ws[6], p[5]);
288 accum.mul(ws[7], p[4]);
289 accum.mul(ws[8], p[3]);
290 accum.mul(ws[9], p[2]);
291 accum.mul(ws[10], p[1]);
292 accum.add(z[11]);
293 ws[11] = accum.monty_step(p[0], p_dash);
294 accum.mul(ws[1], p[11]);
295 accum.mul(ws[2], p[10]);
296 accum.mul(ws[3], p[9]);
297 accum.mul(ws[4], p[8]);
298 accum.mul(ws[5], p[7]);
299 accum.mul(ws[6], p[6]);
300 accum.mul(ws[7], p[5]);
301 accum.mul(ws[8], p[4]);
302 accum.mul(ws[9], p[3]);
303 accum.mul(ws[10], p[2]);
304 accum.mul(ws[11], p[1]);
305 accum.add(z[12]);
306 ws[0] = accum.extract();
307 accum.mul(ws[2], p[11]);
308 accum.mul(ws[3], p[10]);
309 accum.mul(ws[4], p[9]);
310 accum.mul(ws[5], p[8]);
311 accum.mul(ws[6], p[7]);
312 accum.mul(ws[7], p[6]);
313 accum.mul(ws[8], p[5]);
314 accum.mul(ws[9], p[4]);
315 accum.mul(ws[10], p[3]);
316 accum.mul(ws[11], p[2]);
317 accum.add(z[13]);
318 ws[1] = accum.extract();
319 accum.mul(ws[3], p[11]);
320 accum.mul(ws[4], p[10]);
321 accum.mul(ws[5], p[9]);
322 accum.mul(ws[6], p[8]);
323 accum.mul(ws[7], p[7]);
324 accum.mul(ws[8], p[6]);
325 accum.mul(ws[9], p[5]);
326 accum.mul(ws[10], p[4]);
327 accum.mul(ws[11], p[3]);
328 accum.add(z[14]);
329 ws[2] = accum.extract();
330 accum.mul(ws[4], p[11]);
331 accum.mul(ws[5], p[10]);
332 accum.mul(ws[6], p[9]);
333 accum.mul(ws[7], p[8]);
334 accum.mul(ws[8], p[7]);
335 accum.mul(ws[9], p[6]);
336 accum.mul(ws[10], p[5]);
337 accum.mul(ws[11], p[4]);
338 accum.add(z[15]);
339 ws[3] = accum.extract();
340 accum.mul(ws[5], p[11]);
341 accum.mul(ws[6], p[10]);
342 accum.mul(ws[7], p[9]);
343 accum.mul(ws[8], p[8]);
344 accum.mul(ws[9], p[7]);
345 accum.mul(ws[10], p[6]);
346 accum.mul(ws[11], p[5]);
347 accum.add(z[16]);
348 ws[4] = accum.extract();
349 accum.mul(ws[6], p[11]);
350 accum.mul(ws[7], p[10]);
351 accum.mul(ws[8], p[9]);
352 accum.mul(ws[9], p[8]);
353 accum.mul(ws[10], p[7]);
354 accum.mul(ws[11], p[6]);
355 accum.add(z[17]);
356 ws[5] = accum.extract();
357 accum.mul(ws[7], p[11]);
358 accum.mul(ws[8], p[10]);
359 accum.mul(ws[9], p[9]);
360 accum.mul(ws[10], p[8]);
361 accum.mul(ws[11], p[7]);
362 accum.add(z[18]);
363 ws[6] = accum.extract();
364 accum.mul(ws[8], p[11]);
365 accum.mul(ws[9], p[10]);
366 accum.mul(ws[10], p[9]);
367 accum.mul(ws[11], p[8]);
368 accum.add(z[19]);
369 ws[7] = accum.extract();
370 accum.mul(ws[9], p[11]);
371 accum.mul(ws[10], p[10]);
372 accum.mul(ws[11], p[9]);
373 accum.add(z[20]);
374 ws[8] = accum.extract();
375 accum.mul(ws[10], p[11]);
376 accum.mul(ws[11], p[10]);
377 accum.add(z[21]);
378 ws[9] = accum.extract();
379 accum.mul(ws[11], p[11]);
380 accum.add(z[22]);
381 ws[10] = accum.extract();
382 accum.add(z[23]);
383 ws[11] = accum.extract();
384 word w1 = accum.extract();
385 bigint_monty_maybe_sub<12>(r, w1, ws, p);
386}
387
388void bigint_monty_redc_16(word r[16], const word z[32], const word p[16], word p_dash, word ws[16]) {
389 word3<word> accum;
390 accum.add(z[0]);
391 ws[0] = accum.monty_step(p[0], p_dash);
392 accum.mul(ws[0], p[1]);
393 accum.add(z[1]);
394 ws[1] = accum.monty_step(p[0], p_dash);
395 accum.mul(ws[0], p[2]);
396 accum.mul(ws[1], p[1]);
397 accum.add(z[2]);
398 ws[2] = accum.monty_step(p[0], p_dash);
399 accum.mul(ws[0], p[3]);
400 accum.mul(ws[1], p[2]);
401 accum.mul(ws[2], p[1]);
402 accum.add(z[3]);
403 ws[3] = accum.monty_step(p[0], p_dash);
404 accum.mul(ws[0], p[4]);
405 accum.mul(ws[1], p[3]);
406 accum.mul(ws[2], p[2]);
407 accum.mul(ws[3], p[1]);
408 accum.add(z[4]);
409 ws[4] = accum.monty_step(p[0], p_dash);
410 accum.mul(ws[0], p[5]);
411 accum.mul(ws[1], p[4]);
412 accum.mul(ws[2], p[3]);
413 accum.mul(ws[3], p[2]);
414 accum.mul(ws[4], p[1]);
415 accum.add(z[5]);
416 ws[5] = accum.monty_step(p[0], p_dash);
417 accum.mul(ws[0], p[6]);
418 accum.mul(ws[1], p[5]);
419 accum.mul(ws[2], p[4]);
420 accum.mul(ws[3], p[3]);
421 accum.mul(ws[4], p[2]);
422 accum.mul(ws[5], p[1]);
423 accum.add(z[6]);
424 ws[6] = accum.monty_step(p[0], p_dash);
425 accum.mul(ws[0], p[7]);
426 accum.mul(ws[1], p[6]);
427 accum.mul(ws[2], p[5]);
428 accum.mul(ws[3], p[4]);
429 accum.mul(ws[4], p[3]);
430 accum.mul(ws[5], p[2]);
431 accum.mul(ws[6], p[1]);
432 accum.add(z[7]);
433 ws[7] = accum.monty_step(p[0], p_dash);
434 accum.mul(ws[0], p[8]);
435 accum.mul(ws[1], p[7]);
436 accum.mul(ws[2], p[6]);
437 accum.mul(ws[3], p[5]);
438 accum.mul(ws[4], p[4]);
439 accum.mul(ws[5], p[3]);
440 accum.mul(ws[6], p[2]);
441 accum.mul(ws[7], p[1]);
442 accum.add(z[8]);
443 ws[8] = accum.monty_step(p[0], p_dash);
444 accum.mul(ws[0], p[9]);
445 accum.mul(ws[1], p[8]);
446 accum.mul(ws[2], p[7]);
447 accum.mul(ws[3], p[6]);
448 accum.mul(ws[4], p[5]);
449 accum.mul(ws[5], p[4]);
450 accum.mul(ws[6], p[3]);
451 accum.mul(ws[7], p[2]);
452 accum.mul(ws[8], p[1]);
453 accum.add(z[9]);
454 ws[9] = accum.monty_step(p[0], p_dash);
455 accum.mul(ws[0], p[10]);
456 accum.mul(ws[1], p[9]);
457 accum.mul(ws[2], p[8]);
458 accum.mul(ws[3], p[7]);
459 accum.mul(ws[4], p[6]);
460 accum.mul(ws[5], p[5]);
461 accum.mul(ws[6], p[4]);
462 accum.mul(ws[7], p[3]);
463 accum.mul(ws[8], p[2]);
464 accum.mul(ws[9], p[1]);
465 accum.add(z[10]);
466 ws[10] = accum.monty_step(p[0], p_dash);
467 accum.mul(ws[0], p[11]);
468 accum.mul(ws[1], p[10]);
469 accum.mul(ws[2], p[9]);
470 accum.mul(ws[3], p[8]);
471 accum.mul(ws[4], p[7]);
472 accum.mul(ws[5], p[6]);
473 accum.mul(ws[6], p[5]);
474 accum.mul(ws[7], p[4]);
475 accum.mul(ws[8], p[3]);
476 accum.mul(ws[9], p[2]);
477 accum.mul(ws[10], p[1]);
478 accum.add(z[11]);
479 ws[11] = accum.monty_step(p[0], p_dash);
480 accum.mul(ws[0], p[12]);
481 accum.mul(ws[1], p[11]);
482 accum.mul(ws[2], p[10]);
483 accum.mul(ws[3], p[9]);
484 accum.mul(ws[4], p[8]);
485 accum.mul(ws[5], p[7]);
486 accum.mul(ws[6], p[6]);
487 accum.mul(ws[7], p[5]);
488 accum.mul(ws[8], p[4]);
489 accum.mul(ws[9], p[3]);
490 accum.mul(ws[10], p[2]);
491 accum.mul(ws[11], p[1]);
492 accum.add(z[12]);
493 ws[12] = accum.monty_step(p[0], p_dash);
494 accum.mul(ws[0], p[13]);
495 accum.mul(ws[1], p[12]);
496 accum.mul(ws[2], p[11]);
497 accum.mul(ws[3], p[10]);
498 accum.mul(ws[4], p[9]);
499 accum.mul(ws[5], p[8]);
500 accum.mul(ws[6], p[7]);
501 accum.mul(ws[7], p[6]);
502 accum.mul(ws[8], p[5]);
503 accum.mul(ws[9], p[4]);
504 accum.mul(ws[10], p[3]);
505 accum.mul(ws[11], p[2]);
506 accum.mul(ws[12], p[1]);
507 accum.add(z[13]);
508 ws[13] = accum.monty_step(p[0], p_dash);
509 accum.mul(ws[0], p[14]);
510 accum.mul(ws[1], p[13]);
511 accum.mul(ws[2], p[12]);
512 accum.mul(ws[3], p[11]);
513 accum.mul(ws[4], p[10]);
514 accum.mul(ws[5], p[9]);
515 accum.mul(ws[6], p[8]);
516 accum.mul(ws[7], p[7]);
517 accum.mul(ws[8], p[6]);
518 accum.mul(ws[9], p[5]);
519 accum.mul(ws[10], p[4]);
520 accum.mul(ws[11], p[3]);
521 accum.mul(ws[12], p[2]);
522 accum.mul(ws[13], p[1]);
523 accum.add(z[14]);
524 ws[14] = accum.monty_step(p[0], p_dash);
525 accum.mul(ws[0], p[15]);
526 accum.mul(ws[1], p[14]);
527 accum.mul(ws[2], p[13]);
528 accum.mul(ws[3], p[12]);
529 accum.mul(ws[4], p[11]);
530 accum.mul(ws[5], p[10]);
531 accum.mul(ws[6], p[9]);
532 accum.mul(ws[7], p[8]);
533 accum.mul(ws[8], p[7]);
534 accum.mul(ws[9], p[6]);
535 accum.mul(ws[10], p[5]);
536 accum.mul(ws[11], p[4]);
537 accum.mul(ws[12], p[3]);
538 accum.mul(ws[13], p[2]);
539 accum.mul(ws[14], p[1]);
540 accum.add(z[15]);
541 ws[15] = accum.monty_step(p[0], p_dash);
542 accum.mul(ws[1], p[15]);
543 accum.mul(ws[2], p[14]);
544 accum.mul(ws[3], p[13]);
545 accum.mul(ws[4], p[12]);
546 accum.mul(ws[5], p[11]);
547 accum.mul(ws[6], p[10]);
548 accum.mul(ws[7], p[9]);
549 accum.mul(ws[8], p[8]);
550 accum.mul(ws[9], p[7]);
551 accum.mul(ws[10], p[6]);
552 accum.mul(ws[11], p[5]);
553 accum.mul(ws[12], p[4]);
554 accum.mul(ws[13], p[3]);
555 accum.mul(ws[14], p[2]);
556 accum.mul(ws[15], p[1]);
557 accum.add(z[16]);
558 ws[0] = accum.extract();
559 accum.mul(ws[2], p[15]);
560 accum.mul(ws[3], p[14]);
561 accum.mul(ws[4], p[13]);
562 accum.mul(ws[5], p[12]);
563 accum.mul(ws[6], p[11]);
564 accum.mul(ws[7], p[10]);
565 accum.mul(ws[8], p[9]);
566 accum.mul(ws[9], p[8]);
567 accum.mul(ws[10], p[7]);
568 accum.mul(ws[11], p[6]);
569 accum.mul(ws[12], p[5]);
570 accum.mul(ws[13], p[4]);
571 accum.mul(ws[14], p[3]);
572 accum.mul(ws[15], p[2]);
573 accum.add(z[17]);
574 ws[1] = accum.extract();
575 accum.mul(ws[3], p[15]);
576 accum.mul(ws[4], p[14]);
577 accum.mul(ws[5], p[13]);
578 accum.mul(ws[6], p[12]);
579 accum.mul(ws[7], p[11]);
580 accum.mul(ws[8], p[10]);
581 accum.mul(ws[9], p[9]);
582 accum.mul(ws[10], p[8]);
583 accum.mul(ws[11], p[7]);
584 accum.mul(ws[12], p[6]);
585 accum.mul(ws[13], p[5]);
586 accum.mul(ws[14], p[4]);
587 accum.mul(ws[15], p[3]);
588 accum.add(z[18]);
589 ws[2] = accum.extract();
590 accum.mul(ws[4], p[15]);
591 accum.mul(ws[5], p[14]);
592 accum.mul(ws[6], p[13]);
593 accum.mul(ws[7], p[12]);
594 accum.mul(ws[8], p[11]);
595 accum.mul(ws[9], p[10]);
596 accum.mul(ws[10], p[9]);
597 accum.mul(ws[11], p[8]);
598 accum.mul(ws[12], p[7]);
599 accum.mul(ws[13], p[6]);
600 accum.mul(ws[14], p[5]);
601 accum.mul(ws[15], p[4]);
602 accum.add(z[19]);
603 ws[3] = accum.extract();
604 accum.mul(ws[5], p[15]);
605 accum.mul(ws[6], p[14]);
606 accum.mul(ws[7], p[13]);
607 accum.mul(ws[8], p[12]);
608 accum.mul(ws[9], p[11]);
609 accum.mul(ws[10], p[10]);
610 accum.mul(ws[11], p[9]);
611 accum.mul(ws[12], p[8]);
612 accum.mul(ws[13], p[7]);
613 accum.mul(ws[14], p[6]);
614 accum.mul(ws[15], p[5]);
615 accum.add(z[20]);
616 ws[4] = accum.extract();
617 accum.mul(ws[6], p[15]);
618 accum.mul(ws[7], p[14]);
619 accum.mul(ws[8], p[13]);
620 accum.mul(ws[9], p[12]);
621 accum.mul(ws[10], p[11]);
622 accum.mul(ws[11], p[10]);
623 accum.mul(ws[12], p[9]);
624 accum.mul(ws[13], p[8]);
625 accum.mul(ws[14], p[7]);
626 accum.mul(ws[15], p[6]);
627 accum.add(z[21]);
628 ws[5] = accum.extract();
629 accum.mul(ws[7], p[15]);
630 accum.mul(ws[8], p[14]);
631 accum.mul(ws[9], p[13]);
632 accum.mul(ws[10], p[12]);
633 accum.mul(ws[11], p[11]);
634 accum.mul(ws[12], p[10]);
635 accum.mul(ws[13], p[9]);
636 accum.mul(ws[14], p[8]);
637 accum.mul(ws[15], p[7]);
638 accum.add(z[22]);
639 ws[6] = accum.extract();
640 accum.mul(ws[8], p[15]);
641 accum.mul(ws[9], p[14]);
642 accum.mul(ws[10], p[13]);
643 accum.mul(ws[11], p[12]);
644 accum.mul(ws[12], p[11]);
645 accum.mul(ws[13], p[10]);
646 accum.mul(ws[14], p[9]);
647 accum.mul(ws[15], p[8]);
648 accum.add(z[23]);
649 ws[7] = accum.extract();
650 accum.mul(ws[9], p[15]);
651 accum.mul(ws[10], p[14]);
652 accum.mul(ws[11], p[13]);
653 accum.mul(ws[12], p[12]);
654 accum.mul(ws[13], p[11]);
655 accum.mul(ws[14], p[10]);
656 accum.mul(ws[15], p[9]);
657 accum.add(z[24]);
658 ws[8] = accum.extract();
659 accum.mul(ws[10], p[15]);
660 accum.mul(ws[11], p[14]);
661 accum.mul(ws[12], p[13]);
662 accum.mul(ws[13], p[12]);
663 accum.mul(ws[14], p[11]);
664 accum.mul(ws[15], p[10]);
665 accum.add(z[25]);
666 ws[9] = accum.extract();
667 accum.mul(ws[11], p[15]);
668 accum.mul(ws[12], p[14]);
669 accum.mul(ws[13], p[13]);
670 accum.mul(ws[14], p[12]);
671 accum.mul(ws[15], p[11]);
672 accum.add(z[26]);
673 ws[10] = accum.extract();
674 accum.mul(ws[12], p[15]);
675 accum.mul(ws[13], p[14]);
676 accum.mul(ws[14], p[13]);
677 accum.mul(ws[15], p[12]);
678 accum.add(z[27]);
679 ws[11] = accum.extract();
680 accum.mul(ws[13], p[15]);
681 accum.mul(ws[14], p[14]);
682 accum.mul(ws[15], p[13]);
683 accum.add(z[28]);
684 ws[12] = accum.extract();
685 accum.mul(ws[14], p[15]);
686 accum.mul(ws[15], p[14]);
687 accum.add(z[29]);
688 ws[13] = accum.extract();
689 accum.mul(ws[15], p[15]);
690 accum.add(z[30]);
691 ws[14] = accum.extract();
692 accum.add(z[31]);
693 ws[15] = accum.extract();
694 word w1 = accum.extract();
695 bigint_monty_maybe_sub<16>(r, w1, ws, p);
696}
697
698void bigint_monty_redc_24(word r[24], const word z[48], const word p[24], word p_dash, word ws[24]) {
699 word3<word> accum;
700 accum.add(z[0]);
701 ws[0] = accum.monty_step(p[0], p_dash);
702 accum.mul(ws[0], p[1]);
703 accum.add(z[1]);
704 ws[1] = accum.monty_step(p[0], p_dash);
705 accum.mul(ws[0], p[2]);
706 accum.mul(ws[1], p[1]);
707 accum.add(z[2]);
708 ws[2] = accum.monty_step(p[0], p_dash);
709 accum.mul(ws[0], p[3]);
710 accum.mul(ws[1], p[2]);
711 accum.mul(ws[2], p[1]);
712 accum.add(z[3]);
713 ws[3] = accum.monty_step(p[0], p_dash);
714 accum.mul(ws[0], p[4]);
715 accum.mul(ws[1], p[3]);
716 accum.mul(ws[2], p[2]);
717 accum.mul(ws[3], p[1]);
718 accum.add(z[4]);
719 ws[4] = accum.monty_step(p[0], p_dash);
720 accum.mul(ws[0], p[5]);
721 accum.mul(ws[1], p[4]);
722 accum.mul(ws[2], p[3]);
723 accum.mul(ws[3], p[2]);
724 accum.mul(ws[4], p[1]);
725 accum.add(z[5]);
726 ws[5] = accum.monty_step(p[0], p_dash);
727 accum.mul(ws[0], p[6]);
728 accum.mul(ws[1], p[5]);
729 accum.mul(ws[2], p[4]);
730 accum.mul(ws[3], p[3]);
731 accum.mul(ws[4], p[2]);
732 accum.mul(ws[5], p[1]);
733 accum.add(z[6]);
734 ws[6] = accum.monty_step(p[0], p_dash);
735 accum.mul(ws[0], p[7]);
736 accum.mul(ws[1], p[6]);
737 accum.mul(ws[2], p[5]);
738 accum.mul(ws[3], p[4]);
739 accum.mul(ws[4], p[3]);
740 accum.mul(ws[5], p[2]);
741 accum.mul(ws[6], p[1]);
742 accum.add(z[7]);
743 ws[7] = accum.monty_step(p[0], p_dash);
744 accum.mul(ws[0], p[8]);
745 accum.mul(ws[1], p[7]);
746 accum.mul(ws[2], p[6]);
747 accum.mul(ws[3], p[5]);
748 accum.mul(ws[4], p[4]);
749 accum.mul(ws[5], p[3]);
750 accum.mul(ws[6], p[2]);
751 accum.mul(ws[7], p[1]);
752 accum.add(z[8]);
753 ws[8] = accum.monty_step(p[0], p_dash);
754 accum.mul(ws[0], p[9]);
755 accum.mul(ws[1], p[8]);
756 accum.mul(ws[2], p[7]);
757 accum.mul(ws[3], p[6]);
758 accum.mul(ws[4], p[5]);
759 accum.mul(ws[5], p[4]);
760 accum.mul(ws[6], p[3]);
761 accum.mul(ws[7], p[2]);
762 accum.mul(ws[8], p[1]);
763 accum.add(z[9]);
764 ws[9] = accum.monty_step(p[0], p_dash);
765 accum.mul(ws[0], p[10]);
766 accum.mul(ws[1], p[9]);
767 accum.mul(ws[2], p[8]);
768 accum.mul(ws[3], p[7]);
769 accum.mul(ws[4], p[6]);
770 accum.mul(ws[5], p[5]);
771 accum.mul(ws[6], p[4]);
772 accum.mul(ws[7], p[3]);
773 accum.mul(ws[8], p[2]);
774 accum.mul(ws[9], p[1]);
775 accum.add(z[10]);
776 ws[10] = accum.monty_step(p[0], p_dash);
777 accum.mul(ws[0], p[11]);
778 accum.mul(ws[1], p[10]);
779 accum.mul(ws[2], p[9]);
780 accum.mul(ws[3], p[8]);
781 accum.mul(ws[4], p[7]);
782 accum.mul(ws[5], p[6]);
783 accum.mul(ws[6], p[5]);
784 accum.mul(ws[7], p[4]);
785 accum.mul(ws[8], p[3]);
786 accum.mul(ws[9], p[2]);
787 accum.mul(ws[10], p[1]);
788 accum.add(z[11]);
789 ws[11] = accum.monty_step(p[0], p_dash);
790 accum.mul(ws[0], p[12]);
791 accum.mul(ws[1], p[11]);
792 accum.mul(ws[2], p[10]);
793 accum.mul(ws[3], p[9]);
794 accum.mul(ws[4], p[8]);
795 accum.mul(ws[5], p[7]);
796 accum.mul(ws[6], p[6]);
797 accum.mul(ws[7], p[5]);
798 accum.mul(ws[8], p[4]);
799 accum.mul(ws[9], p[3]);
800 accum.mul(ws[10], p[2]);
801 accum.mul(ws[11], p[1]);
802 accum.add(z[12]);
803 ws[12] = accum.monty_step(p[0], p_dash);
804 accum.mul(ws[0], p[13]);
805 accum.mul(ws[1], p[12]);
806 accum.mul(ws[2], p[11]);
807 accum.mul(ws[3], p[10]);
808 accum.mul(ws[4], p[9]);
809 accum.mul(ws[5], p[8]);
810 accum.mul(ws[6], p[7]);
811 accum.mul(ws[7], p[6]);
812 accum.mul(ws[8], p[5]);
813 accum.mul(ws[9], p[4]);
814 accum.mul(ws[10], p[3]);
815 accum.mul(ws[11], p[2]);
816 accum.mul(ws[12], p[1]);
817 accum.add(z[13]);
818 ws[13] = accum.monty_step(p[0], p_dash);
819 accum.mul(ws[0], p[14]);
820 accum.mul(ws[1], p[13]);
821 accum.mul(ws[2], p[12]);
822 accum.mul(ws[3], p[11]);
823 accum.mul(ws[4], p[10]);
824 accum.mul(ws[5], p[9]);
825 accum.mul(ws[6], p[8]);
826 accum.mul(ws[7], p[7]);
827 accum.mul(ws[8], p[6]);
828 accum.mul(ws[9], p[5]);
829 accum.mul(ws[10], p[4]);
830 accum.mul(ws[11], p[3]);
831 accum.mul(ws[12], p[2]);
832 accum.mul(ws[13], p[1]);
833 accum.add(z[14]);
834 ws[14] = accum.monty_step(p[0], p_dash);
835 accum.mul(ws[0], p[15]);
836 accum.mul(ws[1], p[14]);
837 accum.mul(ws[2], p[13]);
838 accum.mul(ws[3], p[12]);
839 accum.mul(ws[4], p[11]);
840 accum.mul(ws[5], p[10]);
841 accum.mul(ws[6], p[9]);
842 accum.mul(ws[7], p[8]);
843 accum.mul(ws[8], p[7]);
844 accum.mul(ws[9], p[6]);
845 accum.mul(ws[10], p[5]);
846 accum.mul(ws[11], p[4]);
847 accum.mul(ws[12], p[3]);
848 accum.mul(ws[13], p[2]);
849 accum.mul(ws[14], p[1]);
850 accum.add(z[15]);
851 ws[15] = accum.monty_step(p[0], p_dash);
852 accum.mul(ws[0], p[16]);
853 accum.mul(ws[1], p[15]);
854 accum.mul(ws[2], p[14]);
855 accum.mul(ws[3], p[13]);
856 accum.mul(ws[4], p[12]);
857 accum.mul(ws[5], p[11]);
858 accum.mul(ws[6], p[10]);
859 accum.mul(ws[7], p[9]);
860 accum.mul(ws[8], p[8]);
861 accum.mul(ws[9], p[7]);
862 accum.mul(ws[10], p[6]);
863 accum.mul(ws[11], p[5]);
864 accum.mul(ws[12], p[4]);
865 accum.mul(ws[13], p[3]);
866 accum.mul(ws[14], p[2]);
867 accum.mul(ws[15], p[1]);
868 accum.add(z[16]);
869 ws[16] = accum.monty_step(p[0], p_dash);
870 accum.mul(ws[0], p[17]);
871 accum.mul(ws[1], p[16]);
872 accum.mul(ws[2], p[15]);
873 accum.mul(ws[3], p[14]);
874 accum.mul(ws[4], p[13]);
875 accum.mul(ws[5], p[12]);
876 accum.mul(ws[6], p[11]);
877 accum.mul(ws[7], p[10]);
878 accum.mul(ws[8], p[9]);
879 accum.mul(ws[9], p[8]);
880 accum.mul(ws[10], p[7]);
881 accum.mul(ws[11], p[6]);
882 accum.mul(ws[12], p[5]);
883 accum.mul(ws[13], p[4]);
884 accum.mul(ws[14], p[3]);
885 accum.mul(ws[15], p[2]);
886 accum.mul(ws[16], p[1]);
887 accum.add(z[17]);
888 ws[17] = accum.monty_step(p[0], p_dash);
889 accum.mul(ws[0], p[18]);
890 accum.mul(ws[1], p[17]);
891 accum.mul(ws[2], p[16]);
892 accum.mul(ws[3], p[15]);
893 accum.mul(ws[4], p[14]);
894 accum.mul(ws[5], p[13]);
895 accum.mul(ws[6], p[12]);
896 accum.mul(ws[7], p[11]);
897 accum.mul(ws[8], p[10]);
898 accum.mul(ws[9], p[9]);
899 accum.mul(ws[10], p[8]);
900 accum.mul(ws[11], p[7]);
901 accum.mul(ws[12], p[6]);
902 accum.mul(ws[13], p[5]);
903 accum.mul(ws[14], p[4]);
904 accum.mul(ws[15], p[3]);
905 accum.mul(ws[16], p[2]);
906 accum.mul(ws[17], p[1]);
907 accum.add(z[18]);
908 ws[18] = accum.monty_step(p[0], p_dash);
909 accum.mul(ws[0], p[19]);
910 accum.mul(ws[1], p[18]);
911 accum.mul(ws[2], p[17]);
912 accum.mul(ws[3], p[16]);
913 accum.mul(ws[4], p[15]);
914 accum.mul(ws[5], p[14]);
915 accum.mul(ws[6], p[13]);
916 accum.mul(ws[7], p[12]);
917 accum.mul(ws[8], p[11]);
918 accum.mul(ws[9], p[10]);
919 accum.mul(ws[10], p[9]);
920 accum.mul(ws[11], p[8]);
921 accum.mul(ws[12], p[7]);
922 accum.mul(ws[13], p[6]);
923 accum.mul(ws[14], p[5]);
924 accum.mul(ws[15], p[4]);
925 accum.mul(ws[16], p[3]);
926 accum.mul(ws[17], p[2]);
927 accum.mul(ws[18], p[1]);
928 accum.add(z[19]);
929 ws[19] = accum.monty_step(p[0], p_dash);
930 accum.mul(ws[0], p[20]);
931 accum.mul(ws[1], p[19]);
932 accum.mul(ws[2], p[18]);
933 accum.mul(ws[3], p[17]);
934 accum.mul(ws[4], p[16]);
935 accum.mul(ws[5], p[15]);
936 accum.mul(ws[6], p[14]);
937 accum.mul(ws[7], p[13]);
938 accum.mul(ws[8], p[12]);
939 accum.mul(ws[9], p[11]);
940 accum.mul(ws[10], p[10]);
941 accum.mul(ws[11], p[9]);
942 accum.mul(ws[12], p[8]);
943 accum.mul(ws[13], p[7]);
944 accum.mul(ws[14], p[6]);
945 accum.mul(ws[15], p[5]);
946 accum.mul(ws[16], p[4]);
947 accum.mul(ws[17], p[3]);
948 accum.mul(ws[18], p[2]);
949 accum.mul(ws[19], p[1]);
950 accum.add(z[20]);
951 ws[20] = accum.monty_step(p[0], p_dash);
952 accum.mul(ws[0], p[21]);
953 accum.mul(ws[1], p[20]);
954 accum.mul(ws[2], p[19]);
955 accum.mul(ws[3], p[18]);
956 accum.mul(ws[4], p[17]);
957 accum.mul(ws[5], p[16]);
958 accum.mul(ws[6], p[15]);
959 accum.mul(ws[7], p[14]);
960 accum.mul(ws[8], p[13]);
961 accum.mul(ws[9], p[12]);
962 accum.mul(ws[10], p[11]);
963 accum.mul(ws[11], p[10]);
964 accum.mul(ws[12], p[9]);
965 accum.mul(ws[13], p[8]);
966 accum.mul(ws[14], p[7]);
967 accum.mul(ws[15], p[6]);
968 accum.mul(ws[16], p[5]);
969 accum.mul(ws[17], p[4]);
970 accum.mul(ws[18], p[3]);
971 accum.mul(ws[19], p[2]);
972 accum.mul(ws[20], p[1]);
973 accum.add(z[21]);
974 ws[21] = accum.monty_step(p[0], p_dash);
975 accum.mul(ws[0], p[22]);
976 accum.mul(ws[1], p[21]);
977 accum.mul(ws[2], p[20]);
978 accum.mul(ws[3], p[19]);
979 accum.mul(ws[4], p[18]);
980 accum.mul(ws[5], p[17]);
981 accum.mul(ws[6], p[16]);
982 accum.mul(ws[7], p[15]);
983 accum.mul(ws[8], p[14]);
984 accum.mul(ws[9], p[13]);
985 accum.mul(ws[10], p[12]);
986 accum.mul(ws[11], p[11]);
987 accum.mul(ws[12], p[10]);
988 accum.mul(ws[13], p[9]);
989 accum.mul(ws[14], p[8]);
990 accum.mul(ws[15], p[7]);
991 accum.mul(ws[16], p[6]);
992 accum.mul(ws[17], p[5]);
993 accum.mul(ws[18], p[4]);
994 accum.mul(ws[19], p[3]);
995 accum.mul(ws[20], p[2]);
996 accum.mul(ws[21], p[1]);
997 accum.add(z[22]);
998 ws[22] = accum.monty_step(p[0], p_dash);
999 accum.mul(ws[0], p[23]);
1000 accum.mul(ws[1], p[22]);
1001 accum.mul(ws[2], p[21]);
1002 accum.mul(ws[3], p[20]);
1003 accum.mul(ws[4], p[19]);
1004 accum.mul(ws[5], p[18]);
1005 accum.mul(ws[6], p[17]);
1006 accum.mul(ws[7], p[16]);
1007 accum.mul(ws[8], p[15]);
1008 accum.mul(ws[9], p[14]);
1009 accum.mul(ws[10], p[13]);
1010 accum.mul(ws[11], p[12]);
1011 accum.mul(ws[12], p[11]);
1012 accum.mul(ws[13], p[10]);
1013 accum.mul(ws[14], p[9]);
1014 accum.mul(ws[15], p[8]);
1015 accum.mul(ws[16], p[7]);
1016 accum.mul(ws[17], p[6]);
1017 accum.mul(ws[18], p[5]);
1018 accum.mul(ws[19], p[4]);
1019 accum.mul(ws[20], p[3]);
1020 accum.mul(ws[21], p[2]);
1021 accum.mul(ws[22], p[1]);
1022 accum.add(z[23]);
1023 ws[23] = accum.monty_step(p[0], p_dash);
1024 accum.mul(ws[1], p[23]);
1025 accum.mul(ws[2], p[22]);
1026 accum.mul(ws[3], p[21]);
1027 accum.mul(ws[4], p[20]);
1028 accum.mul(ws[5], p[19]);
1029 accum.mul(ws[6], p[18]);
1030 accum.mul(ws[7], p[17]);
1031 accum.mul(ws[8], p[16]);
1032 accum.mul(ws[9], p[15]);
1033 accum.mul(ws[10], p[14]);
1034 accum.mul(ws[11], p[13]);
1035 accum.mul(ws[12], p[12]);
1036 accum.mul(ws[13], p[11]);
1037 accum.mul(ws[14], p[10]);
1038 accum.mul(ws[15], p[9]);
1039 accum.mul(ws[16], p[8]);
1040 accum.mul(ws[17], p[7]);
1041 accum.mul(ws[18], p[6]);
1042 accum.mul(ws[19], p[5]);
1043 accum.mul(ws[20], p[4]);
1044 accum.mul(ws[21], p[3]);
1045 accum.mul(ws[22], p[2]);
1046 accum.mul(ws[23], p[1]);
1047 accum.add(z[24]);
1048 ws[0] = accum.extract();
1049 accum.mul(ws[2], p[23]);
1050 accum.mul(ws[3], p[22]);
1051 accum.mul(ws[4], p[21]);
1052 accum.mul(ws[5], p[20]);
1053 accum.mul(ws[6], p[19]);
1054 accum.mul(ws[7], p[18]);
1055 accum.mul(ws[8], p[17]);
1056 accum.mul(ws[9], p[16]);
1057 accum.mul(ws[10], p[15]);
1058 accum.mul(ws[11], p[14]);
1059 accum.mul(ws[12], p[13]);
1060 accum.mul(ws[13], p[12]);
1061 accum.mul(ws[14], p[11]);
1062 accum.mul(ws[15], p[10]);
1063 accum.mul(ws[16], p[9]);
1064 accum.mul(ws[17], p[8]);
1065 accum.mul(ws[18], p[7]);
1066 accum.mul(ws[19], p[6]);
1067 accum.mul(ws[20], p[5]);
1068 accum.mul(ws[21], p[4]);
1069 accum.mul(ws[22], p[3]);
1070 accum.mul(ws[23], p[2]);
1071 accum.add(z[25]);
1072 ws[1] = accum.extract();
1073 accum.mul(ws[3], p[23]);
1074 accum.mul(ws[4], p[22]);
1075 accum.mul(ws[5], p[21]);
1076 accum.mul(ws[6], p[20]);
1077 accum.mul(ws[7], p[19]);
1078 accum.mul(ws[8], p[18]);
1079 accum.mul(ws[9], p[17]);
1080 accum.mul(ws[10], p[16]);
1081 accum.mul(ws[11], p[15]);
1082 accum.mul(ws[12], p[14]);
1083 accum.mul(ws[13], p[13]);
1084 accum.mul(ws[14], p[12]);
1085 accum.mul(ws[15], p[11]);
1086 accum.mul(ws[16], p[10]);
1087 accum.mul(ws[17], p[9]);
1088 accum.mul(ws[18], p[8]);
1089 accum.mul(ws[19], p[7]);
1090 accum.mul(ws[20], p[6]);
1091 accum.mul(ws[21], p[5]);
1092 accum.mul(ws[22], p[4]);
1093 accum.mul(ws[23], p[3]);
1094 accum.add(z[26]);
1095 ws[2] = accum.extract();
1096 accum.mul(ws[4], p[23]);
1097 accum.mul(ws[5], p[22]);
1098 accum.mul(ws[6], p[21]);
1099 accum.mul(ws[7], p[20]);
1100 accum.mul(ws[8], p[19]);
1101 accum.mul(ws[9], p[18]);
1102 accum.mul(ws[10], p[17]);
1103 accum.mul(ws[11], p[16]);
1104 accum.mul(ws[12], p[15]);
1105 accum.mul(ws[13], p[14]);
1106 accum.mul(ws[14], p[13]);
1107 accum.mul(ws[15], p[12]);
1108 accum.mul(ws[16], p[11]);
1109 accum.mul(ws[17], p[10]);
1110 accum.mul(ws[18], p[9]);
1111 accum.mul(ws[19], p[8]);
1112 accum.mul(ws[20], p[7]);
1113 accum.mul(ws[21], p[6]);
1114 accum.mul(ws[22], p[5]);
1115 accum.mul(ws[23], p[4]);
1116 accum.add(z[27]);
1117 ws[3] = accum.extract();
1118 accum.mul(ws[5], p[23]);
1119 accum.mul(ws[6], p[22]);
1120 accum.mul(ws[7], p[21]);
1121 accum.mul(ws[8], p[20]);
1122 accum.mul(ws[9], p[19]);
1123 accum.mul(ws[10], p[18]);
1124 accum.mul(ws[11], p[17]);
1125 accum.mul(ws[12], p[16]);
1126 accum.mul(ws[13], p[15]);
1127 accum.mul(ws[14], p[14]);
1128 accum.mul(ws[15], p[13]);
1129 accum.mul(ws[16], p[12]);
1130 accum.mul(ws[17], p[11]);
1131 accum.mul(ws[18], p[10]);
1132 accum.mul(ws[19], p[9]);
1133 accum.mul(ws[20], p[8]);
1134 accum.mul(ws[21], p[7]);
1135 accum.mul(ws[22], p[6]);
1136 accum.mul(ws[23], p[5]);
1137 accum.add(z[28]);
1138 ws[4] = accum.extract();
1139 accum.mul(ws[6], p[23]);
1140 accum.mul(ws[7], p[22]);
1141 accum.mul(ws[8], p[21]);
1142 accum.mul(ws[9], p[20]);
1143 accum.mul(ws[10], p[19]);
1144 accum.mul(ws[11], p[18]);
1145 accum.mul(ws[12], p[17]);
1146 accum.mul(ws[13], p[16]);
1147 accum.mul(ws[14], p[15]);
1148 accum.mul(ws[15], p[14]);
1149 accum.mul(ws[16], p[13]);
1150 accum.mul(ws[17], p[12]);
1151 accum.mul(ws[18], p[11]);
1152 accum.mul(ws[19], p[10]);
1153 accum.mul(ws[20], p[9]);
1154 accum.mul(ws[21], p[8]);
1155 accum.mul(ws[22], p[7]);
1156 accum.mul(ws[23], p[6]);
1157 accum.add(z[29]);
1158 ws[5] = accum.extract();
1159 accum.mul(ws[7], p[23]);
1160 accum.mul(ws[8], p[22]);
1161 accum.mul(ws[9], p[21]);
1162 accum.mul(ws[10], p[20]);
1163 accum.mul(ws[11], p[19]);
1164 accum.mul(ws[12], p[18]);
1165 accum.mul(ws[13], p[17]);
1166 accum.mul(ws[14], p[16]);
1167 accum.mul(ws[15], p[15]);
1168 accum.mul(ws[16], p[14]);
1169 accum.mul(ws[17], p[13]);
1170 accum.mul(ws[18], p[12]);
1171 accum.mul(ws[19], p[11]);
1172 accum.mul(ws[20], p[10]);
1173 accum.mul(ws[21], p[9]);
1174 accum.mul(ws[22], p[8]);
1175 accum.mul(ws[23], p[7]);
1176 accum.add(z[30]);
1177 ws[6] = accum.extract();
1178 accum.mul(ws[8], p[23]);
1179 accum.mul(ws[9], p[22]);
1180 accum.mul(ws[10], p[21]);
1181 accum.mul(ws[11], p[20]);
1182 accum.mul(ws[12], p[19]);
1183 accum.mul(ws[13], p[18]);
1184 accum.mul(ws[14], p[17]);
1185 accum.mul(ws[15], p[16]);
1186 accum.mul(ws[16], p[15]);
1187 accum.mul(ws[17], p[14]);
1188 accum.mul(ws[18], p[13]);
1189 accum.mul(ws[19], p[12]);
1190 accum.mul(ws[20], p[11]);
1191 accum.mul(ws[21], p[10]);
1192 accum.mul(ws[22], p[9]);
1193 accum.mul(ws[23], p[8]);
1194 accum.add(z[31]);
1195 ws[7] = accum.extract();
1196 accum.mul(ws[9], p[23]);
1197 accum.mul(ws[10], p[22]);
1198 accum.mul(ws[11], p[21]);
1199 accum.mul(ws[12], p[20]);
1200 accum.mul(ws[13], p[19]);
1201 accum.mul(ws[14], p[18]);
1202 accum.mul(ws[15], p[17]);
1203 accum.mul(ws[16], p[16]);
1204 accum.mul(ws[17], p[15]);
1205 accum.mul(ws[18], p[14]);
1206 accum.mul(ws[19], p[13]);
1207 accum.mul(ws[20], p[12]);
1208 accum.mul(ws[21], p[11]);
1209 accum.mul(ws[22], p[10]);
1210 accum.mul(ws[23], p[9]);
1211 accum.add(z[32]);
1212 ws[8] = accum.extract();
1213 accum.mul(ws[10], p[23]);
1214 accum.mul(ws[11], p[22]);
1215 accum.mul(ws[12], p[21]);
1216 accum.mul(ws[13], p[20]);
1217 accum.mul(ws[14], p[19]);
1218 accum.mul(ws[15], p[18]);
1219 accum.mul(ws[16], p[17]);
1220 accum.mul(ws[17], p[16]);
1221 accum.mul(ws[18], p[15]);
1222 accum.mul(ws[19], p[14]);
1223 accum.mul(ws[20], p[13]);
1224 accum.mul(ws[21], p[12]);
1225 accum.mul(ws[22], p[11]);
1226 accum.mul(ws[23], p[10]);
1227 accum.add(z[33]);
1228 ws[9] = accum.extract();
1229 accum.mul(ws[11], p[23]);
1230 accum.mul(ws[12], p[22]);
1231 accum.mul(ws[13], p[21]);
1232 accum.mul(ws[14], p[20]);
1233 accum.mul(ws[15], p[19]);
1234 accum.mul(ws[16], p[18]);
1235 accum.mul(ws[17], p[17]);
1236 accum.mul(ws[18], p[16]);
1237 accum.mul(ws[19], p[15]);
1238 accum.mul(ws[20], p[14]);
1239 accum.mul(ws[21], p[13]);
1240 accum.mul(ws[22], p[12]);
1241 accum.mul(ws[23], p[11]);
1242 accum.add(z[34]);
1243 ws[10] = accum.extract();
1244 accum.mul(ws[12], p[23]);
1245 accum.mul(ws[13], p[22]);
1246 accum.mul(ws[14], p[21]);
1247 accum.mul(ws[15], p[20]);
1248 accum.mul(ws[16], p[19]);
1249 accum.mul(ws[17], p[18]);
1250 accum.mul(ws[18], p[17]);
1251 accum.mul(ws[19], p[16]);
1252 accum.mul(ws[20], p[15]);
1253 accum.mul(ws[21], p[14]);
1254 accum.mul(ws[22], p[13]);
1255 accum.mul(ws[23], p[12]);
1256 accum.add(z[35]);
1257 ws[11] = accum.extract();
1258 accum.mul(ws[13], p[23]);
1259 accum.mul(ws[14], p[22]);
1260 accum.mul(ws[15], p[21]);
1261 accum.mul(ws[16], p[20]);
1262 accum.mul(ws[17], p[19]);
1263 accum.mul(ws[18], p[18]);
1264 accum.mul(ws[19], p[17]);
1265 accum.mul(ws[20], p[16]);
1266 accum.mul(ws[21], p[15]);
1267 accum.mul(ws[22], p[14]);
1268 accum.mul(ws[23], p[13]);
1269 accum.add(z[36]);
1270 ws[12] = accum.extract();
1271 accum.mul(ws[14], p[23]);
1272 accum.mul(ws[15], p[22]);
1273 accum.mul(ws[16], p[21]);
1274 accum.mul(ws[17], p[20]);
1275 accum.mul(ws[18], p[19]);
1276 accum.mul(ws[19], p[18]);
1277 accum.mul(ws[20], p[17]);
1278 accum.mul(ws[21], p[16]);
1279 accum.mul(ws[22], p[15]);
1280 accum.mul(ws[23], p[14]);
1281 accum.add(z[37]);
1282 ws[13] = accum.extract();
1283 accum.mul(ws[15], p[23]);
1284 accum.mul(ws[16], p[22]);
1285 accum.mul(ws[17], p[21]);
1286 accum.mul(ws[18], p[20]);
1287 accum.mul(ws[19], p[19]);
1288 accum.mul(ws[20], p[18]);
1289 accum.mul(ws[21], p[17]);
1290 accum.mul(ws[22], p[16]);
1291 accum.mul(ws[23], p[15]);
1292 accum.add(z[38]);
1293 ws[14] = accum.extract();
1294 accum.mul(ws[16], p[23]);
1295 accum.mul(ws[17], p[22]);
1296 accum.mul(ws[18], p[21]);
1297 accum.mul(ws[19], p[20]);
1298 accum.mul(ws[20], p[19]);
1299 accum.mul(ws[21], p[18]);
1300 accum.mul(ws[22], p[17]);
1301 accum.mul(ws[23], p[16]);
1302 accum.add(z[39]);
1303 ws[15] = accum.extract();
1304 accum.mul(ws[17], p[23]);
1305 accum.mul(ws[18], p[22]);
1306 accum.mul(ws[19], p[21]);
1307 accum.mul(ws[20], p[20]);
1308 accum.mul(ws[21], p[19]);
1309 accum.mul(ws[22], p[18]);
1310 accum.mul(ws[23], p[17]);
1311 accum.add(z[40]);
1312 ws[16] = accum.extract();
1313 accum.mul(ws[18], p[23]);
1314 accum.mul(ws[19], p[22]);
1315 accum.mul(ws[20], p[21]);
1316 accum.mul(ws[21], p[20]);
1317 accum.mul(ws[22], p[19]);
1318 accum.mul(ws[23], p[18]);
1319 accum.add(z[41]);
1320 ws[17] = accum.extract();
1321 accum.mul(ws[19], p[23]);
1322 accum.mul(ws[20], p[22]);
1323 accum.mul(ws[21], p[21]);
1324 accum.mul(ws[22], p[20]);
1325 accum.mul(ws[23], p[19]);
1326 accum.add(z[42]);
1327 ws[18] = accum.extract();
1328 accum.mul(ws[20], p[23]);
1329 accum.mul(ws[21], p[22]);
1330 accum.mul(ws[22], p[21]);
1331 accum.mul(ws[23], p[20]);
1332 accum.add(z[43]);
1333 ws[19] = accum.extract();
1334 accum.mul(ws[21], p[23]);
1335 accum.mul(ws[22], p[22]);
1336 accum.mul(ws[23], p[21]);
1337 accum.add(z[44]);
1338 ws[20] = accum.extract();
1339 accum.mul(ws[22], p[23]);
1340 accum.mul(ws[23], p[22]);
1341 accum.add(z[45]);
1342 ws[21] = accum.extract();
1343 accum.mul(ws[23], p[23]);
1344 accum.add(z[46]);
1345 ws[22] = accum.extract();
1346 accum.add(z[47]);
1347 ws[23] = accum.extract();
1348 word w1 = accum.extract();
1349 bigint_monty_maybe_sub<24>(r, w1, ws, p);
1350}
1351
1352void bigint_monty_redc_32(word r[32], const word z[64], const word p[32], word p_dash, word ws[32]) {
1353 word3<word> accum;
1354 accum.add(z[0]);
1355 ws[0] = accum.monty_step(p[0], p_dash);
1356 accum.mul(ws[0], p[1]);
1357 accum.add(z[1]);
1358 ws[1] = accum.monty_step(p[0], p_dash);
1359 accum.mul(ws[0], p[2]);
1360 accum.mul(ws[1], p[1]);
1361 accum.add(z[2]);
1362 ws[2] = accum.monty_step(p[0], p_dash);
1363 accum.mul(ws[0], p[3]);
1364 accum.mul(ws[1], p[2]);
1365 accum.mul(ws[2], p[1]);
1366 accum.add(z[3]);
1367 ws[3] = accum.monty_step(p[0], p_dash);
1368 accum.mul(ws[0], p[4]);
1369 accum.mul(ws[1], p[3]);
1370 accum.mul(ws[2], p[2]);
1371 accum.mul(ws[3], p[1]);
1372 accum.add(z[4]);
1373 ws[4] = accum.monty_step(p[0], p_dash);
1374 accum.mul(ws[0], p[5]);
1375 accum.mul(ws[1], p[4]);
1376 accum.mul(ws[2], p[3]);
1377 accum.mul(ws[3], p[2]);
1378 accum.mul(ws[4], p[1]);
1379 accum.add(z[5]);
1380 ws[5] = accum.monty_step(p[0], p_dash);
1381 accum.mul(ws[0], p[6]);
1382 accum.mul(ws[1], p[5]);
1383 accum.mul(ws[2], p[4]);
1384 accum.mul(ws[3], p[3]);
1385 accum.mul(ws[4], p[2]);
1386 accum.mul(ws[5], p[1]);
1387 accum.add(z[6]);
1388 ws[6] = accum.monty_step(p[0], p_dash);
1389 accum.mul(ws[0], p[7]);
1390 accum.mul(ws[1], p[6]);
1391 accum.mul(ws[2], p[5]);
1392 accum.mul(ws[3], p[4]);
1393 accum.mul(ws[4], p[3]);
1394 accum.mul(ws[5], p[2]);
1395 accum.mul(ws[6], p[1]);
1396 accum.add(z[7]);
1397 ws[7] = accum.monty_step(p[0], p_dash);
1398 accum.mul(ws[0], p[8]);
1399 accum.mul(ws[1], p[7]);
1400 accum.mul(ws[2], p[6]);
1401 accum.mul(ws[3], p[5]);
1402 accum.mul(ws[4], p[4]);
1403 accum.mul(ws[5], p[3]);
1404 accum.mul(ws[6], p[2]);
1405 accum.mul(ws[7], p[1]);
1406 accum.add(z[8]);
1407 ws[8] = accum.monty_step(p[0], p_dash);
1408 accum.mul(ws[0], p[9]);
1409 accum.mul(ws[1], p[8]);
1410 accum.mul(ws[2], p[7]);
1411 accum.mul(ws[3], p[6]);
1412 accum.mul(ws[4], p[5]);
1413 accum.mul(ws[5], p[4]);
1414 accum.mul(ws[6], p[3]);
1415 accum.mul(ws[7], p[2]);
1416 accum.mul(ws[8], p[1]);
1417 accum.add(z[9]);
1418 ws[9] = accum.monty_step(p[0], p_dash);
1419 accum.mul(ws[0], p[10]);
1420 accum.mul(ws[1], p[9]);
1421 accum.mul(ws[2], p[8]);
1422 accum.mul(ws[3], p[7]);
1423 accum.mul(ws[4], p[6]);
1424 accum.mul(ws[5], p[5]);
1425 accum.mul(ws[6], p[4]);
1426 accum.mul(ws[7], p[3]);
1427 accum.mul(ws[8], p[2]);
1428 accum.mul(ws[9], p[1]);
1429 accum.add(z[10]);
1430 ws[10] = accum.monty_step(p[0], p_dash);
1431 accum.mul(ws[0], p[11]);
1432 accum.mul(ws[1], p[10]);
1433 accum.mul(ws[2], p[9]);
1434 accum.mul(ws[3], p[8]);
1435 accum.mul(ws[4], p[7]);
1436 accum.mul(ws[5], p[6]);
1437 accum.mul(ws[6], p[5]);
1438 accum.mul(ws[7], p[4]);
1439 accum.mul(ws[8], p[3]);
1440 accum.mul(ws[9], p[2]);
1441 accum.mul(ws[10], p[1]);
1442 accum.add(z[11]);
1443 ws[11] = accum.monty_step(p[0], p_dash);
1444 accum.mul(ws[0], p[12]);
1445 accum.mul(ws[1], p[11]);
1446 accum.mul(ws[2], p[10]);
1447 accum.mul(ws[3], p[9]);
1448 accum.mul(ws[4], p[8]);
1449 accum.mul(ws[5], p[7]);
1450 accum.mul(ws[6], p[6]);
1451 accum.mul(ws[7], p[5]);
1452 accum.mul(ws[8], p[4]);
1453 accum.mul(ws[9], p[3]);
1454 accum.mul(ws[10], p[2]);
1455 accum.mul(ws[11], p[1]);
1456 accum.add(z[12]);
1457 ws[12] = accum.monty_step(p[0], p_dash);
1458 accum.mul(ws[0], p[13]);
1459 accum.mul(ws[1], p[12]);
1460 accum.mul(ws[2], p[11]);
1461 accum.mul(ws[3], p[10]);
1462 accum.mul(ws[4], p[9]);
1463 accum.mul(ws[5], p[8]);
1464 accum.mul(ws[6], p[7]);
1465 accum.mul(ws[7], p[6]);
1466 accum.mul(ws[8], p[5]);
1467 accum.mul(ws[9], p[4]);
1468 accum.mul(ws[10], p[3]);
1469 accum.mul(ws[11], p[2]);
1470 accum.mul(ws[12], p[1]);
1471 accum.add(z[13]);
1472 ws[13] = accum.monty_step(p[0], p_dash);
1473 accum.mul(ws[0], p[14]);
1474 accum.mul(ws[1], p[13]);
1475 accum.mul(ws[2], p[12]);
1476 accum.mul(ws[3], p[11]);
1477 accum.mul(ws[4], p[10]);
1478 accum.mul(ws[5], p[9]);
1479 accum.mul(ws[6], p[8]);
1480 accum.mul(ws[7], p[7]);
1481 accum.mul(ws[8], p[6]);
1482 accum.mul(ws[9], p[5]);
1483 accum.mul(ws[10], p[4]);
1484 accum.mul(ws[11], p[3]);
1485 accum.mul(ws[12], p[2]);
1486 accum.mul(ws[13], p[1]);
1487 accum.add(z[14]);
1488 ws[14] = accum.monty_step(p[0], p_dash);
1489 accum.mul(ws[0], p[15]);
1490 accum.mul(ws[1], p[14]);
1491 accum.mul(ws[2], p[13]);
1492 accum.mul(ws[3], p[12]);
1493 accum.mul(ws[4], p[11]);
1494 accum.mul(ws[5], p[10]);
1495 accum.mul(ws[6], p[9]);
1496 accum.mul(ws[7], p[8]);
1497 accum.mul(ws[8], p[7]);
1498 accum.mul(ws[9], p[6]);
1499 accum.mul(ws[10], p[5]);
1500 accum.mul(ws[11], p[4]);
1501 accum.mul(ws[12], p[3]);
1502 accum.mul(ws[13], p[2]);
1503 accum.mul(ws[14], p[1]);
1504 accum.add(z[15]);
1505 ws[15] = accum.monty_step(p[0], p_dash);
1506 accum.mul(ws[0], p[16]);
1507 accum.mul(ws[1], p[15]);
1508 accum.mul(ws[2], p[14]);
1509 accum.mul(ws[3], p[13]);
1510 accum.mul(ws[4], p[12]);
1511 accum.mul(ws[5], p[11]);
1512 accum.mul(ws[6], p[10]);
1513 accum.mul(ws[7], p[9]);
1514 accum.mul(ws[8], p[8]);
1515 accum.mul(ws[9], p[7]);
1516 accum.mul(ws[10], p[6]);
1517 accum.mul(ws[11], p[5]);
1518 accum.mul(ws[12], p[4]);
1519 accum.mul(ws[13], p[3]);
1520 accum.mul(ws[14], p[2]);
1521 accum.mul(ws[15], p[1]);
1522 accum.add(z[16]);
1523 ws[16] = accum.monty_step(p[0], p_dash);
1524 accum.mul(ws[0], p[17]);
1525 accum.mul(ws[1], p[16]);
1526 accum.mul(ws[2], p[15]);
1527 accum.mul(ws[3], p[14]);
1528 accum.mul(ws[4], p[13]);
1529 accum.mul(ws[5], p[12]);
1530 accum.mul(ws[6], p[11]);
1531 accum.mul(ws[7], p[10]);
1532 accum.mul(ws[8], p[9]);
1533 accum.mul(ws[9], p[8]);
1534 accum.mul(ws[10], p[7]);
1535 accum.mul(ws[11], p[6]);
1536 accum.mul(ws[12], p[5]);
1537 accum.mul(ws[13], p[4]);
1538 accum.mul(ws[14], p[3]);
1539 accum.mul(ws[15], p[2]);
1540 accum.mul(ws[16], p[1]);
1541 accum.add(z[17]);
1542 ws[17] = accum.monty_step(p[0], p_dash);
1543 accum.mul(ws[0], p[18]);
1544 accum.mul(ws[1], p[17]);
1545 accum.mul(ws[2], p[16]);
1546 accum.mul(ws[3], p[15]);
1547 accum.mul(ws[4], p[14]);
1548 accum.mul(ws[5], p[13]);
1549 accum.mul(ws[6], p[12]);
1550 accum.mul(ws[7], p[11]);
1551 accum.mul(ws[8], p[10]);
1552 accum.mul(ws[9], p[9]);
1553 accum.mul(ws[10], p[8]);
1554 accum.mul(ws[11], p[7]);
1555 accum.mul(ws[12], p[6]);
1556 accum.mul(ws[13], p[5]);
1557 accum.mul(ws[14], p[4]);
1558 accum.mul(ws[15], p[3]);
1559 accum.mul(ws[16], p[2]);
1560 accum.mul(ws[17], p[1]);
1561 accum.add(z[18]);
1562 ws[18] = accum.monty_step(p[0], p_dash);
1563 accum.mul(ws[0], p[19]);
1564 accum.mul(ws[1], p[18]);
1565 accum.mul(ws[2], p[17]);
1566 accum.mul(ws[3], p[16]);
1567 accum.mul(ws[4], p[15]);
1568 accum.mul(ws[5], p[14]);
1569 accum.mul(ws[6], p[13]);
1570 accum.mul(ws[7], p[12]);
1571 accum.mul(ws[8], p[11]);
1572 accum.mul(ws[9], p[10]);
1573 accum.mul(ws[10], p[9]);
1574 accum.mul(ws[11], p[8]);
1575 accum.mul(ws[12], p[7]);
1576 accum.mul(ws[13], p[6]);
1577 accum.mul(ws[14], p[5]);
1578 accum.mul(ws[15], p[4]);
1579 accum.mul(ws[16], p[3]);
1580 accum.mul(ws[17], p[2]);
1581 accum.mul(ws[18], p[1]);
1582 accum.add(z[19]);
1583 ws[19] = accum.monty_step(p[0], p_dash);
1584 accum.mul(ws[0], p[20]);
1585 accum.mul(ws[1], p[19]);
1586 accum.mul(ws[2], p[18]);
1587 accum.mul(ws[3], p[17]);
1588 accum.mul(ws[4], p[16]);
1589 accum.mul(ws[5], p[15]);
1590 accum.mul(ws[6], p[14]);
1591 accum.mul(ws[7], p[13]);
1592 accum.mul(ws[8], p[12]);
1593 accum.mul(ws[9], p[11]);
1594 accum.mul(ws[10], p[10]);
1595 accum.mul(ws[11], p[9]);
1596 accum.mul(ws[12], p[8]);
1597 accum.mul(ws[13], p[7]);
1598 accum.mul(ws[14], p[6]);
1599 accum.mul(ws[15], p[5]);
1600 accum.mul(ws[16], p[4]);
1601 accum.mul(ws[17], p[3]);
1602 accum.mul(ws[18], p[2]);
1603 accum.mul(ws[19], p[1]);
1604 accum.add(z[20]);
1605 ws[20] = accum.monty_step(p[0], p_dash);
1606 accum.mul(ws[0], p[21]);
1607 accum.mul(ws[1], p[20]);
1608 accum.mul(ws[2], p[19]);
1609 accum.mul(ws[3], p[18]);
1610 accum.mul(ws[4], p[17]);
1611 accum.mul(ws[5], p[16]);
1612 accum.mul(ws[6], p[15]);
1613 accum.mul(ws[7], p[14]);
1614 accum.mul(ws[8], p[13]);
1615 accum.mul(ws[9], p[12]);
1616 accum.mul(ws[10], p[11]);
1617 accum.mul(ws[11], p[10]);
1618 accum.mul(ws[12], p[9]);
1619 accum.mul(ws[13], p[8]);
1620 accum.mul(ws[14], p[7]);
1621 accum.mul(ws[15], p[6]);
1622 accum.mul(ws[16], p[5]);
1623 accum.mul(ws[17], p[4]);
1624 accum.mul(ws[18], p[3]);
1625 accum.mul(ws[19], p[2]);
1626 accum.mul(ws[20], p[1]);
1627 accum.add(z[21]);
1628 ws[21] = accum.monty_step(p[0], p_dash);
1629 accum.mul(ws[0], p[22]);
1630 accum.mul(ws[1], p[21]);
1631 accum.mul(ws[2], p[20]);
1632 accum.mul(ws[3], p[19]);
1633 accum.mul(ws[4], p[18]);
1634 accum.mul(ws[5], p[17]);
1635 accum.mul(ws[6], p[16]);
1636 accum.mul(ws[7], p[15]);
1637 accum.mul(ws[8], p[14]);
1638 accum.mul(ws[9], p[13]);
1639 accum.mul(ws[10], p[12]);
1640 accum.mul(ws[11], p[11]);
1641 accum.mul(ws[12], p[10]);
1642 accum.mul(ws[13], p[9]);
1643 accum.mul(ws[14], p[8]);
1644 accum.mul(ws[15], p[7]);
1645 accum.mul(ws[16], p[6]);
1646 accum.mul(ws[17], p[5]);
1647 accum.mul(ws[18], p[4]);
1648 accum.mul(ws[19], p[3]);
1649 accum.mul(ws[20], p[2]);
1650 accum.mul(ws[21], p[1]);
1651 accum.add(z[22]);
1652 ws[22] = accum.monty_step(p[0], p_dash);
1653 accum.mul(ws[0], p[23]);
1654 accum.mul(ws[1], p[22]);
1655 accum.mul(ws[2], p[21]);
1656 accum.mul(ws[3], p[20]);
1657 accum.mul(ws[4], p[19]);
1658 accum.mul(ws[5], p[18]);
1659 accum.mul(ws[6], p[17]);
1660 accum.mul(ws[7], p[16]);
1661 accum.mul(ws[8], p[15]);
1662 accum.mul(ws[9], p[14]);
1663 accum.mul(ws[10], p[13]);
1664 accum.mul(ws[11], p[12]);
1665 accum.mul(ws[12], p[11]);
1666 accum.mul(ws[13], p[10]);
1667 accum.mul(ws[14], p[9]);
1668 accum.mul(ws[15], p[8]);
1669 accum.mul(ws[16], p[7]);
1670 accum.mul(ws[17], p[6]);
1671 accum.mul(ws[18], p[5]);
1672 accum.mul(ws[19], p[4]);
1673 accum.mul(ws[20], p[3]);
1674 accum.mul(ws[21], p[2]);
1675 accum.mul(ws[22], p[1]);
1676 accum.add(z[23]);
1677 ws[23] = accum.monty_step(p[0], p_dash);
1678 accum.mul(ws[0], p[24]);
1679 accum.mul(ws[1], p[23]);
1680 accum.mul(ws[2], p[22]);
1681 accum.mul(ws[3], p[21]);
1682 accum.mul(ws[4], p[20]);
1683 accum.mul(ws[5], p[19]);
1684 accum.mul(ws[6], p[18]);
1685 accum.mul(ws[7], p[17]);
1686 accum.mul(ws[8], p[16]);
1687 accum.mul(ws[9], p[15]);
1688 accum.mul(ws[10], p[14]);
1689 accum.mul(ws[11], p[13]);
1690 accum.mul(ws[12], p[12]);
1691 accum.mul(ws[13], p[11]);
1692 accum.mul(ws[14], p[10]);
1693 accum.mul(ws[15], p[9]);
1694 accum.mul(ws[16], p[8]);
1695 accum.mul(ws[17], p[7]);
1696 accum.mul(ws[18], p[6]);
1697 accum.mul(ws[19], p[5]);
1698 accum.mul(ws[20], p[4]);
1699 accum.mul(ws[21], p[3]);
1700 accum.mul(ws[22], p[2]);
1701 accum.mul(ws[23], p[1]);
1702 accum.add(z[24]);
1703 ws[24] = accum.monty_step(p[0], p_dash);
1704 accum.mul(ws[0], p[25]);
1705 accum.mul(ws[1], p[24]);
1706 accum.mul(ws[2], p[23]);
1707 accum.mul(ws[3], p[22]);
1708 accum.mul(ws[4], p[21]);
1709 accum.mul(ws[5], p[20]);
1710 accum.mul(ws[6], p[19]);
1711 accum.mul(ws[7], p[18]);
1712 accum.mul(ws[8], p[17]);
1713 accum.mul(ws[9], p[16]);
1714 accum.mul(ws[10], p[15]);
1715 accum.mul(ws[11], p[14]);
1716 accum.mul(ws[12], p[13]);
1717 accum.mul(ws[13], p[12]);
1718 accum.mul(ws[14], p[11]);
1719 accum.mul(ws[15], p[10]);
1720 accum.mul(ws[16], p[9]);
1721 accum.mul(ws[17], p[8]);
1722 accum.mul(ws[18], p[7]);
1723 accum.mul(ws[19], p[6]);
1724 accum.mul(ws[20], p[5]);
1725 accum.mul(ws[21], p[4]);
1726 accum.mul(ws[22], p[3]);
1727 accum.mul(ws[23], p[2]);
1728 accum.mul(ws[24], p[1]);
1729 accum.add(z[25]);
1730 ws[25] = accum.monty_step(p[0], p_dash);
1731 accum.mul(ws[0], p[26]);
1732 accum.mul(ws[1], p[25]);
1733 accum.mul(ws[2], p[24]);
1734 accum.mul(ws[3], p[23]);
1735 accum.mul(ws[4], p[22]);
1736 accum.mul(ws[5], p[21]);
1737 accum.mul(ws[6], p[20]);
1738 accum.mul(ws[7], p[19]);
1739 accum.mul(ws[8], p[18]);
1740 accum.mul(ws[9], p[17]);
1741 accum.mul(ws[10], p[16]);
1742 accum.mul(ws[11], p[15]);
1743 accum.mul(ws[12], p[14]);
1744 accum.mul(ws[13], p[13]);
1745 accum.mul(ws[14], p[12]);
1746 accum.mul(ws[15], p[11]);
1747 accum.mul(ws[16], p[10]);
1748 accum.mul(ws[17], p[9]);
1749 accum.mul(ws[18], p[8]);
1750 accum.mul(ws[19], p[7]);
1751 accum.mul(ws[20], p[6]);
1752 accum.mul(ws[21], p[5]);
1753 accum.mul(ws[22], p[4]);
1754 accum.mul(ws[23], p[3]);
1755 accum.mul(ws[24], p[2]);
1756 accum.mul(ws[25], p[1]);
1757 accum.add(z[26]);
1758 ws[26] = accum.monty_step(p[0], p_dash);
1759 accum.mul(ws[0], p[27]);
1760 accum.mul(ws[1], p[26]);
1761 accum.mul(ws[2], p[25]);
1762 accum.mul(ws[3], p[24]);
1763 accum.mul(ws[4], p[23]);
1764 accum.mul(ws[5], p[22]);
1765 accum.mul(ws[6], p[21]);
1766 accum.mul(ws[7], p[20]);
1767 accum.mul(ws[8], p[19]);
1768 accum.mul(ws[9], p[18]);
1769 accum.mul(ws[10], p[17]);
1770 accum.mul(ws[11], p[16]);
1771 accum.mul(ws[12], p[15]);
1772 accum.mul(ws[13], p[14]);
1773 accum.mul(ws[14], p[13]);
1774 accum.mul(ws[15], p[12]);
1775 accum.mul(ws[16], p[11]);
1776 accum.mul(ws[17], p[10]);
1777 accum.mul(ws[18], p[9]);
1778 accum.mul(ws[19], p[8]);
1779 accum.mul(ws[20], p[7]);
1780 accum.mul(ws[21], p[6]);
1781 accum.mul(ws[22], p[5]);
1782 accum.mul(ws[23], p[4]);
1783 accum.mul(ws[24], p[3]);
1784 accum.mul(ws[25], p[2]);
1785 accum.mul(ws[26], p[1]);
1786 accum.add(z[27]);
1787 ws[27] = accum.monty_step(p[0], p_dash);
1788 accum.mul(ws[0], p[28]);
1789 accum.mul(ws[1], p[27]);
1790 accum.mul(ws[2], p[26]);
1791 accum.mul(ws[3], p[25]);
1792 accum.mul(ws[4], p[24]);
1793 accum.mul(ws[5], p[23]);
1794 accum.mul(ws[6], p[22]);
1795 accum.mul(ws[7], p[21]);
1796 accum.mul(ws[8], p[20]);
1797 accum.mul(ws[9], p[19]);
1798 accum.mul(ws[10], p[18]);
1799 accum.mul(ws[11], p[17]);
1800 accum.mul(ws[12], p[16]);
1801 accum.mul(ws[13], p[15]);
1802 accum.mul(ws[14], p[14]);
1803 accum.mul(ws[15], p[13]);
1804 accum.mul(ws[16], p[12]);
1805 accum.mul(ws[17], p[11]);
1806 accum.mul(ws[18], p[10]);
1807 accum.mul(ws[19], p[9]);
1808 accum.mul(ws[20], p[8]);
1809 accum.mul(ws[21], p[7]);
1810 accum.mul(ws[22], p[6]);
1811 accum.mul(ws[23], p[5]);
1812 accum.mul(ws[24], p[4]);
1813 accum.mul(ws[25], p[3]);
1814 accum.mul(ws[26], p[2]);
1815 accum.mul(ws[27], p[1]);
1816 accum.add(z[28]);
1817 ws[28] = accum.monty_step(p[0], p_dash);
1818 accum.mul(ws[0], p[29]);
1819 accum.mul(ws[1], p[28]);
1820 accum.mul(ws[2], p[27]);
1821 accum.mul(ws[3], p[26]);
1822 accum.mul(ws[4], p[25]);
1823 accum.mul(ws[5], p[24]);
1824 accum.mul(ws[6], p[23]);
1825 accum.mul(ws[7], p[22]);
1826 accum.mul(ws[8], p[21]);
1827 accum.mul(ws[9], p[20]);
1828 accum.mul(ws[10], p[19]);
1829 accum.mul(ws[11], p[18]);
1830 accum.mul(ws[12], p[17]);
1831 accum.mul(ws[13], p[16]);
1832 accum.mul(ws[14], p[15]);
1833 accum.mul(ws[15], p[14]);
1834 accum.mul(ws[16], p[13]);
1835 accum.mul(ws[17], p[12]);
1836 accum.mul(ws[18], p[11]);
1837 accum.mul(ws[19], p[10]);
1838 accum.mul(ws[20], p[9]);
1839 accum.mul(ws[21], p[8]);
1840 accum.mul(ws[22], p[7]);
1841 accum.mul(ws[23], p[6]);
1842 accum.mul(ws[24], p[5]);
1843 accum.mul(ws[25], p[4]);
1844 accum.mul(ws[26], p[3]);
1845 accum.mul(ws[27], p[2]);
1846 accum.mul(ws[28], p[1]);
1847 accum.add(z[29]);
1848 ws[29] = accum.monty_step(p[0], p_dash);
1849 accum.mul(ws[0], p[30]);
1850 accum.mul(ws[1], p[29]);
1851 accum.mul(ws[2], p[28]);
1852 accum.mul(ws[3], p[27]);
1853 accum.mul(ws[4], p[26]);
1854 accum.mul(ws[5], p[25]);
1855 accum.mul(ws[6], p[24]);
1856 accum.mul(ws[7], p[23]);
1857 accum.mul(ws[8], p[22]);
1858 accum.mul(ws[9], p[21]);
1859 accum.mul(ws[10], p[20]);
1860 accum.mul(ws[11], p[19]);
1861 accum.mul(ws[12], p[18]);
1862 accum.mul(ws[13], p[17]);
1863 accum.mul(ws[14], p[16]);
1864 accum.mul(ws[15], p[15]);
1865 accum.mul(ws[16], p[14]);
1866 accum.mul(ws[17], p[13]);
1867 accum.mul(ws[18], p[12]);
1868 accum.mul(ws[19], p[11]);
1869 accum.mul(ws[20], p[10]);
1870 accum.mul(ws[21], p[9]);
1871 accum.mul(ws[22], p[8]);
1872 accum.mul(ws[23], p[7]);
1873 accum.mul(ws[24], p[6]);
1874 accum.mul(ws[25], p[5]);
1875 accum.mul(ws[26], p[4]);
1876 accum.mul(ws[27], p[3]);
1877 accum.mul(ws[28], p[2]);
1878 accum.mul(ws[29], p[1]);
1879 accum.add(z[30]);
1880 ws[30] = accum.monty_step(p[0], p_dash);
1881 accum.mul(ws[0], p[31]);
1882 accum.mul(ws[1], p[30]);
1883 accum.mul(ws[2], p[29]);
1884 accum.mul(ws[3], p[28]);
1885 accum.mul(ws[4], p[27]);
1886 accum.mul(ws[5], p[26]);
1887 accum.mul(ws[6], p[25]);
1888 accum.mul(ws[7], p[24]);
1889 accum.mul(ws[8], p[23]);
1890 accum.mul(ws[9], p[22]);
1891 accum.mul(ws[10], p[21]);
1892 accum.mul(ws[11], p[20]);
1893 accum.mul(ws[12], p[19]);
1894 accum.mul(ws[13], p[18]);
1895 accum.mul(ws[14], p[17]);
1896 accum.mul(ws[15], p[16]);
1897 accum.mul(ws[16], p[15]);
1898 accum.mul(ws[17], p[14]);
1899 accum.mul(ws[18], p[13]);
1900 accum.mul(ws[19], p[12]);
1901 accum.mul(ws[20], p[11]);
1902 accum.mul(ws[21], p[10]);
1903 accum.mul(ws[22], p[9]);
1904 accum.mul(ws[23], p[8]);
1905 accum.mul(ws[24], p[7]);
1906 accum.mul(ws[25], p[6]);
1907 accum.mul(ws[26], p[5]);
1908 accum.mul(ws[27], p[4]);
1909 accum.mul(ws[28], p[3]);
1910 accum.mul(ws[29], p[2]);
1911 accum.mul(ws[30], p[1]);
1912 accum.add(z[31]);
1913 ws[31] = accum.monty_step(p[0], p_dash);
1914 accum.mul(ws[1], p[31]);
1915 accum.mul(ws[2], p[30]);
1916 accum.mul(ws[3], p[29]);
1917 accum.mul(ws[4], p[28]);
1918 accum.mul(ws[5], p[27]);
1919 accum.mul(ws[6], p[26]);
1920 accum.mul(ws[7], p[25]);
1921 accum.mul(ws[8], p[24]);
1922 accum.mul(ws[9], p[23]);
1923 accum.mul(ws[10], p[22]);
1924 accum.mul(ws[11], p[21]);
1925 accum.mul(ws[12], p[20]);
1926 accum.mul(ws[13], p[19]);
1927 accum.mul(ws[14], p[18]);
1928 accum.mul(ws[15], p[17]);
1929 accum.mul(ws[16], p[16]);
1930 accum.mul(ws[17], p[15]);
1931 accum.mul(ws[18], p[14]);
1932 accum.mul(ws[19], p[13]);
1933 accum.mul(ws[20], p[12]);
1934 accum.mul(ws[21], p[11]);
1935 accum.mul(ws[22], p[10]);
1936 accum.mul(ws[23], p[9]);
1937 accum.mul(ws[24], p[8]);
1938 accum.mul(ws[25], p[7]);
1939 accum.mul(ws[26], p[6]);
1940 accum.mul(ws[27], p[5]);
1941 accum.mul(ws[28], p[4]);
1942 accum.mul(ws[29], p[3]);
1943 accum.mul(ws[30], p[2]);
1944 accum.mul(ws[31], p[1]);
1945 accum.add(z[32]);
1946 ws[0] = accum.extract();
1947 accum.mul(ws[2], p[31]);
1948 accum.mul(ws[3], p[30]);
1949 accum.mul(ws[4], p[29]);
1950 accum.mul(ws[5], p[28]);
1951 accum.mul(ws[6], p[27]);
1952 accum.mul(ws[7], p[26]);
1953 accum.mul(ws[8], p[25]);
1954 accum.mul(ws[9], p[24]);
1955 accum.mul(ws[10], p[23]);
1956 accum.mul(ws[11], p[22]);
1957 accum.mul(ws[12], p[21]);
1958 accum.mul(ws[13], p[20]);
1959 accum.mul(ws[14], p[19]);
1960 accum.mul(ws[15], p[18]);
1961 accum.mul(ws[16], p[17]);
1962 accum.mul(ws[17], p[16]);
1963 accum.mul(ws[18], p[15]);
1964 accum.mul(ws[19], p[14]);
1965 accum.mul(ws[20], p[13]);
1966 accum.mul(ws[21], p[12]);
1967 accum.mul(ws[22], p[11]);
1968 accum.mul(ws[23], p[10]);
1969 accum.mul(ws[24], p[9]);
1970 accum.mul(ws[25], p[8]);
1971 accum.mul(ws[26], p[7]);
1972 accum.mul(ws[27], p[6]);
1973 accum.mul(ws[28], p[5]);
1974 accum.mul(ws[29], p[4]);
1975 accum.mul(ws[30], p[3]);
1976 accum.mul(ws[31], p[2]);
1977 accum.add(z[33]);
1978 ws[1] = accum.extract();
1979 accum.mul(ws[3], p[31]);
1980 accum.mul(ws[4], p[30]);
1981 accum.mul(ws[5], p[29]);
1982 accum.mul(ws[6], p[28]);
1983 accum.mul(ws[7], p[27]);
1984 accum.mul(ws[8], p[26]);
1985 accum.mul(ws[9], p[25]);
1986 accum.mul(ws[10], p[24]);
1987 accum.mul(ws[11], p[23]);
1988 accum.mul(ws[12], p[22]);
1989 accum.mul(ws[13], p[21]);
1990 accum.mul(ws[14], p[20]);
1991 accum.mul(ws[15], p[19]);
1992 accum.mul(ws[16], p[18]);
1993 accum.mul(ws[17], p[17]);
1994 accum.mul(ws[18], p[16]);
1995 accum.mul(ws[19], p[15]);
1996 accum.mul(ws[20], p[14]);
1997 accum.mul(ws[21], p[13]);
1998 accum.mul(ws[22], p[12]);
1999 accum.mul(ws[23], p[11]);
2000 accum.mul(ws[24], p[10]);
2001 accum.mul(ws[25], p[9]);
2002 accum.mul(ws[26], p[8]);
2003 accum.mul(ws[27], p[7]);
2004 accum.mul(ws[28], p[6]);
2005 accum.mul(ws[29], p[5]);
2006 accum.mul(ws[30], p[4]);
2007 accum.mul(ws[31], p[3]);
2008 accum.add(z[34]);
2009 ws[2] = accum.extract();
2010 accum.mul(ws[4], p[31]);
2011 accum.mul(ws[5], p[30]);
2012 accum.mul(ws[6], p[29]);
2013 accum.mul(ws[7], p[28]);
2014 accum.mul(ws[8], p[27]);
2015 accum.mul(ws[9], p[26]);
2016 accum.mul(ws[10], p[25]);
2017 accum.mul(ws[11], p[24]);
2018 accum.mul(ws[12], p[23]);
2019 accum.mul(ws[13], p[22]);
2020 accum.mul(ws[14], p[21]);
2021 accum.mul(ws[15], p[20]);
2022 accum.mul(ws[16], p[19]);
2023 accum.mul(ws[17], p[18]);
2024 accum.mul(ws[18], p[17]);
2025 accum.mul(ws[19], p[16]);
2026 accum.mul(ws[20], p[15]);
2027 accum.mul(ws[21], p[14]);
2028 accum.mul(ws[22], p[13]);
2029 accum.mul(ws[23], p[12]);
2030 accum.mul(ws[24], p[11]);
2031 accum.mul(ws[25], p[10]);
2032 accum.mul(ws[26], p[9]);
2033 accum.mul(ws[27], p[8]);
2034 accum.mul(ws[28], p[7]);
2035 accum.mul(ws[29], p[6]);
2036 accum.mul(ws[30], p[5]);
2037 accum.mul(ws[31], p[4]);
2038 accum.add(z[35]);
2039 ws[3] = accum.extract();
2040 accum.mul(ws[5], p[31]);
2041 accum.mul(ws[6], p[30]);
2042 accum.mul(ws[7], p[29]);
2043 accum.mul(ws[8], p[28]);
2044 accum.mul(ws[9], p[27]);
2045 accum.mul(ws[10], p[26]);
2046 accum.mul(ws[11], p[25]);
2047 accum.mul(ws[12], p[24]);
2048 accum.mul(ws[13], p[23]);
2049 accum.mul(ws[14], p[22]);
2050 accum.mul(ws[15], p[21]);
2051 accum.mul(ws[16], p[20]);
2052 accum.mul(ws[17], p[19]);
2053 accum.mul(ws[18], p[18]);
2054 accum.mul(ws[19], p[17]);
2055 accum.mul(ws[20], p[16]);
2056 accum.mul(ws[21], p[15]);
2057 accum.mul(ws[22], p[14]);
2058 accum.mul(ws[23], p[13]);
2059 accum.mul(ws[24], p[12]);
2060 accum.mul(ws[25], p[11]);
2061 accum.mul(ws[26], p[10]);
2062 accum.mul(ws[27], p[9]);
2063 accum.mul(ws[28], p[8]);
2064 accum.mul(ws[29], p[7]);
2065 accum.mul(ws[30], p[6]);
2066 accum.mul(ws[31], p[5]);
2067 accum.add(z[36]);
2068 ws[4] = accum.extract();
2069 accum.mul(ws[6], p[31]);
2070 accum.mul(ws[7], p[30]);
2071 accum.mul(ws[8], p[29]);
2072 accum.mul(ws[9], p[28]);
2073 accum.mul(ws[10], p[27]);
2074 accum.mul(ws[11], p[26]);
2075 accum.mul(ws[12], p[25]);
2076 accum.mul(ws[13], p[24]);
2077 accum.mul(ws[14], p[23]);
2078 accum.mul(ws[15], p[22]);
2079 accum.mul(ws[16], p[21]);
2080 accum.mul(ws[17], p[20]);
2081 accum.mul(ws[18], p[19]);
2082 accum.mul(ws[19], p[18]);
2083 accum.mul(ws[20], p[17]);
2084 accum.mul(ws[21], p[16]);
2085 accum.mul(ws[22], p[15]);
2086 accum.mul(ws[23], p[14]);
2087 accum.mul(ws[24], p[13]);
2088 accum.mul(ws[25], p[12]);
2089 accum.mul(ws[26], p[11]);
2090 accum.mul(ws[27], p[10]);
2091 accum.mul(ws[28], p[9]);
2092 accum.mul(ws[29], p[8]);
2093 accum.mul(ws[30], p[7]);
2094 accum.mul(ws[31], p[6]);
2095 accum.add(z[37]);
2096 ws[5] = accum.extract();
2097 accum.mul(ws[7], p[31]);
2098 accum.mul(ws[8], p[30]);
2099 accum.mul(ws[9], p[29]);
2100 accum.mul(ws[10], p[28]);
2101 accum.mul(ws[11], p[27]);
2102 accum.mul(ws[12], p[26]);
2103 accum.mul(ws[13], p[25]);
2104 accum.mul(ws[14], p[24]);
2105 accum.mul(ws[15], p[23]);
2106 accum.mul(ws[16], p[22]);
2107 accum.mul(ws[17], p[21]);
2108 accum.mul(ws[18], p[20]);
2109 accum.mul(ws[19], p[19]);
2110 accum.mul(ws[20], p[18]);
2111 accum.mul(ws[21], p[17]);
2112 accum.mul(ws[22], p[16]);
2113 accum.mul(ws[23], p[15]);
2114 accum.mul(ws[24], p[14]);
2115 accum.mul(ws[25], p[13]);
2116 accum.mul(ws[26], p[12]);
2117 accum.mul(ws[27], p[11]);
2118 accum.mul(ws[28], p[10]);
2119 accum.mul(ws[29], p[9]);
2120 accum.mul(ws[30], p[8]);
2121 accum.mul(ws[31], p[7]);
2122 accum.add(z[38]);
2123 ws[6] = accum.extract();
2124 accum.mul(ws[8], p[31]);
2125 accum.mul(ws[9], p[30]);
2126 accum.mul(ws[10], p[29]);
2127 accum.mul(ws[11], p[28]);
2128 accum.mul(ws[12], p[27]);
2129 accum.mul(ws[13], p[26]);
2130 accum.mul(ws[14], p[25]);
2131 accum.mul(ws[15], p[24]);
2132 accum.mul(ws[16], p[23]);
2133 accum.mul(ws[17], p[22]);
2134 accum.mul(ws[18], p[21]);
2135 accum.mul(ws[19], p[20]);
2136 accum.mul(ws[20], p[19]);
2137 accum.mul(ws[21], p[18]);
2138 accum.mul(ws[22], p[17]);
2139 accum.mul(ws[23], p[16]);
2140 accum.mul(ws[24], p[15]);
2141 accum.mul(ws[25], p[14]);
2142 accum.mul(ws[26], p[13]);
2143 accum.mul(ws[27], p[12]);
2144 accum.mul(ws[28], p[11]);
2145 accum.mul(ws[29], p[10]);
2146 accum.mul(ws[30], p[9]);
2147 accum.mul(ws[31], p[8]);
2148 accum.add(z[39]);
2149 ws[7] = accum.extract();
2150 accum.mul(ws[9], p[31]);
2151 accum.mul(ws[10], p[30]);
2152 accum.mul(ws[11], p[29]);
2153 accum.mul(ws[12], p[28]);
2154 accum.mul(ws[13], p[27]);
2155 accum.mul(ws[14], p[26]);
2156 accum.mul(ws[15], p[25]);
2157 accum.mul(ws[16], p[24]);
2158 accum.mul(ws[17], p[23]);
2159 accum.mul(ws[18], p[22]);
2160 accum.mul(ws[19], p[21]);
2161 accum.mul(ws[20], p[20]);
2162 accum.mul(ws[21], p[19]);
2163 accum.mul(ws[22], p[18]);
2164 accum.mul(ws[23], p[17]);
2165 accum.mul(ws[24], p[16]);
2166 accum.mul(ws[25], p[15]);
2167 accum.mul(ws[26], p[14]);
2168 accum.mul(ws[27], p[13]);
2169 accum.mul(ws[28], p[12]);
2170 accum.mul(ws[29], p[11]);
2171 accum.mul(ws[30], p[10]);
2172 accum.mul(ws[31], p[9]);
2173 accum.add(z[40]);
2174 ws[8] = accum.extract();
2175 accum.mul(ws[10], p[31]);
2176 accum.mul(ws[11], p[30]);
2177 accum.mul(ws[12], p[29]);
2178 accum.mul(ws[13], p[28]);
2179 accum.mul(ws[14], p[27]);
2180 accum.mul(ws[15], p[26]);
2181 accum.mul(ws[16], p[25]);
2182 accum.mul(ws[17], p[24]);
2183 accum.mul(ws[18], p[23]);
2184 accum.mul(ws[19], p[22]);
2185 accum.mul(ws[20], p[21]);
2186 accum.mul(ws[21], p[20]);
2187 accum.mul(ws[22], p[19]);
2188 accum.mul(ws[23], p[18]);
2189 accum.mul(ws[24], p[17]);
2190 accum.mul(ws[25], p[16]);
2191 accum.mul(ws[26], p[15]);
2192 accum.mul(ws[27], p[14]);
2193 accum.mul(ws[28], p[13]);
2194 accum.mul(ws[29], p[12]);
2195 accum.mul(ws[30], p[11]);
2196 accum.mul(ws[31], p[10]);
2197 accum.add(z[41]);
2198 ws[9] = accum.extract();
2199 accum.mul(ws[11], p[31]);
2200 accum.mul(ws[12], p[30]);
2201 accum.mul(ws[13], p[29]);
2202 accum.mul(ws[14], p[28]);
2203 accum.mul(ws[15], p[27]);
2204 accum.mul(ws[16], p[26]);
2205 accum.mul(ws[17], p[25]);
2206 accum.mul(ws[18], p[24]);
2207 accum.mul(ws[19], p[23]);
2208 accum.mul(ws[20], p[22]);
2209 accum.mul(ws[21], p[21]);
2210 accum.mul(ws[22], p[20]);
2211 accum.mul(ws[23], p[19]);
2212 accum.mul(ws[24], p[18]);
2213 accum.mul(ws[25], p[17]);
2214 accum.mul(ws[26], p[16]);
2215 accum.mul(ws[27], p[15]);
2216 accum.mul(ws[28], p[14]);
2217 accum.mul(ws[29], p[13]);
2218 accum.mul(ws[30], p[12]);
2219 accum.mul(ws[31], p[11]);
2220 accum.add(z[42]);
2221 ws[10] = accum.extract();
2222 accum.mul(ws[12], p[31]);
2223 accum.mul(ws[13], p[30]);
2224 accum.mul(ws[14], p[29]);
2225 accum.mul(ws[15], p[28]);
2226 accum.mul(ws[16], p[27]);
2227 accum.mul(ws[17], p[26]);
2228 accum.mul(ws[18], p[25]);
2229 accum.mul(ws[19], p[24]);
2230 accum.mul(ws[20], p[23]);
2231 accum.mul(ws[21], p[22]);
2232 accum.mul(ws[22], p[21]);
2233 accum.mul(ws[23], p[20]);
2234 accum.mul(ws[24], p[19]);
2235 accum.mul(ws[25], p[18]);
2236 accum.mul(ws[26], p[17]);
2237 accum.mul(ws[27], p[16]);
2238 accum.mul(ws[28], p[15]);
2239 accum.mul(ws[29], p[14]);
2240 accum.mul(ws[30], p[13]);
2241 accum.mul(ws[31], p[12]);
2242 accum.add(z[43]);
2243 ws[11] = accum.extract();
2244 accum.mul(ws[13], p[31]);
2245 accum.mul(ws[14], p[30]);
2246 accum.mul(ws[15], p[29]);
2247 accum.mul(ws[16], p[28]);
2248 accum.mul(ws[17], p[27]);
2249 accum.mul(ws[18], p[26]);
2250 accum.mul(ws[19], p[25]);
2251 accum.mul(ws[20], p[24]);
2252 accum.mul(ws[21], p[23]);
2253 accum.mul(ws[22], p[22]);
2254 accum.mul(ws[23], p[21]);
2255 accum.mul(ws[24], p[20]);
2256 accum.mul(ws[25], p[19]);
2257 accum.mul(ws[26], p[18]);
2258 accum.mul(ws[27], p[17]);
2259 accum.mul(ws[28], p[16]);
2260 accum.mul(ws[29], p[15]);
2261 accum.mul(ws[30], p[14]);
2262 accum.mul(ws[31], p[13]);
2263 accum.add(z[44]);
2264 ws[12] = accum.extract();
2265 accum.mul(ws[14], p[31]);
2266 accum.mul(ws[15], p[30]);
2267 accum.mul(ws[16], p[29]);
2268 accum.mul(ws[17], p[28]);
2269 accum.mul(ws[18], p[27]);
2270 accum.mul(ws[19], p[26]);
2271 accum.mul(ws[20], p[25]);
2272 accum.mul(ws[21], p[24]);
2273 accum.mul(ws[22], p[23]);
2274 accum.mul(ws[23], p[22]);
2275 accum.mul(ws[24], p[21]);
2276 accum.mul(ws[25], p[20]);
2277 accum.mul(ws[26], p[19]);
2278 accum.mul(ws[27], p[18]);
2279 accum.mul(ws[28], p[17]);
2280 accum.mul(ws[29], p[16]);
2281 accum.mul(ws[30], p[15]);
2282 accum.mul(ws[31], p[14]);
2283 accum.add(z[45]);
2284 ws[13] = accum.extract();
2285 accum.mul(ws[15], p[31]);
2286 accum.mul(ws[16], p[30]);
2287 accum.mul(ws[17], p[29]);
2288 accum.mul(ws[18], p[28]);
2289 accum.mul(ws[19], p[27]);
2290 accum.mul(ws[20], p[26]);
2291 accum.mul(ws[21], p[25]);
2292 accum.mul(ws[22], p[24]);
2293 accum.mul(ws[23], p[23]);
2294 accum.mul(ws[24], p[22]);
2295 accum.mul(ws[25], p[21]);
2296 accum.mul(ws[26], p[20]);
2297 accum.mul(ws[27], p[19]);
2298 accum.mul(ws[28], p[18]);
2299 accum.mul(ws[29], p[17]);
2300 accum.mul(ws[30], p[16]);
2301 accum.mul(ws[31], p[15]);
2302 accum.add(z[46]);
2303 ws[14] = accum.extract();
2304 accum.mul(ws[16], p[31]);
2305 accum.mul(ws[17], p[30]);
2306 accum.mul(ws[18], p[29]);
2307 accum.mul(ws[19], p[28]);
2308 accum.mul(ws[20], p[27]);
2309 accum.mul(ws[21], p[26]);
2310 accum.mul(ws[22], p[25]);
2311 accum.mul(ws[23], p[24]);
2312 accum.mul(ws[24], p[23]);
2313 accum.mul(ws[25], p[22]);
2314 accum.mul(ws[26], p[21]);
2315 accum.mul(ws[27], p[20]);
2316 accum.mul(ws[28], p[19]);
2317 accum.mul(ws[29], p[18]);
2318 accum.mul(ws[30], p[17]);
2319 accum.mul(ws[31], p[16]);
2320 accum.add(z[47]);
2321 ws[15] = accum.extract();
2322 accum.mul(ws[17], p[31]);
2323 accum.mul(ws[18], p[30]);
2324 accum.mul(ws[19], p[29]);
2325 accum.mul(ws[20], p[28]);
2326 accum.mul(ws[21], p[27]);
2327 accum.mul(ws[22], p[26]);
2328 accum.mul(ws[23], p[25]);
2329 accum.mul(ws[24], p[24]);
2330 accum.mul(ws[25], p[23]);
2331 accum.mul(ws[26], p[22]);
2332 accum.mul(ws[27], p[21]);
2333 accum.mul(ws[28], p[20]);
2334 accum.mul(ws[29], p[19]);
2335 accum.mul(ws[30], p[18]);
2336 accum.mul(ws[31], p[17]);
2337 accum.add(z[48]);
2338 ws[16] = accum.extract();
2339 accum.mul(ws[18], p[31]);
2340 accum.mul(ws[19], p[30]);
2341 accum.mul(ws[20], p[29]);
2342 accum.mul(ws[21], p[28]);
2343 accum.mul(ws[22], p[27]);
2344 accum.mul(ws[23], p[26]);
2345 accum.mul(ws[24], p[25]);
2346 accum.mul(ws[25], p[24]);
2347 accum.mul(ws[26], p[23]);
2348 accum.mul(ws[27], p[22]);
2349 accum.mul(ws[28], p[21]);
2350 accum.mul(ws[29], p[20]);
2351 accum.mul(ws[30], p[19]);
2352 accum.mul(ws[31], p[18]);
2353 accum.add(z[49]);
2354 ws[17] = accum.extract();
2355 accum.mul(ws[19], p[31]);
2356 accum.mul(ws[20], p[30]);
2357 accum.mul(ws[21], p[29]);
2358 accum.mul(ws[22], p[28]);
2359 accum.mul(ws[23], p[27]);
2360 accum.mul(ws[24], p[26]);
2361 accum.mul(ws[25], p[25]);
2362 accum.mul(ws[26], p[24]);
2363 accum.mul(ws[27], p[23]);
2364 accum.mul(ws[28], p[22]);
2365 accum.mul(ws[29], p[21]);
2366 accum.mul(ws[30], p[20]);
2367 accum.mul(ws[31], p[19]);
2368 accum.add(z[50]);
2369 ws[18] = accum.extract();
2370 accum.mul(ws[20], p[31]);
2371 accum.mul(ws[21], p[30]);
2372 accum.mul(ws[22], p[29]);
2373 accum.mul(ws[23], p[28]);
2374 accum.mul(ws[24], p[27]);
2375 accum.mul(ws[25], p[26]);
2376 accum.mul(ws[26], p[25]);
2377 accum.mul(ws[27], p[24]);
2378 accum.mul(ws[28], p[23]);
2379 accum.mul(ws[29], p[22]);
2380 accum.mul(ws[30], p[21]);
2381 accum.mul(ws[31], p[20]);
2382 accum.add(z[51]);
2383 ws[19] = accum.extract();
2384 accum.mul(ws[21], p[31]);
2385 accum.mul(ws[22], p[30]);
2386 accum.mul(ws[23], p[29]);
2387 accum.mul(ws[24], p[28]);
2388 accum.mul(ws[25], p[27]);
2389 accum.mul(ws[26], p[26]);
2390 accum.mul(ws[27], p[25]);
2391 accum.mul(ws[28], p[24]);
2392 accum.mul(ws[29], p[23]);
2393 accum.mul(ws[30], p[22]);
2394 accum.mul(ws[31], p[21]);
2395 accum.add(z[52]);
2396 ws[20] = accum.extract();
2397 accum.mul(ws[22], p[31]);
2398 accum.mul(ws[23], p[30]);
2399 accum.mul(ws[24], p[29]);
2400 accum.mul(ws[25], p[28]);
2401 accum.mul(ws[26], p[27]);
2402 accum.mul(ws[27], p[26]);
2403 accum.mul(ws[28], p[25]);
2404 accum.mul(ws[29], p[24]);
2405 accum.mul(ws[30], p[23]);
2406 accum.mul(ws[31], p[22]);
2407 accum.add(z[53]);
2408 ws[21] = accum.extract();
2409 accum.mul(ws[23], p[31]);
2410 accum.mul(ws[24], p[30]);
2411 accum.mul(ws[25], p[29]);
2412 accum.mul(ws[26], p[28]);
2413 accum.mul(ws[27], p[27]);
2414 accum.mul(ws[28], p[26]);
2415 accum.mul(ws[29], p[25]);
2416 accum.mul(ws[30], p[24]);
2417 accum.mul(ws[31], p[23]);
2418 accum.add(z[54]);
2419 ws[22] = accum.extract();
2420 accum.mul(ws[24], p[31]);
2421 accum.mul(ws[25], p[30]);
2422 accum.mul(ws[26], p[29]);
2423 accum.mul(ws[27], p[28]);
2424 accum.mul(ws[28], p[27]);
2425 accum.mul(ws[29], p[26]);
2426 accum.mul(ws[30], p[25]);
2427 accum.mul(ws[31], p[24]);
2428 accum.add(z[55]);
2429 ws[23] = accum.extract();
2430 accum.mul(ws[25], p[31]);
2431 accum.mul(ws[26], p[30]);
2432 accum.mul(ws[27], p[29]);
2433 accum.mul(ws[28], p[28]);
2434 accum.mul(ws[29], p[27]);
2435 accum.mul(ws[30], p[26]);
2436 accum.mul(ws[31], p[25]);
2437 accum.add(z[56]);
2438 ws[24] = accum.extract();
2439 accum.mul(ws[26], p[31]);
2440 accum.mul(ws[27], p[30]);
2441 accum.mul(ws[28], p[29]);
2442 accum.mul(ws[29], p[28]);
2443 accum.mul(ws[30], p[27]);
2444 accum.mul(ws[31], p[26]);
2445 accum.add(z[57]);
2446 ws[25] = accum.extract();
2447 accum.mul(ws[27], p[31]);
2448 accum.mul(ws[28], p[30]);
2449 accum.mul(ws[29], p[29]);
2450 accum.mul(ws[30], p[28]);
2451 accum.mul(ws[31], p[27]);
2452 accum.add(z[58]);
2453 ws[26] = accum.extract();
2454 accum.mul(ws[28], p[31]);
2455 accum.mul(ws[29], p[30]);
2456 accum.mul(ws[30], p[29]);
2457 accum.mul(ws[31], p[28]);
2458 accum.add(z[59]);
2459 ws[27] = accum.extract();
2460 accum.mul(ws[29], p[31]);
2461 accum.mul(ws[30], p[30]);
2462 accum.mul(ws[31], p[29]);
2463 accum.add(z[60]);
2464 ws[28] = accum.extract();
2465 accum.mul(ws[30], p[31]);
2466 accum.mul(ws[31], p[30]);
2467 accum.add(z[61]);
2468 ws[29] = accum.extract();
2469 accum.mul(ws[31], p[31]);
2470 accum.add(z[62]);
2471 ws[30] = accum.extract();
2472 accum.add(z[63]);
2473 ws[31] = accum.extract();
2474 word w1 = accum.extract();
2475 bigint_monty_maybe_sub<32>(r, w1, ws, p);
2476}
2477
2478} // namespace Botan
Botan::word3::add
constexpr void add(W x)
Definition mp_asmi.h:574
Botan::word3::monty_step
constexpr W monty_step(W p0, W p_dash)
Definition mp_asmi.h:591
Botan::word3::extract
constexpr W extract()
Definition mp_asmi.h:583
Botan::word3::mul
constexpr void mul(W x, W y)
Definition mp_asmi.h:509
Botan::bigint_monty_redc_6
BOTAN_FUZZER_API void bigint_monty_redc_6(word r[6], const word z[12], const word p[6], word p_dash, word ws[6])
Definition mp_monty_n.cpp:48
Botan::bigint_monty_redc_24
BOTAN_FUZZER_API void bigint_monty_redc_24(word r[24], const word z[48], const word p[24], word p_dash, word ws[24])
Definition mp_monty_n.cpp:698
Botan::bigint_monty_redc_4
BOTAN_FUZZER_API void bigint_monty_redc_4(word r[4], const word z[8], const word p[4], word p_dash, word ws[4])
Definition mp_monty_n.cpp:14
Botan::bigint_monty_maybe_sub
constexpr void bigint_monty_maybe_sub(size_t N, W z[], W x0, const W x[], const W p[])
Definition mp_core.h:344
Botan::bigint_monty_redc_12
BOTAN_FUZZER_API void bigint_monty_redc_12(word r[12], const word z[24], const word p[12], word p_dash, word ws[12])
Definition mp_monty_n.cpp:202
Botan::bigint_monty_redc_16
BOTAN_FUZZER_API void bigint_monty_redc_16(word r[16], const word z[32], const word p[16], word p_dash, word ws[16])
Definition mp_monty_n.cpp:388
Botan::word
std::conditional_t< HasNative64BitRegisters, std::uint64_t, uint32_t > word
Definition types.h:119
Botan::bigint_monty_redc_8
BOTAN_FUZZER_API void bigint_monty_redc_8(word r[8], const word z[16], const word p[8], word p_dash, word ws[8])
Definition mp_monty_n.cpp:108
Botan::bigint_monty_redc_32
BOTAN_FUZZER_API void bigint_monty_redc_32(word r[32], const word z[64], const word p[32], word p_dash, word ws[32])
Definition mp_monty_n.cpp:1352
Generated by doxygen 1.13.2