github.com/cloudflare/circl@v1.5.0/ecc/bls12381/ff/fpMont381.go (about) 1 // Code generated by gen.go using fiat-crypto. 2 // 3 // Autogenerated: './word_by_word_montgomery' --output fpMont381.go --lang Go --package-name ff --doc-prepend-header 'Code generated by gen.go using fiat-crypto.' --package-case lowerCamelCase --public-function-case lowerCamelCase --public-type-case lowerCamelCase --doc-newline-before-package-declaration --no-primitives --widen-carry --no-field-element-typedefs --relax-primitive-carry-to-bitwidth 64 FpMont 64 0x1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaaab add sub mul square 4 // 5 // curve description: FpMont 6 // 7 // machine_wordsize = 64 (from "64") 8 // 9 // requested operations: add, sub, mul, square 10 // 11 // m = 0x1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaaab (from "0x1a0111ea397fe69a4b1ba7b6434bacd764774b84f38512bf6730d2a0f6b0f6241eabfffeb153ffffb9feffffffffaaab") 12 // 13 // 14 // 15 // NOTE: In addition to the bounds specified above each function, all 16 // 17 // functions synthesized for this Montgomery arithmetic require the 18 // 19 // input to be strictly less than the prime modulus (m), and also 20 // 21 // require the input to be in the unique saturated representation. 22 // 23 // All functions also ensure that these two properties are true of 24 // 25 // return values. 26 // 27 // 28 // 29 // Computed values: 30 // 31 // eval z = z[0] + (z[1] << 64) + (z[2] << 128) + (z[3] << 192) + (z[4] << 256) + (z[5] << 0x140) 32 // 33 // bytes_eval z = z[0] + (z[1] << 8) + (z[2] << 16) + (z[3] << 24) + (z[4] << 32) + (z[5] << 40) + (z[6] << 48) + (z[7] << 56) + (z[8] << 64) + (z[9] << 72) + (z[10] << 80) + (z[11] << 88) + (z[12] << 96) + (z[13] << 104) + (z[14] << 112) + (z[15] << 120) + (z[16] << 128) + (z[17] << 136) + (z[18] << 144) + (z[19] << 152) + (z[20] << 160) + (z[21] << 168) + (z[22] << 176) + (z[23] << 184) + (z[24] << 192) + (z[25] << 200) + (z[26] << 208) + (z[27] << 216) + (z[28] << 224) + (z[29] << 232) + (z[30] << 240) + (z[31] << 248) + (z[32] << 256) + (z[33] << 0x108) + (z[34] << 0x110) + (z[35] << 0x118) + (z[36] << 0x120) + (z[37] << 0x128) + (z[38] << 0x130) + (z[39] << 0x138) + (z[40] << 0x140) + (z[41] << 0x148) + (z[42] << 0x150) + (z[43] << 0x158) + (z[44] << 0x160) + (z[45] << 0x168) + (z[46] << 0x170) + (z[47] << 0x178) 34 // 35 // twos_complement_eval z = let x1 := z[0] + (z[1] << 64) + (z[2] << 128) + (z[3] << 192) + (z[4] << 256) + (z[5] << 0x140) in 36 // 37 // if x1 & (2^384-1) < 2^383 then x1 & (2^384-1) else (x1 & (2^384-1)) - 2^384 38 39 package ff 40 41 import "math/bits" 42 43 // The function fiatFpMontAdd adds two field elements in the Montgomery domain. 44 // 45 // Preconditions: 46 // 47 // 0 ≤ eval arg1 < m 48 // 0 ≤ eval arg2 < m 49 // 50 // Postconditions: 51 // 52 // eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) + eval (from_montgomery arg2)) mod m 53 // 0 ≤ eval out1 < m 54 // 55 // Input Bounds: 56 // 57 // arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] 58 // arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] 59 // 60 // Output Bounds: 61 // 62 // out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] 63 func fiatFpMontAdd(out1 *[6]uint64, arg1 *[6]uint64, arg2 *[6]uint64) { 64 var x1 uint64 65 var x2 uint64 66 x1, x2 = bits.Add64(arg1[0], arg2[0], uint64(0x0)) 67 var x3 uint64 68 var x4 uint64 69 x3, x4 = bits.Add64(arg1[1], arg2[1], uint64(x2)) 70 var x5 uint64 71 var x6 uint64 72 x5, x6 = bits.Add64(arg1[2], arg2[2], uint64(x4)) 73 var x7 uint64 74 var x8 uint64 75 x7, x8 = bits.Add64(arg1[3], arg2[3], uint64(x6)) 76 var x9 uint64 77 var x10 uint64 78 x9, x10 = bits.Add64(arg1[4], arg2[4], uint64(x8)) 79 var x11 uint64 80 var x12 uint64 81 x11, x12 = bits.Add64(arg1[5], arg2[5], uint64(x10)) 82 var x13 uint64 83 var x14 uint64 84 x13, x14 = bits.Sub64(x1, 0xb9feffffffffaaab, uint64(uint64(0x0))) 85 var x15 uint64 86 var x16 uint64 87 x15, x16 = bits.Sub64(x3, 0x1eabfffeb153ffff, uint64(x14)) 88 var x17 uint64 89 var x18 uint64 90 x17, x18 = bits.Sub64(x5, 0x6730d2a0f6b0f624, uint64(x16)) 91 var x19 uint64 92 var x20 uint64 93 x19, x20 = bits.Sub64(x7, 0x64774b84f38512bf, uint64(x18)) 94 var x21 uint64 95 var x22 uint64 96 x21, x22 = bits.Sub64(x9, 0x4b1ba7b6434bacd7, uint64(x20)) 97 var x23 uint64 98 var x24 uint64 99 x23, x24 = bits.Sub64(x11, 0x1a0111ea397fe69a, uint64(x22)) 100 var x26 uint64 101 _, x26 = bits.Sub64(x12, uint64(0x0), uint64(x24)) 102 var x27 uint64 103 fiatFpMontCmovznzU64(&x27, x26, x13, x1) 104 var x28 uint64 105 fiatFpMontCmovznzU64(&x28, x26, x15, x3) 106 var x29 uint64 107 fiatFpMontCmovznzU64(&x29, x26, x17, x5) 108 var x30 uint64 109 fiatFpMontCmovznzU64(&x30, x26, x19, x7) 110 var x31 uint64 111 fiatFpMontCmovznzU64(&x31, x26, x21, x9) 112 var x32 uint64 113 fiatFpMontCmovznzU64(&x32, x26, x23, x11) 114 out1[0] = x27 115 out1[1] = x28 116 out1[2] = x29 117 out1[3] = x30 118 out1[4] = x31 119 out1[5] = x32 120 } 121 122 // The function fiatFpMontSub subtracts two field elements in the Montgomery domain. 123 // 124 // Preconditions: 125 // 126 // 0 ≤ eval arg1 < m 127 // 0 ≤ eval arg2 < m 128 // 129 // Postconditions: 130 // 131 // eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) - eval (from_montgomery arg2)) mod m 132 // 0 ≤ eval out1 < m 133 // 134 // Input Bounds: 135 // 136 // arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] 137 // arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] 138 // 139 // Output Bounds: 140 // 141 // out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] 142 func fiatFpMontSub(out1 *[6]uint64, arg1 *[6]uint64, arg2 *[6]uint64) { 143 var x1 uint64 144 var x2 uint64 145 x1, x2 = bits.Sub64(arg1[0], arg2[0], uint64(0x0)) 146 var x3 uint64 147 var x4 uint64 148 x3, x4 = bits.Sub64(arg1[1], arg2[1], uint64(x2)) 149 var x5 uint64 150 var x6 uint64 151 x5, x6 = bits.Sub64(arg1[2], arg2[2], uint64(x4)) 152 var x7 uint64 153 var x8 uint64 154 x7, x8 = bits.Sub64(arg1[3], arg2[3], uint64(x6)) 155 var x9 uint64 156 var x10 uint64 157 x9, x10 = bits.Sub64(arg1[4], arg2[4], uint64(x8)) 158 var x11 uint64 159 var x12 uint64 160 x11, x12 = bits.Sub64(arg1[5], arg2[5], uint64(x10)) 161 var x13 uint64 162 fiatFpMontCmovznzU64(&x13, x12, uint64(0x0), 0xffffffffffffffff) 163 var x14 uint64 164 var x15 uint64 165 x14, x15 = bits.Add64(x1, (x13 & 0xb9feffffffffaaab), uint64(0x0)) 166 var x16 uint64 167 var x17 uint64 168 x16, x17 = bits.Add64(x3, (x13 & 0x1eabfffeb153ffff), uint64(x15)) 169 var x18 uint64 170 var x19 uint64 171 x18, x19 = bits.Add64(x5, (x13 & 0x6730d2a0f6b0f624), uint64(x17)) 172 var x20 uint64 173 var x21 uint64 174 x20, x21 = bits.Add64(x7, (x13 & 0x64774b84f38512bf), uint64(x19)) 175 var x22 uint64 176 var x23 uint64 177 x22, x23 = bits.Add64(x9, (x13 & 0x4b1ba7b6434bacd7), uint64(x21)) 178 var x24 uint64 179 x24, _ = bits.Add64(x11, (x13 & 0x1a0111ea397fe69a), uint64(x23)) 180 out1[0] = x14 181 out1[1] = x16 182 out1[2] = x18 183 out1[3] = x20 184 out1[4] = x22 185 out1[5] = x24 186 } 187 188 // The function fiatFpMontMul multiplies two field elements in the Montgomery domain. 189 // 190 // Preconditions: 191 // 192 // 0 ≤ eval arg1 < m 193 // 0 ≤ eval arg2 < m 194 // 195 // Postconditions: 196 // 197 // eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg2)) mod m 198 // 0 ≤ eval out1 < m 199 // 200 // Input Bounds: 201 // 202 // arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] 203 // arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] 204 // 205 // Output Bounds: 206 // 207 // out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] 208 func fiatFpMontMul(out1 *[6]uint64, arg1 *[6]uint64, arg2 *[6]uint64) { 209 x1 := arg1[1] 210 x2 := arg1[2] 211 x3 := arg1[3] 212 x4 := arg1[4] 213 x5 := arg1[5] 214 x6 := arg1[0] 215 var x7 uint64 216 var x8 uint64 217 x8, x7 = bits.Mul64(x6, arg2[5]) 218 var x9 uint64 219 var x10 uint64 220 x10, x9 = bits.Mul64(x6, arg2[4]) 221 var x11 uint64 222 var x12 uint64 223 x12, x11 = bits.Mul64(x6, arg2[3]) 224 var x13 uint64 225 var x14 uint64 226 x14, x13 = bits.Mul64(x6, arg2[2]) 227 var x15 uint64 228 var x16 uint64 229 x16, x15 = bits.Mul64(x6, arg2[1]) 230 var x17 uint64 231 var x18 uint64 232 x18, x17 = bits.Mul64(x6, arg2[0]) 233 var x19 uint64 234 var x20 uint64 235 x19, x20 = bits.Add64(x18, x15, uint64(0x0)) 236 var x21 uint64 237 var x22 uint64 238 x21, x22 = bits.Add64(x16, x13, uint64(x20)) 239 var x23 uint64 240 var x24 uint64 241 x23, x24 = bits.Add64(x14, x11, uint64(x22)) 242 var x25 uint64 243 var x26 uint64 244 x25, x26 = bits.Add64(x12, x9, uint64(x24)) 245 var x27 uint64 246 var x28 uint64 247 x27, x28 = bits.Add64(x10, x7, uint64(x26)) 248 x29 := (x28 + x8) 249 var x30 uint64 250 _, x30 = bits.Mul64(x17, 0x89f3fffcfffcfffd) 251 var x32 uint64 252 var x33 uint64 253 x33, x32 = bits.Mul64(x30, 0x1a0111ea397fe69a) 254 var x34 uint64 255 var x35 uint64 256 x35, x34 = bits.Mul64(x30, 0x4b1ba7b6434bacd7) 257 var x36 uint64 258 var x37 uint64 259 x37, x36 = bits.Mul64(x30, 0x64774b84f38512bf) 260 var x38 uint64 261 var x39 uint64 262 x39, x38 = bits.Mul64(x30, 0x6730d2a0f6b0f624) 263 var x40 uint64 264 var x41 uint64 265 x41, x40 = bits.Mul64(x30, 0x1eabfffeb153ffff) 266 var x42 uint64 267 var x43 uint64 268 x43, x42 = bits.Mul64(x30, 0xb9feffffffffaaab) 269 var x44 uint64 270 var x45 uint64 271 x44, x45 = bits.Add64(x43, x40, uint64(0x0)) 272 var x46 uint64 273 var x47 uint64 274 x46, x47 = bits.Add64(x41, x38, uint64(x45)) 275 var x48 uint64 276 var x49 uint64 277 x48, x49 = bits.Add64(x39, x36, uint64(x47)) 278 var x50 uint64 279 var x51 uint64 280 x50, x51 = bits.Add64(x37, x34, uint64(x49)) 281 var x52 uint64 282 var x53 uint64 283 x52, x53 = bits.Add64(x35, x32, uint64(x51)) 284 x54 := (x53 + x33) 285 var x56 uint64 286 _, x56 = bits.Add64(x17, x42, uint64(0x0)) 287 var x57 uint64 288 var x58 uint64 289 x57, x58 = bits.Add64(x19, x44, uint64(x56)) 290 var x59 uint64 291 var x60 uint64 292 x59, x60 = bits.Add64(x21, x46, uint64(x58)) 293 var x61 uint64 294 var x62 uint64 295 x61, x62 = bits.Add64(x23, x48, uint64(x60)) 296 var x63 uint64 297 var x64 uint64 298 x63, x64 = bits.Add64(x25, x50, uint64(x62)) 299 var x65 uint64 300 var x66 uint64 301 x65, x66 = bits.Add64(x27, x52, uint64(x64)) 302 var x67 uint64 303 var x68 uint64 304 x67, x68 = bits.Add64(x29, x54, uint64(x66)) 305 var x69 uint64 306 var x70 uint64 307 x70, x69 = bits.Mul64(x1, arg2[5]) 308 var x71 uint64 309 var x72 uint64 310 x72, x71 = bits.Mul64(x1, arg2[4]) 311 var x73 uint64 312 var x74 uint64 313 x74, x73 = bits.Mul64(x1, arg2[3]) 314 var x75 uint64 315 var x76 uint64 316 x76, x75 = bits.Mul64(x1, arg2[2]) 317 var x77 uint64 318 var x78 uint64 319 x78, x77 = bits.Mul64(x1, arg2[1]) 320 var x79 uint64 321 var x80 uint64 322 x80, x79 = bits.Mul64(x1, arg2[0]) 323 var x81 uint64 324 var x82 uint64 325 x81, x82 = bits.Add64(x80, x77, uint64(0x0)) 326 var x83 uint64 327 var x84 uint64 328 x83, x84 = bits.Add64(x78, x75, uint64(x82)) 329 var x85 uint64 330 var x86 uint64 331 x85, x86 = bits.Add64(x76, x73, uint64(x84)) 332 var x87 uint64 333 var x88 uint64 334 x87, x88 = bits.Add64(x74, x71, uint64(x86)) 335 var x89 uint64 336 var x90 uint64 337 x89, x90 = bits.Add64(x72, x69, uint64(x88)) 338 x91 := (x90 + x70) 339 var x92 uint64 340 var x93 uint64 341 x92, x93 = bits.Add64(x57, x79, uint64(0x0)) 342 var x94 uint64 343 var x95 uint64 344 x94, x95 = bits.Add64(x59, x81, uint64(x93)) 345 var x96 uint64 346 var x97 uint64 347 x96, x97 = bits.Add64(x61, x83, uint64(x95)) 348 var x98 uint64 349 var x99 uint64 350 x98, x99 = bits.Add64(x63, x85, uint64(x97)) 351 var x100 uint64 352 var x101 uint64 353 x100, x101 = bits.Add64(x65, x87, uint64(x99)) 354 var x102 uint64 355 var x103 uint64 356 x102, x103 = bits.Add64(x67, x89, uint64(x101)) 357 var x104 uint64 358 var x105 uint64 359 x104, x105 = bits.Add64(x68, x91, uint64(x103)) 360 var x106 uint64 361 _, x106 = bits.Mul64(x92, 0x89f3fffcfffcfffd) 362 var x108 uint64 363 var x109 uint64 364 x109, x108 = bits.Mul64(x106, 0x1a0111ea397fe69a) 365 var x110 uint64 366 var x111 uint64 367 x111, x110 = bits.Mul64(x106, 0x4b1ba7b6434bacd7) 368 var x112 uint64 369 var x113 uint64 370 x113, x112 = bits.Mul64(x106, 0x64774b84f38512bf) 371 var x114 uint64 372 var x115 uint64 373 x115, x114 = bits.Mul64(x106, 0x6730d2a0f6b0f624) 374 var x116 uint64 375 var x117 uint64 376 x117, x116 = bits.Mul64(x106, 0x1eabfffeb153ffff) 377 var x118 uint64 378 var x119 uint64 379 x119, x118 = bits.Mul64(x106, 0xb9feffffffffaaab) 380 var x120 uint64 381 var x121 uint64 382 x120, x121 = bits.Add64(x119, x116, uint64(0x0)) 383 var x122 uint64 384 var x123 uint64 385 x122, x123 = bits.Add64(x117, x114, uint64(x121)) 386 var x124 uint64 387 var x125 uint64 388 x124, x125 = bits.Add64(x115, x112, uint64(x123)) 389 var x126 uint64 390 var x127 uint64 391 x126, x127 = bits.Add64(x113, x110, uint64(x125)) 392 var x128 uint64 393 var x129 uint64 394 x128, x129 = bits.Add64(x111, x108, uint64(x127)) 395 x130 := (x129 + x109) 396 var x132 uint64 397 _, x132 = bits.Add64(x92, x118, uint64(0x0)) 398 var x133 uint64 399 var x134 uint64 400 x133, x134 = bits.Add64(x94, x120, uint64(x132)) 401 var x135 uint64 402 var x136 uint64 403 x135, x136 = bits.Add64(x96, x122, uint64(x134)) 404 var x137 uint64 405 var x138 uint64 406 x137, x138 = bits.Add64(x98, x124, uint64(x136)) 407 var x139 uint64 408 var x140 uint64 409 x139, x140 = bits.Add64(x100, x126, uint64(x138)) 410 var x141 uint64 411 var x142 uint64 412 x141, x142 = bits.Add64(x102, x128, uint64(x140)) 413 var x143 uint64 414 var x144 uint64 415 x143, x144 = bits.Add64(x104, x130, uint64(x142)) 416 x145 := (x144 + x105) 417 var x146 uint64 418 var x147 uint64 419 x147, x146 = bits.Mul64(x2, arg2[5]) 420 var x148 uint64 421 var x149 uint64 422 x149, x148 = bits.Mul64(x2, arg2[4]) 423 var x150 uint64 424 var x151 uint64 425 x151, x150 = bits.Mul64(x2, arg2[3]) 426 var x152 uint64 427 var x153 uint64 428 x153, x152 = bits.Mul64(x2, arg2[2]) 429 var x154 uint64 430 var x155 uint64 431 x155, x154 = bits.Mul64(x2, arg2[1]) 432 var x156 uint64 433 var x157 uint64 434 x157, x156 = bits.Mul64(x2, arg2[0]) 435 var x158 uint64 436 var x159 uint64 437 x158, x159 = bits.Add64(x157, x154, uint64(0x0)) 438 var x160 uint64 439 var x161 uint64 440 x160, x161 = bits.Add64(x155, x152, uint64(x159)) 441 var x162 uint64 442 var x163 uint64 443 x162, x163 = bits.Add64(x153, x150, uint64(x161)) 444 var x164 uint64 445 var x165 uint64 446 x164, x165 = bits.Add64(x151, x148, uint64(x163)) 447 var x166 uint64 448 var x167 uint64 449 x166, x167 = bits.Add64(x149, x146, uint64(x165)) 450 x168 := (x167 + x147) 451 var x169 uint64 452 var x170 uint64 453 x169, x170 = bits.Add64(x133, x156, uint64(0x0)) 454 var x171 uint64 455 var x172 uint64 456 x171, x172 = bits.Add64(x135, x158, uint64(x170)) 457 var x173 uint64 458 var x174 uint64 459 x173, x174 = bits.Add64(x137, x160, uint64(x172)) 460 var x175 uint64 461 var x176 uint64 462 x175, x176 = bits.Add64(x139, x162, uint64(x174)) 463 var x177 uint64 464 var x178 uint64 465 x177, x178 = bits.Add64(x141, x164, uint64(x176)) 466 var x179 uint64 467 var x180 uint64 468 x179, x180 = bits.Add64(x143, x166, uint64(x178)) 469 var x181 uint64 470 var x182 uint64 471 x181, x182 = bits.Add64(x145, x168, uint64(x180)) 472 var x183 uint64 473 _, x183 = bits.Mul64(x169, 0x89f3fffcfffcfffd) 474 var x185 uint64 475 var x186 uint64 476 x186, x185 = bits.Mul64(x183, 0x1a0111ea397fe69a) 477 var x187 uint64 478 var x188 uint64 479 x188, x187 = bits.Mul64(x183, 0x4b1ba7b6434bacd7) 480 var x189 uint64 481 var x190 uint64 482 x190, x189 = bits.Mul64(x183, 0x64774b84f38512bf) 483 var x191 uint64 484 var x192 uint64 485 x192, x191 = bits.Mul64(x183, 0x6730d2a0f6b0f624) 486 var x193 uint64 487 var x194 uint64 488 x194, x193 = bits.Mul64(x183, 0x1eabfffeb153ffff) 489 var x195 uint64 490 var x196 uint64 491 x196, x195 = bits.Mul64(x183, 0xb9feffffffffaaab) 492 var x197 uint64 493 var x198 uint64 494 x197, x198 = bits.Add64(x196, x193, uint64(0x0)) 495 var x199 uint64 496 var x200 uint64 497 x199, x200 = bits.Add64(x194, x191, uint64(x198)) 498 var x201 uint64 499 var x202 uint64 500 x201, x202 = bits.Add64(x192, x189, uint64(x200)) 501 var x203 uint64 502 var x204 uint64 503 x203, x204 = bits.Add64(x190, x187, uint64(x202)) 504 var x205 uint64 505 var x206 uint64 506 x205, x206 = bits.Add64(x188, x185, uint64(x204)) 507 x207 := (x206 + x186) 508 var x209 uint64 509 _, x209 = bits.Add64(x169, x195, uint64(0x0)) 510 var x210 uint64 511 var x211 uint64 512 x210, x211 = bits.Add64(x171, x197, uint64(x209)) 513 var x212 uint64 514 var x213 uint64 515 x212, x213 = bits.Add64(x173, x199, uint64(x211)) 516 var x214 uint64 517 var x215 uint64 518 x214, x215 = bits.Add64(x175, x201, uint64(x213)) 519 var x216 uint64 520 var x217 uint64 521 x216, x217 = bits.Add64(x177, x203, uint64(x215)) 522 var x218 uint64 523 var x219 uint64 524 x218, x219 = bits.Add64(x179, x205, uint64(x217)) 525 var x220 uint64 526 var x221 uint64 527 x220, x221 = bits.Add64(x181, x207, uint64(x219)) 528 x222 := (x221 + x182) 529 var x223 uint64 530 var x224 uint64 531 x224, x223 = bits.Mul64(x3, arg2[5]) 532 var x225 uint64 533 var x226 uint64 534 x226, x225 = bits.Mul64(x3, arg2[4]) 535 var x227 uint64 536 var x228 uint64 537 x228, x227 = bits.Mul64(x3, arg2[3]) 538 var x229 uint64 539 var x230 uint64 540 x230, x229 = bits.Mul64(x3, arg2[2]) 541 var x231 uint64 542 var x232 uint64 543 x232, x231 = bits.Mul64(x3, arg2[1]) 544 var x233 uint64 545 var x234 uint64 546 x234, x233 = bits.Mul64(x3, arg2[0]) 547 var x235 uint64 548 var x236 uint64 549 x235, x236 = bits.Add64(x234, x231, uint64(0x0)) 550 var x237 uint64 551 var x238 uint64 552 x237, x238 = bits.Add64(x232, x229, uint64(x236)) 553 var x239 uint64 554 var x240 uint64 555 x239, x240 = bits.Add64(x230, x227, uint64(x238)) 556 var x241 uint64 557 var x242 uint64 558 x241, x242 = bits.Add64(x228, x225, uint64(x240)) 559 var x243 uint64 560 var x244 uint64 561 x243, x244 = bits.Add64(x226, x223, uint64(x242)) 562 x245 := (x244 + x224) 563 var x246 uint64 564 var x247 uint64 565 x246, x247 = bits.Add64(x210, x233, uint64(0x0)) 566 var x248 uint64 567 var x249 uint64 568 x248, x249 = bits.Add64(x212, x235, uint64(x247)) 569 var x250 uint64 570 var x251 uint64 571 x250, x251 = bits.Add64(x214, x237, uint64(x249)) 572 var x252 uint64 573 var x253 uint64 574 x252, x253 = bits.Add64(x216, x239, uint64(x251)) 575 var x254 uint64 576 var x255 uint64 577 x254, x255 = bits.Add64(x218, x241, uint64(x253)) 578 var x256 uint64 579 var x257 uint64 580 x256, x257 = bits.Add64(x220, x243, uint64(x255)) 581 var x258 uint64 582 var x259 uint64 583 x258, x259 = bits.Add64(x222, x245, uint64(x257)) 584 var x260 uint64 585 _, x260 = bits.Mul64(x246, 0x89f3fffcfffcfffd) 586 var x262 uint64 587 var x263 uint64 588 x263, x262 = bits.Mul64(x260, 0x1a0111ea397fe69a) 589 var x264 uint64 590 var x265 uint64 591 x265, x264 = bits.Mul64(x260, 0x4b1ba7b6434bacd7) 592 var x266 uint64 593 var x267 uint64 594 x267, x266 = bits.Mul64(x260, 0x64774b84f38512bf) 595 var x268 uint64 596 var x269 uint64 597 x269, x268 = bits.Mul64(x260, 0x6730d2a0f6b0f624) 598 var x270 uint64 599 var x271 uint64 600 x271, x270 = bits.Mul64(x260, 0x1eabfffeb153ffff) 601 var x272 uint64 602 var x273 uint64 603 x273, x272 = bits.Mul64(x260, 0xb9feffffffffaaab) 604 var x274 uint64 605 var x275 uint64 606 x274, x275 = bits.Add64(x273, x270, uint64(0x0)) 607 var x276 uint64 608 var x277 uint64 609 x276, x277 = bits.Add64(x271, x268, uint64(x275)) 610 var x278 uint64 611 var x279 uint64 612 x278, x279 = bits.Add64(x269, x266, uint64(x277)) 613 var x280 uint64 614 var x281 uint64 615 x280, x281 = bits.Add64(x267, x264, uint64(x279)) 616 var x282 uint64 617 var x283 uint64 618 x282, x283 = bits.Add64(x265, x262, uint64(x281)) 619 x284 := (x283 + x263) 620 var x286 uint64 621 _, x286 = bits.Add64(x246, x272, uint64(0x0)) 622 var x287 uint64 623 var x288 uint64 624 x287, x288 = bits.Add64(x248, x274, uint64(x286)) 625 var x289 uint64 626 var x290 uint64 627 x289, x290 = bits.Add64(x250, x276, uint64(x288)) 628 var x291 uint64 629 var x292 uint64 630 x291, x292 = bits.Add64(x252, x278, uint64(x290)) 631 var x293 uint64 632 var x294 uint64 633 x293, x294 = bits.Add64(x254, x280, uint64(x292)) 634 var x295 uint64 635 var x296 uint64 636 x295, x296 = bits.Add64(x256, x282, uint64(x294)) 637 var x297 uint64 638 var x298 uint64 639 x297, x298 = bits.Add64(x258, x284, uint64(x296)) 640 x299 := (x298 + x259) 641 var x300 uint64 642 var x301 uint64 643 x301, x300 = bits.Mul64(x4, arg2[5]) 644 var x302 uint64 645 var x303 uint64 646 x303, x302 = bits.Mul64(x4, arg2[4]) 647 var x304 uint64 648 var x305 uint64 649 x305, x304 = bits.Mul64(x4, arg2[3]) 650 var x306 uint64 651 var x307 uint64 652 x307, x306 = bits.Mul64(x4, arg2[2]) 653 var x308 uint64 654 var x309 uint64 655 x309, x308 = bits.Mul64(x4, arg2[1]) 656 var x310 uint64 657 var x311 uint64 658 x311, x310 = bits.Mul64(x4, arg2[0]) 659 var x312 uint64 660 var x313 uint64 661 x312, x313 = bits.Add64(x311, x308, uint64(0x0)) 662 var x314 uint64 663 var x315 uint64 664 x314, x315 = bits.Add64(x309, x306, uint64(x313)) 665 var x316 uint64 666 var x317 uint64 667 x316, x317 = bits.Add64(x307, x304, uint64(x315)) 668 var x318 uint64 669 var x319 uint64 670 x318, x319 = bits.Add64(x305, x302, uint64(x317)) 671 var x320 uint64 672 var x321 uint64 673 x320, x321 = bits.Add64(x303, x300, uint64(x319)) 674 x322 := (x321 + x301) 675 var x323 uint64 676 var x324 uint64 677 x323, x324 = bits.Add64(x287, x310, uint64(0x0)) 678 var x325 uint64 679 var x326 uint64 680 x325, x326 = bits.Add64(x289, x312, uint64(x324)) 681 var x327 uint64 682 var x328 uint64 683 x327, x328 = bits.Add64(x291, x314, uint64(x326)) 684 var x329 uint64 685 var x330 uint64 686 x329, x330 = bits.Add64(x293, x316, uint64(x328)) 687 var x331 uint64 688 var x332 uint64 689 x331, x332 = bits.Add64(x295, x318, uint64(x330)) 690 var x333 uint64 691 var x334 uint64 692 x333, x334 = bits.Add64(x297, x320, uint64(x332)) 693 var x335 uint64 694 var x336 uint64 695 x335, x336 = bits.Add64(x299, x322, uint64(x334)) 696 var x337 uint64 697 _, x337 = bits.Mul64(x323, 0x89f3fffcfffcfffd) 698 var x339 uint64 699 var x340 uint64 700 x340, x339 = bits.Mul64(x337, 0x1a0111ea397fe69a) 701 var x341 uint64 702 var x342 uint64 703 x342, x341 = bits.Mul64(x337, 0x4b1ba7b6434bacd7) 704 var x343 uint64 705 var x344 uint64 706 x344, x343 = bits.Mul64(x337, 0x64774b84f38512bf) 707 var x345 uint64 708 var x346 uint64 709 x346, x345 = bits.Mul64(x337, 0x6730d2a0f6b0f624) 710 var x347 uint64 711 var x348 uint64 712 x348, x347 = bits.Mul64(x337, 0x1eabfffeb153ffff) 713 var x349 uint64 714 var x350 uint64 715 x350, x349 = bits.Mul64(x337, 0xb9feffffffffaaab) 716 var x351 uint64 717 var x352 uint64 718 x351, x352 = bits.Add64(x350, x347, uint64(0x0)) 719 var x353 uint64 720 var x354 uint64 721 x353, x354 = bits.Add64(x348, x345, uint64(x352)) 722 var x355 uint64 723 var x356 uint64 724 x355, x356 = bits.Add64(x346, x343, uint64(x354)) 725 var x357 uint64 726 var x358 uint64 727 x357, x358 = bits.Add64(x344, x341, uint64(x356)) 728 var x359 uint64 729 var x360 uint64 730 x359, x360 = bits.Add64(x342, x339, uint64(x358)) 731 x361 := (x360 + x340) 732 var x363 uint64 733 _, x363 = bits.Add64(x323, x349, uint64(0x0)) 734 var x364 uint64 735 var x365 uint64 736 x364, x365 = bits.Add64(x325, x351, uint64(x363)) 737 var x366 uint64 738 var x367 uint64 739 x366, x367 = bits.Add64(x327, x353, uint64(x365)) 740 var x368 uint64 741 var x369 uint64 742 x368, x369 = bits.Add64(x329, x355, uint64(x367)) 743 var x370 uint64 744 var x371 uint64 745 x370, x371 = bits.Add64(x331, x357, uint64(x369)) 746 var x372 uint64 747 var x373 uint64 748 x372, x373 = bits.Add64(x333, x359, uint64(x371)) 749 var x374 uint64 750 var x375 uint64 751 x374, x375 = bits.Add64(x335, x361, uint64(x373)) 752 x376 := (x375 + x336) 753 var x377 uint64 754 var x378 uint64 755 x378, x377 = bits.Mul64(x5, arg2[5]) 756 var x379 uint64 757 var x380 uint64 758 x380, x379 = bits.Mul64(x5, arg2[4]) 759 var x381 uint64 760 var x382 uint64 761 x382, x381 = bits.Mul64(x5, arg2[3]) 762 var x383 uint64 763 var x384 uint64 764 x384, x383 = bits.Mul64(x5, arg2[2]) 765 var x385 uint64 766 var x386 uint64 767 x386, x385 = bits.Mul64(x5, arg2[1]) 768 var x387 uint64 769 var x388 uint64 770 x388, x387 = bits.Mul64(x5, arg2[0]) 771 var x389 uint64 772 var x390 uint64 773 x389, x390 = bits.Add64(x388, x385, uint64(0x0)) 774 var x391 uint64 775 var x392 uint64 776 x391, x392 = bits.Add64(x386, x383, uint64(x390)) 777 var x393 uint64 778 var x394 uint64 779 x393, x394 = bits.Add64(x384, x381, uint64(x392)) 780 var x395 uint64 781 var x396 uint64 782 x395, x396 = bits.Add64(x382, x379, uint64(x394)) 783 var x397 uint64 784 var x398 uint64 785 x397, x398 = bits.Add64(x380, x377, uint64(x396)) 786 x399 := (x398 + x378) 787 var x400 uint64 788 var x401 uint64 789 x400, x401 = bits.Add64(x364, x387, uint64(0x0)) 790 var x402 uint64 791 var x403 uint64 792 x402, x403 = bits.Add64(x366, x389, uint64(x401)) 793 var x404 uint64 794 var x405 uint64 795 x404, x405 = bits.Add64(x368, x391, uint64(x403)) 796 var x406 uint64 797 var x407 uint64 798 x406, x407 = bits.Add64(x370, x393, uint64(x405)) 799 var x408 uint64 800 var x409 uint64 801 x408, x409 = bits.Add64(x372, x395, uint64(x407)) 802 var x410 uint64 803 var x411 uint64 804 x410, x411 = bits.Add64(x374, x397, uint64(x409)) 805 var x412 uint64 806 var x413 uint64 807 x412, x413 = bits.Add64(x376, x399, uint64(x411)) 808 var x414 uint64 809 _, x414 = bits.Mul64(x400, 0x89f3fffcfffcfffd) 810 var x416 uint64 811 var x417 uint64 812 x417, x416 = bits.Mul64(x414, 0x1a0111ea397fe69a) 813 var x418 uint64 814 var x419 uint64 815 x419, x418 = bits.Mul64(x414, 0x4b1ba7b6434bacd7) 816 var x420 uint64 817 var x421 uint64 818 x421, x420 = bits.Mul64(x414, 0x64774b84f38512bf) 819 var x422 uint64 820 var x423 uint64 821 x423, x422 = bits.Mul64(x414, 0x6730d2a0f6b0f624) 822 var x424 uint64 823 var x425 uint64 824 x425, x424 = bits.Mul64(x414, 0x1eabfffeb153ffff) 825 var x426 uint64 826 var x427 uint64 827 x427, x426 = bits.Mul64(x414, 0xb9feffffffffaaab) 828 var x428 uint64 829 var x429 uint64 830 x428, x429 = bits.Add64(x427, x424, uint64(0x0)) 831 var x430 uint64 832 var x431 uint64 833 x430, x431 = bits.Add64(x425, x422, uint64(x429)) 834 var x432 uint64 835 var x433 uint64 836 x432, x433 = bits.Add64(x423, x420, uint64(x431)) 837 var x434 uint64 838 var x435 uint64 839 x434, x435 = bits.Add64(x421, x418, uint64(x433)) 840 var x436 uint64 841 var x437 uint64 842 x436, x437 = bits.Add64(x419, x416, uint64(x435)) 843 x438 := (x437 + x417) 844 var x440 uint64 845 _, x440 = bits.Add64(x400, x426, uint64(0x0)) 846 var x441 uint64 847 var x442 uint64 848 x441, x442 = bits.Add64(x402, x428, uint64(x440)) 849 var x443 uint64 850 var x444 uint64 851 x443, x444 = bits.Add64(x404, x430, uint64(x442)) 852 var x445 uint64 853 var x446 uint64 854 x445, x446 = bits.Add64(x406, x432, uint64(x444)) 855 var x447 uint64 856 var x448 uint64 857 x447, x448 = bits.Add64(x408, x434, uint64(x446)) 858 var x449 uint64 859 var x450 uint64 860 x449, x450 = bits.Add64(x410, x436, uint64(x448)) 861 var x451 uint64 862 var x452 uint64 863 x451, x452 = bits.Add64(x412, x438, uint64(x450)) 864 x453 := (x452 + x413) 865 var x454 uint64 866 var x455 uint64 867 x454, x455 = bits.Sub64(x441, 0xb9feffffffffaaab, uint64(uint64(0x0))) 868 var x456 uint64 869 var x457 uint64 870 x456, x457 = bits.Sub64(x443, 0x1eabfffeb153ffff, uint64(x455)) 871 var x458 uint64 872 var x459 uint64 873 x458, x459 = bits.Sub64(x445, 0x6730d2a0f6b0f624, uint64(x457)) 874 var x460 uint64 875 var x461 uint64 876 x460, x461 = bits.Sub64(x447, 0x64774b84f38512bf, uint64(x459)) 877 var x462 uint64 878 var x463 uint64 879 x462, x463 = bits.Sub64(x449, 0x4b1ba7b6434bacd7, uint64(x461)) 880 var x464 uint64 881 var x465 uint64 882 x464, x465 = bits.Sub64(x451, 0x1a0111ea397fe69a, uint64(x463)) 883 var x467 uint64 884 _, x467 = bits.Sub64(x453, uint64(0x0), uint64(x465)) 885 var x468 uint64 886 fiatFpMontCmovznzU64(&x468, x467, x454, x441) 887 var x469 uint64 888 fiatFpMontCmovznzU64(&x469, x467, x456, x443) 889 var x470 uint64 890 fiatFpMontCmovznzU64(&x470, x467, x458, x445) 891 var x471 uint64 892 fiatFpMontCmovznzU64(&x471, x467, x460, x447) 893 var x472 uint64 894 fiatFpMontCmovznzU64(&x472, x467, x462, x449) 895 var x473 uint64 896 fiatFpMontCmovznzU64(&x473, x467, x464, x451) 897 out1[0] = x468 898 out1[1] = x469 899 out1[2] = x470 900 out1[3] = x471 901 out1[4] = x472 902 out1[5] = x473 903 } 904 905 // The function fiatFpMontSquare squares a field element in the Montgomery domain. 906 // 907 // Preconditions: 908 // 909 // 0 ≤ eval arg1 < m 910 // 911 // Postconditions: 912 // 913 // eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg1)) mod m 914 // 0 ≤ eval out1 < m 915 // 916 // Input Bounds: 917 // 918 // arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] 919 // 920 // Output Bounds: 921 // 922 // out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] 923 func fiatFpMontSquare(out1 *[6]uint64, arg1 *[6]uint64) { 924 x1 := arg1[1] 925 x2 := arg1[2] 926 x3 := arg1[3] 927 x4 := arg1[4] 928 x5 := arg1[5] 929 x6 := arg1[0] 930 var x7 uint64 931 var x8 uint64 932 x8, x7 = bits.Mul64(x6, arg1[5]) 933 var x9 uint64 934 var x10 uint64 935 x10, x9 = bits.Mul64(x6, arg1[4]) 936 var x11 uint64 937 var x12 uint64 938 x12, x11 = bits.Mul64(x6, arg1[3]) 939 var x13 uint64 940 var x14 uint64 941 x14, x13 = bits.Mul64(x6, arg1[2]) 942 var x15 uint64 943 var x16 uint64 944 x16, x15 = bits.Mul64(x6, arg1[1]) 945 var x17 uint64 946 var x18 uint64 947 x18, x17 = bits.Mul64(x6, arg1[0]) 948 var x19 uint64 949 var x20 uint64 950 x19, x20 = bits.Add64(x18, x15, uint64(0x0)) 951 var x21 uint64 952 var x22 uint64 953 x21, x22 = bits.Add64(x16, x13, uint64(x20)) 954 var x23 uint64 955 var x24 uint64 956 x23, x24 = bits.Add64(x14, x11, uint64(x22)) 957 var x25 uint64 958 var x26 uint64 959 x25, x26 = bits.Add64(x12, x9, uint64(x24)) 960 var x27 uint64 961 var x28 uint64 962 x27, x28 = bits.Add64(x10, x7, uint64(x26)) 963 x29 := (x28 + x8) 964 var x30 uint64 965 _, x30 = bits.Mul64(x17, 0x89f3fffcfffcfffd) 966 var x32 uint64 967 var x33 uint64 968 x33, x32 = bits.Mul64(x30, 0x1a0111ea397fe69a) 969 var x34 uint64 970 var x35 uint64 971 x35, x34 = bits.Mul64(x30, 0x4b1ba7b6434bacd7) 972 var x36 uint64 973 var x37 uint64 974 x37, x36 = bits.Mul64(x30, 0x64774b84f38512bf) 975 var x38 uint64 976 var x39 uint64 977 x39, x38 = bits.Mul64(x30, 0x6730d2a0f6b0f624) 978 var x40 uint64 979 var x41 uint64 980 x41, x40 = bits.Mul64(x30, 0x1eabfffeb153ffff) 981 var x42 uint64 982 var x43 uint64 983 x43, x42 = bits.Mul64(x30, 0xb9feffffffffaaab) 984 var x44 uint64 985 var x45 uint64 986 x44, x45 = bits.Add64(x43, x40, uint64(0x0)) 987 var x46 uint64 988 var x47 uint64 989 x46, x47 = bits.Add64(x41, x38, uint64(x45)) 990 var x48 uint64 991 var x49 uint64 992 x48, x49 = bits.Add64(x39, x36, uint64(x47)) 993 var x50 uint64 994 var x51 uint64 995 x50, x51 = bits.Add64(x37, x34, uint64(x49)) 996 var x52 uint64 997 var x53 uint64 998 x52, x53 = bits.Add64(x35, x32, uint64(x51)) 999 x54 := (x53 + x33) 1000 var x56 uint64 1001 _, x56 = bits.Add64(x17, x42, uint64(0x0)) 1002 var x57 uint64 1003 var x58 uint64 1004 x57, x58 = bits.Add64(x19, x44, uint64(x56)) 1005 var x59 uint64 1006 var x60 uint64 1007 x59, x60 = bits.Add64(x21, x46, uint64(x58)) 1008 var x61 uint64 1009 var x62 uint64 1010 x61, x62 = bits.Add64(x23, x48, uint64(x60)) 1011 var x63 uint64 1012 var x64 uint64 1013 x63, x64 = bits.Add64(x25, x50, uint64(x62)) 1014 var x65 uint64 1015 var x66 uint64 1016 x65, x66 = bits.Add64(x27, x52, uint64(x64)) 1017 var x67 uint64 1018 var x68 uint64 1019 x67, x68 = bits.Add64(x29, x54, uint64(x66)) 1020 var x69 uint64 1021 var x70 uint64 1022 x70, x69 = bits.Mul64(x1, arg1[5]) 1023 var x71 uint64 1024 var x72 uint64 1025 x72, x71 = bits.Mul64(x1, arg1[4]) 1026 var x73 uint64 1027 var x74 uint64 1028 x74, x73 = bits.Mul64(x1, arg1[3]) 1029 var x75 uint64 1030 var x76 uint64 1031 x76, x75 = bits.Mul64(x1, arg1[2]) 1032 var x77 uint64 1033 var x78 uint64 1034 x78, x77 = bits.Mul64(x1, arg1[1]) 1035 var x79 uint64 1036 var x80 uint64 1037 x80, x79 = bits.Mul64(x1, arg1[0]) 1038 var x81 uint64 1039 var x82 uint64 1040 x81, x82 = bits.Add64(x80, x77, uint64(0x0)) 1041 var x83 uint64 1042 var x84 uint64 1043 x83, x84 = bits.Add64(x78, x75, uint64(x82)) 1044 var x85 uint64 1045 var x86 uint64 1046 x85, x86 = bits.Add64(x76, x73, uint64(x84)) 1047 var x87 uint64 1048 var x88 uint64 1049 x87, x88 = bits.Add64(x74, x71, uint64(x86)) 1050 var x89 uint64 1051 var x90 uint64 1052 x89, x90 = bits.Add64(x72, x69, uint64(x88)) 1053 x91 := (x90 + x70) 1054 var x92 uint64 1055 var x93 uint64 1056 x92, x93 = bits.Add64(x57, x79, uint64(0x0)) 1057 var x94 uint64 1058 var x95 uint64 1059 x94, x95 = bits.Add64(x59, x81, uint64(x93)) 1060 var x96 uint64 1061 var x97 uint64 1062 x96, x97 = bits.Add64(x61, x83, uint64(x95)) 1063 var x98 uint64 1064 var x99 uint64 1065 x98, x99 = bits.Add64(x63, x85, uint64(x97)) 1066 var x100 uint64 1067 var x101 uint64 1068 x100, x101 = bits.Add64(x65, x87, uint64(x99)) 1069 var x102 uint64 1070 var x103 uint64 1071 x102, x103 = bits.Add64(x67, x89, uint64(x101)) 1072 var x104 uint64 1073 var x105 uint64 1074 x104, x105 = bits.Add64(x68, x91, uint64(x103)) 1075 var x106 uint64 1076 _, x106 = bits.Mul64(x92, 0x89f3fffcfffcfffd) 1077 var x108 uint64 1078 var x109 uint64 1079 x109, x108 = bits.Mul64(x106, 0x1a0111ea397fe69a) 1080 var x110 uint64 1081 var x111 uint64 1082 x111, x110 = bits.Mul64(x106, 0x4b1ba7b6434bacd7) 1083 var x112 uint64 1084 var x113 uint64 1085 x113, x112 = bits.Mul64(x106, 0x64774b84f38512bf) 1086 var x114 uint64 1087 var x115 uint64 1088 x115, x114 = bits.Mul64(x106, 0x6730d2a0f6b0f624) 1089 var x116 uint64 1090 var x117 uint64 1091 x117, x116 = bits.Mul64(x106, 0x1eabfffeb153ffff) 1092 var x118 uint64 1093 var x119 uint64 1094 x119, x118 = bits.Mul64(x106, 0xb9feffffffffaaab) 1095 var x120 uint64 1096 var x121 uint64 1097 x120, x121 = bits.Add64(x119, x116, uint64(0x0)) 1098 var x122 uint64 1099 var x123 uint64 1100 x122, x123 = bits.Add64(x117, x114, uint64(x121)) 1101 var x124 uint64 1102 var x125 uint64 1103 x124, x125 = bits.Add64(x115, x112, uint64(x123)) 1104 var x126 uint64 1105 var x127 uint64 1106 x126, x127 = bits.Add64(x113, x110, uint64(x125)) 1107 var x128 uint64 1108 var x129 uint64 1109 x128, x129 = bits.Add64(x111, x108, uint64(x127)) 1110 x130 := (x129 + x109) 1111 var x132 uint64 1112 _, x132 = bits.Add64(x92, x118, uint64(0x0)) 1113 var x133 uint64 1114 var x134 uint64 1115 x133, x134 = bits.Add64(x94, x120, uint64(x132)) 1116 var x135 uint64 1117 var x136 uint64 1118 x135, x136 = bits.Add64(x96, x122, uint64(x134)) 1119 var x137 uint64 1120 var x138 uint64 1121 x137, x138 = bits.Add64(x98, x124, uint64(x136)) 1122 var x139 uint64 1123 var x140 uint64 1124 x139, x140 = bits.Add64(x100, x126, uint64(x138)) 1125 var x141 uint64 1126 var x142 uint64 1127 x141, x142 = bits.Add64(x102, x128, uint64(x140)) 1128 var x143 uint64 1129 var x144 uint64 1130 x143, x144 = bits.Add64(x104, x130, uint64(x142)) 1131 x145 := (x144 + x105) 1132 var x146 uint64 1133 var x147 uint64 1134 x147, x146 = bits.Mul64(x2, arg1[5]) 1135 var x148 uint64 1136 var x149 uint64 1137 x149, x148 = bits.Mul64(x2, arg1[4]) 1138 var x150 uint64 1139 var x151 uint64 1140 x151, x150 = bits.Mul64(x2, arg1[3]) 1141 var x152 uint64 1142 var x153 uint64 1143 x153, x152 = bits.Mul64(x2, arg1[2]) 1144 var x154 uint64 1145 var x155 uint64 1146 x155, x154 = bits.Mul64(x2, arg1[1]) 1147 var x156 uint64 1148 var x157 uint64 1149 x157, x156 = bits.Mul64(x2, arg1[0]) 1150 var x158 uint64 1151 var x159 uint64 1152 x158, x159 = bits.Add64(x157, x154, uint64(0x0)) 1153 var x160 uint64 1154 var x161 uint64 1155 x160, x161 = bits.Add64(x155, x152, uint64(x159)) 1156 var x162 uint64 1157 var x163 uint64 1158 x162, x163 = bits.Add64(x153, x150, uint64(x161)) 1159 var x164 uint64 1160 var x165 uint64 1161 x164, x165 = bits.Add64(x151, x148, uint64(x163)) 1162 var x166 uint64 1163 var x167 uint64 1164 x166, x167 = bits.Add64(x149, x146, uint64(x165)) 1165 x168 := (x167 + x147) 1166 var x169 uint64 1167 var x170 uint64 1168 x169, x170 = bits.Add64(x133, x156, uint64(0x0)) 1169 var x171 uint64 1170 var x172 uint64 1171 x171, x172 = bits.Add64(x135, x158, uint64(x170)) 1172 var x173 uint64 1173 var x174 uint64 1174 x173, x174 = bits.Add64(x137, x160, uint64(x172)) 1175 var x175 uint64 1176 var x176 uint64 1177 x175, x176 = bits.Add64(x139, x162, uint64(x174)) 1178 var x177 uint64 1179 var x178 uint64 1180 x177, x178 = bits.Add64(x141, x164, uint64(x176)) 1181 var x179 uint64 1182 var x180 uint64 1183 x179, x180 = bits.Add64(x143, x166, uint64(x178)) 1184 var x181 uint64 1185 var x182 uint64 1186 x181, x182 = bits.Add64(x145, x168, uint64(x180)) 1187 var x183 uint64 1188 _, x183 = bits.Mul64(x169, 0x89f3fffcfffcfffd) 1189 var x185 uint64 1190 var x186 uint64 1191 x186, x185 = bits.Mul64(x183, 0x1a0111ea397fe69a) 1192 var x187 uint64 1193 var x188 uint64 1194 x188, x187 = bits.Mul64(x183, 0x4b1ba7b6434bacd7) 1195 var x189 uint64 1196 var x190 uint64 1197 x190, x189 = bits.Mul64(x183, 0x64774b84f38512bf) 1198 var x191 uint64 1199 var x192 uint64 1200 x192, x191 = bits.Mul64(x183, 0x6730d2a0f6b0f624) 1201 var x193 uint64 1202 var x194 uint64 1203 x194, x193 = bits.Mul64(x183, 0x1eabfffeb153ffff) 1204 var x195 uint64 1205 var x196 uint64 1206 x196, x195 = bits.Mul64(x183, 0xb9feffffffffaaab) 1207 var x197 uint64 1208 var x198 uint64 1209 x197, x198 = bits.Add64(x196, x193, uint64(0x0)) 1210 var x199 uint64 1211 var x200 uint64 1212 x199, x200 = bits.Add64(x194, x191, uint64(x198)) 1213 var x201 uint64 1214 var x202 uint64 1215 x201, x202 = bits.Add64(x192, x189, uint64(x200)) 1216 var x203 uint64 1217 var x204 uint64 1218 x203, x204 = bits.Add64(x190, x187, uint64(x202)) 1219 var x205 uint64 1220 var x206 uint64 1221 x205, x206 = bits.Add64(x188, x185, uint64(x204)) 1222 x207 := (x206 + x186) 1223 var x209 uint64 1224 _, x209 = bits.Add64(x169, x195, uint64(0x0)) 1225 var x210 uint64 1226 var x211 uint64 1227 x210, x211 = bits.Add64(x171, x197, uint64(x209)) 1228 var x212 uint64 1229 var x213 uint64 1230 x212, x213 = bits.Add64(x173, x199, uint64(x211)) 1231 var x214 uint64 1232 var x215 uint64 1233 x214, x215 = bits.Add64(x175, x201, uint64(x213)) 1234 var x216 uint64 1235 var x217 uint64 1236 x216, x217 = bits.Add64(x177, x203, uint64(x215)) 1237 var x218 uint64 1238 var x219 uint64 1239 x218, x219 = bits.Add64(x179, x205, uint64(x217)) 1240 var x220 uint64 1241 var x221 uint64 1242 x220, x221 = bits.Add64(x181, x207, uint64(x219)) 1243 x222 := (x221 + x182) 1244 var x223 uint64 1245 var x224 uint64 1246 x224, x223 = bits.Mul64(x3, arg1[5]) 1247 var x225 uint64 1248 var x226 uint64 1249 x226, x225 = bits.Mul64(x3, arg1[4]) 1250 var x227 uint64 1251 var x228 uint64 1252 x228, x227 = bits.Mul64(x3, arg1[3]) 1253 var x229 uint64 1254 var x230 uint64 1255 x230, x229 = bits.Mul64(x3, arg1[2]) 1256 var x231 uint64 1257 var x232 uint64 1258 x232, x231 = bits.Mul64(x3, arg1[1]) 1259 var x233 uint64 1260 var x234 uint64 1261 x234, x233 = bits.Mul64(x3, arg1[0]) 1262 var x235 uint64 1263 var x236 uint64 1264 x235, x236 = bits.Add64(x234, x231, uint64(0x0)) 1265 var x237 uint64 1266 var x238 uint64 1267 x237, x238 = bits.Add64(x232, x229, uint64(x236)) 1268 var x239 uint64 1269 var x240 uint64 1270 x239, x240 = bits.Add64(x230, x227, uint64(x238)) 1271 var x241 uint64 1272 var x242 uint64 1273 x241, x242 = bits.Add64(x228, x225, uint64(x240)) 1274 var x243 uint64 1275 var x244 uint64 1276 x243, x244 = bits.Add64(x226, x223, uint64(x242)) 1277 x245 := (x244 + x224) 1278 var x246 uint64 1279 var x247 uint64 1280 x246, x247 = bits.Add64(x210, x233, uint64(0x0)) 1281 var x248 uint64 1282 var x249 uint64 1283 x248, x249 = bits.Add64(x212, x235, uint64(x247)) 1284 var x250 uint64 1285 var x251 uint64 1286 x250, x251 = bits.Add64(x214, x237, uint64(x249)) 1287 var x252 uint64 1288 var x253 uint64 1289 x252, x253 = bits.Add64(x216, x239, uint64(x251)) 1290 var x254 uint64 1291 var x255 uint64 1292 x254, x255 = bits.Add64(x218, x241, uint64(x253)) 1293 var x256 uint64 1294 var x257 uint64 1295 x256, x257 = bits.Add64(x220, x243, uint64(x255)) 1296 var x258 uint64 1297 var x259 uint64 1298 x258, x259 = bits.Add64(x222, x245, uint64(x257)) 1299 var x260 uint64 1300 _, x260 = bits.Mul64(x246, 0x89f3fffcfffcfffd) 1301 var x262 uint64 1302 var x263 uint64 1303 x263, x262 = bits.Mul64(x260, 0x1a0111ea397fe69a) 1304 var x264 uint64 1305 var x265 uint64 1306 x265, x264 = bits.Mul64(x260, 0x4b1ba7b6434bacd7) 1307 var x266 uint64 1308 var x267 uint64 1309 x267, x266 = bits.Mul64(x260, 0x64774b84f38512bf) 1310 var x268 uint64 1311 var x269 uint64 1312 x269, x268 = bits.Mul64(x260, 0x6730d2a0f6b0f624) 1313 var x270 uint64 1314 var x271 uint64 1315 x271, x270 = bits.Mul64(x260, 0x1eabfffeb153ffff) 1316 var x272 uint64 1317 var x273 uint64 1318 x273, x272 = bits.Mul64(x260, 0xb9feffffffffaaab) 1319 var x274 uint64 1320 var x275 uint64 1321 x274, x275 = bits.Add64(x273, x270, uint64(0x0)) 1322 var x276 uint64 1323 var x277 uint64 1324 x276, x277 = bits.Add64(x271, x268, uint64(x275)) 1325 var x278 uint64 1326 var x279 uint64 1327 x278, x279 = bits.Add64(x269, x266, uint64(x277)) 1328 var x280 uint64 1329 var x281 uint64 1330 x280, x281 = bits.Add64(x267, x264, uint64(x279)) 1331 var x282 uint64 1332 var x283 uint64 1333 x282, x283 = bits.Add64(x265, x262, uint64(x281)) 1334 x284 := (x283 + x263) 1335 var x286 uint64 1336 _, x286 = bits.Add64(x246, x272, uint64(0x0)) 1337 var x287 uint64 1338 var x288 uint64 1339 x287, x288 = bits.Add64(x248, x274, uint64(x286)) 1340 var x289 uint64 1341 var x290 uint64 1342 x289, x290 = bits.Add64(x250, x276, uint64(x288)) 1343 var x291 uint64 1344 var x292 uint64 1345 x291, x292 = bits.Add64(x252, x278, uint64(x290)) 1346 var x293 uint64 1347 var x294 uint64 1348 x293, x294 = bits.Add64(x254, x280, uint64(x292)) 1349 var x295 uint64 1350 var x296 uint64 1351 x295, x296 = bits.Add64(x256, x282, uint64(x294)) 1352 var x297 uint64 1353 var x298 uint64 1354 x297, x298 = bits.Add64(x258, x284, uint64(x296)) 1355 x299 := (x298 + x259) 1356 var x300 uint64 1357 var x301 uint64 1358 x301, x300 = bits.Mul64(x4, arg1[5]) 1359 var x302 uint64 1360 var x303 uint64 1361 x303, x302 = bits.Mul64(x4, arg1[4]) 1362 var x304 uint64 1363 var x305 uint64 1364 x305, x304 = bits.Mul64(x4, arg1[3]) 1365 var x306 uint64 1366 var x307 uint64 1367 x307, x306 = bits.Mul64(x4, arg1[2]) 1368 var x308 uint64 1369 var x309 uint64 1370 x309, x308 = bits.Mul64(x4, arg1[1]) 1371 var x310 uint64 1372 var x311 uint64 1373 x311, x310 = bits.Mul64(x4, arg1[0]) 1374 var x312 uint64 1375 var x313 uint64 1376 x312, x313 = bits.Add64(x311, x308, uint64(0x0)) 1377 var x314 uint64 1378 var x315 uint64 1379 x314, x315 = bits.Add64(x309, x306, uint64(x313)) 1380 var x316 uint64 1381 var x317 uint64 1382 x316, x317 = bits.Add64(x307, x304, uint64(x315)) 1383 var x318 uint64 1384 var x319 uint64 1385 x318, x319 = bits.Add64(x305, x302, uint64(x317)) 1386 var x320 uint64 1387 var x321 uint64 1388 x320, x321 = bits.Add64(x303, x300, uint64(x319)) 1389 x322 := (x321 + x301) 1390 var x323 uint64 1391 var x324 uint64 1392 x323, x324 = bits.Add64(x287, x310, uint64(0x0)) 1393 var x325 uint64 1394 var x326 uint64 1395 x325, x326 = bits.Add64(x289, x312, uint64(x324)) 1396 var x327 uint64 1397 var x328 uint64 1398 x327, x328 = bits.Add64(x291, x314, uint64(x326)) 1399 var x329 uint64 1400 var x330 uint64 1401 x329, x330 = bits.Add64(x293, x316, uint64(x328)) 1402 var x331 uint64 1403 var x332 uint64 1404 x331, x332 = bits.Add64(x295, x318, uint64(x330)) 1405 var x333 uint64 1406 var x334 uint64 1407 x333, x334 = bits.Add64(x297, x320, uint64(x332)) 1408 var x335 uint64 1409 var x336 uint64 1410 x335, x336 = bits.Add64(x299, x322, uint64(x334)) 1411 var x337 uint64 1412 _, x337 = bits.Mul64(x323, 0x89f3fffcfffcfffd) 1413 var x339 uint64 1414 var x340 uint64 1415 x340, x339 = bits.Mul64(x337, 0x1a0111ea397fe69a) 1416 var x341 uint64 1417 var x342 uint64 1418 x342, x341 = bits.Mul64(x337, 0x4b1ba7b6434bacd7) 1419 var x343 uint64 1420 var x344 uint64 1421 x344, x343 = bits.Mul64(x337, 0x64774b84f38512bf) 1422 var x345 uint64 1423 var x346 uint64 1424 x346, x345 = bits.Mul64(x337, 0x6730d2a0f6b0f624) 1425 var x347 uint64 1426 var x348 uint64 1427 x348, x347 = bits.Mul64(x337, 0x1eabfffeb153ffff) 1428 var x349 uint64 1429 var x350 uint64 1430 x350, x349 = bits.Mul64(x337, 0xb9feffffffffaaab) 1431 var x351 uint64 1432 var x352 uint64 1433 x351, x352 = bits.Add64(x350, x347, uint64(0x0)) 1434 var x353 uint64 1435 var x354 uint64 1436 x353, x354 = bits.Add64(x348, x345, uint64(x352)) 1437 var x355 uint64 1438 var x356 uint64 1439 x355, x356 = bits.Add64(x346, x343, uint64(x354)) 1440 var x357 uint64 1441 var x358 uint64 1442 x357, x358 = bits.Add64(x344, x341, uint64(x356)) 1443 var x359 uint64 1444 var x360 uint64 1445 x359, x360 = bits.Add64(x342, x339, uint64(x358)) 1446 x361 := (x360 + x340) 1447 var x363 uint64 1448 _, x363 = bits.Add64(x323, x349, uint64(0x0)) 1449 var x364 uint64 1450 var x365 uint64 1451 x364, x365 = bits.Add64(x325, x351, uint64(x363)) 1452 var x366 uint64 1453 var x367 uint64 1454 x366, x367 = bits.Add64(x327, x353, uint64(x365)) 1455 var x368 uint64 1456 var x369 uint64 1457 x368, x369 = bits.Add64(x329, x355, uint64(x367)) 1458 var x370 uint64 1459 var x371 uint64 1460 x370, x371 = bits.Add64(x331, x357, uint64(x369)) 1461 var x372 uint64 1462 var x373 uint64 1463 x372, x373 = bits.Add64(x333, x359, uint64(x371)) 1464 var x374 uint64 1465 var x375 uint64 1466 x374, x375 = bits.Add64(x335, x361, uint64(x373)) 1467 x376 := (x375 + x336) 1468 var x377 uint64 1469 var x378 uint64 1470 x378, x377 = bits.Mul64(x5, arg1[5]) 1471 var x379 uint64 1472 var x380 uint64 1473 x380, x379 = bits.Mul64(x5, arg1[4]) 1474 var x381 uint64 1475 var x382 uint64 1476 x382, x381 = bits.Mul64(x5, arg1[3]) 1477 var x383 uint64 1478 var x384 uint64 1479 x384, x383 = bits.Mul64(x5, arg1[2]) 1480 var x385 uint64 1481 var x386 uint64 1482 x386, x385 = bits.Mul64(x5, arg1[1]) 1483 var x387 uint64 1484 var x388 uint64 1485 x388, x387 = bits.Mul64(x5, arg1[0]) 1486 var x389 uint64 1487 var x390 uint64 1488 x389, x390 = bits.Add64(x388, x385, uint64(0x0)) 1489 var x391 uint64 1490 var x392 uint64 1491 x391, x392 = bits.Add64(x386, x383, uint64(x390)) 1492 var x393 uint64 1493 var x394 uint64 1494 x393, x394 = bits.Add64(x384, x381, uint64(x392)) 1495 var x395 uint64 1496 var x396 uint64 1497 x395, x396 = bits.Add64(x382, x379, uint64(x394)) 1498 var x397 uint64 1499 var x398 uint64 1500 x397, x398 = bits.Add64(x380, x377, uint64(x396)) 1501 x399 := (x398 + x378) 1502 var x400 uint64 1503 var x401 uint64 1504 x400, x401 = bits.Add64(x364, x387, uint64(0x0)) 1505 var x402 uint64 1506 var x403 uint64 1507 x402, x403 = bits.Add64(x366, x389, uint64(x401)) 1508 var x404 uint64 1509 var x405 uint64 1510 x404, x405 = bits.Add64(x368, x391, uint64(x403)) 1511 var x406 uint64 1512 var x407 uint64 1513 x406, x407 = bits.Add64(x370, x393, uint64(x405)) 1514 var x408 uint64 1515 var x409 uint64 1516 x408, x409 = bits.Add64(x372, x395, uint64(x407)) 1517 var x410 uint64 1518 var x411 uint64 1519 x410, x411 = bits.Add64(x374, x397, uint64(x409)) 1520 var x412 uint64 1521 var x413 uint64 1522 x412, x413 = bits.Add64(x376, x399, uint64(x411)) 1523 var x414 uint64 1524 _, x414 = bits.Mul64(x400, 0x89f3fffcfffcfffd) 1525 var x416 uint64 1526 var x417 uint64 1527 x417, x416 = bits.Mul64(x414, 0x1a0111ea397fe69a) 1528 var x418 uint64 1529 var x419 uint64 1530 x419, x418 = bits.Mul64(x414, 0x4b1ba7b6434bacd7) 1531 var x420 uint64 1532 var x421 uint64 1533 x421, x420 = bits.Mul64(x414, 0x64774b84f38512bf) 1534 var x422 uint64 1535 var x423 uint64 1536 x423, x422 = bits.Mul64(x414, 0x6730d2a0f6b0f624) 1537 var x424 uint64 1538 var x425 uint64 1539 x425, x424 = bits.Mul64(x414, 0x1eabfffeb153ffff) 1540 var x426 uint64 1541 var x427 uint64 1542 x427, x426 = bits.Mul64(x414, 0xb9feffffffffaaab) 1543 var x428 uint64 1544 var x429 uint64 1545 x428, x429 = bits.Add64(x427, x424, uint64(0x0)) 1546 var x430 uint64 1547 var x431 uint64 1548 x430, x431 = bits.Add64(x425, x422, uint64(x429)) 1549 var x432 uint64 1550 var x433 uint64 1551 x432, x433 = bits.Add64(x423, x420, uint64(x431)) 1552 var x434 uint64 1553 var x435 uint64 1554 x434, x435 = bits.Add64(x421, x418, uint64(x433)) 1555 var x436 uint64 1556 var x437 uint64 1557 x436, x437 = bits.Add64(x419, x416, uint64(x435)) 1558 x438 := (x437 + x417) 1559 var x440 uint64 1560 _, x440 = bits.Add64(x400, x426, uint64(0x0)) 1561 var x441 uint64 1562 var x442 uint64 1563 x441, x442 = bits.Add64(x402, x428, uint64(x440)) 1564 var x443 uint64 1565 var x444 uint64 1566 x443, x444 = bits.Add64(x404, x430, uint64(x442)) 1567 var x445 uint64 1568 var x446 uint64 1569 x445, x446 = bits.Add64(x406, x432, uint64(x444)) 1570 var x447 uint64 1571 var x448 uint64 1572 x447, x448 = bits.Add64(x408, x434, uint64(x446)) 1573 var x449 uint64 1574 var x450 uint64 1575 x449, x450 = bits.Add64(x410, x436, uint64(x448)) 1576 var x451 uint64 1577 var x452 uint64 1578 x451, x452 = bits.Add64(x412, x438, uint64(x450)) 1579 x453 := (x452 + x413) 1580 var x454 uint64 1581 var x455 uint64 1582 x454, x455 = bits.Sub64(x441, 0xb9feffffffffaaab, uint64(uint64(0x0))) 1583 var x456 uint64 1584 var x457 uint64 1585 x456, x457 = bits.Sub64(x443, 0x1eabfffeb153ffff, uint64(x455)) 1586 var x458 uint64 1587 var x459 uint64 1588 x458, x459 = bits.Sub64(x445, 0x6730d2a0f6b0f624, uint64(x457)) 1589 var x460 uint64 1590 var x461 uint64 1591 x460, x461 = bits.Sub64(x447, 0x64774b84f38512bf, uint64(x459)) 1592 var x462 uint64 1593 var x463 uint64 1594 x462, x463 = bits.Sub64(x449, 0x4b1ba7b6434bacd7, uint64(x461)) 1595 var x464 uint64 1596 var x465 uint64 1597 x464, x465 = bits.Sub64(x451, 0x1a0111ea397fe69a, uint64(x463)) 1598 var x467 uint64 1599 _, x467 = bits.Sub64(x453, uint64(0x0), uint64(x465)) 1600 var x468 uint64 1601 fiatFpMontCmovznzU64(&x468, x467, x454, x441) 1602 var x469 uint64 1603 fiatFpMontCmovznzU64(&x469, x467, x456, x443) 1604 var x470 uint64 1605 fiatFpMontCmovznzU64(&x470, x467, x458, x445) 1606 var x471 uint64 1607 fiatFpMontCmovznzU64(&x471, x467, x460, x447) 1608 var x472 uint64 1609 fiatFpMontCmovznzU64(&x472, x467, x462, x449) 1610 var x473 uint64 1611 fiatFpMontCmovznzU64(&x473, x467, x464, x451) 1612 out1[0] = x468 1613 out1[1] = x469 1614 out1[2] = x470 1615 out1[3] = x471 1616 out1[4] = x472 1617 out1[5] = x473 1618 }