PRCYCoin  2.0.0.7rc1
P2P Digital Currency
field_5x52_int128_impl.h
Go to the documentation of this file.
1 /**********************************************************************
2  * Copyright (c) 2013, 2014 Pieter Wuille *
3  * Distributed under the MIT software license, see the accompanying *
4  * file COPYING or http://www.opensource.org/licenses/mit-license.php.*
5  **********************************************************************/
6 
7 #ifndef _SECP256K1_FIELD_INNER5X52_IMPL_H_
8 #define _SECP256K1_FIELD_INNER5X52_IMPL_H_
9 
10 #include <stdint.h>
11 
12 #ifdef VERIFY
13 #define VERIFY_BITS(x, n) VERIFY_CHECK(((x) >> (n)) == 0)
14 #else
15 #define VERIFY_BITS(x, n) do { } while(0)
16 #endif
17 
18 SECP256K1_INLINE static void secp256k1_fe_mul_inner(const uint64_t *a, const uint64_t * SECP256K1_RESTRICT b, uint64_t *r) {
19  VERIFY_BITS(a[0], 56);
20  VERIFY_BITS(a[1], 56);
21  VERIFY_BITS(a[2], 56);
22  VERIFY_BITS(a[3], 56);
23  VERIFY_BITS(a[4], 52);
24  VERIFY_BITS(b[0], 56);
25  VERIFY_BITS(b[1], 56);
26  VERIFY_BITS(b[2], 56);
27  VERIFY_BITS(b[3], 56);
28  VERIFY_BITS(b[4], 52);
29  VERIFY_CHECK(r != b);
30 
31  const uint64_t M = 0xFFFFFFFFFFFFFULL, R = 0x1000003D10ULL;
32  /* [... a b c] is a shorthand for ... + a<<104 + b<<52 + c<<0 mod n.
33  * px is a shorthand for sum(a[i]*b[x-i], i=0..x).
34  * Note that [x 0 0 0 0 0] = [x*R].
35  */
36 
37  uint64_t a0 = a[0], a1 = a[1], a2 = a[2], a3 = a[3], a4 = a[4];
38 
39  __int128 c, d;
40 
41  d = (__int128)a0 * b[3]
42  + (__int128)a1 * b[2]
43  + (__int128)a2 * b[1]
44  + (__int128)a3 * b[0];
45  VERIFY_BITS(d, 114);
46  /* [d 0 0 0] = [p3 0 0 0] */
47  c = (__int128)a4 * b[4];
48  VERIFY_BITS(c, 112);
49  /* [c 0 0 0 0 d 0 0 0] = [p8 0 0 0 0 p3 0 0 0] */
50  d += (c & M) * R; c >>= 52;
51  VERIFY_BITS(d, 115);
52  VERIFY_BITS(c, 60);
53  /* [c 0 0 0 0 0 d 0 0 0] = [p8 0 0 0 0 p3 0 0 0] */
54  uint64_t t3 = d & M; d >>= 52;
55  VERIFY_BITS(t3, 52);
56  VERIFY_BITS(d, 63);
57  /* [c 0 0 0 0 d t3 0 0 0] = [p8 0 0 0 0 p3 0 0 0] */
58 
59  d += (__int128)a0 * b[4]
60  + (__int128)a1 * b[3]
61  + (__int128)a2 * b[2]
62  + (__int128)a3 * b[1]
63  + (__int128)a4 * b[0];
64  VERIFY_BITS(d, 115);
65  /* [c 0 0 0 0 d t3 0 0 0] = [p8 0 0 0 p4 p3 0 0 0] */
66  d += c * R;
67  VERIFY_BITS(d, 116);
68  /* [d t3 0 0 0] = [p8 0 0 0 p4 p3 0 0 0] */
69  uint64_t t4 = d & M; d >>= 52;
70  VERIFY_BITS(t4, 52);
71  VERIFY_BITS(d, 64);
72  /* [d t4 t3 0 0 0] = [p8 0 0 0 p4 p3 0 0 0] */
73  uint64_t tx = (t4 >> 48); t4 &= (M >> 4);
74  VERIFY_BITS(tx, 4);
75  VERIFY_BITS(t4, 48);
76  /* [d t4+(tx<<48) t3 0 0 0] = [p8 0 0 0 p4 p3 0 0 0] */
77 
78  c = (__int128)a0 * b[0];
79  VERIFY_BITS(c, 112);
80  /* [d t4+(tx<<48) t3 0 0 c] = [p8 0 0 0 p4 p3 0 0 p0] */
81  d += (__int128)a1 * b[4]
82  + (__int128)a2 * b[3]
83  + (__int128)a3 * b[2]
84  + (__int128)a4 * b[1];
85  VERIFY_BITS(d, 115);
86  /* [d t4+(tx<<48) t3 0 0 c] = [p8 0 0 p5 p4 p3 0 0 p0] */
87  uint64_t u0 = d & M; d >>= 52;
88  VERIFY_BITS(u0, 52);
89  VERIFY_BITS(d, 63);
90  /* [d u0 t4+(tx<<48) t3 0 0 c] = [p8 0 0 p5 p4 p3 0 0 p0] */
91  /* [d 0 t4+(tx<<48)+(u0<<52) t3 0 0 c] = [p8 0 0 p5 p4 p3 0 0 p0] */
92  u0 = (u0 << 4) | tx;
93  VERIFY_BITS(u0, 56);
94  /* [d 0 t4+(u0<<48) t3 0 0 c] = [p8 0 0 p5 p4 p3 0 0 p0] */
95  c += (__int128)u0 * (R >> 4);
96  VERIFY_BITS(c, 115);
97  /* [d 0 t4 t3 0 0 c] = [p8 0 0 p5 p4 p3 0 0 p0] */
98  r[0] = c & M; c >>= 52;
99  VERIFY_BITS(r[0], 52);
100  VERIFY_BITS(c, 61);
101  /* [d 0 t4 t3 0 c r0] = [p8 0 0 p5 p4 p3 0 0 p0] */
102 
103  c += (__int128)a0 * b[1]
104  + (__int128)a1 * b[0];
105  VERIFY_BITS(c, 114);
106  /* [d 0 t4 t3 0 c r0] = [p8 0 0 p5 p4 p3 0 p1 p0] */
107  d += (__int128)a2 * b[4]
108  + (__int128)a3 * b[3]
109  + (__int128)a4 * b[2];
110  VERIFY_BITS(d, 114);
111  /* [d 0 t4 t3 0 c r0] = [p8 0 p6 p5 p4 p3 0 p1 p0] */
112  c += (d & M) * R; d >>= 52;
113  VERIFY_BITS(c, 115);
114  VERIFY_BITS(d, 62);
115  /* [d 0 0 t4 t3 0 c r0] = [p8 0 p6 p5 p4 p3 0 p1 p0] */
116  r[1] = c & M; c >>= 52;
117  VERIFY_BITS(r[1], 52);
118  VERIFY_BITS(c, 63);
119  /* [d 0 0 t4 t3 c r1 r0] = [p8 0 p6 p5 p4 p3 0 p1 p0] */
120 
121  c += (__int128)a0 * b[2]
122  + (__int128)a1 * b[1]
123  + (__int128)a2 * b[0];
124  VERIFY_BITS(c, 114);
125  /* [d 0 0 t4 t3 c r1 r0] = [p8 0 p6 p5 p4 p3 p2 p1 p0] */
126  d += (__int128)a3 * b[4]
127  + (__int128)a4 * b[3];
128  VERIFY_BITS(d, 114);
129  /* [d 0 0 t4 t3 c t1 r0] = [p8 p7 p6 p5 p4 p3 p2 p1 p0] */
130  c += (d & M) * R; d >>= 52;
131  VERIFY_BITS(c, 115);
132  VERIFY_BITS(d, 62);
133  /* [d 0 0 0 t4 t3 c r1 r0] = [p8 p7 p6 p5 p4 p3 p2 p1 p0] */
134 
135  /* [d 0 0 0 t4 t3 c r1 r0] = [p8 p7 p6 p5 p4 p3 p2 p1 p0] */
136  r[2] = c & M; c >>= 52;
137  VERIFY_BITS(r[2], 52);
138  VERIFY_BITS(c, 63);
139  /* [d 0 0 0 t4 t3+c r2 r1 r0] = [p8 p7 p6 p5 p4 p3 p2 p1 p0] */
140  c += d * R + t3;;
141  VERIFY_BITS(c, 100);
142  /* [t4 c r2 r1 r0] = [p8 p7 p6 p5 p4 p3 p2 p1 p0] */
143  r[3] = c & M; c >>= 52;
144  VERIFY_BITS(r[3], 52);
145  VERIFY_BITS(c, 48);
146  /* [t4+c r3 r2 r1 r0] = [p8 p7 p6 p5 p4 p3 p2 p1 p0] */
147  c += t4;
148  VERIFY_BITS(c, 49);
149  /* [c r3 r2 r1 r0] = [p8 p7 p6 p5 p4 p3 p2 p1 p0] */
150  r[4] = c;
151  VERIFY_BITS(r[4], 49);
152  /* [r4 r3 r2 r1 r0] = [p8 p7 p6 p5 p4 p3 p2 p1 p0] */
153 }
154 
155 SECP256K1_INLINE static void secp256k1_fe_sqr_inner(const uint64_t *a, uint64_t *r) {
156  VERIFY_BITS(a[0], 56);
157  VERIFY_BITS(a[1], 56);
158  VERIFY_BITS(a[2], 56);
159  VERIFY_BITS(a[3], 56);
160  VERIFY_BITS(a[4], 52);
161 
162  const uint64_t M = 0xFFFFFFFFFFFFFULL, R = 0x1000003D10ULL;
168  __int128 c, d;
169 
170  uint64_t a0 = a[0], a1 = a[1], a2 = a[2], a3 = a[3], a4 = a[4];
171 
172  d = (__int128)(a0*2) * a3
173  + (__int128)(a1*2) * a2;
174  VERIFY_BITS(d, 114);
175  /* [d 0 0 0] = [p3 0 0 0] */
176  c = (__int128)a4 * a4;
177  VERIFY_BITS(c, 112);
178  /* [c 0 0 0 0 d 0 0 0] = [p8 0 0 0 0 p3 0 0 0] */
179  d += (c & M) * R; c >>= 52;
180  VERIFY_BITS(d, 115);
181  VERIFY_BITS(c, 60);
182  /* [c 0 0 0 0 0 d 0 0 0] = [p8 0 0 0 0 p3 0 0 0] */
183  uint64_t t3 = d & M; d >>= 52;
184  VERIFY_BITS(t3, 52);
185  VERIFY_BITS(d, 63);
186  /* [c 0 0 0 0 d t3 0 0 0] = [p8 0 0 0 0 p3 0 0 0] */
187 
188  a4 *= 2;
189  d += (__int128)a0 * a4
190  + (__int128)(a1*2) * a3
191  + (__int128)a2 * a2;
192  VERIFY_BITS(d, 115);
193  /* [c 0 0 0 0 d t3 0 0 0] = [p8 0 0 0 p4 p3 0 0 0] */
194  d += c * R;
195  VERIFY_BITS(d, 116);
196  /* [d t3 0 0 0] = [p8 0 0 0 p4 p3 0 0 0] */
197  uint64_t t4 = d & M; d >>= 52;
198  VERIFY_BITS(t4, 52);
199  VERIFY_BITS(d, 64);
200  /* [d t4 t3 0 0 0] = [p8 0 0 0 p4 p3 0 0 0] */
201  uint64_t tx = (t4 >> 48); t4 &= (M >> 4);
202  VERIFY_BITS(tx, 4);
203  VERIFY_BITS(t4, 48);
204  /* [d t4+(tx<<48) t3 0 0 0] = [p8 0 0 0 p4 p3 0 0 0] */
205 
206  c = (__int128)a0 * a0;
207  VERIFY_BITS(c, 112);
208  /* [d t4+(tx<<48) t3 0 0 c] = [p8 0 0 0 p4 p3 0 0 p0] */
209  d += (__int128)a1 * a4
210  + (__int128)(a2*2) * a3;
211  VERIFY_BITS(d, 114);
212  /* [d t4+(tx<<48) t3 0 0 c] = [p8 0 0 p5 p4 p3 0 0 p0] */
213  uint64_t u0 = d & M; d >>= 52;
214  VERIFY_BITS(u0, 52);
215  VERIFY_BITS(d, 62);
216  /* [d u0 t4+(tx<<48) t3 0 0 c] = [p8 0 0 p5 p4 p3 0 0 p0] */
217  /* [d 0 t4+(tx<<48)+(u0<<52) t3 0 0 c] = [p8 0 0 p5 p4 p3 0 0 p0] */
218  u0 = (u0 << 4) | tx;
219  VERIFY_BITS(u0, 56);
220  /* [d 0 t4+(u0<<48) t3 0 0 c] = [p8 0 0 p5 p4 p3 0 0 p0] */
221  c += (__int128)u0 * (R >> 4);
222  VERIFY_BITS(c, 113);
223  /* [d 0 t4 t3 0 0 c] = [p8 0 0 p5 p4 p3 0 0 p0] */
224  r[0] = c & M; c >>= 52;
225  VERIFY_BITS(r[0], 52);
226  VERIFY_BITS(c, 61);
227  /* [d 0 t4 t3 0 c r0] = [p8 0 0 p5 p4 p3 0 0 p0] */
228 
229  a0 *= 2;
230  c += (__int128)a0 * a1;
231  VERIFY_BITS(c, 114);
232  /* [d 0 t4 t3 0 c r0] = [p8 0 0 p5 p4 p3 0 p1 p0] */
233  d += (__int128)a2 * a4
234  + (__int128)a3 * a3;
235  VERIFY_BITS(d, 114);
236  /* [d 0 t4 t3 0 c r0] = [p8 0 p6 p5 p4 p3 0 p1 p0] */
237  c += (d & M) * R; d >>= 52;
238  VERIFY_BITS(c, 115);
239  VERIFY_BITS(d, 62);
240  /* [d 0 0 t4 t3 0 c r0] = [p8 0 p6 p5 p4 p3 0 p1 p0] */
241  r[1] = c & M; c >>= 52;
242  VERIFY_BITS(r[1], 52);
243  VERIFY_BITS(c, 63);
244  /* [d 0 0 t4 t3 c r1 r0] = [p8 0 p6 p5 p4 p3 0 p1 p0] */
245 
246  c += (__int128)a0 * a2
247  + (__int128)a1 * a1;
248  VERIFY_BITS(c, 114);
249  /* [d 0 0 t4 t3 c r1 r0] = [p8 0 p6 p5 p4 p3 p2 p1 p0] */
250  d += (__int128)a3 * a4;
251  VERIFY_BITS(d, 114);
252  /* [d 0 0 t4 t3 c r1 r0] = [p8 p7 p6 p5 p4 p3 p2 p1 p0] */
253  c += (d & M) * R; d >>= 52;
254  VERIFY_BITS(c, 115);
255  VERIFY_BITS(d, 62);
256  /* [d 0 0 0 t4 t3 c r1 r0] = [p8 p7 p6 p5 p4 p3 p2 p1 p0] */
257  r[2] = c & M; c >>= 52;
258  VERIFY_BITS(r[2], 52);
259  VERIFY_BITS(c, 63);
260  /* [d 0 0 0 t4 t3+c r2 r1 r0] = [p8 p7 p6 p5 p4 p3 p2 p1 p0] */
261 
262  c += d * R + t3;;
263  VERIFY_BITS(c, 100);
264  /* [t4 c r2 r1 r0] = [p8 p7 p6 p5 p4 p3 p2 p1 p0] */
265  r[3] = c & M; c >>= 52;
266  VERIFY_BITS(r[3], 52);
267  VERIFY_BITS(c, 48);
268  /* [t4+c r3 r2 r1 r0] = [p8 p7 p6 p5 p4 p3 p2 p1 p0] */
269  c += t4;
270  VERIFY_BITS(c, 49);
271  /* [c r3 r2 r1 r0] = [p8 p7 p6 p5 p4 p3 p2 p1 p0] */
272  r[4] = c;
273  VERIFY_BITS(r[4], 49);
274  /* [r4 r3 r2 r1 r0] = [p8 p7 p6 p5 p4 p3 p2 p1 p0] */
275 }
276 
277 #endif
VERIFY_CHECK
#define VERIFY_CHECK(cond)
Definition: util.h:61
b
void const uint64_t * b
Definition: field_5x52_asm_impl.h:10
SECP256K1_RESTRICT
#define SECP256K1_RESTRICT
Definition: util.h:74
r
void const uint64_t uint64_t * r
Definition: field_5x52_asm_impl.h:10
R
#define R(a, b)
VERIFY_BITS
#define VERIFY_BITS(x, n)
Definition: field_5x52_int128_impl.h:15
M
#define M(x)
SECP256K1_INLINE
#define SECP256K1_INLINE
Definition: secp256k1.h:23
Generated on Tue Apr 28 2026 00:02:58 for PRCYCoin by   doxygen 1.8.17