Botan 3.6.1
Crypto and TLS for C&
mp_monty_n.cpp
Go to the documentation of this file.
1/*
2* This file was automatically generated by ./src/scripts/dev_tools/gen_mp_monty.py on 2024-04-09
3* All manual changes will be lost. Edit the script instead.
4*
5* Botan is released under the Simplified BSD License (see license.txt)
6*/
7
8#include <botan/internal/mp_core.h>
9
10#include <botan/internal/ct_utils.h>
11
12namespace Botan {
13
14void bigint_monty_redc_4(word z[8], const word p[4], word p_dash, word ws[]) {
15 word3<word> accum;
16 accum.add(z[0]);
17 ws[0] = accum.monty_step(p[0], p_dash);
18 accum.mul(ws[0], p[1]);
19 accum.add(z[1]);
20 ws[1] = accum.monty_step(p[0], p_dash);
21 accum.mul(ws[0], p[2]);
22 accum.mul(ws[1], p[1]);
23 accum.add(z[2]);
24 ws[2] = accum.monty_step(p[0], p_dash);
25 accum.mul(ws[0], p[3]);
26 accum.mul(ws[1], p[2]);
27 accum.mul(ws[2], p[1]);
28 accum.add(z[3]);
29 ws[3] = accum.monty_step(p[0], p_dash);
30 accum.mul(ws[1], p[3]);
31 accum.mul(ws[2], p[2]);
32 accum.mul(ws[3], p[1]);
33 accum.add(z[4]);
34 ws[0] = accum.extract();
35 accum.mul(ws[2], p[3]);
36 accum.mul(ws[3], p[2]);
37 accum.add(z[5]);
38 ws[1] = accum.extract();
39 accum.mul(ws[3], p[3]);
40 accum.add(z[6]);
41 ws[2] = accum.extract();
42 accum.add(z[7]);
43 ws[3] = accum.extract();
44 word w1 = accum.extract();
45 bigint_monty_maybe_sub<4>(z, w1, ws, p);
46 clear_mem(z + 4, 4);
47}
48
49void bigint_monty_redc_6(word z[12], const word p[6], word p_dash, word ws[]) {
50 word3<word> accum;
51 accum.add(z[0]);
52 ws[0] = accum.monty_step(p[0], p_dash);
53 accum.mul(ws[0], p[1]);
54 accum.add(z[1]);
55 ws[1] = accum.monty_step(p[0], p_dash);
56 accum.mul(ws[0], p[2]);
57 accum.mul(ws[1], p[1]);
58 accum.add(z[2]);
59 ws[2] = accum.monty_step(p[0], p_dash);
60 accum.mul(ws[0], p[3]);
61 accum.mul(ws[1], p[2]);
62 accum.mul(ws[2], p[1]);
63 accum.add(z[3]);
64 ws[3] = accum.monty_step(p[0], p_dash);
65 accum.mul(ws[0], p[4]);
66 accum.mul(ws[1], p[3]);
67 accum.mul(ws[2], p[2]);
68 accum.mul(ws[3], p[1]);
69 accum.add(z[4]);
70 ws[4] = accum.monty_step(p[0], p_dash);
71 accum.mul(ws[0], p[5]);
72 accum.mul(ws[1], p[4]);
73 accum.mul(ws[2], p[3]);
74 accum.mul(ws[3], p[2]);
75 accum.mul(ws[4], p[1]);
76 accum.add(z[5]);
77 ws[5] = accum.monty_step(p[0], p_dash);
78 accum.mul(ws[1], p[5]);
79 accum.mul(ws[2], p[4]);
80 accum.mul(ws[3], p[3]);
81 accum.mul(ws[4], p[2]);
82 accum.mul(ws[5], p[1]);
83 accum.add(z[6]);
84 ws[0] = accum.extract();
85 accum.mul(ws[2], p[5]);
86 accum.mul(ws[3], p[4]);
87 accum.mul(ws[4], p[3]);
88 accum.mul(ws[5], p[2]);
89 accum.add(z[7]);
90 ws[1] = accum.extract();
91 accum.mul(ws[3], p[5]);
92 accum.mul(ws[4], p[4]);
93 accum.mul(ws[5], p[3]);
94 accum.add(z[8]);
95 ws[2] = accum.extract();
96 accum.mul(ws[4], p[5]);
97 accum.mul(ws[5], p[4]);
98 accum.add(z[9]);
99 ws[3] = accum.extract();
100 accum.mul(ws[5], p[5]);
101 accum.add(z[10]);
102 ws[4] = accum.extract();
103 accum.add(z[11]);
104 ws[5] = accum.extract();
105 word w1 = accum.extract();
106 bigint_monty_maybe_sub<6>(z, w1, ws, p);
107 clear_mem(z + 6, 6);
108}
109
110void bigint_monty_redc_8(word z[16], const word p[8], word p_dash, word ws[]) {
111 word3<word> accum;
112 accum.add(z[0]);
113 ws[0] = accum.monty_step(p[0], p_dash);
114 accum.mul(ws[0], p[1]);
115 accum.add(z[1]);
116 ws[1] = accum.monty_step(p[0], p_dash);
117 accum.mul(ws[0], p[2]);
118 accum.mul(ws[1], p[1]);
119 accum.add(z[2]);
120 ws[2] = accum.monty_step(p[0], p_dash);
121 accum.mul(ws[0], p[3]);
122 accum.mul(ws[1], p[2]);
123 accum.mul(ws[2], p[1]);
124 accum.add(z[3]);
125 ws[3] = accum.monty_step(p[0], p_dash);
126 accum.mul(ws[0], p[4]);
127 accum.mul(ws[1], p[3]);
128 accum.mul(ws[2], p[2]);
129 accum.mul(ws[3], p[1]);
130 accum.add(z[4]);
131 ws[4] = accum.monty_step(p[0], p_dash);
132 accum.mul(ws[0], p[5]);
133 accum.mul(ws[1], p[4]);
134 accum.mul(ws[2], p[3]);
135 accum.mul(ws[3], p[2]);
136 accum.mul(ws[4], p[1]);
137 accum.add(z[5]);
138 ws[5] = accum.monty_step(p[0], p_dash);
139 accum.mul(ws[0], p[6]);
140 accum.mul(ws[1], p[5]);
141 accum.mul(ws[2], p[4]);
142 accum.mul(ws[3], p[3]);
143 accum.mul(ws[4], p[2]);
144 accum.mul(ws[5], p[1]);
145 accum.add(z[6]);
146 ws[6] = accum.monty_step(p[0], p_dash);
147 accum.mul(ws[0], p[7]);
148 accum.mul(ws[1], p[6]);
149 accum.mul(ws[2], p[5]);
150 accum.mul(ws[3], p[4]);
151 accum.mul(ws[4], p[3]);
152 accum.mul(ws[5], p[2]);
153 accum.mul(ws[6], p[1]);
154 accum.add(z[7]);
155 ws[7] = accum.monty_step(p[0], p_dash);
156 accum.mul(ws[1], p[7]);
157 accum.mul(ws[2], p[6]);
158 accum.mul(ws[3], p[5]);
159 accum.mul(ws[4], p[4]);
160 accum.mul(ws[5], p[3]);
161 accum.mul(ws[6], p[2]);
162 accum.mul(ws[7], p[1]);
163 accum.add(z[8]);
164 ws[0] = accum.extract();
165 accum.mul(ws[2], p[7]);
166 accum.mul(ws[3], p[6]);
167 accum.mul(ws[4], p[5]);
168 accum.mul(ws[5], p[4]);
169 accum.mul(ws[6], p[3]);
170 accum.mul(ws[7], p[2]);
171 accum.add(z[9]);
172 ws[1] = accum.extract();
173 accum.mul(ws[3], p[7]);
174 accum.mul(ws[4], p[6]);
175 accum.mul(ws[5], p[5]);
176 accum.mul(ws[6], p[4]);
177 accum.mul(ws[7], p[3]);
178 accum.add(z[10]);
179 ws[2] = accum.extract();
180 accum.mul(ws[4], p[7]);
181 accum.mul(ws[5], p[6]);
182 accum.mul(ws[6], p[5]);
183 accum.mul(ws[7], p[4]);
184 accum.add(z[11]);
185 ws[3] = accum.extract();
186 accum.mul(ws[5], p[7]);
187 accum.mul(ws[6], p[6]);
188 accum.mul(ws[7], p[5]);
189 accum.add(z[12]);
190 ws[4] = accum.extract();
191 accum.mul(ws[6], p[7]);
192 accum.mul(ws[7], p[6]);
193 accum.add(z[13]);
194 ws[5] = accum.extract();
195 accum.mul(ws[7], p[7]);
196 accum.add(z[14]);
197 ws[6] = accum.extract();
198 accum.add(z[15]);
199 ws[7] = accum.extract();
200 word w1 = accum.extract();
201 bigint_monty_maybe_sub<8>(z, w1, ws, p);
202 clear_mem(z + 8, 8);
203}
204
205void bigint_monty_redc_16(word z[32], const word p[16], word p_dash, word ws[]) {
206 word3<word> accum;
207 accum.add(z[0]);
208 ws[0] = accum.monty_step(p[0], p_dash);
209 accum.mul(ws[0], p[1]);
210 accum.add(z[1]);
211 ws[1] = accum.monty_step(p[0], p_dash);
212 accum.mul(ws[0], p[2]);
213 accum.mul(ws[1], p[1]);
214 accum.add(z[2]);
215 ws[2] = accum.monty_step(p[0], p_dash);
216 accum.mul(ws[0], p[3]);
217 accum.mul(ws[1], p[2]);
218 accum.mul(ws[2], p[1]);
219 accum.add(z[3]);
220 ws[3] = accum.monty_step(p[0], p_dash);
221 accum.mul(ws[0], p[4]);
222 accum.mul(ws[1], p[3]);
223 accum.mul(ws[2], p[2]);
224 accum.mul(ws[3], p[1]);
225 accum.add(z[4]);
226 ws[4] = accum.monty_step(p[0], p_dash);
227 accum.mul(ws[0], p[5]);
228 accum.mul(ws[1], p[4]);
229 accum.mul(ws[2], p[3]);
230 accum.mul(ws[3], p[2]);
231 accum.mul(ws[4], p[1]);
232 accum.add(z[5]);
233 ws[5] = accum.monty_step(p[0], p_dash);
234 accum.mul(ws[0], p[6]);
235 accum.mul(ws[1], p[5]);
236 accum.mul(ws[2], p[4]);
237 accum.mul(ws[3], p[3]);
238 accum.mul(ws[4], p[2]);
239 accum.mul(ws[5], p[1]);
240 accum.add(z[6]);
241 ws[6] = accum.monty_step(p[0], p_dash);
242 accum.mul(ws[0], p[7]);
243 accum.mul(ws[1], p[6]);
244 accum.mul(ws[2], p[5]);
245 accum.mul(ws[3], p[4]);
246 accum.mul(ws[4], p[3]);
247 accum.mul(ws[5], p[2]);
248 accum.mul(ws[6], p[1]);
249 accum.add(z[7]);
250 ws[7] = accum.monty_step(p[0], p_dash);
251 accum.mul(ws[0], p[8]);
252 accum.mul(ws[1], p[7]);
253 accum.mul(ws[2], p[6]);
254 accum.mul(ws[3], p[5]);
255 accum.mul(ws[4], p[4]);
256 accum.mul(ws[5], p[3]);
257 accum.mul(ws[6], p[2]);
258 accum.mul(ws[7], p[1]);
259 accum.add(z[8]);
260 ws[8] = accum.monty_step(p[0], p_dash);
261 accum.mul(ws[0], p[9]);
262 accum.mul(ws[1], p[8]);
263 accum.mul(ws[2], p[7]);
264 accum.mul(ws[3], p[6]);
265 accum.mul(ws[4], p[5]);
266 accum.mul(ws[5], p[4]);
267 accum.mul(ws[6], p[3]);
268 accum.mul(ws[7], p[2]);
269 accum.mul(ws[8], p[1]);
270 accum.add(z[9]);
271 ws[9] = accum.monty_step(p[0], p_dash);
272 accum.mul(ws[0], p[10]);
273 accum.mul(ws[1], p[9]);
274 accum.mul(ws[2], p[8]);
275 accum.mul(ws[3], p[7]);
276 accum.mul(ws[4], p[6]);
277 accum.mul(ws[5], p[5]);
278 accum.mul(ws[6], p[4]);
279 accum.mul(ws[7], p[3]);
280 accum.mul(ws[8], p[2]);
281 accum.mul(ws[9], p[1]);
282 accum.add(z[10]);
283 ws[10] = accum.monty_step(p[0], p_dash);
284 accum.mul(ws[0], p[11]);
285 accum.mul(ws[1], p[10]);
286 accum.mul(ws[2], p[9]);
287 accum.mul(ws[3], p[8]);
288 accum.mul(ws[4], p[7]);
289 accum.mul(ws[5], p[6]);
290 accum.mul(ws[6], p[5]);
291 accum.mul(ws[7], p[4]);
292 accum.mul(ws[8], p[3]);
293 accum.mul(ws[9], p[2]);
294 accum.mul(ws[10], p[1]);
295 accum.add(z[11]);
296 ws[11] = accum.monty_step(p[0], p_dash);
297 accum.mul(ws[0], p[12]);
298 accum.mul(ws[1], p[11]);
299 accum.mul(ws[2], p[10]);
300 accum.mul(ws[3], p[9]);
301 accum.mul(ws[4], p[8]);
302 accum.mul(ws[5], p[7]);
303 accum.mul(ws[6], p[6]);
304 accum.mul(ws[7], p[5]);
305 accum.mul(ws[8], p[4]);
306 accum.mul(ws[9], p[3]);
307 accum.mul(ws[10], p[2]);
308 accum.mul(ws[11], p[1]);
309 accum.add(z[12]);
310 ws[12] = accum.monty_step(p[0], p_dash);
311 accum.mul(ws[0], p[13]);
312 accum.mul(ws[1], p[12]);
313 accum.mul(ws[2], p[11]);
314 accum.mul(ws[3], p[10]);
315 accum.mul(ws[4], p[9]);
316 accum.mul(ws[5], p[8]);
317 accum.mul(ws[6], p[7]);
318 accum.mul(ws[7], p[6]);
319 accum.mul(ws[8], p[5]);
320 accum.mul(ws[9], p[4]);
321 accum.mul(ws[10], p[3]);
322 accum.mul(ws[11], p[2]);
323 accum.mul(ws[12], p[1]);
324 accum.add(z[13]);
325 ws[13] = accum.monty_step(p[0], p_dash);
326 accum.mul(ws[0], p[14]);
327 accum.mul(ws[1], p[13]);
328 accum.mul(ws[2], p[12]);
329 accum.mul(ws[3], p[11]);
330 accum.mul(ws[4], p[10]);
331 accum.mul(ws[5], p[9]);
332 accum.mul(ws[6], p[8]);
333 accum.mul(ws[7], p[7]);
334 accum.mul(ws[8], p[6]);
335 accum.mul(ws[9], p[5]);
336 accum.mul(ws[10], p[4]);
337 accum.mul(ws[11], p[3]);
338 accum.mul(ws[12], p[2]);
339 accum.mul(ws[13], p[1]);
340 accum.add(z[14]);
341 ws[14] = accum.monty_step(p[0], p_dash);
342 accum.mul(ws[0], p[15]);
343 accum.mul(ws[1], p[14]);
344 accum.mul(ws[2], p[13]);
345 accum.mul(ws[3], p[12]);
346 accum.mul(ws[4], p[11]);
347 accum.mul(ws[5], p[10]);
348 accum.mul(ws[6], p[9]);
349 accum.mul(ws[7], p[8]);
350 accum.mul(ws[8], p[7]);
351 accum.mul(ws[9], p[6]);
352 accum.mul(ws[10], p[5]);
353 accum.mul(ws[11], p[4]);
354 accum.mul(ws[12], p[3]);
355 accum.mul(ws[13], p[2]);
356 accum.mul(ws[14], p[1]);
357 accum.add(z[15]);
358 ws[15] = accum.monty_step(p[0], p_dash);
359 accum.mul(ws[1], p[15]);
360 accum.mul(ws[2], p[14]);
361 accum.mul(ws[3], p[13]);
362 accum.mul(ws[4], p[12]);
363 accum.mul(ws[5], p[11]);
364 accum.mul(ws[6], p[10]);
365 accum.mul(ws[7], p[9]);
366 accum.mul(ws[8], p[8]);
367 accum.mul(ws[9], p[7]);
368 accum.mul(ws[10], p[6]);
369 accum.mul(ws[11], p[5]);
370 accum.mul(ws[12], p[4]);
371 accum.mul(ws[13], p[3]);
372 accum.mul(ws[14], p[2]);
373 accum.mul(ws[15], p[1]);
374 accum.add(z[16]);
375 ws[0] = accum.extract();
376 accum.mul(ws[2], p[15]);
377 accum.mul(ws[3], p[14]);
378 accum.mul(ws[4], p[13]);
379 accum.mul(ws[5], p[12]);
380 accum.mul(ws[6], p[11]);
381 accum.mul(ws[7], p[10]);
382 accum.mul(ws[8], p[9]);
383 accum.mul(ws[9], p[8]);
384 accum.mul(ws[10], p[7]);
385 accum.mul(ws[11], p[6]);
386 accum.mul(ws[12], p[5]);
387 accum.mul(ws[13], p[4]);
388 accum.mul(ws[14], p[3]);
389 accum.mul(ws[15], p[2]);
390 accum.add(z[17]);
391 ws[1] = accum.extract();
392 accum.mul(ws[3], p[15]);
393 accum.mul(ws[4], p[14]);
394 accum.mul(ws[5], p[13]);
395 accum.mul(ws[6], p[12]);
396 accum.mul(ws[7], p[11]);
397 accum.mul(ws[8], p[10]);
398 accum.mul(ws[9], p[9]);
399 accum.mul(ws[10], p[8]);
400 accum.mul(ws[11], p[7]);
401 accum.mul(ws[12], p[6]);
402 accum.mul(ws[13], p[5]);
403 accum.mul(ws[14], p[4]);
404 accum.mul(ws[15], p[3]);
405 accum.add(z[18]);
406 ws[2] = accum.extract();
407 accum.mul(ws[4], p[15]);
408 accum.mul(ws[5], p[14]);
409 accum.mul(ws[6], p[13]);
410 accum.mul(ws[7], p[12]);
411 accum.mul(ws[8], p[11]);
412 accum.mul(ws[9], p[10]);
413 accum.mul(ws[10], p[9]);
414 accum.mul(ws[11], p[8]);
415 accum.mul(ws[12], p[7]);
416 accum.mul(ws[13], p[6]);
417 accum.mul(ws[14], p[5]);
418 accum.mul(ws[15], p[4]);
419 accum.add(z[19]);
420 ws[3] = accum.extract();
421 accum.mul(ws[5], p[15]);
422 accum.mul(ws[6], p[14]);
423 accum.mul(ws[7], p[13]);
424 accum.mul(ws[8], p[12]);
425 accum.mul(ws[9], p[11]);
426 accum.mul(ws[10], p[10]);
427 accum.mul(ws[11], p[9]);
428 accum.mul(ws[12], p[8]);
429 accum.mul(ws[13], p[7]);
430 accum.mul(ws[14], p[6]);
431 accum.mul(ws[15], p[5]);
432 accum.add(z[20]);
433 ws[4] = accum.extract();
434 accum.mul(ws[6], p[15]);
435 accum.mul(ws[7], p[14]);
436 accum.mul(ws[8], p[13]);
437 accum.mul(ws[9], p[12]);
438 accum.mul(ws[10], p[11]);
439 accum.mul(ws[11], p[10]);
440 accum.mul(ws[12], p[9]);
441 accum.mul(ws[13], p[8]);
442 accum.mul(ws[14], p[7]);
443 accum.mul(ws[15], p[6]);
444 accum.add(z[21]);
445 ws[5] = accum.extract();
446 accum.mul(ws[7], p[15]);
447 accum.mul(ws[8], p[14]);
448 accum.mul(ws[9], p[13]);
449 accum.mul(ws[10], p[12]);
450 accum.mul(ws[11], p[11]);
451 accum.mul(ws[12], p[10]);
452 accum.mul(ws[13], p[9]);
453 accum.mul(ws[14], p[8]);
454 accum.mul(ws[15], p[7]);
455 accum.add(z[22]);
456 ws[6] = accum.extract();
457 accum.mul(ws[8], p[15]);
458 accum.mul(ws[9], p[14]);
459 accum.mul(ws[10], p[13]);
460 accum.mul(ws[11], p[12]);
461 accum.mul(ws[12], p[11]);
462 accum.mul(ws[13], p[10]);
463 accum.mul(ws[14], p[9]);
464 accum.mul(ws[15], p[8]);
465 accum.add(z[23]);
466 ws[7] = accum.extract();
467 accum.mul(ws[9], p[15]);
468 accum.mul(ws[10], p[14]);
469 accum.mul(ws[11], p[13]);
470 accum.mul(ws[12], p[12]);
471 accum.mul(ws[13], p[11]);
472 accum.mul(ws[14], p[10]);
473 accum.mul(ws[15], p[9]);
474 accum.add(z[24]);
475 ws[8] = accum.extract();
476 accum.mul(ws[10], p[15]);
477 accum.mul(ws[11], p[14]);
478 accum.mul(ws[12], p[13]);
479 accum.mul(ws[13], p[12]);
480 accum.mul(ws[14], p[11]);
481 accum.mul(ws[15], p[10]);
482 accum.add(z[25]);
483 ws[9] = accum.extract();
484 accum.mul(ws[11], p[15]);
485 accum.mul(ws[12], p[14]);
486 accum.mul(ws[13], p[13]);
487 accum.mul(ws[14], p[12]);
488 accum.mul(ws[15], p[11]);
489 accum.add(z[26]);
490 ws[10] = accum.extract();
491 accum.mul(ws[12], p[15]);
492 accum.mul(ws[13], p[14]);
493 accum.mul(ws[14], p[13]);
494 accum.mul(ws[15], p[12]);
495 accum.add(z[27]);
496 ws[11] = accum.extract();
497 accum.mul(ws[13], p[15]);
498 accum.mul(ws[14], p[14]);
499 accum.mul(ws[15], p[13]);
500 accum.add(z[28]);
501 ws[12] = accum.extract();
502 accum.mul(ws[14], p[15]);
503 accum.mul(ws[15], p[14]);
504 accum.add(z[29]);
505 ws[13] = accum.extract();
506 accum.mul(ws[15], p[15]);
507 accum.add(z[30]);
508 ws[14] = accum.extract();
509 accum.add(z[31]);
510 ws[15] = accum.extract();
511 word w1 = accum.extract();
512 bigint_monty_maybe_sub<16>(z, w1, ws, p);
513 clear_mem(z + 16, 16);
514}
515
516void bigint_monty_redc_24(word z[48], const word p[24], word p_dash, word ws[]) {
517 word3<word> accum;
518 accum.add(z[0]);
519 ws[0] = accum.monty_step(p[0], p_dash);
520 accum.mul(ws[0], p[1]);
521 accum.add(z[1]);
522 ws[1] = accum.monty_step(p[0], p_dash);
523 accum.mul(ws[0], p[2]);
524 accum.mul(ws[1], p[1]);
525 accum.add(z[2]);
526 ws[2] = accum.monty_step(p[0], p_dash);
527 accum.mul(ws[0], p[3]);
528 accum.mul(ws[1], p[2]);
529 accum.mul(ws[2], p[1]);
530 accum.add(z[3]);
531 ws[3] = accum.monty_step(p[0], p_dash);
532 accum.mul(ws[0], p[4]);
533 accum.mul(ws[1], p[3]);
534 accum.mul(ws[2], p[2]);
535 accum.mul(ws[3], p[1]);
536 accum.add(z[4]);
537 ws[4] = accum.monty_step(p[0], p_dash);
538 accum.mul(ws[0], p[5]);
539 accum.mul(ws[1], p[4]);
540 accum.mul(ws[2], p[3]);
541 accum.mul(ws[3], p[2]);
542 accum.mul(ws[4], p[1]);
543 accum.add(z[5]);
544 ws[5] = accum.monty_step(p[0], p_dash);
545 accum.mul(ws[0], p[6]);
546 accum.mul(ws[1], p[5]);
547 accum.mul(ws[2], p[4]);
548 accum.mul(ws[3], p[3]);
549 accum.mul(ws[4], p[2]);
550 accum.mul(ws[5], p[1]);
551 accum.add(z[6]);
552 ws[6] = accum.monty_step(p[0], p_dash);
553 accum.mul(ws[0], p[7]);
554 accum.mul(ws[1], p[6]);
555 accum.mul(ws[2], p[5]);
556 accum.mul(ws[3], p[4]);
557 accum.mul(ws[4], p[3]);
558 accum.mul(ws[5], p[2]);
559 accum.mul(ws[6], p[1]);
560 accum.add(z[7]);
561 ws[7] = accum.monty_step(p[0], p_dash);
562 accum.mul(ws[0], p[8]);
563 accum.mul(ws[1], p[7]);
564 accum.mul(ws[2], p[6]);
565 accum.mul(ws[3], p[5]);
566 accum.mul(ws[4], p[4]);
567 accum.mul(ws[5], p[3]);
568 accum.mul(ws[6], p[2]);
569 accum.mul(ws[7], p[1]);
570 accum.add(z[8]);
571 ws[8] = accum.monty_step(p[0], p_dash);
572 accum.mul(ws[0], p[9]);
573 accum.mul(ws[1], p[8]);
574 accum.mul(ws[2], p[7]);
575 accum.mul(ws[3], p[6]);
576 accum.mul(ws[4], p[5]);
577 accum.mul(ws[5], p[4]);
578 accum.mul(ws[6], p[3]);
579 accum.mul(ws[7], p[2]);
580 accum.mul(ws[8], p[1]);
581 accum.add(z[9]);
582 ws[9] = accum.monty_step(p[0], p_dash);
583 accum.mul(ws[0], p[10]);
584 accum.mul(ws[1], p[9]);
585 accum.mul(ws[2], p[8]);
586 accum.mul(ws[3], p[7]);
587 accum.mul(ws[4], p[6]);
588 accum.mul(ws[5], p[5]);
589 accum.mul(ws[6], p[4]);
590 accum.mul(ws[7], p[3]);
591 accum.mul(ws[8], p[2]);
592 accum.mul(ws[9], p[1]);
593 accum.add(z[10]);
594 ws[10] = accum.monty_step(p[0], p_dash);
595 accum.mul(ws[0], p[11]);
596 accum.mul(ws[1], p[10]);
597 accum.mul(ws[2], p[9]);
598 accum.mul(ws[3], p[8]);
599 accum.mul(ws[4], p[7]);
600 accum.mul(ws[5], p[6]);
601 accum.mul(ws[6], p[5]);
602 accum.mul(ws[7], p[4]);
603 accum.mul(ws[8], p[3]);
604 accum.mul(ws[9], p[2]);
605 accum.mul(ws[10], p[1]);
606 accum.add(z[11]);
607 ws[11] = accum.monty_step(p[0], p_dash);
608 accum.mul(ws[0], p[12]);
609 accum.mul(ws[1], p[11]);
610 accum.mul(ws[2], p[10]);
611 accum.mul(ws[3], p[9]);
612 accum.mul(ws[4], p[8]);
613 accum.mul(ws[5], p[7]);
614 accum.mul(ws[6], p[6]);
615 accum.mul(ws[7], p[5]);
616 accum.mul(ws[8], p[4]);
617 accum.mul(ws[9], p[3]);
618 accum.mul(ws[10], p[2]);
619 accum.mul(ws[11], p[1]);
620 accum.add(z[12]);
621 ws[12] = accum.monty_step(p[0], p_dash);
622 accum.mul(ws[0], p[13]);
623 accum.mul(ws[1], p[12]);
624 accum.mul(ws[2], p[11]);
625 accum.mul(ws[3], p[10]);
626 accum.mul(ws[4], p[9]);
627 accum.mul(ws[5], p[8]);
628 accum.mul(ws[6], p[7]);
629 accum.mul(ws[7], p[6]);
630 accum.mul(ws[8], p[5]);
631 accum.mul(ws[9], p[4]);
632 accum.mul(ws[10], p[3]);
633 accum.mul(ws[11], p[2]);
634 accum.mul(ws[12], p[1]);
635 accum.add(z[13]);
636 ws[13] = accum.monty_step(p[0], p_dash);
637 accum.mul(ws[0], p[14]);
638 accum.mul(ws[1], p[13]);
639 accum.mul(ws[2], p[12]);
640 accum.mul(ws[3], p[11]);
641 accum.mul(ws[4], p[10]);
642 accum.mul(ws[5], p[9]);
643 accum.mul(ws[6], p[8]);
644 accum.mul(ws[7], p[7]);
645 accum.mul(ws[8], p[6]);
646 accum.mul(ws[9], p[5]);
647 accum.mul(ws[10], p[4]);
648 accum.mul(ws[11], p[3]);
649 accum.mul(ws[12], p[2]);
650 accum.mul(ws[13], p[1]);
651 accum.add(z[14]);
652 ws[14] = accum.monty_step(p[0], p_dash);
653 accum.mul(ws[0], p[15]);
654 accum.mul(ws[1], p[14]);
655 accum.mul(ws[2], p[13]);
656 accum.mul(ws[3], p[12]);
657 accum.mul(ws[4], p[11]);
658 accum.mul(ws[5], p[10]);
659 accum.mul(ws[6], p[9]);
660 accum.mul(ws[7], p[8]);
661 accum.mul(ws[8], p[7]);
662 accum.mul(ws[9], p[6]);
663 accum.mul(ws[10], p[5]);
664 accum.mul(ws[11], p[4]);
665 accum.mul(ws[12], p[3]);
666 accum.mul(ws[13], p[2]);
667 accum.mul(ws[14], p[1]);
668 accum.add(z[15]);
669 ws[15] = accum.monty_step(p[0], p_dash);
670 accum.mul(ws[0], p[16]);
671 accum.mul(ws[1], p[15]);
672 accum.mul(ws[2], p[14]);
673 accum.mul(ws[3], p[13]);
674 accum.mul(ws[4], p[12]);
675 accum.mul(ws[5], p[11]);
676 accum.mul(ws[6], p[10]);
677 accum.mul(ws[7], p[9]);
678 accum.mul(ws[8], p[8]);
679 accum.mul(ws[9], p[7]);
680 accum.mul(ws[10], p[6]);
681 accum.mul(ws[11], p[5]);
682 accum.mul(ws[12], p[4]);
683 accum.mul(ws[13], p[3]);
684 accum.mul(ws[14], p[2]);
685 accum.mul(ws[15], p[1]);
686 accum.add(z[16]);
687 ws[16] = accum.monty_step(p[0], p_dash);
688 accum.mul(ws[0], p[17]);
689 accum.mul(ws[1], p[16]);
690 accum.mul(ws[2], p[15]);
691 accum.mul(ws[3], p[14]);
692 accum.mul(ws[4], p[13]);
693 accum.mul(ws[5], p[12]);
694 accum.mul(ws[6], p[11]);
695 accum.mul(ws[7], p[10]);
696 accum.mul(ws[8], p[9]);
697 accum.mul(ws[9], p[8]);
698 accum.mul(ws[10], p[7]);
699 accum.mul(ws[11], p[6]);
700 accum.mul(ws[12], p[5]);
701 accum.mul(ws[13], p[4]);
702 accum.mul(ws[14], p[3]);
703 accum.mul(ws[15], p[2]);
704 accum.mul(ws[16], p[1]);
705 accum.add(z[17]);
706 ws[17] = accum.monty_step(p[0], p_dash);
707 accum.mul(ws[0], p[18]);
708 accum.mul(ws[1], p[17]);
709 accum.mul(ws[2], p[16]);
710 accum.mul(ws[3], p[15]);
711 accum.mul(ws[4], p[14]);
712 accum.mul(ws[5], p[13]);
713 accum.mul(ws[6], p[12]);
714 accum.mul(ws[7], p[11]);
715 accum.mul(ws[8], p[10]);
716 accum.mul(ws[9], p[9]);
717 accum.mul(ws[10], p[8]);
718 accum.mul(ws[11], p[7]);
719 accum.mul(ws[12], p[6]);
720 accum.mul(ws[13], p[5]);
721 accum.mul(ws[14], p[4]);
722 accum.mul(ws[15], p[3]);
723 accum.mul(ws[16], p[2]);
724 accum.mul(ws[17], p[1]);
725 accum.add(z[18]);
726 ws[18] = accum.monty_step(p[0], p_dash);
727 accum.mul(ws[0], p[19]);
728 accum.mul(ws[1], p[18]);
729 accum.mul(ws[2], p[17]);
730 accum.mul(ws[3], p[16]);
731 accum.mul(ws[4], p[15]);
732 accum.mul(ws[5], p[14]);
733 accum.mul(ws[6], p[13]);
734 accum.mul(ws[7], p[12]);
735 accum.mul(ws[8], p[11]);
736 accum.mul(ws[9], p[10]);
737 accum.mul(ws[10], p[9]);
738 accum.mul(ws[11], p[8]);
739 accum.mul(ws[12], p[7]);
740 accum.mul(ws[13], p[6]);
741 accum.mul(ws[14], p[5]);
742 accum.mul(ws[15], p[4]);
743 accum.mul(ws[16], p[3]);
744 accum.mul(ws[17], p[2]);
745 accum.mul(ws[18], p[1]);
746 accum.add(z[19]);
747 ws[19] = accum.monty_step(p[0], p_dash);
748 accum.mul(ws[0], p[20]);
749 accum.mul(ws[1], p[19]);
750 accum.mul(ws[2], p[18]);
751 accum.mul(ws[3], p[17]);
752 accum.mul(ws[4], p[16]);
753 accum.mul(ws[5], p[15]);
754 accum.mul(ws[6], p[14]);
755 accum.mul(ws[7], p[13]);
756 accum.mul(ws[8], p[12]);
757 accum.mul(ws[9], p[11]);
758 accum.mul(ws[10], p[10]);
759 accum.mul(ws[11], p[9]);
760 accum.mul(ws[12], p[8]);
761 accum.mul(ws[13], p[7]);
762 accum.mul(ws[14], p[6]);
763 accum.mul(ws[15], p[5]);
764 accum.mul(ws[16], p[4]);
765 accum.mul(ws[17], p[3]);
766 accum.mul(ws[18], p[2]);
767 accum.mul(ws[19], p[1]);
768 accum.add(z[20]);
769 ws[20] = accum.monty_step(p[0], p_dash);
770 accum.mul(ws[0], p[21]);
771 accum.mul(ws[1], p[20]);
772 accum.mul(ws[2], p[19]);
773 accum.mul(ws[3], p[18]);
774 accum.mul(ws[4], p[17]);
775 accum.mul(ws[5], p[16]);
776 accum.mul(ws[6], p[15]);
777 accum.mul(ws[7], p[14]);
778 accum.mul(ws[8], p[13]);
779 accum.mul(ws[9], p[12]);
780 accum.mul(ws[10], p[11]);
781 accum.mul(ws[11], p[10]);
782 accum.mul(ws[12], p[9]);
783 accum.mul(ws[13], p[8]);
784 accum.mul(ws[14], p[7]);
785 accum.mul(ws[15], p[6]);
786 accum.mul(ws[16], p[5]);
787 accum.mul(ws[17], p[4]);
788 accum.mul(ws[18], p[3]);
789 accum.mul(ws[19], p[2]);
790 accum.mul(ws[20], p[1]);
791 accum.add(z[21]);
792 ws[21] = accum.monty_step(p[0], p_dash);
793 accum.mul(ws[0], p[22]);
794 accum.mul(ws[1], p[21]);
795 accum.mul(ws[2], p[20]);
796 accum.mul(ws[3], p[19]);
797 accum.mul(ws[4], p[18]);
798 accum.mul(ws[5], p[17]);
799 accum.mul(ws[6], p[16]);
800 accum.mul(ws[7], p[15]);
801 accum.mul(ws[8], p[14]);
802 accum.mul(ws[9], p[13]);
803 accum.mul(ws[10], p[12]);
804 accum.mul(ws[11], p[11]);
805 accum.mul(ws[12], p[10]);
806 accum.mul(ws[13], p[9]);
807 accum.mul(ws[14], p[8]);
808 accum.mul(ws[15], p[7]);
809 accum.mul(ws[16], p[6]);
810 accum.mul(ws[17], p[5]);
811 accum.mul(ws[18], p[4]);
812 accum.mul(ws[19], p[3]);
813 accum.mul(ws[20], p[2]);
814 accum.mul(ws[21], p[1]);
815 accum.add(z[22]);
816 ws[22] = accum.monty_step(p[0], p_dash);
817 accum.mul(ws[0], p[23]);
818 accum.mul(ws[1], p[22]);
819 accum.mul(ws[2], p[21]);
820 accum.mul(ws[3], p[20]);
821 accum.mul(ws[4], p[19]);
822 accum.mul(ws[5], p[18]);
823 accum.mul(ws[6], p[17]);
824 accum.mul(ws[7], p[16]);
825 accum.mul(ws[8], p[15]);
826 accum.mul(ws[9], p[14]);
827 accum.mul(ws[10], p[13]);
828 accum.mul(ws[11], p[12]);
829 accum.mul(ws[12], p[11]);
830 accum.mul(ws[13], p[10]);
831 accum.mul(ws[14], p[9]);
832 accum.mul(ws[15], p[8]);
833 accum.mul(ws[16], p[7]);
834 accum.mul(ws[17], p[6]);
835 accum.mul(ws[18], p[5]);
836 accum.mul(ws[19], p[4]);
837 accum.mul(ws[20], p[3]);
838 accum.mul(ws[21], p[2]);
839 accum.mul(ws[22], p[1]);
840 accum.add(z[23]);
841 ws[23] = accum.monty_step(p[0], p_dash);
842 accum.mul(ws[1], p[23]);
843 accum.mul(ws[2], p[22]);
844 accum.mul(ws[3], p[21]);
845 accum.mul(ws[4], p[20]);
846 accum.mul(ws[5], p[19]);
847 accum.mul(ws[6], p[18]);
848 accum.mul(ws[7], p[17]);
849 accum.mul(ws[8], p[16]);
850 accum.mul(ws[9], p[15]);
851 accum.mul(ws[10], p[14]);
852 accum.mul(ws[11], p[13]);
853 accum.mul(ws[12], p[12]);
854 accum.mul(ws[13], p[11]);
855 accum.mul(ws[14], p[10]);
856 accum.mul(ws[15], p[9]);
857 accum.mul(ws[16], p[8]);
858 accum.mul(ws[17], p[7]);
859 accum.mul(ws[18], p[6]);
860 accum.mul(ws[19], p[5]);
861 accum.mul(ws[20], p[4]);
862 accum.mul(ws[21], p[3]);
863 accum.mul(ws[22], p[2]);
864 accum.mul(ws[23], p[1]);
865 accum.add(z[24]);
866 ws[0] = accum.extract();
867 accum.mul(ws[2], p[23]);
868 accum.mul(ws[3], p[22]);
869 accum.mul(ws[4], p[21]);
870 accum.mul(ws[5], p[20]);
871 accum.mul(ws[6], p[19]);
872 accum.mul(ws[7], p[18]);
873 accum.mul(ws[8], p[17]);
874 accum.mul(ws[9], p[16]);
875 accum.mul(ws[10], p[15]);
876 accum.mul(ws[11], p[14]);
877 accum.mul(ws[12], p[13]);
878 accum.mul(ws[13], p[12]);
879 accum.mul(ws[14], p[11]);
880 accum.mul(ws[15], p[10]);
881 accum.mul(ws[16], p[9]);
882 accum.mul(ws[17], p[8]);
883 accum.mul(ws[18], p[7]);
884 accum.mul(ws[19], p[6]);
885 accum.mul(ws[20], p[5]);
886 accum.mul(ws[21], p[4]);
887 accum.mul(ws[22], p[3]);
888 accum.mul(ws[23], p[2]);
889 accum.add(z[25]);
890 ws[1] = accum.extract();
891 accum.mul(ws[3], p[23]);
892 accum.mul(ws[4], p[22]);
893 accum.mul(ws[5], p[21]);
894 accum.mul(ws[6], p[20]);
895 accum.mul(ws[7], p[19]);
896 accum.mul(ws[8], p[18]);
897 accum.mul(ws[9], p[17]);
898 accum.mul(ws[10], p[16]);
899 accum.mul(ws[11], p[15]);
900 accum.mul(ws[12], p[14]);
901 accum.mul(ws[13], p[13]);
902 accum.mul(ws[14], p[12]);
903 accum.mul(ws[15], p[11]);
904 accum.mul(ws[16], p[10]);
905 accum.mul(ws[17], p[9]);
906 accum.mul(ws[18], p[8]);
907 accum.mul(ws[19], p[7]);
908 accum.mul(ws[20], p[6]);
909 accum.mul(ws[21], p[5]);
910 accum.mul(ws[22], p[4]);
911 accum.mul(ws[23], p[3]);
912 accum.add(z[26]);
913 ws[2] = accum.extract();
914 accum.mul(ws[4], p[23]);
915 accum.mul(ws[5], p[22]);
916 accum.mul(ws[6], p[21]);
917 accum.mul(ws[7], p[20]);
918 accum.mul(ws[8], p[19]);
919 accum.mul(ws[9], p[18]);
920 accum.mul(ws[10], p[17]);
921 accum.mul(ws[11], p[16]);
922 accum.mul(ws[12], p[15]);
923 accum.mul(ws[13], p[14]);
924 accum.mul(ws[14], p[13]);
925 accum.mul(ws[15], p[12]);
926 accum.mul(ws[16], p[11]);
927 accum.mul(ws[17], p[10]);
928 accum.mul(ws[18], p[9]);
929 accum.mul(ws[19], p[8]);
930 accum.mul(ws[20], p[7]);
931 accum.mul(ws[21], p[6]);
932 accum.mul(ws[22], p[5]);
933 accum.mul(ws[23], p[4]);
934 accum.add(z[27]);
935 ws[3] = accum.extract();
936 accum.mul(ws[5], p[23]);
937 accum.mul(ws[6], p[22]);
938 accum.mul(ws[7], p[21]);
939 accum.mul(ws[8], p[20]);
940 accum.mul(ws[9], p[19]);
941 accum.mul(ws[10], p[18]);
942 accum.mul(ws[11], p[17]);
943 accum.mul(ws[12], p[16]);
944 accum.mul(ws[13], p[15]);
945 accum.mul(ws[14], p[14]);
946 accum.mul(ws[15], p[13]);
947 accum.mul(ws[16], p[12]);
948 accum.mul(ws[17], p[11]);
949 accum.mul(ws[18], p[10]);
950 accum.mul(ws[19], p[9]);
951 accum.mul(ws[20], p[8]);
952 accum.mul(ws[21], p[7]);
953 accum.mul(ws[22], p[6]);
954 accum.mul(ws[23], p[5]);
955 accum.add(z[28]);
956 ws[4] = accum.extract();
957 accum.mul(ws[6], p[23]);
958 accum.mul(ws[7], p[22]);
959 accum.mul(ws[8], p[21]);
960 accum.mul(ws[9], p[20]);
961 accum.mul(ws[10], p[19]);
962 accum.mul(ws[11], p[18]);
963 accum.mul(ws[12], p[17]);
964 accum.mul(ws[13], p[16]);
965 accum.mul(ws[14], p[15]);
966 accum.mul(ws[15], p[14]);
967 accum.mul(ws[16], p[13]);
968 accum.mul(ws[17], p[12]);
969 accum.mul(ws[18], p[11]);
970 accum.mul(ws[19], p[10]);
971 accum.mul(ws[20], p[9]);
972 accum.mul(ws[21], p[8]);
973 accum.mul(ws[22], p[7]);
974 accum.mul(ws[23], p[6]);
975 accum.add(z[29]);
976 ws[5] = accum.extract();
977 accum.mul(ws[7], p[23]);
978 accum.mul(ws[8], p[22]);
979 accum.mul(ws[9], p[21]);
980 accum.mul(ws[10], p[20]);
981 accum.mul(ws[11], p[19]);
982 accum.mul(ws[12], p[18]);
983 accum.mul(ws[13], p[17]);
984 accum.mul(ws[14], p[16]);
985 accum.mul(ws[15], p[15]);
986 accum.mul(ws[16], p[14]);
987 accum.mul(ws[17], p[13]);
988 accum.mul(ws[18], p[12]);
989 accum.mul(ws[19], p[11]);
990 accum.mul(ws[20], p[10]);
991 accum.mul(ws[21], p[9]);
992 accum.mul(ws[22], p[8]);
993 accum.mul(ws[23], p[7]);
994 accum.add(z[30]);
995 ws[6] = accum.extract();
996 accum.mul(ws[8], p[23]);
997 accum.mul(ws[9], p[22]);
998 accum.mul(ws[10], p[21]);
999 accum.mul(ws[11], p[20]);
1000 accum.mul(ws[12], p[19]);
1001 accum.mul(ws[13], p[18]);
1002 accum.mul(ws[14], p[17]);
1003 accum.mul(ws[15], p[16]);
1004 accum.mul(ws[16], p[15]);
1005 accum.mul(ws[17], p[14]);
1006 accum.mul(ws[18], p[13]);
1007 accum.mul(ws[19], p[12]);
1008 accum.mul(ws[20], p[11]);
1009 accum.mul(ws[21], p[10]);
1010 accum.mul(ws[22], p[9]);
1011 accum.mul(ws[23], p[8]);
1012 accum.add(z[31]);
1013 ws[7] = accum.extract();
1014 accum.mul(ws[9], p[23]);
1015 accum.mul(ws[10], p[22]);
1016 accum.mul(ws[11], p[21]);
1017 accum.mul(ws[12], p[20]);
1018 accum.mul(ws[13], p[19]);
1019 accum.mul(ws[14], p[18]);
1020 accum.mul(ws[15], p[17]);
1021 accum.mul(ws[16], p[16]);
1022 accum.mul(ws[17], p[15]);
1023 accum.mul(ws[18], p[14]);
1024 accum.mul(ws[19], p[13]);
1025 accum.mul(ws[20], p[12]);
1026 accum.mul(ws[21], p[11]);
1027 accum.mul(ws[22], p[10]);
1028 accum.mul(ws[23], p[9]);
1029 accum.add(z[32]);
1030 ws[8] = accum.extract();
1031 accum.mul(ws[10], p[23]);
1032 accum.mul(ws[11], p[22]);
1033 accum.mul(ws[12], p[21]);
1034 accum.mul(ws[13], p[20]);
1035 accum.mul(ws[14], p[19]);
1036 accum.mul(ws[15], p[18]);
1037 accum.mul(ws[16], p[17]);
1038 accum.mul(ws[17], p[16]);
1039 accum.mul(ws[18], p[15]);
1040 accum.mul(ws[19], p[14]);
1041 accum.mul(ws[20], p[13]);
1042 accum.mul(ws[21], p[12]);
1043 accum.mul(ws[22], p[11]);
1044 accum.mul(ws[23], p[10]);
1045 accum.add(z[33]);
1046 ws[9] = accum.extract();
1047 accum.mul(ws[11], p[23]);
1048 accum.mul(ws[12], p[22]);
1049 accum.mul(ws[13], p[21]);
1050 accum.mul(ws[14], p[20]);
1051 accum.mul(ws[15], p[19]);
1052 accum.mul(ws[16], p[18]);
1053 accum.mul(ws[17], p[17]);
1054 accum.mul(ws[18], p[16]);
1055 accum.mul(ws[19], p[15]);
1056 accum.mul(ws[20], p[14]);
1057 accum.mul(ws[21], p[13]);
1058 accum.mul(ws[22], p[12]);
1059 accum.mul(ws[23], p[11]);
1060 accum.add(z[34]);
1061 ws[10] = accum.extract();
1062 accum.mul(ws[12], p[23]);
1063 accum.mul(ws[13], p[22]);
1064 accum.mul(ws[14], p[21]);
1065 accum.mul(ws[15], p[20]);
1066 accum.mul(ws[16], p[19]);
1067 accum.mul(ws[17], p[18]);
1068 accum.mul(ws[18], p[17]);
1069 accum.mul(ws[19], p[16]);
1070 accum.mul(ws[20], p[15]);
1071 accum.mul(ws[21], p[14]);
1072 accum.mul(ws[22], p[13]);
1073 accum.mul(ws[23], p[12]);
1074 accum.add(z[35]);
1075 ws[11] = accum.extract();
1076 accum.mul(ws[13], p[23]);
1077 accum.mul(ws[14], p[22]);
1078 accum.mul(ws[15], p[21]);
1079 accum.mul(ws[16], p[20]);
1080 accum.mul(ws[17], p[19]);
1081 accum.mul(ws[18], p[18]);
1082 accum.mul(ws[19], p[17]);
1083 accum.mul(ws[20], p[16]);
1084 accum.mul(ws[21], p[15]);
1085 accum.mul(ws[22], p[14]);
1086 accum.mul(ws[23], p[13]);
1087 accum.add(z[36]);
1088 ws[12] = accum.extract();
1089 accum.mul(ws[14], p[23]);
1090 accum.mul(ws[15], p[22]);
1091 accum.mul(ws[16], p[21]);
1092 accum.mul(ws[17], p[20]);
1093 accum.mul(ws[18], p[19]);
1094 accum.mul(ws[19], p[18]);
1095 accum.mul(ws[20], p[17]);
1096 accum.mul(ws[21], p[16]);
1097 accum.mul(ws[22], p[15]);
1098 accum.mul(ws[23], p[14]);
1099 accum.add(z[37]);
1100 ws[13] = accum.extract();
1101 accum.mul(ws[15], p[23]);
1102 accum.mul(ws[16], p[22]);
1103 accum.mul(ws[17], p[21]);
1104 accum.mul(ws[18], p[20]);
1105 accum.mul(ws[19], p[19]);
1106 accum.mul(ws[20], p[18]);
1107 accum.mul(ws[21], p[17]);
1108 accum.mul(ws[22], p[16]);
1109 accum.mul(ws[23], p[15]);
1110 accum.add(z[38]);
1111 ws[14] = accum.extract();
1112 accum.mul(ws[16], p[23]);
1113 accum.mul(ws[17], p[22]);
1114 accum.mul(ws[18], p[21]);
1115 accum.mul(ws[19], p[20]);
1116 accum.mul(ws[20], p[19]);
1117 accum.mul(ws[21], p[18]);
1118 accum.mul(ws[22], p[17]);
1119 accum.mul(ws[23], p[16]);
1120 accum.add(z[39]);
1121 ws[15] = accum.extract();
1122 accum.mul(ws[17], p[23]);
1123 accum.mul(ws[18], p[22]);
1124 accum.mul(ws[19], p[21]);
1125 accum.mul(ws[20], p[20]);
1126 accum.mul(ws[21], p[19]);
1127 accum.mul(ws[22], p[18]);
1128 accum.mul(ws[23], p[17]);
1129 accum.add(z[40]);
1130 ws[16] = accum.extract();
1131 accum.mul(ws[18], p[23]);
1132 accum.mul(ws[19], p[22]);
1133 accum.mul(ws[20], p[21]);
1134 accum.mul(ws[21], p[20]);
1135 accum.mul(ws[22], p[19]);
1136 accum.mul(ws[23], p[18]);
1137 accum.add(z[41]);
1138 ws[17] = accum.extract();
1139 accum.mul(ws[19], p[23]);
1140 accum.mul(ws[20], p[22]);
1141 accum.mul(ws[21], p[21]);
1142 accum.mul(ws[22], p[20]);
1143 accum.mul(ws[23], p[19]);
1144 accum.add(z[42]);
1145 ws[18] = accum.extract();
1146 accum.mul(ws[20], p[23]);
1147 accum.mul(ws[21], p[22]);
1148 accum.mul(ws[22], p[21]);
1149 accum.mul(ws[23], p[20]);
1150 accum.add(z[43]);
1151 ws[19] = accum.extract();
1152 accum.mul(ws[21], p[23]);
1153 accum.mul(ws[22], p[22]);
1154 accum.mul(ws[23], p[21]);
1155 accum.add(z[44]);
1156 ws[20] = accum.extract();
1157 accum.mul(ws[22], p[23]);
1158 accum.mul(ws[23], p[22]);
1159 accum.add(z[45]);
1160 ws[21] = accum.extract();
1161 accum.mul(ws[23], p[23]);
1162 accum.add(z[46]);
1163 ws[22] = accum.extract();
1164 accum.add(z[47]);
1165 ws[23] = accum.extract();
1166 word w1 = accum.extract();
1167 bigint_monty_maybe_sub<24>(z, w1, ws, p);
1168 clear_mem(z + 24, 24);
1169}
1170
1171void bigint_monty_redc_32(word z[64], const word p[32], word p_dash, word ws[]) {
1172 word3<word> accum;
1173 accum.add(z[0]);
1174 ws[0] = accum.monty_step(p[0], p_dash);
1175 accum.mul(ws[0], p[1]);
1176 accum.add(z[1]);
1177 ws[1] = accum.monty_step(p[0], p_dash);
1178 accum.mul(ws[0], p[2]);
1179 accum.mul(ws[1], p[1]);
1180 accum.add(z[2]);
1181 ws[2] = accum.monty_step(p[0], p_dash);
1182 accum.mul(ws[0], p[3]);
1183 accum.mul(ws[1], p[2]);
1184 accum.mul(ws[2], p[1]);
1185 accum.add(z[3]);
1186 ws[3] = accum.monty_step(p[0], p_dash);
1187 accum.mul(ws[0], p[4]);
1188 accum.mul(ws[1], p[3]);
1189 accum.mul(ws[2], p[2]);
1190 accum.mul(ws[3], p[1]);
1191 accum.add(z[4]);
1192 ws[4] = accum.monty_step(p[0], p_dash);
1193 accum.mul(ws[0], p[5]);
1194 accum.mul(ws[1], p[4]);
1195 accum.mul(ws[2], p[3]);
1196 accum.mul(ws[3], p[2]);
1197 accum.mul(ws[4], p[1]);
1198 accum.add(z[5]);
1199 ws[5] = accum.monty_step(p[0], p_dash);
1200 accum.mul(ws[0], p[6]);
1201 accum.mul(ws[1], p[5]);
1202 accum.mul(ws[2], p[4]);
1203 accum.mul(ws[3], p[3]);
1204 accum.mul(ws[4], p[2]);
1205 accum.mul(ws[5], p[1]);
1206 accum.add(z[6]);
1207 ws[6] = accum.monty_step(p[0], p_dash);
1208 accum.mul(ws[0], p[7]);
1209 accum.mul(ws[1], p[6]);
1210 accum.mul(ws[2], p[5]);
1211 accum.mul(ws[3], p[4]);
1212 accum.mul(ws[4], p[3]);
1213 accum.mul(ws[5], p[2]);
1214 accum.mul(ws[6], p[1]);
1215 accum.add(z[7]);
1216 ws[7] = accum.monty_step(p[0], p_dash);
1217 accum.mul(ws[0], p[8]);
1218 accum.mul(ws[1], p[7]);
1219 accum.mul(ws[2], p[6]);
1220 accum.mul(ws[3], p[5]);
1221 accum.mul(ws[4], p[4]);
1222 accum.mul(ws[5], p[3]);
1223 accum.mul(ws[6], p[2]);
1224 accum.mul(ws[7], p[1]);
1225 accum.add(z[8]);
1226 ws[8] = accum.monty_step(p[0], p_dash);
1227 accum.mul(ws[0], p[9]);
1228 accum.mul(ws[1], p[8]);
1229 accum.mul(ws[2], p[7]);
1230 accum.mul(ws[3], p[6]);
1231 accum.mul(ws[4], p[5]);
1232 accum.mul(ws[5], p[4]);
1233 accum.mul(ws[6], p[3]);
1234 accum.mul(ws[7], p[2]);
1235 accum.mul(ws[8], p[1]);
1236 accum.add(z[9]);
1237 ws[9] = accum.monty_step(p[0], p_dash);
1238 accum.mul(ws[0], p[10]);
1239 accum.mul(ws[1], p[9]);
1240 accum.mul(ws[2], p[8]);
1241 accum.mul(ws[3], p[7]);
1242 accum.mul(ws[4], p[6]);
1243 accum.mul(ws[5], p[5]);
1244 accum.mul(ws[6], p[4]);
1245 accum.mul(ws[7], p[3]);
1246 accum.mul(ws[8], p[2]);
1247 accum.mul(ws[9], p[1]);
1248 accum.add(z[10]);
1249 ws[10] = accum.monty_step(p[0], p_dash);
1250 accum.mul(ws[0], p[11]);
1251 accum.mul(ws[1], p[10]);
1252 accum.mul(ws[2], p[9]);
1253 accum.mul(ws[3], p[8]);
1254 accum.mul(ws[4], p[7]);
1255 accum.mul(ws[5], p[6]);
1256 accum.mul(ws[6], p[5]);
1257 accum.mul(ws[7], p[4]);
1258 accum.mul(ws[8], p[3]);
1259 accum.mul(ws[9], p[2]);
1260 accum.mul(ws[10], p[1]);
1261 accum.add(z[11]);
1262 ws[11] = accum.monty_step(p[0], p_dash);
1263 accum.mul(ws[0], p[12]);
1264 accum.mul(ws[1], p[11]);
1265 accum.mul(ws[2], p[10]);
1266 accum.mul(ws[3], p[9]);
1267 accum.mul(ws[4], p[8]);
1268 accum.mul(ws[5], p[7]);
1269 accum.mul(ws[6], p[6]);
1270 accum.mul(ws[7], p[5]);
1271 accum.mul(ws[8], p[4]);
1272 accum.mul(ws[9], p[3]);
1273 accum.mul(ws[10], p[2]);
1274 accum.mul(ws[11], p[1]);
1275 accum.add(z[12]);
1276 ws[12] = accum.monty_step(p[0], p_dash);
1277 accum.mul(ws[0], p[13]);
1278 accum.mul(ws[1], p[12]);
1279 accum.mul(ws[2], p[11]);
1280 accum.mul(ws[3], p[10]);
1281 accum.mul(ws[4], p[9]);
1282 accum.mul(ws[5], p[8]);
1283 accum.mul(ws[6], p[7]);
1284 accum.mul(ws[7], p[6]);
1285 accum.mul(ws[8], p[5]);
1286 accum.mul(ws[9], p[4]);
1287 accum.mul(ws[10], p[3]);
1288 accum.mul(ws[11], p[2]);
1289 accum.mul(ws[12], p[1]);
1290 accum.add(z[13]);
1291 ws[13] = accum.monty_step(p[0], p_dash);
1292 accum.mul(ws[0], p[14]);
1293 accum.mul(ws[1], p[13]);
1294 accum.mul(ws[2], p[12]);
1295 accum.mul(ws[3], p[11]);
1296 accum.mul(ws[4], p[10]);
1297 accum.mul(ws[5], p[9]);
1298 accum.mul(ws[6], p[8]);
1299 accum.mul(ws[7], p[7]);
1300 accum.mul(ws[8], p[6]);
1301 accum.mul(ws[9], p[5]);
1302 accum.mul(ws[10], p[4]);
1303 accum.mul(ws[11], p[3]);
1304 accum.mul(ws[12], p[2]);
1305 accum.mul(ws[13], p[1]);
1306 accum.add(z[14]);
1307 ws[14] = accum.monty_step(p[0], p_dash);
1308 accum.mul(ws[0], p[15]);
1309 accum.mul(ws[1], p[14]);
1310 accum.mul(ws[2], p[13]);
1311 accum.mul(ws[3], p[12]);
1312 accum.mul(ws[4], p[11]);
1313 accum.mul(ws[5], p[10]);
1314 accum.mul(ws[6], p[9]);
1315 accum.mul(ws[7], p[8]);
1316 accum.mul(ws[8], p[7]);
1317 accum.mul(ws[9], p[6]);
1318 accum.mul(ws[10], p[5]);
1319 accum.mul(ws[11], p[4]);
1320 accum.mul(ws[12], p[3]);
1321 accum.mul(ws[13], p[2]);
1322 accum.mul(ws[14], p[1]);
1323 accum.add(z[15]);
1324 ws[15] = accum.monty_step(p[0], p_dash);
1325 accum.mul(ws[0], p[16]);
1326 accum.mul(ws[1], p[15]);
1327 accum.mul(ws[2], p[14]);
1328 accum.mul(ws[3], p[13]);
1329 accum.mul(ws[4], p[12]);
1330 accum.mul(ws[5], p[11]);
1331 accum.mul(ws[6], p[10]);
1332 accum.mul(ws[7], p[9]);
1333 accum.mul(ws[8], p[8]);
1334 accum.mul(ws[9], p[7]);
1335 accum.mul(ws[10], p[6]);
1336 accum.mul(ws[11], p[5]);
1337 accum.mul(ws[12], p[4]);
1338 accum.mul(ws[13], p[3]);
1339 accum.mul(ws[14], p[2]);
1340 accum.mul(ws[15], p[1]);
1341 accum.add(z[16]);
1342 ws[16] = accum.monty_step(p[0], p_dash);
1343 accum.mul(ws[0], p[17]);
1344 accum.mul(ws[1], p[16]);
1345 accum.mul(ws[2], p[15]);
1346 accum.mul(ws[3], p[14]);
1347 accum.mul(ws[4], p[13]);
1348 accum.mul(ws[5], p[12]);
1349 accum.mul(ws[6], p[11]);
1350 accum.mul(ws[7], p[10]);
1351 accum.mul(ws[8], p[9]);
1352 accum.mul(ws[9], p[8]);
1353 accum.mul(ws[10], p[7]);
1354 accum.mul(ws[11], p[6]);
1355 accum.mul(ws[12], p[5]);
1356 accum.mul(ws[13], p[4]);
1357 accum.mul(ws[14], p[3]);
1358 accum.mul(ws[15], p[2]);
1359 accum.mul(ws[16], p[1]);
1360 accum.add(z[17]);
1361 ws[17] = accum.monty_step(p[0], p_dash);
1362 accum.mul(ws[0], p[18]);
1363 accum.mul(ws[1], p[17]);
1364 accum.mul(ws[2], p[16]);
1365 accum.mul(ws[3], p[15]);
1366 accum.mul(ws[4], p[14]);
1367 accum.mul(ws[5], p[13]);
1368 accum.mul(ws[6], p[12]);
1369 accum.mul(ws[7], p[11]);
1370 accum.mul(ws[8], p[10]);
1371 accum.mul(ws[9], p[9]);
1372 accum.mul(ws[10], p[8]);
1373 accum.mul(ws[11], p[7]);
1374 accum.mul(ws[12], p[6]);
1375 accum.mul(ws[13], p[5]);
1376 accum.mul(ws[14], p[4]);
1377 accum.mul(ws[15], p[3]);
1378 accum.mul(ws[16], p[2]);
1379 accum.mul(ws[17], p[1]);
1380 accum.add(z[18]);
1381 ws[18] = accum.monty_step(p[0], p_dash);
1382 accum.mul(ws[0], p[19]);
1383 accum.mul(ws[1], p[18]);
1384 accum.mul(ws[2], p[17]);
1385 accum.mul(ws[3], p[16]);
1386 accum.mul(ws[4], p[15]);
1387 accum.mul(ws[5], p[14]);
1388 accum.mul(ws[6], p[13]);
1389 accum.mul(ws[7], p[12]);
1390 accum.mul(ws[8], p[11]);
1391 accum.mul(ws[9], p[10]);
1392 accum.mul(ws[10], p[9]);
1393 accum.mul(ws[11], p[8]);
1394 accum.mul(ws[12], p[7]);
1395 accum.mul(ws[13], p[6]);
1396 accum.mul(ws[14], p[5]);
1397 accum.mul(ws[15], p[4]);
1398 accum.mul(ws[16], p[3]);
1399 accum.mul(ws[17], p[2]);
1400 accum.mul(ws[18], p[1]);
1401 accum.add(z[19]);
1402 ws[19] = accum.monty_step(p[0], p_dash);
1403 accum.mul(ws[0], p[20]);
1404 accum.mul(ws[1], p[19]);
1405 accum.mul(ws[2], p[18]);
1406 accum.mul(ws[3], p[17]);
1407 accum.mul(ws[4], p[16]);
1408 accum.mul(ws[5], p[15]);
1409 accum.mul(ws[6], p[14]);
1410 accum.mul(ws[7], p[13]);
1411 accum.mul(ws[8], p[12]);
1412 accum.mul(ws[9], p[11]);
1413 accum.mul(ws[10], p[10]);
1414 accum.mul(ws[11], p[9]);
1415 accum.mul(ws[12], p[8]);
1416 accum.mul(ws[13], p[7]);
1417 accum.mul(ws[14], p[6]);
1418 accum.mul(ws[15], p[5]);
1419 accum.mul(ws[16], p[4]);
1420 accum.mul(ws[17], p[3]);
1421 accum.mul(ws[18], p[2]);
1422 accum.mul(ws[19], p[1]);
1423 accum.add(z[20]);
1424 ws[20] = accum.monty_step(p[0], p_dash);
1425 accum.mul(ws[0], p[21]);
1426 accum.mul(ws[1], p[20]);
1427 accum.mul(ws[2], p[19]);
1428 accum.mul(ws[3], p[18]);
1429 accum.mul(ws[4], p[17]);
1430 accum.mul(ws[5], p[16]);
1431 accum.mul(ws[6], p[15]);
1432 accum.mul(ws[7], p[14]);
1433 accum.mul(ws[8], p[13]);
1434 accum.mul(ws[9], p[12]);
1435 accum.mul(ws[10], p[11]);
1436 accum.mul(ws[11], p[10]);
1437 accum.mul(ws[12], p[9]);
1438 accum.mul(ws[13], p[8]);
1439 accum.mul(ws[14], p[7]);
1440 accum.mul(ws[15], p[6]);
1441 accum.mul(ws[16], p[5]);
1442 accum.mul(ws[17], p[4]);
1443 accum.mul(ws[18], p[3]);
1444 accum.mul(ws[19], p[2]);
1445 accum.mul(ws[20], p[1]);
1446 accum.add(z[21]);
1447 ws[21] = accum.monty_step(p[0], p_dash);
1448 accum.mul(ws[0], p[22]);
1449 accum.mul(ws[1], p[21]);
1450 accum.mul(ws[2], p[20]);
1451 accum.mul(ws[3], p[19]);
1452 accum.mul(ws[4], p[18]);
1453 accum.mul(ws[5], p[17]);
1454 accum.mul(ws[6], p[16]);
1455 accum.mul(ws[7], p[15]);
1456 accum.mul(ws[8], p[14]);
1457 accum.mul(ws[9], p[13]);
1458 accum.mul(ws[10], p[12]);
1459 accum.mul(ws[11], p[11]);
1460 accum.mul(ws[12], p[10]);
1461 accum.mul(ws[13], p[9]);
1462 accum.mul(ws[14], p[8]);
1463 accum.mul(ws[15], p[7]);
1464 accum.mul(ws[16], p[6]);
1465 accum.mul(ws[17], p[5]);
1466 accum.mul(ws[18], p[4]);
1467 accum.mul(ws[19], p[3]);
1468 accum.mul(ws[20], p[2]);
1469 accum.mul(ws[21], p[1]);
1470 accum.add(z[22]);
1471 ws[22] = accum.monty_step(p[0], p_dash);
1472 accum.mul(ws[0], p[23]);
1473 accum.mul(ws[1], p[22]);
1474 accum.mul(ws[2], p[21]);
1475 accum.mul(ws[3], p[20]);
1476 accum.mul(ws[4], p[19]);
1477 accum.mul(ws[5], p[18]);
1478 accum.mul(ws[6], p[17]);
1479 accum.mul(ws[7], p[16]);
1480 accum.mul(ws[8], p[15]);
1481 accum.mul(ws[9], p[14]);
1482 accum.mul(ws[10], p[13]);
1483 accum.mul(ws[11], p[12]);
1484 accum.mul(ws[12], p[11]);
1485 accum.mul(ws[13], p[10]);
1486 accum.mul(ws[14], p[9]);
1487 accum.mul(ws[15], p[8]);
1488 accum.mul(ws[16], p[7]);
1489 accum.mul(ws[17], p[6]);
1490 accum.mul(ws[18], p[5]);
1491 accum.mul(ws[19], p[4]);
1492 accum.mul(ws[20], p[3]);
1493 accum.mul(ws[21], p[2]);
1494 accum.mul(ws[22], p[1]);
1495 accum.add(z[23]);
1496 ws[23] = accum.monty_step(p[0], p_dash);
1497 accum.mul(ws[0], p[24]);
1498 accum.mul(ws[1], p[23]);
1499 accum.mul(ws[2], p[22]);
1500 accum.mul(ws[3], p[21]);
1501 accum.mul(ws[4], p[20]);
1502 accum.mul(ws[5], p[19]);
1503 accum.mul(ws[6], p[18]);
1504 accum.mul(ws[7], p[17]);
1505 accum.mul(ws[8], p[16]);
1506 accum.mul(ws[9], p[15]);
1507 accum.mul(ws[10], p[14]);
1508 accum.mul(ws[11], p[13]);
1509 accum.mul(ws[12], p[12]);
1510 accum.mul(ws[13], p[11]);
1511 accum.mul(ws[14], p[10]);
1512 accum.mul(ws[15], p[9]);
1513 accum.mul(ws[16], p[8]);
1514 accum.mul(ws[17], p[7]);
1515 accum.mul(ws[18], p[6]);
1516 accum.mul(ws[19], p[5]);
1517 accum.mul(ws[20], p[4]);
1518 accum.mul(ws[21], p[3]);
1519 accum.mul(ws[22], p[2]);
1520 accum.mul(ws[23], p[1]);
1521 accum.add(z[24]);
1522 ws[24] = accum.monty_step(p[0], p_dash);
1523 accum.mul(ws[0], p[25]);
1524 accum.mul(ws[1], p[24]);
1525 accum.mul(ws[2], p[23]);
1526 accum.mul(ws[3], p[22]);
1527 accum.mul(ws[4], p[21]);
1528 accum.mul(ws[5], p[20]);
1529 accum.mul(ws[6], p[19]);
1530 accum.mul(ws[7], p[18]);
1531 accum.mul(ws[8], p[17]);
1532 accum.mul(ws[9], p[16]);
1533 accum.mul(ws[10], p[15]);
1534 accum.mul(ws[11], p[14]);
1535 accum.mul(ws[12], p[13]);
1536 accum.mul(ws[13], p[12]);
1537 accum.mul(ws[14], p[11]);
1538 accum.mul(ws[15], p[10]);
1539 accum.mul(ws[16], p[9]);
1540 accum.mul(ws[17], p[8]);
1541 accum.mul(ws[18], p[7]);
1542 accum.mul(ws[19], p[6]);
1543 accum.mul(ws[20], p[5]);
1544 accum.mul(ws[21], p[4]);
1545 accum.mul(ws[22], p[3]);
1546 accum.mul(ws[23], p[2]);
1547 accum.mul(ws[24], p[1]);
1548 accum.add(z[25]);
1549 ws[25] = accum.monty_step(p[0], p_dash);
1550 accum.mul(ws[0], p[26]);
1551 accum.mul(ws[1], p[25]);
1552 accum.mul(ws[2], p[24]);
1553 accum.mul(ws[3], p[23]);
1554 accum.mul(ws[4], p[22]);
1555 accum.mul(ws[5], p[21]);
1556 accum.mul(ws[6], p[20]);
1557 accum.mul(ws[7], p[19]);
1558 accum.mul(ws[8], p[18]);
1559 accum.mul(ws[9], p[17]);
1560 accum.mul(ws[10], p[16]);
1561 accum.mul(ws[11], p[15]);
1562 accum.mul(ws[12], p[14]);
1563 accum.mul(ws[13], p[13]);
1564 accum.mul(ws[14], p[12]);
1565 accum.mul(ws[15], p[11]);
1566 accum.mul(ws[16], p[10]);
1567 accum.mul(ws[17], p[9]);
1568 accum.mul(ws[18], p[8]);
1569 accum.mul(ws[19], p[7]);
1570 accum.mul(ws[20], p[6]);
1571 accum.mul(ws[21], p[5]);
1572 accum.mul(ws[22], p[4]);
1573 accum.mul(ws[23], p[3]);
1574 accum.mul(ws[24], p[2]);
1575 accum.mul(ws[25], p[1]);
1576 accum.add(z[26]);
1577 ws[26] = accum.monty_step(p[0], p_dash);
1578 accum.mul(ws[0], p[27]);
1579 accum.mul(ws[1], p[26]);
1580 accum.mul(ws[2], p[25]);
1581 accum.mul(ws[3], p[24]);
1582 accum.mul(ws[4], p[23]);
1583 accum.mul(ws[5], p[22]);
1584 accum.mul(ws[6], p[21]);
1585 accum.mul(ws[7], p[20]);
1586 accum.mul(ws[8], p[19]);
1587 accum.mul(ws[9], p[18]);
1588 accum.mul(ws[10], p[17]);
1589 accum.mul(ws[11], p[16]);
1590 accum.mul(ws[12], p[15]);
1591 accum.mul(ws[13], p[14]);
1592 accum.mul(ws[14], p[13]);
1593 accum.mul(ws[15], p[12]);
1594 accum.mul(ws[16], p[11]);
1595 accum.mul(ws[17], p[10]);
1596 accum.mul(ws[18], p[9]);
1597 accum.mul(ws[19], p[8]);
1598 accum.mul(ws[20], p[7]);
1599 accum.mul(ws[21], p[6]);
1600 accum.mul(ws[22], p[5]);
1601 accum.mul(ws[23], p[4]);
1602 accum.mul(ws[24], p[3]);
1603 accum.mul(ws[25], p[2]);
1604 accum.mul(ws[26], p[1]);
1605 accum.add(z[27]);
1606 ws[27] = accum.monty_step(p[0], p_dash);
1607 accum.mul(ws[0], p[28]);
1608 accum.mul(ws[1], p[27]);
1609 accum.mul(ws[2], p[26]);
1610 accum.mul(ws[3], p[25]);
1611 accum.mul(ws[4], p[24]);
1612 accum.mul(ws[5], p[23]);
1613 accum.mul(ws[6], p[22]);
1614 accum.mul(ws[7], p[21]);
1615 accum.mul(ws[8], p[20]);
1616 accum.mul(ws[9], p[19]);
1617 accum.mul(ws[10], p[18]);
1618 accum.mul(ws[11], p[17]);
1619 accum.mul(ws[12], p[16]);
1620 accum.mul(ws[13], p[15]);
1621 accum.mul(ws[14], p[14]);
1622 accum.mul(ws[15], p[13]);
1623 accum.mul(ws[16], p[12]);
1624 accum.mul(ws[17], p[11]);
1625 accum.mul(ws[18], p[10]);
1626 accum.mul(ws[19], p[9]);
1627 accum.mul(ws[20], p[8]);
1628 accum.mul(ws[21], p[7]);
1629 accum.mul(ws[22], p[6]);
1630 accum.mul(ws[23], p[5]);
1631 accum.mul(ws[24], p[4]);
1632 accum.mul(ws[25], p[3]);
1633 accum.mul(ws[26], p[2]);
1634 accum.mul(ws[27], p[1]);
1635 accum.add(z[28]);
1636 ws[28] = accum.monty_step(p[0], p_dash);
1637 accum.mul(ws[0], p[29]);
1638 accum.mul(ws[1], p[28]);
1639 accum.mul(ws[2], p[27]);
1640 accum.mul(ws[3], p[26]);
1641 accum.mul(ws[4], p[25]);
1642 accum.mul(ws[5], p[24]);
1643 accum.mul(ws[6], p[23]);
1644 accum.mul(ws[7], p[22]);
1645 accum.mul(ws[8], p[21]);
1646 accum.mul(ws[9], p[20]);
1647 accum.mul(ws[10], p[19]);
1648 accum.mul(ws[11], p[18]);
1649 accum.mul(ws[12], p[17]);
1650 accum.mul(ws[13], p[16]);
1651 accum.mul(ws[14], p[15]);
1652 accum.mul(ws[15], p[14]);
1653 accum.mul(ws[16], p[13]);
1654 accum.mul(ws[17], p[12]);
1655 accum.mul(ws[18], p[11]);
1656 accum.mul(ws[19], p[10]);
1657 accum.mul(ws[20], p[9]);
1658 accum.mul(ws[21], p[8]);
1659 accum.mul(ws[22], p[7]);
1660 accum.mul(ws[23], p[6]);
1661 accum.mul(ws[24], p[5]);
1662 accum.mul(ws[25], p[4]);
1663 accum.mul(ws[26], p[3]);
1664 accum.mul(ws[27], p[2]);
1665 accum.mul(ws[28], p[1]);
1666 accum.add(z[29]);
1667 ws[29] = accum.monty_step(p[0], p_dash);
1668 accum.mul(ws[0], p[30]);
1669 accum.mul(ws[1], p[29]);
1670 accum.mul(ws[2], p[28]);
1671 accum.mul(ws[3], p[27]);
1672 accum.mul(ws[4], p[26]);
1673 accum.mul(ws[5], p[25]);
1674 accum.mul(ws[6], p[24]);
1675 accum.mul(ws[7], p[23]);
1676 accum.mul(ws[8], p[22]);
1677 accum.mul(ws[9], p[21]);
1678 accum.mul(ws[10], p[20]);
1679 accum.mul(ws[11], p[19]);
1680 accum.mul(ws[12], p[18]);
1681 accum.mul(ws[13], p[17]);
1682 accum.mul(ws[14], p[16]);
1683 accum.mul(ws[15], p[15]);
1684 accum.mul(ws[16], p[14]);
1685 accum.mul(ws[17], p[13]);
1686 accum.mul(ws[18], p[12]);
1687 accum.mul(ws[19], p[11]);
1688 accum.mul(ws[20], p[10]);
1689 accum.mul(ws[21], p[9]);
1690 accum.mul(ws[22], p[8]);
1691 accum.mul(ws[23], p[7]);
1692 accum.mul(ws[24], p[6]);
1693 accum.mul(ws[25], p[5]);
1694 accum.mul(ws[26], p[4]);
1695 accum.mul(ws[27], p[3]);
1696 accum.mul(ws[28], p[2]);
1697 accum.mul(ws[29], p[1]);
1698 accum.add(z[30]);
1699 ws[30] = accum.monty_step(p[0], p_dash);
1700 accum.mul(ws[0], p[31]);
1701 accum.mul(ws[1], p[30]);
1702 accum.mul(ws[2], p[29]);
1703 accum.mul(ws[3], p[28]);
1704 accum.mul(ws[4], p[27]);
1705 accum.mul(ws[5], p[26]);
1706 accum.mul(ws[6], p[25]);
1707 accum.mul(ws[7], p[24]);
1708 accum.mul(ws[8], p[23]);
1709 accum.mul(ws[9], p[22]);
1710 accum.mul(ws[10], p[21]);
1711 accum.mul(ws[11], p[20]);
1712 accum.mul(ws[12], p[19]);
1713 accum.mul(ws[13], p[18]);
1714 accum.mul(ws[14], p[17]);
1715 accum.mul(ws[15], p[16]);
1716 accum.mul(ws[16], p[15]);
1717 accum.mul(ws[17], p[14]);
1718 accum.mul(ws[18], p[13]);
1719 accum.mul(ws[19], p[12]);
1720 accum.mul(ws[20], p[11]);
1721 accum.mul(ws[21], p[10]);
1722 accum.mul(ws[22], p[9]);
1723 accum.mul(ws[23], p[8]);
1724 accum.mul(ws[24], p[7]);
1725 accum.mul(ws[25], p[6]);
1726 accum.mul(ws[26], p[5]);
1727 accum.mul(ws[27], p[4]);
1728 accum.mul(ws[28], p[3]);
1729 accum.mul(ws[29], p[2]);
1730 accum.mul(ws[30], p[1]);
1731 accum.add(z[31]);
1732 ws[31] = accum.monty_step(p[0], p_dash);
1733 accum.mul(ws[1], p[31]);
1734 accum.mul(ws[2], p[30]);
1735 accum.mul(ws[3], p[29]);
1736 accum.mul(ws[4], p[28]);
1737 accum.mul(ws[5], p[27]);
1738 accum.mul(ws[6], p[26]);
1739 accum.mul(ws[7], p[25]);
1740 accum.mul(ws[8], p[24]);
1741 accum.mul(ws[9], p[23]);
1742 accum.mul(ws[10], p[22]);
1743 accum.mul(ws[11], p[21]);
1744 accum.mul(ws[12], p[20]);
1745 accum.mul(ws[13], p[19]);
1746 accum.mul(ws[14], p[18]);
1747 accum.mul(ws[15], p[17]);
1748 accum.mul(ws[16], p[16]);
1749 accum.mul(ws[17], p[15]);
1750 accum.mul(ws[18], p[14]);
1751 accum.mul(ws[19], p[13]);
1752 accum.mul(ws[20], p[12]);
1753 accum.mul(ws[21], p[11]);
1754 accum.mul(ws[22], p[10]);
1755 accum.mul(ws[23], p[9]);
1756 accum.mul(ws[24], p[8]);
1757 accum.mul(ws[25], p[7]);
1758 accum.mul(ws[26], p[6]);
1759 accum.mul(ws[27], p[5]);
1760 accum.mul(ws[28], p[4]);
1761 accum.mul(ws[29], p[3]);
1762 accum.mul(ws[30], p[2]);
1763 accum.mul(ws[31], p[1]);
1764 accum.add(z[32]);
1765 ws[0] = accum.extract();
1766 accum.mul(ws[2], p[31]);
1767 accum.mul(ws[3], p[30]);
1768 accum.mul(ws[4], p[29]);
1769 accum.mul(ws[5], p[28]);
1770 accum.mul(ws[6], p[27]);
1771 accum.mul(ws[7], p[26]);
1772 accum.mul(ws[8], p[25]);
1773 accum.mul(ws[9], p[24]);
1774 accum.mul(ws[10], p[23]);
1775 accum.mul(ws[11], p[22]);
1776 accum.mul(ws[12], p[21]);
1777 accum.mul(ws[13], p[20]);
1778 accum.mul(ws[14], p[19]);
1779 accum.mul(ws[15], p[18]);
1780 accum.mul(ws[16], p[17]);
1781 accum.mul(ws[17], p[16]);
1782 accum.mul(ws[18], p[15]);
1783 accum.mul(ws[19], p[14]);
1784 accum.mul(ws[20], p[13]);
1785 accum.mul(ws[21], p[12]);
1786 accum.mul(ws[22], p[11]);
1787 accum.mul(ws[23], p[10]);
1788 accum.mul(ws[24], p[9]);
1789 accum.mul(ws[25], p[8]);
1790 accum.mul(ws[26], p[7]);
1791 accum.mul(ws[27], p[6]);
1792 accum.mul(ws[28], p[5]);
1793 accum.mul(ws[29], p[4]);
1794 accum.mul(ws[30], p[3]);
1795 accum.mul(ws[31], p[2]);
1796 accum.add(z[33]);
1797 ws[1] = accum.extract();
1798 accum.mul(ws[3], p[31]);
1799 accum.mul(ws[4], p[30]);
1800 accum.mul(ws[5], p[29]);
1801 accum.mul(ws[6], p[28]);
1802 accum.mul(ws[7], p[27]);
1803 accum.mul(ws[8], p[26]);
1804 accum.mul(ws[9], p[25]);
1805 accum.mul(ws[10], p[24]);
1806 accum.mul(ws[11], p[23]);
1807 accum.mul(ws[12], p[22]);
1808 accum.mul(ws[13], p[21]);
1809 accum.mul(ws[14], p[20]);
1810 accum.mul(ws[15], p[19]);
1811 accum.mul(ws[16], p[18]);
1812 accum.mul(ws[17], p[17]);
1813 accum.mul(ws[18], p[16]);
1814 accum.mul(ws[19], p[15]);
1815 accum.mul(ws[20], p[14]);
1816 accum.mul(ws[21], p[13]);
1817 accum.mul(ws[22], p[12]);
1818 accum.mul(ws[23], p[11]);
1819 accum.mul(ws[24], p[10]);
1820 accum.mul(ws[25], p[9]);
1821 accum.mul(ws[26], p[8]);
1822 accum.mul(ws[27], p[7]);
1823 accum.mul(ws[28], p[6]);
1824 accum.mul(ws[29], p[5]);
1825 accum.mul(ws[30], p[4]);
1826 accum.mul(ws[31], p[3]);
1827 accum.add(z[34]);
1828 ws[2] = accum.extract();
1829 accum.mul(ws[4], p[31]);
1830 accum.mul(ws[5], p[30]);
1831 accum.mul(ws[6], p[29]);
1832 accum.mul(ws[7], p[28]);
1833 accum.mul(ws[8], p[27]);
1834 accum.mul(ws[9], p[26]);
1835 accum.mul(ws[10], p[25]);
1836 accum.mul(ws[11], p[24]);
1837 accum.mul(ws[12], p[23]);
1838 accum.mul(ws[13], p[22]);
1839 accum.mul(ws[14], p[21]);
1840 accum.mul(ws[15], p[20]);
1841 accum.mul(ws[16], p[19]);
1842 accum.mul(ws[17], p[18]);
1843 accum.mul(ws[18], p[17]);
1844 accum.mul(ws[19], p[16]);
1845 accum.mul(ws[20], p[15]);
1846 accum.mul(ws[21], p[14]);
1847 accum.mul(ws[22], p[13]);
1848 accum.mul(ws[23], p[12]);
1849 accum.mul(ws[24], p[11]);
1850 accum.mul(ws[25], p[10]);
1851 accum.mul(ws[26], p[9]);
1852 accum.mul(ws[27], p[8]);
1853 accum.mul(ws[28], p[7]);
1854 accum.mul(ws[29], p[6]);
1855 accum.mul(ws[30], p[5]);
1856 accum.mul(ws[31], p[4]);
1857 accum.add(z[35]);
1858 ws[3] = accum.extract();
1859 accum.mul(ws[5], p[31]);
1860 accum.mul(ws[6], p[30]);
1861 accum.mul(ws[7], p[29]);
1862 accum.mul(ws[8], p[28]);
1863 accum.mul(ws[9], p[27]);
1864 accum.mul(ws[10], p[26]);
1865 accum.mul(ws[11], p[25]);
1866 accum.mul(ws[12], p[24]);
1867 accum.mul(ws[13], p[23]);
1868 accum.mul(ws[14], p[22]);
1869 accum.mul(ws[15], p[21]);
1870 accum.mul(ws[16], p[20]);
1871 accum.mul(ws[17], p[19]);
1872 accum.mul(ws[18], p[18]);
1873 accum.mul(ws[19], p[17]);
1874 accum.mul(ws[20], p[16]);
1875 accum.mul(ws[21], p[15]);
1876 accum.mul(ws[22], p[14]);
1877 accum.mul(ws[23], p[13]);
1878 accum.mul(ws[24], p[12]);
1879 accum.mul(ws[25], p[11]);
1880 accum.mul(ws[26], p[10]);
1881 accum.mul(ws[27], p[9]);
1882 accum.mul(ws[28], p[8]);
1883 accum.mul(ws[29], p[7]);
1884 accum.mul(ws[30], p[6]);
1885 accum.mul(ws[31], p[5]);
1886 accum.add(z[36]);
1887 ws[4] = accum.extract();
1888 accum.mul(ws[6], p[31]);
1889 accum.mul(ws[7], p[30]);
1890 accum.mul(ws[8], p[29]);
1891 accum.mul(ws[9], p[28]);
1892 accum.mul(ws[10], p[27]);
1893 accum.mul(ws[11], p[26]);
1894 accum.mul(ws[12], p[25]);
1895 accum.mul(ws[13], p[24]);
1896 accum.mul(ws[14], p[23]);
1897 accum.mul(ws[15], p[22]);
1898 accum.mul(ws[16], p[21]);
1899 accum.mul(ws[17], p[20]);
1900 accum.mul(ws[18], p[19]);
1901 accum.mul(ws[19], p[18]);
1902 accum.mul(ws[20], p[17]);
1903 accum.mul(ws[21], p[16]);
1904 accum.mul(ws[22], p[15]);
1905 accum.mul(ws[23], p[14]);
1906 accum.mul(ws[24], p[13]);
1907 accum.mul(ws[25], p[12]);
1908 accum.mul(ws[26], p[11]);
1909 accum.mul(ws[27], p[10]);
1910 accum.mul(ws[28], p[9]);
1911 accum.mul(ws[29], p[8]);
1912 accum.mul(ws[30], p[7]);
1913 accum.mul(ws[31], p[6]);
1914 accum.add(z[37]);
1915 ws[5] = accum.extract();
1916 accum.mul(ws[7], p[31]);
1917 accum.mul(ws[8], p[30]);
1918 accum.mul(ws[9], p[29]);
1919 accum.mul(ws[10], p[28]);
1920 accum.mul(ws[11], p[27]);
1921 accum.mul(ws[12], p[26]);
1922 accum.mul(ws[13], p[25]);
1923 accum.mul(ws[14], p[24]);
1924 accum.mul(ws[15], p[23]);
1925 accum.mul(ws[16], p[22]);
1926 accum.mul(ws[17], p[21]);
1927 accum.mul(ws[18], p[20]);
1928 accum.mul(ws[19], p[19]);
1929 accum.mul(ws[20], p[18]);
1930 accum.mul(ws[21], p[17]);
1931 accum.mul(ws[22], p[16]);
1932 accum.mul(ws[23], p[15]);
1933 accum.mul(ws[24], p[14]);
1934 accum.mul(ws[25], p[13]);
1935 accum.mul(ws[26], p[12]);
1936 accum.mul(ws[27], p[11]);
1937 accum.mul(ws[28], p[10]);
1938 accum.mul(ws[29], p[9]);
1939 accum.mul(ws[30], p[8]);
1940 accum.mul(ws[31], p[7]);
1941 accum.add(z[38]);
1942 ws[6] = accum.extract();
1943 accum.mul(ws[8], p[31]);
1944 accum.mul(ws[9], p[30]);
1945 accum.mul(ws[10], p[29]);
1946 accum.mul(ws[11], p[28]);
1947 accum.mul(ws[12], p[27]);
1948 accum.mul(ws[13], p[26]);
1949 accum.mul(ws[14], p[25]);
1950 accum.mul(ws[15], p[24]);
1951 accum.mul(ws[16], p[23]);
1952 accum.mul(ws[17], p[22]);
1953 accum.mul(ws[18], p[21]);
1954 accum.mul(ws[19], p[20]);
1955 accum.mul(ws[20], p[19]);
1956 accum.mul(ws[21], p[18]);
1957 accum.mul(ws[22], p[17]);
1958 accum.mul(ws[23], p[16]);
1959 accum.mul(ws[24], p[15]);
1960 accum.mul(ws[25], p[14]);
1961 accum.mul(ws[26], p[13]);
1962 accum.mul(ws[27], p[12]);
1963 accum.mul(ws[28], p[11]);
1964 accum.mul(ws[29], p[10]);
1965 accum.mul(ws[30], p[9]);
1966 accum.mul(ws[31], p[8]);
1967 accum.add(z[39]);
1968 ws[7] = accum.extract();
1969 accum.mul(ws[9], p[31]);
1970 accum.mul(ws[10], p[30]);
1971 accum.mul(ws[11], p[29]);
1972 accum.mul(ws[12], p[28]);
1973 accum.mul(ws[13], p[27]);
1974 accum.mul(ws[14], p[26]);
1975 accum.mul(ws[15], p[25]);
1976 accum.mul(ws[16], p[24]);
1977 accum.mul(ws[17], p[23]);
1978 accum.mul(ws[18], p[22]);
1979 accum.mul(ws[19], p[21]);
1980 accum.mul(ws[20], p[20]);
1981 accum.mul(ws[21], p[19]);
1982 accum.mul(ws[22], p[18]);
1983 accum.mul(ws[23], p[17]);
1984 accum.mul(ws[24], p[16]);
1985 accum.mul(ws[25], p[15]);
1986 accum.mul(ws[26], p[14]);
1987 accum.mul(ws[27], p[13]);
1988 accum.mul(ws[28], p[12]);
1989 accum.mul(ws[29], p[11]);
1990 accum.mul(ws[30], p[10]);
1991 accum.mul(ws[31], p[9]);
1992 accum.add(z[40]);
1993 ws[8] = accum.extract();
1994 accum.mul(ws[10], p[31]);
1995 accum.mul(ws[11], p[30]);
1996 accum.mul(ws[12], p[29]);
1997 accum.mul(ws[13], p[28]);
1998 accum.mul(ws[14], p[27]);
1999 accum.mul(ws[15], p[26]);
2000 accum.mul(ws[16], p[25]);
2001 accum.mul(ws[17], p[24]);
2002 accum.mul(ws[18], p[23]);
2003 accum.mul(ws[19], p[22]);
2004 accum.mul(ws[20], p[21]);
2005 accum.mul(ws[21], p[20]);
2006 accum.mul(ws[22], p[19]);
2007 accum.mul(ws[23], p[18]);
2008 accum.mul(ws[24], p[17]);
2009 accum.mul(ws[25], p[16]);
2010 accum.mul(ws[26], p[15]);
2011 accum.mul(ws[27], p[14]);
2012 accum.mul(ws[28], p[13]);
2013 accum.mul(ws[29], p[12]);
2014 accum.mul(ws[30], p[11]);
2015 accum.mul(ws[31], p[10]);
2016 accum.add(z[41]);
2017 ws[9] = accum.extract();
2018 accum.mul(ws[11], p[31]);
2019 accum.mul(ws[12], p[30]);
2020 accum.mul(ws[13], p[29]);
2021 accum.mul(ws[14], p[28]);
2022 accum.mul(ws[15], p[27]);
2023 accum.mul(ws[16], p[26]);
2024 accum.mul(ws[17], p[25]);
2025 accum.mul(ws[18], p[24]);
2026 accum.mul(ws[19], p[23]);
2027 accum.mul(ws[20], p[22]);
2028 accum.mul(ws[21], p[21]);
2029 accum.mul(ws[22], p[20]);
2030 accum.mul(ws[23], p[19]);
2031 accum.mul(ws[24], p[18]);
2032 accum.mul(ws[25], p[17]);
2033 accum.mul(ws[26], p[16]);
2034 accum.mul(ws[27], p[15]);
2035 accum.mul(ws[28], p[14]);
2036 accum.mul(ws[29], p[13]);
2037 accum.mul(ws[30], p[12]);
2038 accum.mul(ws[31], p[11]);
2039 accum.add(z[42]);
2040 ws[10] = accum.extract();
2041 accum.mul(ws[12], p[31]);
2042 accum.mul(ws[13], p[30]);
2043 accum.mul(ws[14], p[29]);
2044 accum.mul(ws[15], p[28]);
2045 accum.mul(ws[16], p[27]);
2046 accum.mul(ws[17], p[26]);
2047 accum.mul(ws[18], p[25]);
2048 accum.mul(ws[19], p[24]);
2049 accum.mul(ws[20], p[23]);
2050 accum.mul(ws[21], p[22]);
2051 accum.mul(ws[22], p[21]);
2052 accum.mul(ws[23], p[20]);
2053 accum.mul(ws[24], p[19]);
2054 accum.mul(ws[25], p[18]);
2055 accum.mul(ws[26], p[17]);
2056 accum.mul(ws[27], p[16]);
2057 accum.mul(ws[28], p[15]);
2058 accum.mul(ws[29], p[14]);
2059 accum.mul(ws[30], p[13]);
2060 accum.mul(ws[31], p[12]);
2061 accum.add(z[43]);
2062 ws[11] = accum.extract();
2063 accum.mul(ws[13], p[31]);
2064 accum.mul(ws[14], p[30]);
2065 accum.mul(ws[15], p[29]);
2066 accum.mul(ws[16], p[28]);
2067 accum.mul(ws[17], p[27]);
2068 accum.mul(ws[18], p[26]);
2069 accum.mul(ws[19], p[25]);
2070 accum.mul(ws[20], p[24]);
2071 accum.mul(ws[21], p[23]);
2072 accum.mul(ws[22], p[22]);
2073 accum.mul(ws[23], p[21]);
2074 accum.mul(ws[24], p[20]);
2075 accum.mul(ws[25], p[19]);
2076 accum.mul(ws[26], p[18]);
2077 accum.mul(ws[27], p[17]);
2078 accum.mul(ws[28], p[16]);
2079 accum.mul(ws[29], p[15]);
2080 accum.mul(ws[30], p[14]);
2081 accum.mul(ws[31], p[13]);
2082 accum.add(z[44]);
2083 ws[12] = accum.extract();
2084 accum.mul(ws[14], p[31]);
2085 accum.mul(ws[15], p[30]);
2086 accum.mul(ws[16], p[29]);
2087 accum.mul(ws[17], p[28]);
2088 accum.mul(ws[18], p[27]);
2089 accum.mul(ws[19], p[26]);
2090 accum.mul(ws[20], p[25]);
2091 accum.mul(ws[21], p[24]);
2092 accum.mul(ws[22], p[23]);
2093 accum.mul(ws[23], p[22]);
2094 accum.mul(ws[24], p[21]);
2095 accum.mul(ws[25], p[20]);
2096 accum.mul(ws[26], p[19]);
2097 accum.mul(ws[27], p[18]);
2098 accum.mul(ws[28], p[17]);
2099 accum.mul(ws[29], p[16]);
2100 accum.mul(ws[30], p[15]);
2101 accum.mul(ws[31], p[14]);
2102 accum.add(z[45]);
2103 ws[13] = accum.extract();
2104 accum.mul(ws[15], p[31]);
2105 accum.mul(ws[16], p[30]);
2106 accum.mul(ws[17], p[29]);
2107 accum.mul(ws[18], p[28]);
2108 accum.mul(ws[19], p[27]);
2109 accum.mul(ws[20], p[26]);
2110 accum.mul(ws[21], p[25]);
2111 accum.mul(ws[22], p[24]);
2112 accum.mul(ws[23], p[23]);
2113 accum.mul(ws[24], p[22]);
2114 accum.mul(ws[25], p[21]);
2115 accum.mul(ws[26], p[20]);
2116 accum.mul(ws[27], p[19]);
2117 accum.mul(ws[28], p[18]);
2118 accum.mul(ws[29], p[17]);
2119 accum.mul(ws[30], p[16]);
2120 accum.mul(ws[31], p[15]);
2121 accum.add(z[46]);
2122 ws[14] = accum.extract();
2123 accum.mul(ws[16], p[31]);
2124 accum.mul(ws[17], p[30]);
2125 accum.mul(ws[18], p[29]);
2126 accum.mul(ws[19], p[28]);
2127 accum.mul(ws[20], p[27]);
2128 accum.mul(ws[21], p[26]);
2129 accum.mul(ws[22], p[25]);
2130 accum.mul(ws[23], p[24]);
2131 accum.mul(ws[24], p[23]);
2132 accum.mul(ws[25], p[22]);
2133 accum.mul(ws[26], p[21]);
2134 accum.mul(ws[27], p[20]);
2135 accum.mul(ws[28], p[19]);
2136 accum.mul(ws[29], p[18]);
2137 accum.mul(ws[30], p[17]);
2138 accum.mul(ws[31], p[16]);
2139 accum.add(z[47]);
2140 ws[15] = accum.extract();
2141 accum.mul(ws[17], p[31]);
2142 accum.mul(ws[18], p[30]);
2143 accum.mul(ws[19], p[29]);
2144 accum.mul(ws[20], p[28]);
2145 accum.mul(ws[21], p[27]);
2146 accum.mul(ws[22], p[26]);
2147 accum.mul(ws[23], p[25]);
2148 accum.mul(ws[24], p[24]);
2149 accum.mul(ws[25], p[23]);
2150 accum.mul(ws[26], p[22]);
2151 accum.mul(ws[27], p[21]);
2152 accum.mul(ws[28], p[20]);
2153 accum.mul(ws[29], p[19]);
2154 accum.mul(ws[30], p[18]);
2155 accum.mul(ws[31], p[17]);
2156 accum.add(z[48]);
2157 ws[16] = accum.extract();
2158 accum.mul(ws[18], p[31]);
2159 accum.mul(ws[19], p[30]);
2160 accum.mul(ws[20], p[29]);
2161 accum.mul(ws[21], p[28]);
2162 accum.mul(ws[22], p[27]);
2163 accum.mul(ws[23], p[26]);
2164 accum.mul(ws[24], p[25]);
2165 accum.mul(ws[25], p[24]);
2166 accum.mul(ws[26], p[23]);
2167 accum.mul(ws[27], p[22]);
2168 accum.mul(ws[28], p[21]);
2169 accum.mul(ws[29], p[20]);
2170 accum.mul(ws[30], p[19]);
2171 accum.mul(ws[31], p[18]);
2172 accum.add(z[49]);
2173 ws[17] = accum.extract();
2174 accum.mul(ws[19], p[31]);
2175 accum.mul(ws[20], p[30]);
2176 accum.mul(ws[21], p[29]);
2177 accum.mul(ws[22], p[28]);
2178 accum.mul(ws[23], p[27]);
2179 accum.mul(ws[24], p[26]);
2180 accum.mul(ws[25], p[25]);
2181 accum.mul(ws[26], p[24]);
2182 accum.mul(ws[27], p[23]);
2183 accum.mul(ws[28], p[22]);
2184 accum.mul(ws[29], p[21]);
2185 accum.mul(ws[30], p[20]);
2186 accum.mul(ws[31], p[19]);
2187 accum.add(z[50]);
2188 ws[18] = accum.extract();
2189 accum.mul(ws[20], p[31]);
2190 accum.mul(ws[21], p[30]);
2191 accum.mul(ws[22], p[29]);
2192 accum.mul(ws[23], p[28]);
2193 accum.mul(ws[24], p[27]);
2194 accum.mul(ws[25], p[26]);
2195 accum.mul(ws[26], p[25]);
2196 accum.mul(ws[27], p[24]);
2197 accum.mul(ws[28], p[23]);
2198 accum.mul(ws[29], p[22]);
2199 accum.mul(ws[30], p[21]);
2200 accum.mul(ws[31], p[20]);
2201 accum.add(z[51]);
2202 ws[19] = accum.extract();
2203 accum.mul(ws[21], p[31]);
2204 accum.mul(ws[22], p[30]);
2205 accum.mul(ws[23], p[29]);
2206 accum.mul(ws[24], p[28]);
2207 accum.mul(ws[25], p[27]);
2208 accum.mul(ws[26], p[26]);
2209 accum.mul(ws[27], p[25]);
2210 accum.mul(ws[28], p[24]);
2211 accum.mul(ws[29], p[23]);
2212 accum.mul(ws[30], p[22]);
2213 accum.mul(ws[31], p[21]);
2214 accum.add(z[52]);
2215 ws[20] = accum.extract();
2216 accum.mul(ws[22], p[31]);
2217 accum.mul(ws[23], p[30]);
2218 accum.mul(ws[24], p[29]);
2219 accum.mul(ws[25], p[28]);
2220 accum.mul(ws[26], p[27]);
2221 accum.mul(ws[27], p[26]);
2222 accum.mul(ws[28], p[25]);
2223 accum.mul(ws[29], p[24]);
2224 accum.mul(ws[30], p[23]);
2225 accum.mul(ws[31], p[22]);
2226 accum.add(z[53]);
2227 ws[21] = accum.extract();
2228 accum.mul(ws[23], p[31]);
2229 accum.mul(ws[24], p[30]);
2230 accum.mul(ws[25], p[29]);
2231 accum.mul(ws[26], p[28]);
2232 accum.mul(ws[27], p[27]);
2233 accum.mul(ws[28], p[26]);
2234 accum.mul(ws[29], p[25]);
2235 accum.mul(ws[30], p[24]);
2236 accum.mul(ws[31], p[23]);
2237 accum.add(z[54]);
2238 ws[22] = accum.extract();
2239 accum.mul(ws[24], p[31]);
2240 accum.mul(ws[25], p[30]);
2241 accum.mul(ws[26], p[29]);
2242 accum.mul(ws[27], p[28]);
2243 accum.mul(ws[28], p[27]);
2244 accum.mul(ws[29], p[26]);
2245 accum.mul(ws[30], p[25]);
2246 accum.mul(ws[31], p[24]);
2247 accum.add(z[55]);
2248 ws[23] = accum.extract();
2249 accum.mul(ws[25], p[31]);
2250 accum.mul(ws[26], p[30]);
2251 accum.mul(ws[27], p[29]);
2252 accum.mul(ws[28], p[28]);
2253 accum.mul(ws[29], p[27]);
2254 accum.mul(ws[30], p[26]);
2255 accum.mul(ws[31], p[25]);
2256 accum.add(z[56]);
2257 ws[24] = accum.extract();
2258 accum.mul(ws[26], p[31]);
2259 accum.mul(ws[27], p[30]);
2260 accum.mul(ws[28], p[29]);
2261 accum.mul(ws[29], p[28]);
2262 accum.mul(ws[30], p[27]);
2263 accum.mul(ws[31], p[26]);
2264 accum.add(z[57]);
2265 ws[25] = accum.extract();
2266 accum.mul(ws[27], p[31]);
2267 accum.mul(ws[28], p[30]);
2268 accum.mul(ws[29], p[29]);
2269 accum.mul(ws[30], p[28]);
2270 accum.mul(ws[31], p[27]);
2271 accum.add(z[58]);
2272 ws[26] = accum.extract();
2273 accum.mul(ws[28], p[31]);
2274 accum.mul(ws[29], p[30]);
2275 accum.mul(ws[30], p[29]);
2276 accum.mul(ws[31], p[28]);
2277 accum.add(z[59]);
2278 ws[27] = accum.extract();
2279 accum.mul(ws[29], p[31]);
2280 accum.mul(ws[30], p[30]);
2281 accum.mul(ws[31], p[29]);
2282 accum.add(z[60]);
2283 ws[28] = accum.extract();
2284 accum.mul(ws[30], p[31]);
2285 accum.mul(ws[31], p[30]);
2286 accum.add(z[61]);
2287 ws[29] = accum.extract();
2288 accum.mul(ws[31], p[31]);
2289 accum.add(z[62]);
2290 ws[30] = accum.extract();
2291 accum.add(z[63]);
2292 ws[31] = accum.extract();
2293 word w1 = accum.extract();
2294 bigint_monty_maybe_sub<32>(z, w1, ws, p);
2295 clear_mem(z + 32, 32);
2296}
2297
2298} // namespace Botan
Botan::word3::add
constexpr void add(W x)
Definition mp_asmi.h:645
Botan::word3::monty_step
constexpr W monty_step(W p0, W p_dash)
Definition mp_asmi.h:655
Botan::word3::extract
constexpr W extract()
Definition mp_asmi.h:647
Botan::word3::mul
constexpr void mul(W x, W y)
Definition mp_asmi.h:641
Botan::bigint_monty_redc_24
BOTAN_FUZZER_API void bigint_monty_redc_24(word z[48], const word p[24], word p_dash, word ws[])
Definition mp_monty_n.cpp:516
Botan::bigint_monty_redc_4
BOTAN_FUZZER_API void bigint_monty_redc_4(word z[8], const word p[4], word p_dash, word ws[])
Definition mp_monty_n.cpp:14
Botan::bigint_monty_maybe_sub
constexpr void bigint_monty_maybe_sub(size_t N, W z[], W x0, const W x[], const W p[])
Definition mp_core.h:374
Botan::bigint_monty_redc_6
BOTAN_FUZZER_API void bigint_monty_redc_6(word z[12], const word p[6], word p_dash, word ws[])
Definition mp_monty_n.cpp:49
Botan::bigint_monty_redc_32
BOTAN_FUZZER_API void bigint_monty_redc_32(word z[64], const word p[32], word p_dash, word ws[])
Definition mp_monty_n.cpp:1171
Botan::bigint_monty_redc_16
BOTAN_FUZZER_API void bigint_monty_redc_16(word z[32], const word p[16], word p_dash, word ws[])
Definition mp_monty_n.cpp:205
Botan::clear_mem
constexpr void clear_mem(T *ptr, size_t n)
Definition mem_ops.h:120
Botan::bigint_monty_redc_8
BOTAN_FUZZER_API void bigint_monty_redc_8(word z[16], const word p[8], word p_dash, word ws[])
Definition mp_monty_n.cpp:110
Generated by doxygen 1.12.0