github.com/cloudflare/circl@v1.5.0/ecc/bls12381/ff/scMont255.go (about) 1 // Code generated by gen.go using fiat-crypto. 2 // 3 // Autogenerated: './word_by_word_montgomery' --output scMont255.go --lang Go --package-name ff --doc-prepend-header 'Code generated by gen.go using fiat-crypto.' --package-case lowerCamelCase --public-function-case lowerCamelCase --public-type-case lowerCamelCase --doc-newline-before-package-declaration --no-primitives --widen-carry --no-field-element-typedefs --relax-primitive-carry-to-bitwidth 64 ScMont 64 0x73eda753299d7d483339d80809a1d80553bda402fffe5bfeffffffff00000001 add sub mul square 4 // 5 // curve description: ScMont 6 // 7 // machine_wordsize = 64 (from "64") 8 // 9 // requested operations: add, sub, mul, square 10 // 11 // m = 0x73eda753299d7d483339d80809a1d80553bda402fffe5bfeffffffff00000001 (from "0x73eda753299d7d483339d80809a1d80553bda402fffe5bfeffffffff00000001") 12 // 13 // 14 // 15 // NOTE: In addition to the bounds specified above each function, all 16 // 17 // functions synthesized for this Montgomery arithmetic require the 18 // 19 // input to be strictly less than the prime modulus (m), and also 20 // 21 // require the input to be in the unique saturated representation. 22 // 23 // All functions also ensure that these two properties are true of 24 // 25 // return values. 26 // 27 // 28 // 29 // Computed values: 30 // 31 // eval z = z[0] + (z[1] << 64) + (z[2] << 128) + (z[3] << 192) 32 // 33 // bytes_eval z = z[0] + (z[1] << 8) + (z[2] << 16) + (z[3] << 24) + (z[4] << 32) + (z[5] << 40) + (z[6] << 48) + (z[7] << 56) + (z[8] << 64) + (z[9] << 72) + (z[10] << 80) + (z[11] << 88) + (z[12] << 96) + (z[13] << 104) + (z[14] << 112) + (z[15] << 120) + (z[16] << 128) + (z[17] << 136) + (z[18] << 144) + (z[19] << 152) + (z[20] << 160) + (z[21] << 168) + (z[22] << 176) + (z[23] << 184) + (z[24] << 192) + (z[25] << 200) + (z[26] << 208) + (z[27] << 216) + (z[28] << 224) + (z[29] << 232) + (z[30] << 240) + (z[31] << 248) 34 // 35 // twos_complement_eval z = let x1 := z[0] + (z[1] << 64) + (z[2] << 128) + (z[3] << 192) in 36 // 37 // if x1 & (2^256-1) < 2^255 then x1 & (2^256-1) else (x1 & (2^256-1)) - 2^256 38 39 package ff 40 41 import "math/bits" 42 43 // The function fiatScMontAdd adds two field elements in the Montgomery domain. 44 // 45 // Preconditions: 46 // 47 // 0 ≤ eval arg1 < m 48 // 0 ≤ eval arg2 < m 49 // 50 // Postconditions: 51 // 52 // eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) + eval (from_montgomery arg2)) mod m 53 // 0 ≤ eval out1 < m 54 // 55 // Input Bounds: 56 // 57 // arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] 58 // arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] 59 // 60 // Output Bounds: 61 // 62 // out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] 63 func fiatScMontAdd(out1 *[4]uint64, arg1 *[4]uint64, arg2 *[4]uint64) { 64 var x1 uint64 65 var x2 uint64 66 x1, x2 = bits.Add64(arg1[0], arg2[0], uint64(0x0)) 67 var x3 uint64 68 var x4 uint64 69 x3, x4 = bits.Add64(arg1[1], arg2[1], uint64(x2)) 70 var x5 uint64 71 var x6 uint64 72 x5, x6 = bits.Add64(arg1[2], arg2[2], uint64(x4)) 73 var x7 uint64 74 var x8 uint64 75 x7, x8 = bits.Add64(arg1[3], arg2[3], uint64(x6)) 76 var x9 uint64 77 var x10 uint64 78 x9, x10 = bits.Sub64(x1, 0xffffffff00000001, uint64(uint64(0x0))) 79 var x11 uint64 80 var x12 uint64 81 x11, x12 = bits.Sub64(x3, 0x53bda402fffe5bfe, uint64(x10)) 82 var x13 uint64 83 var x14 uint64 84 x13, x14 = bits.Sub64(x5, 0x3339d80809a1d805, uint64(x12)) 85 var x15 uint64 86 var x16 uint64 87 x15, x16 = bits.Sub64(x7, 0x73eda753299d7d48, uint64(x14)) 88 var x18 uint64 89 _, x18 = bits.Sub64(x8, uint64(0x0), uint64(x16)) 90 var x19 uint64 91 fiatScMontCmovznzU64(&x19, x18, x9, x1) 92 var x20 uint64 93 fiatScMontCmovznzU64(&x20, x18, x11, x3) 94 var x21 uint64 95 fiatScMontCmovznzU64(&x21, x18, x13, x5) 96 var x22 uint64 97 fiatScMontCmovznzU64(&x22, x18, x15, x7) 98 out1[0] = x19 99 out1[1] = x20 100 out1[2] = x21 101 out1[3] = x22 102 } 103 104 // The function fiatScMontSub subtracts two field elements in the Montgomery domain. 105 // 106 // Preconditions: 107 // 108 // 0 ≤ eval arg1 < m 109 // 0 ≤ eval arg2 < m 110 // 111 // Postconditions: 112 // 113 // eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) - eval (from_montgomery arg2)) mod m 114 // 0 ≤ eval out1 < m 115 // 116 // Input Bounds: 117 // 118 // arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] 119 // arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] 120 // 121 // Output Bounds: 122 // 123 // out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] 124 func fiatScMontSub(out1 *[4]uint64, arg1 *[4]uint64, arg2 *[4]uint64) { 125 var x1 uint64 126 var x2 uint64 127 x1, x2 = bits.Sub64(arg1[0], arg2[0], uint64(0x0)) 128 var x3 uint64 129 var x4 uint64 130 x3, x4 = bits.Sub64(arg1[1], arg2[1], uint64(x2)) 131 var x5 uint64 132 var x6 uint64 133 x5, x6 = bits.Sub64(arg1[2], arg2[2], uint64(x4)) 134 var x7 uint64 135 var x8 uint64 136 x7, x8 = bits.Sub64(arg1[3], arg2[3], uint64(x6)) 137 var x9 uint64 138 fiatScMontCmovznzU64(&x9, x8, uint64(0x0), 0xffffffffffffffff) 139 var x10 uint64 140 var x11 uint64 141 x10, x11 = bits.Add64(x1, (x9 & 0xffffffff00000001), uint64(0x0)) 142 var x12 uint64 143 var x13 uint64 144 x12, x13 = bits.Add64(x3, (x9 & 0x53bda402fffe5bfe), uint64(x11)) 145 var x14 uint64 146 var x15 uint64 147 x14, x15 = bits.Add64(x5, (x9 & 0x3339d80809a1d805), uint64(x13)) 148 var x16 uint64 149 x16, _ = bits.Add64(x7, (x9 & 0x73eda753299d7d48), uint64(x15)) 150 out1[0] = x10 151 out1[1] = x12 152 out1[2] = x14 153 out1[3] = x16 154 } 155 156 // The function fiatScMontMul multiplies two field elements in the Montgomery domain. 157 // 158 // Preconditions: 159 // 160 // 0 ≤ eval arg1 < m 161 // 0 ≤ eval arg2 < m 162 // 163 // Postconditions: 164 // 165 // eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg2)) mod m 166 // 0 ≤ eval out1 < m 167 // 168 // Input Bounds: 169 // 170 // arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] 171 // arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] 172 // 173 // Output Bounds: 174 // 175 // out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] 176 func fiatScMontMul(out1 *[4]uint64, arg1 *[4]uint64, arg2 *[4]uint64) { 177 x1 := arg1[1] 178 x2 := arg1[2] 179 x3 := arg1[3] 180 x4 := arg1[0] 181 var x5 uint64 182 var x6 uint64 183 x6, x5 = bits.Mul64(x4, arg2[3]) 184 var x7 uint64 185 var x8 uint64 186 x8, x7 = bits.Mul64(x4, arg2[2]) 187 var x9 uint64 188 var x10 uint64 189 x10, x9 = bits.Mul64(x4, arg2[1]) 190 var x11 uint64 191 var x12 uint64 192 x12, x11 = bits.Mul64(x4, arg2[0]) 193 var x13 uint64 194 var x14 uint64 195 x13, x14 = bits.Add64(x12, x9, uint64(0x0)) 196 var x15 uint64 197 var x16 uint64 198 x15, x16 = bits.Add64(x10, x7, uint64(x14)) 199 var x17 uint64 200 var x18 uint64 201 x17, x18 = bits.Add64(x8, x5, uint64(x16)) 202 x19 := (x18 + x6) 203 var x20 uint64 204 _, x20 = bits.Mul64(x11, 0xfffffffeffffffff) 205 var x22 uint64 206 var x23 uint64 207 x23, x22 = bits.Mul64(x20, 0x73eda753299d7d48) 208 var x24 uint64 209 var x25 uint64 210 x25, x24 = bits.Mul64(x20, 0x3339d80809a1d805) 211 var x26 uint64 212 var x27 uint64 213 x27, x26 = bits.Mul64(x20, 0x53bda402fffe5bfe) 214 var x28 uint64 215 var x29 uint64 216 x29, x28 = bits.Mul64(x20, 0xffffffff00000001) 217 var x30 uint64 218 var x31 uint64 219 x30, x31 = bits.Add64(x29, x26, uint64(0x0)) 220 var x32 uint64 221 var x33 uint64 222 x32, x33 = bits.Add64(x27, x24, uint64(x31)) 223 var x34 uint64 224 var x35 uint64 225 x34, x35 = bits.Add64(x25, x22, uint64(x33)) 226 x36 := (x35 + x23) 227 var x38 uint64 228 _, x38 = bits.Add64(x11, x28, uint64(0x0)) 229 var x39 uint64 230 var x40 uint64 231 x39, x40 = bits.Add64(x13, x30, uint64(x38)) 232 var x41 uint64 233 var x42 uint64 234 x41, x42 = bits.Add64(x15, x32, uint64(x40)) 235 var x43 uint64 236 var x44 uint64 237 x43, x44 = bits.Add64(x17, x34, uint64(x42)) 238 var x45 uint64 239 var x46 uint64 240 x45, x46 = bits.Add64(x19, x36, uint64(x44)) 241 var x47 uint64 242 var x48 uint64 243 x48, x47 = bits.Mul64(x1, arg2[3]) 244 var x49 uint64 245 var x50 uint64 246 x50, x49 = bits.Mul64(x1, arg2[2]) 247 var x51 uint64 248 var x52 uint64 249 x52, x51 = bits.Mul64(x1, arg2[1]) 250 var x53 uint64 251 var x54 uint64 252 x54, x53 = bits.Mul64(x1, arg2[0]) 253 var x55 uint64 254 var x56 uint64 255 x55, x56 = bits.Add64(x54, x51, uint64(0x0)) 256 var x57 uint64 257 var x58 uint64 258 x57, x58 = bits.Add64(x52, x49, uint64(x56)) 259 var x59 uint64 260 var x60 uint64 261 x59, x60 = bits.Add64(x50, x47, uint64(x58)) 262 x61 := (x60 + x48) 263 var x62 uint64 264 var x63 uint64 265 x62, x63 = bits.Add64(x39, x53, uint64(0x0)) 266 var x64 uint64 267 var x65 uint64 268 x64, x65 = bits.Add64(x41, x55, uint64(x63)) 269 var x66 uint64 270 var x67 uint64 271 x66, x67 = bits.Add64(x43, x57, uint64(x65)) 272 var x68 uint64 273 var x69 uint64 274 x68, x69 = bits.Add64(x45, x59, uint64(x67)) 275 var x70 uint64 276 var x71 uint64 277 x70, x71 = bits.Add64(x46, x61, uint64(x69)) 278 var x72 uint64 279 _, x72 = bits.Mul64(x62, 0xfffffffeffffffff) 280 var x74 uint64 281 var x75 uint64 282 x75, x74 = bits.Mul64(x72, 0x73eda753299d7d48) 283 var x76 uint64 284 var x77 uint64 285 x77, x76 = bits.Mul64(x72, 0x3339d80809a1d805) 286 var x78 uint64 287 var x79 uint64 288 x79, x78 = bits.Mul64(x72, 0x53bda402fffe5bfe) 289 var x80 uint64 290 var x81 uint64 291 x81, x80 = bits.Mul64(x72, 0xffffffff00000001) 292 var x82 uint64 293 var x83 uint64 294 x82, x83 = bits.Add64(x81, x78, uint64(0x0)) 295 var x84 uint64 296 var x85 uint64 297 x84, x85 = bits.Add64(x79, x76, uint64(x83)) 298 var x86 uint64 299 var x87 uint64 300 x86, x87 = bits.Add64(x77, x74, uint64(x85)) 301 x88 := (x87 + x75) 302 var x90 uint64 303 _, x90 = bits.Add64(x62, x80, uint64(0x0)) 304 var x91 uint64 305 var x92 uint64 306 x91, x92 = bits.Add64(x64, x82, uint64(x90)) 307 var x93 uint64 308 var x94 uint64 309 x93, x94 = bits.Add64(x66, x84, uint64(x92)) 310 var x95 uint64 311 var x96 uint64 312 x95, x96 = bits.Add64(x68, x86, uint64(x94)) 313 var x97 uint64 314 var x98 uint64 315 x97, x98 = bits.Add64(x70, x88, uint64(x96)) 316 x99 := (x98 + x71) 317 var x100 uint64 318 var x101 uint64 319 x101, x100 = bits.Mul64(x2, arg2[3]) 320 var x102 uint64 321 var x103 uint64 322 x103, x102 = bits.Mul64(x2, arg2[2]) 323 var x104 uint64 324 var x105 uint64 325 x105, x104 = bits.Mul64(x2, arg2[1]) 326 var x106 uint64 327 var x107 uint64 328 x107, x106 = bits.Mul64(x2, arg2[0]) 329 var x108 uint64 330 var x109 uint64 331 x108, x109 = bits.Add64(x107, x104, uint64(0x0)) 332 var x110 uint64 333 var x111 uint64 334 x110, x111 = bits.Add64(x105, x102, uint64(x109)) 335 var x112 uint64 336 var x113 uint64 337 x112, x113 = bits.Add64(x103, x100, uint64(x111)) 338 x114 := (x113 + x101) 339 var x115 uint64 340 var x116 uint64 341 x115, x116 = bits.Add64(x91, x106, uint64(0x0)) 342 var x117 uint64 343 var x118 uint64 344 x117, x118 = bits.Add64(x93, x108, uint64(x116)) 345 var x119 uint64 346 var x120 uint64 347 x119, x120 = bits.Add64(x95, x110, uint64(x118)) 348 var x121 uint64 349 var x122 uint64 350 x121, x122 = bits.Add64(x97, x112, uint64(x120)) 351 var x123 uint64 352 var x124 uint64 353 x123, x124 = bits.Add64(x99, x114, uint64(x122)) 354 var x125 uint64 355 _, x125 = bits.Mul64(x115, 0xfffffffeffffffff) 356 var x127 uint64 357 var x128 uint64 358 x128, x127 = bits.Mul64(x125, 0x73eda753299d7d48) 359 var x129 uint64 360 var x130 uint64 361 x130, x129 = bits.Mul64(x125, 0x3339d80809a1d805) 362 var x131 uint64 363 var x132 uint64 364 x132, x131 = bits.Mul64(x125, 0x53bda402fffe5bfe) 365 var x133 uint64 366 var x134 uint64 367 x134, x133 = bits.Mul64(x125, 0xffffffff00000001) 368 var x135 uint64 369 var x136 uint64 370 x135, x136 = bits.Add64(x134, x131, uint64(0x0)) 371 var x137 uint64 372 var x138 uint64 373 x137, x138 = bits.Add64(x132, x129, uint64(x136)) 374 var x139 uint64 375 var x140 uint64 376 x139, x140 = bits.Add64(x130, x127, uint64(x138)) 377 x141 := (x140 + x128) 378 var x143 uint64 379 _, x143 = bits.Add64(x115, x133, uint64(0x0)) 380 var x144 uint64 381 var x145 uint64 382 x144, x145 = bits.Add64(x117, x135, uint64(x143)) 383 var x146 uint64 384 var x147 uint64 385 x146, x147 = bits.Add64(x119, x137, uint64(x145)) 386 var x148 uint64 387 var x149 uint64 388 x148, x149 = bits.Add64(x121, x139, uint64(x147)) 389 var x150 uint64 390 var x151 uint64 391 x150, x151 = bits.Add64(x123, x141, uint64(x149)) 392 x152 := (x151 + x124) 393 var x153 uint64 394 var x154 uint64 395 x154, x153 = bits.Mul64(x3, arg2[3]) 396 var x155 uint64 397 var x156 uint64 398 x156, x155 = bits.Mul64(x3, arg2[2]) 399 var x157 uint64 400 var x158 uint64 401 x158, x157 = bits.Mul64(x3, arg2[1]) 402 var x159 uint64 403 var x160 uint64 404 x160, x159 = bits.Mul64(x3, arg2[0]) 405 var x161 uint64 406 var x162 uint64 407 x161, x162 = bits.Add64(x160, x157, uint64(0x0)) 408 var x163 uint64 409 var x164 uint64 410 x163, x164 = bits.Add64(x158, x155, uint64(x162)) 411 var x165 uint64 412 var x166 uint64 413 x165, x166 = bits.Add64(x156, x153, uint64(x164)) 414 x167 := (x166 + x154) 415 var x168 uint64 416 var x169 uint64 417 x168, x169 = bits.Add64(x144, x159, uint64(0x0)) 418 var x170 uint64 419 var x171 uint64 420 x170, x171 = bits.Add64(x146, x161, uint64(x169)) 421 var x172 uint64 422 var x173 uint64 423 x172, x173 = bits.Add64(x148, x163, uint64(x171)) 424 var x174 uint64 425 var x175 uint64 426 x174, x175 = bits.Add64(x150, x165, uint64(x173)) 427 var x176 uint64 428 var x177 uint64 429 x176, x177 = bits.Add64(x152, x167, uint64(x175)) 430 var x178 uint64 431 _, x178 = bits.Mul64(x168, 0xfffffffeffffffff) 432 var x180 uint64 433 var x181 uint64 434 x181, x180 = bits.Mul64(x178, 0x73eda753299d7d48) 435 var x182 uint64 436 var x183 uint64 437 x183, x182 = bits.Mul64(x178, 0x3339d80809a1d805) 438 var x184 uint64 439 var x185 uint64 440 x185, x184 = bits.Mul64(x178, 0x53bda402fffe5bfe) 441 var x186 uint64 442 var x187 uint64 443 x187, x186 = bits.Mul64(x178, 0xffffffff00000001) 444 var x188 uint64 445 var x189 uint64 446 x188, x189 = bits.Add64(x187, x184, uint64(0x0)) 447 var x190 uint64 448 var x191 uint64 449 x190, x191 = bits.Add64(x185, x182, uint64(x189)) 450 var x192 uint64 451 var x193 uint64 452 x192, x193 = bits.Add64(x183, x180, uint64(x191)) 453 x194 := (x193 + x181) 454 var x196 uint64 455 _, x196 = bits.Add64(x168, x186, uint64(0x0)) 456 var x197 uint64 457 var x198 uint64 458 x197, x198 = bits.Add64(x170, x188, uint64(x196)) 459 var x199 uint64 460 var x200 uint64 461 x199, x200 = bits.Add64(x172, x190, uint64(x198)) 462 var x201 uint64 463 var x202 uint64 464 x201, x202 = bits.Add64(x174, x192, uint64(x200)) 465 var x203 uint64 466 var x204 uint64 467 x203, x204 = bits.Add64(x176, x194, uint64(x202)) 468 x205 := (x204 + x177) 469 var x206 uint64 470 var x207 uint64 471 x206, x207 = bits.Sub64(x197, 0xffffffff00000001, uint64(uint64(0x0))) 472 var x208 uint64 473 var x209 uint64 474 x208, x209 = bits.Sub64(x199, 0x53bda402fffe5bfe, uint64(x207)) 475 var x210 uint64 476 var x211 uint64 477 x210, x211 = bits.Sub64(x201, 0x3339d80809a1d805, uint64(x209)) 478 var x212 uint64 479 var x213 uint64 480 x212, x213 = bits.Sub64(x203, 0x73eda753299d7d48, uint64(x211)) 481 var x215 uint64 482 _, x215 = bits.Sub64(x205, uint64(0x0), uint64(x213)) 483 var x216 uint64 484 fiatScMontCmovznzU64(&x216, x215, x206, x197) 485 var x217 uint64 486 fiatScMontCmovznzU64(&x217, x215, x208, x199) 487 var x218 uint64 488 fiatScMontCmovznzU64(&x218, x215, x210, x201) 489 var x219 uint64 490 fiatScMontCmovznzU64(&x219, x215, x212, x203) 491 out1[0] = x216 492 out1[1] = x217 493 out1[2] = x218 494 out1[3] = x219 495 } 496 497 // The function fiatScMontSquare squares a field element in the Montgomery domain. 498 // 499 // Preconditions: 500 // 501 // 0 ≤ eval arg1 < m 502 // 503 // Postconditions: 504 // 505 // eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg1)) mod m 506 // 0 ≤ eval out1 < m 507 // 508 // Input Bounds: 509 // 510 // arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] 511 // 512 // Output Bounds: 513 // 514 // out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] 515 func fiatScMontSquare(out1 *[4]uint64, arg1 *[4]uint64) { 516 x1 := arg1[1] 517 x2 := arg1[2] 518 x3 := arg1[3] 519 x4 := arg1[0] 520 var x5 uint64 521 var x6 uint64 522 x6, x5 = bits.Mul64(x4, arg1[3]) 523 var x7 uint64 524 var x8 uint64 525 x8, x7 = bits.Mul64(x4, arg1[2]) 526 var x9 uint64 527 var x10 uint64 528 x10, x9 = bits.Mul64(x4, arg1[1]) 529 var x11 uint64 530 var x12 uint64 531 x12, x11 = bits.Mul64(x4, arg1[0]) 532 var x13 uint64 533 var x14 uint64 534 x13, x14 = bits.Add64(x12, x9, uint64(0x0)) 535 var x15 uint64 536 var x16 uint64 537 x15, x16 = bits.Add64(x10, x7, uint64(x14)) 538 var x17 uint64 539 var x18 uint64 540 x17, x18 = bits.Add64(x8, x5, uint64(x16)) 541 x19 := (x18 + x6) 542 var x20 uint64 543 _, x20 = bits.Mul64(x11, 0xfffffffeffffffff) 544 var x22 uint64 545 var x23 uint64 546 x23, x22 = bits.Mul64(x20, 0x73eda753299d7d48) 547 var x24 uint64 548 var x25 uint64 549 x25, x24 = bits.Mul64(x20, 0x3339d80809a1d805) 550 var x26 uint64 551 var x27 uint64 552 x27, x26 = bits.Mul64(x20, 0x53bda402fffe5bfe) 553 var x28 uint64 554 var x29 uint64 555 x29, x28 = bits.Mul64(x20, 0xffffffff00000001) 556 var x30 uint64 557 var x31 uint64 558 x30, x31 = bits.Add64(x29, x26, uint64(0x0)) 559 var x32 uint64 560 var x33 uint64 561 x32, x33 = bits.Add64(x27, x24, uint64(x31)) 562 var x34 uint64 563 var x35 uint64 564 x34, x35 = bits.Add64(x25, x22, uint64(x33)) 565 x36 := (x35 + x23) 566 var x38 uint64 567 _, x38 = bits.Add64(x11, x28, uint64(0x0)) 568 var x39 uint64 569 var x40 uint64 570 x39, x40 = bits.Add64(x13, x30, uint64(x38)) 571 var x41 uint64 572 var x42 uint64 573 x41, x42 = bits.Add64(x15, x32, uint64(x40)) 574 var x43 uint64 575 var x44 uint64 576 x43, x44 = bits.Add64(x17, x34, uint64(x42)) 577 var x45 uint64 578 var x46 uint64 579 x45, x46 = bits.Add64(x19, x36, uint64(x44)) 580 var x47 uint64 581 var x48 uint64 582 x48, x47 = bits.Mul64(x1, arg1[3]) 583 var x49 uint64 584 var x50 uint64 585 x50, x49 = bits.Mul64(x1, arg1[2]) 586 var x51 uint64 587 var x52 uint64 588 x52, x51 = bits.Mul64(x1, arg1[1]) 589 var x53 uint64 590 var x54 uint64 591 x54, x53 = bits.Mul64(x1, arg1[0]) 592 var x55 uint64 593 var x56 uint64 594 x55, x56 = bits.Add64(x54, x51, uint64(0x0)) 595 var x57 uint64 596 var x58 uint64 597 x57, x58 = bits.Add64(x52, x49, uint64(x56)) 598 var x59 uint64 599 var x60 uint64 600 x59, x60 = bits.Add64(x50, x47, uint64(x58)) 601 x61 := (x60 + x48) 602 var x62 uint64 603 var x63 uint64 604 x62, x63 = bits.Add64(x39, x53, uint64(0x0)) 605 var x64 uint64 606 var x65 uint64 607 x64, x65 = bits.Add64(x41, x55, uint64(x63)) 608 var x66 uint64 609 var x67 uint64 610 x66, x67 = bits.Add64(x43, x57, uint64(x65)) 611 var x68 uint64 612 var x69 uint64 613 x68, x69 = bits.Add64(x45, x59, uint64(x67)) 614 var x70 uint64 615 var x71 uint64 616 x70, x71 = bits.Add64(x46, x61, uint64(x69)) 617 var x72 uint64 618 _, x72 = bits.Mul64(x62, 0xfffffffeffffffff) 619 var x74 uint64 620 var x75 uint64 621 x75, x74 = bits.Mul64(x72, 0x73eda753299d7d48) 622 var x76 uint64 623 var x77 uint64 624 x77, x76 = bits.Mul64(x72, 0x3339d80809a1d805) 625 var x78 uint64 626 var x79 uint64 627 x79, x78 = bits.Mul64(x72, 0x53bda402fffe5bfe) 628 var x80 uint64 629 var x81 uint64 630 x81, x80 = bits.Mul64(x72, 0xffffffff00000001) 631 var x82 uint64 632 var x83 uint64 633 x82, x83 = bits.Add64(x81, x78, uint64(0x0)) 634 var x84 uint64 635 var x85 uint64 636 x84, x85 = bits.Add64(x79, x76, uint64(x83)) 637 var x86 uint64 638 var x87 uint64 639 x86, x87 = bits.Add64(x77, x74, uint64(x85)) 640 x88 := (x87 + x75) 641 var x90 uint64 642 _, x90 = bits.Add64(x62, x80, uint64(0x0)) 643 var x91 uint64 644 var x92 uint64 645 x91, x92 = bits.Add64(x64, x82, uint64(x90)) 646 var x93 uint64 647 var x94 uint64 648 x93, x94 = bits.Add64(x66, x84, uint64(x92)) 649 var x95 uint64 650 var x96 uint64 651 x95, x96 = bits.Add64(x68, x86, uint64(x94)) 652 var x97 uint64 653 var x98 uint64 654 x97, x98 = bits.Add64(x70, x88, uint64(x96)) 655 x99 := (x98 + x71) 656 var x100 uint64 657 var x101 uint64 658 x101, x100 = bits.Mul64(x2, arg1[3]) 659 var x102 uint64 660 var x103 uint64 661 x103, x102 = bits.Mul64(x2, arg1[2]) 662 var x104 uint64 663 var x105 uint64 664 x105, x104 = bits.Mul64(x2, arg1[1]) 665 var x106 uint64 666 var x107 uint64 667 x107, x106 = bits.Mul64(x2, arg1[0]) 668 var x108 uint64 669 var x109 uint64 670 x108, x109 = bits.Add64(x107, x104, uint64(0x0)) 671 var x110 uint64 672 var x111 uint64 673 x110, x111 = bits.Add64(x105, x102, uint64(x109)) 674 var x112 uint64 675 var x113 uint64 676 x112, x113 = bits.Add64(x103, x100, uint64(x111)) 677 x114 := (x113 + x101) 678 var x115 uint64 679 var x116 uint64 680 x115, x116 = bits.Add64(x91, x106, uint64(0x0)) 681 var x117 uint64 682 var x118 uint64 683 x117, x118 = bits.Add64(x93, x108, uint64(x116)) 684 var x119 uint64 685 var x120 uint64 686 x119, x120 = bits.Add64(x95, x110, uint64(x118)) 687 var x121 uint64 688 var x122 uint64 689 x121, x122 = bits.Add64(x97, x112, uint64(x120)) 690 var x123 uint64 691 var x124 uint64 692 x123, x124 = bits.Add64(x99, x114, uint64(x122)) 693 var x125 uint64 694 _, x125 = bits.Mul64(x115, 0xfffffffeffffffff) 695 var x127 uint64 696 var x128 uint64 697 x128, x127 = bits.Mul64(x125, 0x73eda753299d7d48) 698 var x129 uint64 699 var x130 uint64 700 x130, x129 = bits.Mul64(x125, 0x3339d80809a1d805) 701 var x131 uint64 702 var x132 uint64 703 x132, x131 = bits.Mul64(x125, 0x53bda402fffe5bfe) 704 var x133 uint64 705 var x134 uint64 706 x134, x133 = bits.Mul64(x125, 0xffffffff00000001) 707 var x135 uint64 708 var x136 uint64 709 x135, x136 = bits.Add64(x134, x131, uint64(0x0)) 710 var x137 uint64 711 var x138 uint64 712 x137, x138 = bits.Add64(x132, x129, uint64(x136)) 713 var x139 uint64 714 var x140 uint64 715 x139, x140 = bits.Add64(x130, x127, uint64(x138)) 716 x141 := (x140 + x128) 717 var x143 uint64 718 _, x143 = bits.Add64(x115, x133, uint64(0x0)) 719 var x144 uint64 720 var x145 uint64 721 x144, x145 = bits.Add64(x117, x135, uint64(x143)) 722 var x146 uint64 723 var x147 uint64 724 x146, x147 = bits.Add64(x119, x137, uint64(x145)) 725 var x148 uint64 726 var x149 uint64 727 x148, x149 = bits.Add64(x121, x139, uint64(x147)) 728 var x150 uint64 729 var x151 uint64 730 x150, x151 = bits.Add64(x123, x141, uint64(x149)) 731 x152 := (x151 + x124) 732 var x153 uint64 733 var x154 uint64 734 x154, x153 = bits.Mul64(x3, arg1[3]) 735 var x155 uint64 736 var x156 uint64 737 x156, x155 = bits.Mul64(x3, arg1[2]) 738 var x157 uint64 739 var x158 uint64 740 x158, x157 = bits.Mul64(x3, arg1[1]) 741 var x159 uint64 742 var x160 uint64 743 x160, x159 = bits.Mul64(x3, arg1[0]) 744 var x161 uint64 745 var x162 uint64 746 x161, x162 = bits.Add64(x160, x157, uint64(0x0)) 747 var x163 uint64 748 var x164 uint64 749 x163, x164 = bits.Add64(x158, x155, uint64(x162)) 750 var x165 uint64 751 var x166 uint64 752 x165, x166 = bits.Add64(x156, x153, uint64(x164)) 753 x167 := (x166 + x154) 754 var x168 uint64 755 var x169 uint64 756 x168, x169 = bits.Add64(x144, x159, uint64(0x0)) 757 var x170 uint64 758 var x171 uint64 759 x170, x171 = bits.Add64(x146, x161, uint64(x169)) 760 var x172 uint64 761 var x173 uint64 762 x172, x173 = bits.Add64(x148, x163, uint64(x171)) 763 var x174 uint64 764 var x175 uint64 765 x174, x175 = bits.Add64(x150, x165, uint64(x173)) 766 var x176 uint64 767 var x177 uint64 768 x176, x177 = bits.Add64(x152, x167, uint64(x175)) 769 var x178 uint64 770 _, x178 = bits.Mul64(x168, 0xfffffffeffffffff) 771 var x180 uint64 772 var x181 uint64 773 x181, x180 = bits.Mul64(x178, 0x73eda753299d7d48) 774 var x182 uint64 775 var x183 uint64 776 x183, x182 = bits.Mul64(x178, 0x3339d80809a1d805) 777 var x184 uint64 778 var x185 uint64 779 x185, x184 = bits.Mul64(x178, 0x53bda402fffe5bfe) 780 var x186 uint64 781 var x187 uint64 782 x187, x186 = bits.Mul64(x178, 0xffffffff00000001) 783 var x188 uint64 784 var x189 uint64 785 x188, x189 = bits.Add64(x187, x184, uint64(0x0)) 786 var x190 uint64 787 var x191 uint64 788 x190, x191 = bits.Add64(x185, x182, uint64(x189)) 789 var x192 uint64 790 var x193 uint64 791 x192, x193 = bits.Add64(x183, x180, uint64(x191)) 792 x194 := (x193 + x181) 793 var x196 uint64 794 _, x196 = bits.Add64(x168, x186, uint64(0x0)) 795 var x197 uint64 796 var x198 uint64 797 x197, x198 = bits.Add64(x170, x188, uint64(x196)) 798 var x199 uint64 799 var x200 uint64 800 x199, x200 = bits.Add64(x172, x190, uint64(x198)) 801 var x201 uint64 802 var x202 uint64 803 x201, x202 = bits.Add64(x174, x192, uint64(x200)) 804 var x203 uint64 805 var x204 uint64 806 x203, x204 = bits.Add64(x176, x194, uint64(x202)) 807 x205 := (x204 + x177) 808 var x206 uint64 809 var x207 uint64 810 x206, x207 = bits.Sub64(x197, 0xffffffff00000001, uint64(uint64(0x0))) 811 var x208 uint64 812 var x209 uint64 813 x208, x209 = bits.Sub64(x199, 0x53bda402fffe5bfe, uint64(x207)) 814 var x210 uint64 815 var x211 uint64 816 x210, x211 = bits.Sub64(x201, 0x3339d80809a1d805, uint64(x209)) 817 var x212 uint64 818 var x213 uint64 819 x212, x213 = bits.Sub64(x203, 0x73eda753299d7d48, uint64(x211)) 820 var x215 uint64 821 _, x215 = bits.Sub64(x205, uint64(0x0), uint64(x213)) 822 var x216 uint64 823 fiatScMontCmovznzU64(&x216, x215, x206, x197) 824 var x217 uint64 825 fiatScMontCmovznzU64(&x217, x215, x208, x199) 826 var x218 uint64 827 fiatScMontCmovznzU64(&x218, x215, x210, x201) 828 var x219 uint64 829 fiatScMontCmovznzU64(&x219, x215, x212, x203) 830 out1[0] = x216 831 out1[1] = x217 832 out1[2] = x218 833 out1[3] = x219 834 }