/* Autogenerated */ /* curve description: p521 */ /* requested operations: (all) */ /* n = 17 (from "17") */ /* s = 0x20000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 (from "2^521") */ /* c = [(1, 1)] (from "1,1") */ /* machine_wordsize = 32 (from "32") */ /* Computed values: */ /* carry_chain = [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 0, 1] */ #include typedef unsigned char fiat_p521_uint1; typedef signed char fiat_p521_int1; typedef signed __int128 fiat_p521_int128; typedef unsigned __int128 fiat_p521_uint128; /* * The function fiat_p521_addcarryx_u30 is an addition with carry. * Postconditions: * out1 = (arg1 + arg2 + arg3) mod 2^30 * out2 = ⌊(arg1 + arg2 + arg3) / 2^30⌋ * * Input Bounds: * arg1: [0x0 ~> 0x1] * arg2: [0x0 ~> 0x3fffffff] * arg3: [0x0 ~> 0x3fffffff] * Output Bounds: * out1: [0x0 ~> 0x3fffffff] * out2: [0x0 ~> 0x1] */ static void fiat_p521_addcarryx_u30(uint32_t* out1, fiat_p521_uint1* out2, fiat_p521_uint1 arg1, uint32_t arg2, uint32_t arg3) { uint32_t x1 = ((arg1 + arg2) + arg3); uint32_t x2 = (x1 & UINT32_C(0x3fffffff)); fiat_p521_uint1 x3 = (fiat_p521_uint1)(x1 >> 30); *out1 = x2; *out2 = x3; } /* * The function fiat_p521_subborrowx_u30 is a subtraction with borrow. * Postconditions: * out1 = (-arg1 + arg2 + -arg3) mod 2^30 * out2 = -⌊(-arg1 + arg2 + -arg3) / 2^30⌋ * * Input Bounds: * arg1: [0x0 ~> 0x1] * arg2: [0x0 ~> 0x3fffffff] * arg3: [0x0 ~> 0x3fffffff] * Output Bounds: * out1: [0x0 ~> 0x3fffffff] * out2: [0x0 ~> 0x1] */ static void fiat_p521_subborrowx_u30(uint32_t* out1, fiat_p521_uint1* out2, fiat_p521_uint1 arg1, uint32_t arg2, uint32_t arg3) { int32_t x1 = ((int32_t)(arg2 - arg1) - (int32_t)arg3); fiat_p521_int1 x2 = (fiat_p521_int1)(x1 >> 30); uint32_t x3 = (x1 & UINT32_C(0x3fffffff)); *out1 = x3; *out2 = (fiat_p521_uint1)(0x0 - x2); } /* * The function fiat_p521_addcarryx_u31 is an addition with carry. * Postconditions: * out1 = (arg1 + arg2 + arg3) mod 2^31 * out2 = ⌊(arg1 + arg2 + arg3) / 2^31⌋ * * Input Bounds: * arg1: [0x0 ~> 0x1] * arg2: [0x0 ~> 0x7fffffff] * arg3: [0x0 ~> 0x7fffffff] * Output Bounds: * out1: [0x0 ~> 0x7fffffff] * out2: [0x0 ~> 0x1] */ static void fiat_p521_addcarryx_u31(uint32_t* out1, fiat_p521_uint1* out2, fiat_p521_uint1 arg1, uint32_t arg2, uint32_t arg3) { uint32_t x1 = ((arg1 + arg2) + arg3); uint32_t x2 = (x1 & UINT32_C(0x7fffffff)); fiat_p521_uint1 x3 = (fiat_p521_uint1)(x1 >> 31); *out1 = x2; *out2 = x3; } /* * The function fiat_p521_subborrowx_u31 is a subtraction with borrow. * Postconditions: * out1 = (-arg1 + arg2 + -arg3) mod 2^31 * out2 = -⌊(-arg1 + arg2 + -arg3) / 2^31⌋ * * Input Bounds: * arg1: [0x0 ~> 0x1] * arg2: [0x0 ~> 0x7fffffff] * arg3: [0x0 ~> 0x7fffffff] * Output Bounds: * out1: [0x0 ~> 0x7fffffff] * out2: [0x0 ~> 0x1] */ static void fiat_p521_subborrowx_u31(uint32_t* out1, fiat_p521_uint1* out2, fiat_p521_uint1 arg1, uint32_t arg2, uint32_t arg3) { int32_t x1 = ((int32_t)(arg2 - arg1) - (int32_t)arg3); fiat_p521_int1 x2 = (fiat_p521_int1)((int64_t)x1 >> 31); uint32_t x3 = (x1 & UINT32_C(0x7fffffff)); *out1 = x3; *out2 = (fiat_p521_uint1)(0x0 - x2); } /* * The function fiat_p521_cmovznz_u32 is a single-word conditional move. * Postconditions: * out1 = (if arg1 = 0 then arg2 else arg3) * * Input Bounds: * arg1: [0x0 ~> 0x1] * arg2: [0x0 ~> 0xffffffff] * arg3: [0x0 ~> 0xffffffff] * Output Bounds: * out1: [0x0 ~> 0xffffffff] */ static void fiat_p521_cmovznz_u32(uint32_t* out1, fiat_p521_uint1 arg1, uint32_t arg2, uint32_t arg3) { fiat_p521_uint1 x1 = (!(!arg1)); uint32_t x2 = ((fiat_p521_int1)(0x0 - x1) & UINT32_C(0xffffffff)); uint32_t x3 = ((x2 & arg3) | ((~x2) & arg2)); *out1 = x3; } /* * The function fiat_p521_carry_mul multiplies two field elements and reduces the result. * Postconditions: * eval out1 mod m = (eval arg1 * eval arg2) mod m * * Input Bounds: * arg1: [[0x0 ~> 0x1a6666664], [0x0 ~> 0x1a6666664], [0x0 ~> 0xd3333332], [0x0 ~> 0x1a6666664], [0x0 ~> 0x1a6666664], [0x0 ~> 0xd3333332], [0x0 ~> 0x1a6666664], [0x0 ~> 0x1a6666664], [0x0 ~> 0xd3333332], [0x0 ~> 0x1a6666664], [0x0 ~> 0x1a6666664], [0x0 ~> 0xd3333332], [0x0 ~> 0x1a6666664], [0x0 ~> 0x1a6666664], [0x0 ~> 0xd3333332], [0x0 ~> 0x1a6666664], [0x0 ~> 0xd3333332]] * arg2: [[0x0 ~> 0x1a6666664], [0x0 ~> 0x1a6666664], [0x0 ~> 0xd3333332], [0x0 ~> 0x1a6666664], [0x0 ~> 0x1a6666664], [0x0 ~> 0xd3333332], [0x0 ~> 0x1a6666664], [0x0 ~> 0x1a6666664], [0x0 ~> 0xd3333332], [0x0 ~> 0x1a6666664], [0x0 ~> 0x1a6666664], [0x0 ~> 0xd3333332], [0x0 ~> 0x1a6666664], [0x0 ~> 0x1a6666664], [0x0 ~> 0xd3333332], [0x0 ~> 0x1a6666664], [0x0 ~> 0xd3333332]] * Output Bounds: * out1: [[0x0 ~> 0x8ccccccc], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x46666666], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x46666666], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x46666666], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x46666666], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x46666666], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x46666666]] */ static void fiat_p521_carry_mul(uint32_t out1[17], const uint64_t arg1[17], const uint64_t arg2[17]) { fiat_p521_uint128 x1 = ((uint32_t)(arg1[16]) * (fiat_p521_uint128)((uint32_t)(arg2[16]) * (uint64_t)0x2)); fiat_p521_uint128 x2 = ((uint32_t)(arg1[16]) * (fiat_p521_uint128)(arg2[15])); fiat_p521_uint128 x3 = ((uint32_t)(arg1[16]) * (fiat_p521_uint128)((uint32_t)(arg2[14]) * (uint64_t)0x2)); fiat_p521_uint128 x4 = ((uint32_t)(arg1[16]) * (fiat_p521_uint128)((arg2[13]) * (uint64_t)0x2)); fiat_p521_uint128 x5 = ((uint32_t)(arg1[16]) * (fiat_p521_uint128)(arg2[12])); fiat_p521_uint128 x6 = ((uint32_t)(arg1[16]) * (fiat_p521_uint128)((uint32_t)(arg2[11]) * (uint64_t)0x2)); fiat_p521_uint128 x7 = ((uint32_t)(arg1[16]) * (fiat_p521_uint128)((arg2[10]) * (uint64_t)0x2)); fiat_p521_uint128 x8 = ((uint32_t)(arg1[16]) * (fiat_p521_uint128)(arg2[9])); fiat_p521_uint128 x9 = ((uint32_t)(arg1[16]) * (fiat_p521_uint128)((uint32_t)(arg2[8]) * (uint64_t)0x2)); fiat_p521_uint128 x10 = ((uint32_t)(arg1[16]) * (fiat_p521_uint128)((arg2[7]) * (uint64_t)0x2)); fiat_p521_uint128 x11 = ((uint32_t)(arg1[16]) * (fiat_p521_uint128)(arg2[6])); fiat_p521_uint128 x12 = ((uint32_t)(arg1[16]) * (fiat_p521_uint128)((uint32_t)(arg2[5]) * (uint64_t)0x2)); fiat_p521_uint128 x13 = ((uint32_t)(arg1[16]) * (fiat_p521_uint128)((arg2[4]) * (uint64_t)0x2)); fiat_p521_uint128 x14 = ((uint32_t)(arg1[16]) * (fiat_p521_uint128)(arg2[3])); fiat_p521_uint128 x15 = ((uint32_t)(arg1[16]) * (fiat_p521_uint128)((uint32_t)(arg2[2]) * (uint64_t)0x2)); fiat_p521_uint128 x16 = ((uint32_t)(arg1[16]) * (fiat_p521_uint128)((arg2[1]) * (uint64_t)0x2)); fiat_p521_uint128 x17 = ((fiat_p521_uint128)(arg1[15]) * (uint32_t)(arg2[16])); fiat_p521_uint128 x18 = ((fiat_p521_uint128)(arg1[15]) * (arg2[15])); fiat_p521_uint128 x19 = ((fiat_p521_uint128)(arg1[15]) * ((uint32_t)(arg2[14]) * (uint64_t)0x2)); fiat_p521_uint128 x20 = ((fiat_p521_uint128)(arg1[15]) * (arg2[13])); fiat_p521_uint128 x21 = ((fiat_p521_uint128)(arg1[15]) * (arg2[12])); fiat_p521_uint128 x22 = ((fiat_p521_uint128)(arg1[15]) * ((uint32_t)(arg2[11]) * (uint64_t)0x2)); fiat_p521_uint128 x23 = ((fiat_p521_uint128)(arg1[15]) * (arg2[10])); fiat_p521_uint128 x24 = ((fiat_p521_uint128)(arg1[15]) * (arg2[9])); fiat_p521_uint128 x25 = ((fiat_p521_uint128)(arg1[15]) * ((uint32_t)(arg2[8]) * (uint64_t)0x2)); fiat_p521_uint128 x26 = ((fiat_p521_uint128)(arg1[15]) * (arg2[7])); fiat_p521_uint128 x27 = ((fiat_p521_uint128)(arg1[15]) * (arg2[6])); fiat_p521_uint128 x28 = ((fiat_p521_uint128)(arg1[15]) * ((uint32_t)(arg2[5]) * (uint64_t)0x2)); fiat_p521_uint128 x29 = ((fiat_p521_uint128)(arg1[15]) * (arg2[4])); fiat_p521_uint128 x30 = ((fiat_p521_uint128)(arg1[15]) * (arg2[3])); fiat_p521_uint128 x31 = ((fiat_p521_uint128)(arg1[15]) * ((uint32_t)(arg2[2]) * (uint64_t)0x2)); fiat_p521_uint128 x32 = ((uint32_t)(arg1[14]) * (fiat_p521_uint128)((uint32_t)(arg2[16]) * (uint64_t)0x2)); fiat_p521_uint128 x33 = ((uint32_t)(arg1[14]) * (fiat_p521_uint128)((arg2[15]) * (uint64_t)0x2)); fiat_p521_uint128 x34 = ((uint32_t)(arg1[14]) * (fiat_p521_uint128)((uint32_t)(arg2[14]) * (uint64_t)0x2)); fiat_p521_uint128 x35 = ((uint32_t)(arg1[14]) * (fiat_p521_uint128)((arg2[13]) * (uint64_t)0x2)); fiat_p521_uint128 x36 = ((uint32_t)(arg1[14]) * (fiat_p521_uint128)((arg2[12]) * (uint64_t)0x2)); fiat_p521_uint128 x37 = ((uint32_t)(arg1[14]) * (fiat_p521_uint128)((uint32_t)(arg2[11]) * (uint64_t)0x2)); fiat_p521_uint128 x38 = ((uint32_t)(arg1[14]) * (fiat_p521_uint128)((arg2[10]) * (uint64_t)0x2)); fiat_p521_uint128 x39 = ((uint32_t)(arg1[14]) * (fiat_p521_uint128)((arg2[9]) * (uint64_t)0x2)); fiat_p521_uint128 x40 = ((uint32_t)(arg1[14]) * (fiat_p521_uint128)((uint32_t)(arg2[8]) * (uint64_t)0x2)); fiat_p521_uint128 x41 = ((uint32_t)(arg1[14]) * (fiat_p521_uint128)((arg2[7]) * (uint64_t)0x2)); fiat_p521_uint128 x42 = ((uint32_t)(arg1[14]) * (fiat_p521_uint128)((arg2[6]) * (uint64_t)0x2)); fiat_p521_uint128 x43 = ((uint32_t)(arg1[14]) * (fiat_p521_uint128)((uint32_t)(arg2[5]) * (uint64_t)0x2)); fiat_p521_uint128 x44 = ((uint32_t)(arg1[14]) * (fiat_p521_uint128)((arg2[4]) * (uint64_t)0x2)); fiat_p521_uint128 x45 = ((uint32_t)(arg1[14]) * (fiat_p521_uint128)((arg2[3]) * (uint64_t)0x2)); fiat_p521_uint128 x46 = ((fiat_p521_uint128)(arg1[13]) * ((uint32_t)(arg2[16]) * (uint64_t)0x2)); fiat_p521_uint128 x47 = ((fiat_p521_uint128)(arg1[13]) * (arg2[15])); fiat_p521_uint128 x48 = ((fiat_p521_uint128)(arg1[13]) * ((uint32_t)(arg2[14]) * (uint64_t)0x2)); fiat_p521_uint128 x49 = ((fiat_p521_uint128)(arg1[13]) * ((arg2[13]) * (uint64_t)0x2)); fiat_p521_uint128 x50 = ((fiat_p521_uint128)(arg1[13]) * (arg2[12])); fiat_p521_uint128 x51 = ((fiat_p521_uint128)(arg1[13]) * ((uint32_t)(arg2[11]) * (uint64_t)0x2)); fiat_p521_uint128 x52 = ((fiat_p521_uint128)(arg1[13]) * ((arg2[10]) * (uint64_t)0x2)); fiat_p521_uint128 x53 = ((fiat_p521_uint128)(arg1[13]) * (arg2[9])); fiat_p521_uint128 x54 = ((fiat_p521_uint128)(arg1[13]) * ((uint32_t)(arg2[8]) * (uint64_t)0x2)); fiat_p521_uint128 x55 = ((fiat_p521_uint128)(arg1[13]) * ((arg2[7]) * (uint64_t)0x2)); fiat_p521_uint128 x56 = ((fiat_p521_uint128)(arg1[13]) * (arg2[6])); fiat_p521_uint128 x57 = ((fiat_p521_uint128)(arg1[13]) * ((uint32_t)(arg2[5]) * (uint64_t)0x2)); fiat_p521_uint128 x58 = ((fiat_p521_uint128)(arg1[13]) * ((arg2[4]) * (uint64_t)0x2)); fiat_p521_uint128 x59 = ((fiat_p521_uint128)(arg1[12]) * (uint32_t)(arg2[16])); fiat_p521_uint128 x60 = ((fiat_p521_uint128)(arg1[12]) * (arg2[15])); fiat_p521_uint128 x61 = ((fiat_p521_uint128)(arg1[12]) * ((uint32_t)(arg2[14]) * (uint64_t)0x2)); fiat_p521_uint128 x62 = ((fiat_p521_uint128)(arg1[12]) * (arg2[13])); fiat_p521_uint128 x63 = ((fiat_p521_uint128)(arg1[12]) * (arg2[12])); fiat_p521_uint128 x64 = ((fiat_p521_uint128)(arg1[12]) * ((uint32_t)(arg2[11]) * (uint64_t)0x2)); fiat_p521_uint128 x65 = ((fiat_p521_uint128)(arg1[12]) * (arg2[10])); fiat_p521_uint128 x66 = ((fiat_p521_uint128)(arg1[12]) * (arg2[9])); fiat_p521_uint128 x67 = ((fiat_p521_uint128)(arg1[12]) * ((uint32_t)(arg2[8]) * (uint64_t)0x2)); fiat_p521_uint128 x68 = ((fiat_p521_uint128)(arg1[12]) * (arg2[7])); fiat_p521_uint128 x69 = ((fiat_p521_uint128)(arg1[12]) * (arg2[6])); fiat_p521_uint128 x70 = ((fiat_p521_uint128)(arg1[12]) * ((uint32_t)(arg2[5]) * (uint64_t)0x2)); fiat_p521_uint128 x71 = ((uint32_t)(arg1[11]) * (fiat_p521_uint128)((uint32_t)(arg2[16]) * (uint64_t)0x2)); fiat_p521_uint128 x72 = ((uint32_t)(arg1[11]) * (fiat_p521_uint128)((arg2[15]) * (uint64_t)0x2)); fiat_p521_uint128 x73 = ((uint32_t)(arg1[11]) * (fiat_p521_uint128)((uint32_t)(arg2[14]) * (uint64_t)0x2)); fiat_p521_uint128 x74 = ((uint32_t)(arg1[11]) * (fiat_p521_uint128)((arg2[13]) * (uint64_t)0x2)); fiat_p521_uint128 x75 = ((uint32_t)(arg1[11]) * (fiat_p521_uint128)((arg2[12]) * (uint64_t)0x2)); fiat_p521_uint128 x76 = ((uint32_t)(arg1[11]) * (fiat_p521_uint128)((uint32_t)(arg2[11]) * (uint64_t)0x2)); fiat_p521_uint128 x77 = ((uint32_t)(arg1[11]) * (fiat_p521_uint128)((arg2[10]) * (uint64_t)0x2)); fiat_p521_uint128 x78 = ((uint32_t)(arg1[11]) * (fiat_p521_uint128)((arg2[9]) * (uint64_t)0x2)); fiat_p521_uint128 x79 = ((uint32_t)(arg1[11]) * (fiat_p521_uint128)((uint32_t)(arg2[8]) * (uint64_t)0x2)); fiat_p521_uint128 x80 = ((uint32_t)(arg1[11]) * (fiat_p521_uint128)((arg2[7]) * (uint64_t)0x2)); fiat_p521_uint128 x81 = ((uint32_t)(arg1[11]) * (fiat_p521_uint128)((arg2[6]) * (uint64_t)0x2)); fiat_p521_uint128 x82 = ((fiat_p521_uint128)(arg1[10]) * ((uint32_t)(arg2[16]) * (uint64_t)0x2)); fiat_p521_uint128 x83 = ((fiat_p521_uint128)(arg1[10]) * (arg2[15])); fiat_p521_uint128 x84 = ((fiat_p521_uint128)(arg1[10]) * ((uint32_t)(arg2[14]) * (uint64_t)0x2)); fiat_p521_uint128 x85 = ((fiat_p521_uint128)(arg1[10]) * ((arg2[13]) * (uint64_t)0x2)); fiat_p521_uint128 x86 = ((fiat_p521_uint128)(arg1[10]) * (arg2[12])); fiat_p521_uint128 x87 = ((fiat_p521_uint128)(arg1[10]) * ((uint32_t)(arg2[11]) * (uint64_t)0x2)); fiat_p521_uint128 x88 = ((fiat_p521_uint128)(arg1[10]) * ((arg2[10]) * (uint64_t)0x2)); fiat_p521_uint128 x89 = ((fiat_p521_uint128)(arg1[10]) * (arg2[9])); fiat_p521_uint128 x90 = ((fiat_p521_uint128)(arg1[10]) * ((uint32_t)(arg2[8]) * (uint64_t)0x2)); fiat_p521_uint128 x91 = ((fiat_p521_uint128)(arg1[10]) * ((arg2[7]) * (uint64_t)0x2)); fiat_p521_uint128 x92 = ((fiat_p521_uint128)(arg1[9]) * (uint32_t)(arg2[16])); fiat_p521_uint128 x93 = ((fiat_p521_uint128)(arg1[9]) * (arg2[15])); fiat_p521_uint128 x94 = ((fiat_p521_uint128)(arg1[9]) * ((uint32_t)(arg2[14]) * (uint64_t)0x2)); fiat_p521_uint128 x95 = ((fiat_p521_uint128)(arg1[9]) * (arg2[13])); fiat_p521_uint128 x96 = ((fiat_p521_uint128)(arg1[9]) * (arg2[12])); fiat_p521_uint128 x97 = ((fiat_p521_uint128)(arg1[9]) * ((uint32_t)(arg2[11]) * (uint64_t)0x2)); fiat_p521_uint128 x98 = ((fiat_p521_uint128)(arg1[9]) * (arg2[10])); fiat_p521_uint128 x99 = ((fiat_p521_uint128)(arg1[9]) * (arg2[9])); fiat_p521_uint128 x100 = ((fiat_p521_uint128)(arg1[9]) * ((uint32_t)(arg2[8]) * (uint64_t)0x2)); fiat_p521_uint128 x101 = ((uint32_t)(arg1[8]) * (fiat_p521_uint128)((uint32_t)(arg2[16]) * (uint64_t)0x2)); fiat_p521_uint128 x102 = ((uint32_t)(arg1[8]) * (fiat_p521_uint128)((arg2[15]) * (uint64_t)0x2)); fiat_p521_uint128 x103 = ((uint32_t)(arg1[8]) * (fiat_p521_uint128)((uint32_t)(arg2[14]) * (uint64_t)0x2)); fiat_p521_uint128 x104 = ((uint32_t)(arg1[8]) * (fiat_p521_uint128)((arg2[13]) * (uint64_t)0x2)); fiat_p521_uint128 x105 = ((uint32_t)(arg1[8]) * (fiat_p521_uint128)((arg2[12]) * (uint64_t)0x2)); fiat_p521_uint128 x106 = ((uint32_t)(arg1[8]) * (fiat_p521_uint128)((uint32_t)(arg2[11]) * (uint64_t)0x2)); fiat_p521_uint128 x107 = ((uint32_t)(arg1[8]) * (fiat_p521_uint128)((arg2[10]) * (uint64_t)0x2)); fiat_p521_uint128 x108 = ((uint32_t)(arg1[8]) * (fiat_p521_uint128)((arg2[9]) * (uint64_t)0x2)); fiat_p521_uint128 x109 = ((fiat_p521_uint128)(arg1[7]) * ((uint32_t)(arg2[16]) * (uint64_t)0x2)); fiat_p521_uint128 x110 = ((fiat_p521_uint128)(arg1[7]) * (arg2[15])); fiat_p521_uint128 x111 = ((fiat_p521_uint128)(arg1[7]) * ((uint32_t)(arg2[14]) * (uint64_t)0x2)); fiat_p521_uint128 x112 = ((fiat_p521_uint128)(arg1[7]) * ((arg2[13]) * (uint64_t)0x2)); fiat_p521_uint128 x113 = ((fiat_p521_uint128)(arg1[7]) * (arg2[12])); fiat_p521_uint128 x114 = ((fiat_p521_uint128)(arg1[7]) * ((uint32_t)(arg2[11]) * (uint64_t)0x2)); fiat_p521_uint128 x115 = ((fiat_p521_uint128)(arg1[7]) * ((arg2[10]) * (uint64_t)0x2)); fiat_p521_uint128 x116 = ((fiat_p521_uint128)(arg1[6]) * (uint32_t)(arg2[16])); fiat_p521_uint128 x117 = ((fiat_p521_uint128)(arg1[6]) * (arg2[15])); fiat_p521_uint128 x118 = ((fiat_p521_uint128)(arg1[6]) * ((uint32_t)(arg2[14]) * (uint64_t)0x2)); fiat_p521_uint128 x119 = ((fiat_p521_uint128)(arg1[6]) * (arg2[13])); fiat_p521_uint128 x120 = ((fiat_p521_uint128)(arg1[6]) * (arg2[12])); fiat_p521_uint128 x121 = ((fiat_p521_uint128)(arg1[6]) * ((uint32_t)(arg2[11]) * (uint64_t)0x2)); fiat_p521_uint128 x122 = ((uint32_t)(arg1[5]) * (fiat_p521_uint128)((uint32_t)(arg2[16]) * (uint64_t)0x2)); fiat_p521_uint128 x123 = ((uint32_t)(arg1[5]) * (fiat_p521_uint128)((arg2[15]) * (uint64_t)0x2)); fiat_p521_uint128 x124 = ((uint32_t)(arg1[5]) * (fiat_p521_uint128)((uint32_t)(arg2[14]) * (uint64_t)0x2)); fiat_p521_uint128 x125 = ((uint32_t)(arg1[5]) * (fiat_p521_uint128)((arg2[13]) * (uint64_t)0x2)); fiat_p521_uint128 x126 = ((uint32_t)(arg1[5]) * (fiat_p521_uint128)((arg2[12]) * (uint64_t)0x2)); fiat_p521_uint128 x127 = ((fiat_p521_uint128)(arg1[4]) * ((uint32_t)(arg2[16]) * (uint64_t)0x2)); fiat_p521_uint128 x128 = ((fiat_p521_uint128)(arg1[4]) * (arg2[15])); fiat_p521_uint128 x129 = ((fiat_p521_uint128)(arg1[4]) * ((uint32_t)(arg2[14]) * (uint64_t)0x2)); fiat_p521_uint128 x130 = ((fiat_p521_uint128)(arg1[4]) * ((arg2[13]) * (uint64_t)0x2)); fiat_p521_uint128 x131 = ((fiat_p521_uint128)(arg1[3]) * (uint32_t)(arg2[16])); fiat_p521_uint128 x132 = ((fiat_p521_uint128)(arg1[3]) * (arg2[15])); fiat_p521_uint128 x133 = ((fiat_p521_uint128)(arg1[3]) * ((uint32_t)(arg2[14]) * (uint64_t)0x2)); fiat_p521_uint128 x134 = ((uint32_t)(arg1[2]) * (fiat_p521_uint128)((uint32_t)(arg2[16]) * (uint64_t)0x2)); fiat_p521_uint128 x135 = ((uint32_t)(arg1[2]) * (fiat_p521_uint128)((arg2[15]) * (uint64_t)0x2)); fiat_p521_uint128 x136 = ((fiat_p521_uint128)(arg1[1]) * ((uint32_t)(arg2[16]) * (uint64_t)0x2)); fiat_p521_uint128 x137 = ((uint32_t)(arg1[16]) * (fiat_p521_uint128)(arg2[0])); fiat_p521_uint128 x138 = ((fiat_p521_uint128)(arg1[15]) * (arg2[1])); fiat_p521_uint128 x139 = ((fiat_p521_uint128)(arg1[15]) * (arg2[0])); fiat_p521_uint128 x140 = ((uint32_t)(arg1[14]) * (fiat_p521_uint128)((uint32_t)(arg2[2]) * (uint64_t)0x2)); fiat_p521_uint128 x141 = ((uint32_t)(arg1[14]) * (fiat_p521_uint128)((arg2[1]) * (uint64_t)0x2)); fiat_p521_uint128 x142 = ((uint32_t)(arg1[14]) * (fiat_p521_uint128)(arg2[0])); fiat_p521_uint128 x143 = ((fiat_p521_uint128)(arg1[13]) * (arg2[3])); fiat_p521_uint128 x144 = ((fiat_p521_uint128)(arg1[13]) * ((uint32_t)(arg2[2]) * (uint64_t)0x2)); fiat_p521_uint128 x145 = ((fiat_p521_uint128)(arg1[13]) * (arg2[1])); fiat_p521_uint128 x146 = ((fiat_p521_uint128)(arg1[13]) * (arg2[0])); fiat_p521_uint128 x147 = ((fiat_p521_uint128)(arg1[12]) * (arg2[4])); fiat_p521_uint128 x148 = ((fiat_p521_uint128)(arg1[12]) * (arg2[3])); fiat_p521_uint128 x149 = ((fiat_p521_uint128)(arg1[12]) * (uint32_t)(arg2[2])); fiat_p521_uint128 x150 = ((fiat_p521_uint128)(arg1[12]) * (arg2[1])); fiat_p521_uint128 x151 = ((fiat_p521_uint128)(arg1[12]) * (arg2[0])); fiat_p521_uint128 x152 = ((uint32_t)(arg1[11]) * (fiat_p521_uint128)((uint32_t)(arg2[5]) * (uint64_t)0x2)); fiat_p521_uint128 x153 = ((uint32_t)(arg1[11]) * (fiat_p521_uint128)((arg2[4]) * (uint64_t)0x2)); fiat_p521_uint128 x154 = ((uint32_t)(arg1[11]) * (fiat_p521_uint128)(arg2[3])); fiat_p521_uint128 x155 = ((uint32_t)(arg1[11]) * (fiat_p521_uint128)((uint32_t)(arg2[2]) * (uint64_t)0x2)); fiat_p521_uint128 x156 = ((uint32_t)(arg1[11]) * (fiat_p521_uint128)((arg2[1]) * (uint64_t)0x2)); fiat_p521_uint128 x157 = ((uint32_t)(arg1[11]) * (fiat_p521_uint128)(arg2[0])); fiat_p521_uint128 x158 = ((fiat_p521_uint128)(arg1[10]) * (arg2[6])); fiat_p521_uint128 x159 = ((fiat_p521_uint128)(arg1[10]) * ((uint32_t)(arg2[5]) * (uint64_t)0x2)); fiat_p521_uint128 x160 = ((fiat_p521_uint128)(arg1[10]) * (arg2[4])); fiat_p521_uint128 x161 = ((fiat_p521_uint128)(arg1[10]) * (arg2[3])); fiat_p521_uint128 x162 = ((fiat_p521_uint128)(arg1[10]) * ((uint32_t)(arg2[2]) * (uint64_t)0x2)); fiat_p521_uint128 x163 = ((fiat_p521_uint128)(arg1[10]) * (arg2[1])); fiat_p521_uint128 x164 = ((fiat_p521_uint128)(arg1[10]) * (arg2[0])); fiat_p521_uint128 x165 = ((fiat_p521_uint128)(arg1[9]) * (arg2[7])); fiat_p521_uint128 x166 = ((fiat_p521_uint128)(arg1[9]) * (arg2[6])); fiat_p521_uint128 x167 = ((fiat_p521_uint128)(arg1[9]) * (uint32_t)(arg2[5])); fiat_p521_uint128 x168 = ((fiat_p521_uint128)(arg1[9]) * (arg2[4])); fiat_p521_uint128 x169 = ((fiat_p521_uint128)(arg1[9]) * (arg2[3])); fiat_p521_uint128 x170 = ((fiat_p521_uint128)(arg1[9]) * (uint32_t)(arg2[2])); fiat_p521_uint128 x171 = ((fiat_p521_uint128)(arg1[9]) * (arg2[1])); fiat_p521_uint128 x172 = ((fiat_p521_uint128)(arg1[9]) * (arg2[0])); fiat_p521_uint128 x173 = ((uint32_t)(arg1[8]) * (fiat_p521_uint128)((uint32_t)(arg2[8]) * (uint64_t)0x2)); fiat_p521_uint128 x174 = ((uint32_t)(arg1[8]) * (fiat_p521_uint128)((arg2[7]) * (uint64_t)0x2)); fiat_p521_uint128 x175 = ((uint32_t)(arg1[8]) * (fiat_p521_uint128)(arg2[6])); fiat_p521_uint128 x176 = ((uint32_t)(arg1[8]) * (fiat_p521_uint128)((uint32_t)(arg2[5]) * (uint64_t)0x2)); fiat_p521_uint128 x177 = ((uint32_t)(arg1[8]) * (fiat_p521_uint128)((arg2[4]) * (uint64_t)0x2)); fiat_p521_uint128 x178 = ((uint32_t)(arg1[8]) * (fiat_p521_uint128)(arg2[3])); fiat_p521_uint128 x179 = ((uint32_t)(arg1[8]) * (fiat_p521_uint128)((uint32_t)(arg2[2]) * (uint64_t)0x2)); fiat_p521_uint128 x180 = ((uint32_t)(arg1[8]) * (fiat_p521_uint128)((arg2[1]) * (uint64_t)0x2)); fiat_p521_uint128 x181 = ((uint32_t)(arg1[8]) * (fiat_p521_uint128)(arg2[0])); fiat_p521_uint128 x182 = ((fiat_p521_uint128)(arg1[7]) * (arg2[9])); fiat_p521_uint128 x183 = ((fiat_p521_uint128)(arg1[7]) * ((uint32_t)(arg2[8]) * (uint64_t)0x2)); fiat_p521_uint128 x184 = ((fiat_p521_uint128)(arg1[7]) * (arg2[7])); fiat_p521_uint128 x185 = ((fiat_p521_uint128)(arg1[7]) * (arg2[6])); fiat_p521_uint128 x186 = ((fiat_p521_uint128)(arg1[7]) * ((uint32_t)(arg2[5]) * (uint64_t)0x2)); fiat_p521_uint128 x187 = ((fiat_p521_uint128)(arg1[7]) * (arg2[4])); fiat_p521_uint128 x188 = ((fiat_p521_uint128)(arg1[7]) * (arg2[3])); fiat_p521_uint128 x189 = ((fiat_p521_uint128)(arg1[7]) * ((uint32_t)(arg2[2]) * (uint64_t)0x2)); fiat_p521_uint128 x190 = ((fiat_p521_uint128)(arg1[7]) * (arg2[1])); fiat_p521_uint128 x191 = ((fiat_p521_uint128)(arg1[7]) * (arg2[0])); fiat_p521_uint128 x192 = ((fiat_p521_uint128)(arg1[6]) * (arg2[10])); fiat_p521_uint128 x193 = ((fiat_p521_uint128)(arg1[6]) * (arg2[9])); fiat_p521_uint128 x194 = ((fiat_p521_uint128)(arg1[6]) * (uint32_t)(arg2[8])); fiat_p521_uint128 x195 = ((fiat_p521_uint128)(arg1[6]) * (arg2[7])); fiat_p521_uint128 x196 = ((fiat_p521_uint128)(arg1[6]) * (arg2[6])); fiat_p521_uint128 x197 = ((fiat_p521_uint128)(arg1[6]) * (uint32_t)(arg2[5])); fiat_p521_uint128 x198 = ((fiat_p521_uint128)(arg1[6]) * (arg2[4])); fiat_p521_uint128 x199 = ((fiat_p521_uint128)(arg1[6]) * (arg2[3])); fiat_p521_uint128 x200 = ((fiat_p521_uint128)(arg1[6]) * (uint32_t)(arg2[2])); fiat_p521_uint128 x201 = ((fiat_p521_uint128)(arg1[6]) * (arg2[1])); fiat_p521_uint128 x202 = ((fiat_p521_uint128)(arg1[6]) * (arg2[0])); fiat_p521_uint128 x203 = ((uint32_t)(arg1[5]) * (fiat_p521_uint128)((uint32_t)(arg2[11]) * (uint64_t)0x2)); fiat_p521_uint128 x204 = ((uint32_t)(arg1[5]) * (fiat_p521_uint128)((arg2[10]) * (uint64_t)0x2)); fiat_p521_uint128 x205 = ((uint32_t)(arg1[5]) * (fiat_p521_uint128)(arg2[9])); fiat_p521_uint128 x206 = ((uint32_t)(arg1[5]) * (fiat_p521_uint128)((uint32_t)(arg2[8]) * (uint64_t)0x2)); fiat_p521_uint128 x207 = ((uint32_t)(arg1[5]) * (fiat_p521_uint128)((arg2[7]) * (uint64_t)0x2)); fiat_p521_uint128 x208 = ((uint32_t)(arg1[5]) * (fiat_p521_uint128)(arg2[6])); fiat_p521_uint128 x209 = ((uint32_t)(arg1[5]) * (fiat_p521_uint128)((uint32_t)(arg2[5]) * (uint64_t)0x2)); fiat_p521_uint128 x210 = ((uint32_t)(arg1[5]) * (fiat_p521_uint128)((arg2[4]) * (uint64_t)0x2)); fiat_p521_uint128 x211 = ((uint32_t)(arg1[5]) * (fiat_p521_uint128)(arg2[3])); fiat_p521_uint128 x212 = ((uint32_t)(arg1[5]) * (fiat_p521_uint128)((uint32_t)(arg2[2]) * (uint64_t)0x2)); fiat_p521_uint128 x213 = ((uint32_t)(arg1[5]) * (fiat_p521_uint128)((arg2[1]) * (uint64_t)0x2)); fiat_p521_uint128 x214 = ((uint32_t)(arg1[5]) * (fiat_p521_uint128)(arg2[0])); fiat_p521_uint128 x215 = ((fiat_p521_uint128)(arg1[4]) * (arg2[12])); fiat_p521_uint128 x216 = ((fiat_p521_uint128)(arg1[4]) * ((uint32_t)(arg2[11]) * (uint64_t)0x2)); fiat_p521_uint128 x217 = ((fiat_p521_uint128)(arg1[4]) * (arg2[10])); fiat_p521_uint128 x218 = ((fiat_p521_uint128)(arg1[4]) * (arg2[9])); fiat_p521_uint128 x219 = ((fiat_p521_uint128)(arg1[4]) * ((uint32_t)(arg2[8]) * (uint64_t)0x2)); fiat_p521_uint128 x220 = ((fiat_p521_uint128)(arg1[4]) * (arg2[7])); fiat_p521_uint128 x221 = ((fiat_p521_uint128)(arg1[4]) * (arg2[6])); fiat_p521_uint128 x222 = ((fiat_p521_uint128)(arg1[4]) * ((uint32_t)(arg2[5]) * (uint64_t)0x2)); fiat_p521_uint128 x223 = ((fiat_p521_uint128)(arg1[4]) * (arg2[4])); fiat_p521_uint128 x224 = ((fiat_p521_uint128)(arg1[4]) * (arg2[3])); fiat_p521_uint128 x225 = ((fiat_p521_uint128)(arg1[4]) * ((uint32_t)(arg2[2]) * (uint64_t)0x2)); fiat_p521_uint128 x226 = ((fiat_p521_uint128)(arg1[4]) * (arg2[1])); fiat_p521_uint128 x227 = ((fiat_p521_uint128)(arg1[4]) * (arg2[0])); fiat_p521_uint128 x228 = ((fiat_p521_uint128)(arg1[3]) * (arg2[13])); fiat_p521_uint128 x229 = ((fiat_p521_uint128)(arg1[3]) * (arg2[12])); fiat_p521_uint128 x230 = ((fiat_p521_uint128)(arg1[3]) * (uint32_t)(arg2[11])); fiat_p521_uint128 x231 = ((fiat_p521_uint128)(arg1[3]) * (arg2[10])); fiat_p521_uint128 x232 = ((fiat_p521_uint128)(arg1[3]) * (arg2[9])); fiat_p521_uint128 x233 = ((fiat_p521_uint128)(arg1[3]) * (uint32_t)(arg2[8])); fiat_p521_uint128 x234 = ((fiat_p521_uint128)(arg1[3]) * (arg2[7])); fiat_p521_uint128 x235 = ((fiat_p521_uint128)(arg1[3]) * (arg2[6])); fiat_p521_uint128 x236 = ((fiat_p521_uint128)(arg1[3]) * (uint32_t)(arg2[5])); fiat_p521_uint128 x237 = ((fiat_p521_uint128)(arg1[3]) * (arg2[4])); fiat_p521_uint128 x238 = ((fiat_p521_uint128)(arg1[3]) * (arg2[3])); fiat_p521_uint128 x239 = ((fiat_p521_uint128)(arg1[3]) * (uint32_t)(arg2[2])); fiat_p521_uint128 x240 = ((fiat_p521_uint128)(arg1[3]) * (arg2[1])); fiat_p521_uint128 x241 = ((fiat_p521_uint128)(arg1[3]) * (arg2[0])); fiat_p521_uint128 x242 = ((uint32_t)(arg1[2]) * (fiat_p521_uint128)((uint32_t)(arg2[14]) * (uint64_t)0x2)); fiat_p521_uint128 x243 = ((uint32_t)(arg1[2]) * (fiat_p521_uint128)((arg2[13]) * (uint64_t)0x2)); fiat_p521_uint128 x244 = ((uint32_t)(arg1[2]) * (fiat_p521_uint128)(arg2[12])); fiat_p521_uint128 x245 = ((uint32_t)(arg1[2]) * (fiat_p521_uint128)((uint32_t)(arg2[11]) * (uint64_t)0x2)); fiat_p521_uint128 x246 = ((uint32_t)(arg1[2]) * (fiat_p521_uint128)((arg2[10]) * (uint64_t)0x2)); fiat_p521_uint128 x247 = ((uint32_t)(arg1[2]) * (fiat_p521_uint128)(arg2[9])); fiat_p521_uint128 x248 = ((uint32_t)(arg1[2]) * (fiat_p521_uint128)((uint32_t)(arg2[8]) * (uint64_t)0x2)); fiat_p521_uint128 x249 = ((uint32_t)(arg1[2]) * (fiat_p521_uint128)((arg2[7]) * (uint64_t)0x2)); fiat_p521_uint128 x250 = ((uint32_t)(arg1[2]) * (fiat_p521_uint128)(arg2[6])); fiat_p521_uint128 x251 = ((uint32_t)(arg1[2]) * (fiat_p521_uint128)((uint32_t)(arg2[5]) * (uint64_t)0x2)); fiat_p521_uint128 x252 = ((uint32_t)(arg1[2]) * (fiat_p521_uint128)((arg2[4]) * (uint64_t)0x2)); fiat_p521_uint128 x253 = ((uint32_t)(arg1[2]) * (fiat_p521_uint128)(arg2[3])); fiat_p521_uint128 x254 = ((uint32_t)(arg1[2]) * (fiat_p521_uint128)((uint32_t)(arg2[2]) * (uint64_t)0x2)); fiat_p521_uint128 x255 = ((uint32_t)(arg1[2]) * (fiat_p521_uint128)((arg2[1]) * (uint64_t)0x2)); fiat_p521_uint128 x256 = ((uint32_t)(arg1[2]) * (fiat_p521_uint128)(arg2[0])); fiat_p521_uint128 x257 = ((fiat_p521_uint128)(arg1[1]) * (arg2[15])); fiat_p521_uint128 x258 = ((fiat_p521_uint128)(arg1[1]) * ((uint32_t)(arg2[14]) * (uint64_t)0x2)); fiat_p521_uint128 x259 = ((fiat_p521_uint128)(arg1[1]) * (arg2[13])); fiat_p521_uint128 x260 = ((fiat_p521_uint128)(arg1[1]) * (arg2[12])); fiat_p521_uint128 x261 = ((fiat_p521_uint128)(arg1[1]) * ((uint32_t)(arg2[11]) * (uint64_t)0x2)); fiat_p521_uint128 x262 = ((fiat_p521_uint128)(arg1[1]) * (arg2[10])); fiat_p521_uint128 x263 = ((fiat_p521_uint128)(arg1[1]) * (arg2[9])); fiat_p521_uint128 x264 = ((fiat_p521_uint128)(arg1[1]) * ((uint32_t)(arg2[8]) * (uint64_t)0x2)); fiat_p521_uint128 x265 = ((fiat_p521_uint128)(arg1[1]) * (arg2[7])); fiat_p521_uint128 x266 = ((fiat_p521_uint128)(arg1[1]) * (arg2[6])); fiat_p521_uint128 x267 = ((fiat_p521_uint128)(arg1[1]) * ((uint32_t)(arg2[5]) * (uint64_t)0x2)); fiat_p521_uint128 x268 = ((fiat_p521_uint128)(arg1[1]) * (arg2[4])); fiat_p521_uint128 x269 = ((fiat_p521_uint128)(arg1[1]) * (arg2[3])); fiat_p521_uint128 x270 = ((fiat_p521_uint128)(arg1[1]) * ((uint32_t)(arg2[2]) * (uint64_t)0x2)); fiat_p521_uint128 x271 = ((fiat_p521_uint128)(arg1[1]) * (arg2[1])); fiat_p521_uint128 x272 = ((fiat_p521_uint128)(arg1[1]) * (arg2[0])); fiat_p521_uint128 x273 = ((fiat_p521_uint128)(arg1[0]) * (uint32_t)(arg2[16])); fiat_p521_uint128 x274 = ((fiat_p521_uint128)(arg1[0]) * (arg2[15])); fiat_p521_uint128 x275 = ((fiat_p521_uint128)(arg1[0]) * (uint32_t)(arg2[14])); fiat_p521_uint128 x276 = ((fiat_p521_uint128)(arg1[0]) * (arg2[13])); fiat_p521_uint128 x277 = ((fiat_p521_uint128)(arg1[0]) * (arg2[12])); fiat_p521_uint128 x278 = ((fiat_p521_uint128)(arg1[0]) * (uint32_t)(arg2[11])); fiat_p521_uint128 x279 = ((fiat_p521_uint128)(arg1[0]) * (arg2[10])); fiat_p521_uint128 x280 = ((fiat_p521_uint128)(arg1[0]) * (arg2[9])); fiat_p521_uint128 x281 = ((fiat_p521_uint128)(arg1[0]) * (uint32_t)(arg2[8])); fiat_p521_uint128 x282 = ((fiat_p521_uint128)(arg1[0]) * (arg2[7])); fiat_p521_uint128 x283 = ((fiat_p521_uint128)(arg1[0]) * (arg2[6])); fiat_p521_uint128 x284 = ((fiat_p521_uint128)(arg1[0]) * (uint32_t)(arg2[5])); fiat_p521_uint128 x285 = ((fiat_p521_uint128)(arg1[0]) * (arg2[4])); fiat_p521_uint128 x286 = ((fiat_p521_uint128)(arg1[0]) * (arg2[3])); fiat_p521_uint128 x287 = ((fiat_p521_uint128)(arg1[0]) * (uint32_t)(arg2[2])); fiat_p521_uint128 x288 = ((fiat_p521_uint128)(arg1[0]) * (arg2[1])); fiat_p521_uint128 x289 = ((fiat_p521_uint128)(arg1[0]) * (arg2[0])); fiat_p521_uint128 x290 = (x289 + (x136 + (x135 + (x133 + (x130 + (x126 + (x121 + (x115 + (x108 + (x100 + (x91 + (x81 + (x70 + (x58 + (x45 + (x31 + x16)))))))))))))))); uint64_t x291 = (uint64_t)(x290 >> 31); uint32_t x292 = (uint32_t)(x290 & UINT32_C(0x7fffffff)); fiat_p521_uint128 x293 = (x273 + (x257 + (x242 + (x228 + (x215 + (x203 + (x192 + (x182 + (x173 + (x165 + (x158 + (x152 + (x147 + (x143 + (x140 + (x138 + x137)))))))))))))))); fiat_p521_uint128 x294 = (x274 + (x258 + (x243 + (x229 + (x216 + (x204 + (x193 + (x183 + (x174 + (x166 + (x159 + (x153 + (x148 + (x144 + (x141 + (x139 + x1)))))))))))))))); fiat_p521_uint128 x295 = (x275 + (x259 + (x244 + (x230 + (x217 + (x205 + (x194 + (x184 + (x175 + (x167 + (x160 + (x154 + (x149 + (x145 + (x142 + (x17 + x2)))))))))))))))); fiat_p521_uint128 x296 = (x276 + (x260 + (x245 + (x231 + (x218 + (x206 + (x195 + (x185 + (x176 + (x168 + (x161 + (x155 + (x150 + (x146 + (x32 + (x18 + x3)))))))))))))))); fiat_p521_uint128 x297 = (x277 + (x261 + (x246 + (x232 + (x219 + (x207 + (x196 + (x186 + (x177 + (x169 + (x162 + (x156 + (x151 + (x46 + (x33 + (x19 + x4)))))))))))))))); fiat_p521_uint128 x298 = (x278 + (x262 + (x247 + (x233 + (x220 + (x208 + (x197 + (x187 + (x178 + (x170 + (x163 + (x157 + (x59 + (x47 + (x34 + (x20 + x5)))))))))))))))); fiat_p521_uint128 x299 = (x279 + (x263 + (x248 + (x234 + (x221 + (x209 + (x198 + (x188 + (x179 + (x171 + (x164 + (x71 + (x60 + (x48 + (x35 + (x21 + x6)))))))))))))))); fiat_p521_uint128 x300 = (x280 + (x264 + (x249 + (x235 + (x222 + (x210 + (x199 + (x189 + (x180 + (x172 + (x82 + (x72 + (x61 + (x49 + (x36 + (x22 + x7)))))))))))))))); fiat_p521_uint128 x301 = (x281 + (x265 + (x250 + (x236 + (x223 + (x211 + (x200 + (x190 + (x181 + (x92 + (x83 + (x73 + (x62 + (x50 + (x37 + (x23 + x8)))))))))))))))); fiat_p521_uint128 x302 = (x282 + (x266 + (x251 + (x237 + (x224 + (x212 + (x201 + (x191 + (x101 + (x93 + (x84 + (x74 + (x63 + (x51 + (x38 + (x24 + x9)))))))))))))))); fiat_p521_uint128 x303 = (x283 + (x267 + (x252 + (x238 + (x225 + (x213 + (x202 + (x109 + (x102 + (x94 + (x85 + (x75 + (x64 + (x52 + (x39 + (x25 + x10)))))))))))))))); fiat_p521_uint128 x304 = (x284 + (x268 + (x253 + (x239 + (x226 + (x214 + (x116 + (x110 + (x103 + (x95 + (x86 + (x76 + (x65 + (x53 + (x40 + (x26 + x11)))))))))))))))); fiat_p521_uint128 x305 = (x285 + (x269 + (x254 + (x240 + (x227 + (x122 + (x117 + (x111 + (x104 + (x96 + (x87 + (x77 + (x66 + (x54 + (x41 + (x27 + x12)))))))))))))))); fiat_p521_uint128 x306 = (x286 + (x270 + (x255 + (x241 + (x127 + (x123 + (x118 + (x112 + (x105 + (x97 + (x88 + (x78 + (x67 + (x55 + (x42 + (x28 + x13)))))))))))))))); fiat_p521_uint128 x307 = (x287 + (x271 + (x256 + (x131 + (x128 + (x124 + (x119 + (x113 + (x106 + (x98 + (x89 + (x79 + (x68 + (x56 + (x43 + (x29 + x14)))))))))))))))); fiat_p521_uint128 x308 = (x288 + (x272 + (x134 + (x132 + (x129 + (x125 + (x120 + (x114 + (x107 + (x99 + (x90 + (x80 + (x69 + (x57 + (x44 + (x30 + x15)))))))))))))))); fiat_p521_uint128 x309 = (x291 + x308); uint64_t x310 = (uint64_t)(x309 >> 31); uint32_t x311 = (uint32_t)(x309 & UINT32_C(0x7fffffff)); fiat_p521_uint128 x312 = (x310 + x307); uint64_t x313 = (uint64_t)(x312 >> 30); uint32_t x314 = (uint32_t)(x312 & UINT32_C(0x3fffffff)); fiat_p521_uint128 x315 = (x313 + x306); uint64_t x316 = (uint64_t)(x315 >> 31); uint32_t x317 = (uint32_t)(x315 & UINT32_C(0x7fffffff)); fiat_p521_uint128 x318 = (x316 + x305); uint64_t x319 = (uint64_t)(x318 >> 31); uint32_t x320 = (uint32_t)(x318 & UINT32_C(0x7fffffff)); fiat_p521_uint128 x321 = (x319 + x304); uint64_t x322 = (uint64_t)(x321 >> 30); uint32_t x323 = (uint32_t)(x321 & UINT32_C(0x3fffffff)); fiat_p521_uint128 x324 = (x322 + x303); uint64_t x325 = (uint64_t)(x324 >> 31); uint32_t x326 = (uint32_t)(x324 & UINT32_C(0x7fffffff)); fiat_p521_uint128 x327 = (x325 + x302); uint64_t x328 = (uint64_t)(x327 >> 31); uint32_t x329 = (uint32_t)(x327 & UINT32_C(0x7fffffff)); fiat_p521_uint128 x330 = (x328 + x301); uint64_t x331 = (uint64_t)(x330 >> 30); uint32_t x332 = (uint32_t)(x330 & UINT32_C(0x3fffffff)); fiat_p521_uint128 x333 = (x331 + x300); uint64_t x334 = (uint64_t)(x333 >> 31); uint32_t x335 = (uint32_t)(x333 & UINT32_C(0x7fffffff)); fiat_p521_uint128 x336 = (x334 + x299); uint64_t x337 = (uint64_t)(x336 >> 31); uint32_t x338 = (uint32_t)(x336 & UINT32_C(0x7fffffff)); fiat_p521_uint128 x339 = (x337 + x298); uint64_t x340 = (uint64_t)(x339 >> 30); uint32_t x341 = (uint32_t)(x339 & UINT32_C(0x3fffffff)); fiat_p521_uint128 x342 = (x340 + x297); uint64_t x343 = (uint64_t)(x342 >> 31); uint32_t x344 = (uint32_t)(x342 & UINT32_C(0x7fffffff)); fiat_p521_uint128 x345 = (x343 + x296); uint64_t x346 = (uint64_t)(x345 >> 31); uint32_t x347 = (uint32_t)(x345 & UINT32_C(0x7fffffff)); fiat_p521_uint128 x348 = (x346 + x295); uint64_t x349 = (uint64_t)(x348 >> 30); uint32_t x350 = (uint32_t)(x348 & UINT32_C(0x3fffffff)); fiat_p521_uint128 x351 = (x349 + x294); uint64_t x352 = (uint64_t)(x351 >> 31); uint32_t x353 = (uint32_t)(x351 & UINT32_C(0x7fffffff)); fiat_p521_uint128 x354 = (x352 + x293); uint64_t x355 = (uint64_t)(x354 >> 30); uint32_t x356 = (uint32_t)(x354 & UINT32_C(0x3fffffff)); uint64_t x357 = (x292 + x355); uint32_t x358 = (uint32_t)(x357 >> 31); uint32_t x359 = (uint32_t)(x357 & UINT32_C(0x7fffffff)); uint32_t x360 = (x358 + x311); uint32_t x361 = (x360 >> 31); uint32_t x362 = (x360 & UINT32_C(0x7fffffff)); uint32_t x363 = (x361 + x314); out1[0] = x359; out1[1] = x362; out1[2] = x363; out1[3] = x317; out1[4] = x320; out1[5] = x323; out1[6] = x326; out1[7] = x329; out1[8] = x332; out1[9] = x335; out1[10] = x338; out1[11] = x341; out1[12] = x344; out1[13] = x347; out1[14] = x350; out1[15] = x353; out1[16] = x356; } /* * The function fiat_p521_carry_square squares a field element and reduces the result. * Postconditions: * eval out1 mod m = (eval arg1 * eval arg1) mod m * * Input Bounds: * arg1: [[0x0 ~> 0x1a6666664], [0x0 ~> 0x1a6666664], [0x0 ~> 0xd3333332], [0x0 ~> 0x1a6666664], [0x0 ~> 0x1a6666664], [0x0 ~> 0xd3333332], [0x0 ~> 0x1a6666664], [0x0 ~> 0x1a6666664], [0x0 ~> 0xd3333332], [0x0 ~> 0x1a6666664], [0x0 ~> 0x1a6666664], [0x0 ~> 0xd3333332], [0x0 ~> 0x1a6666664], [0x0 ~> 0x1a6666664], [0x0 ~> 0xd3333332], [0x0 ~> 0x1a6666664], [0x0 ~> 0xd3333332]] * Output Bounds: * out1: [[0x0 ~> 0x8ccccccc], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x46666666], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x46666666], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x46666666], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x46666666], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x46666666], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x46666666]] */ static void fiat_p521_carry_square(uint32_t out1[17], const uint64_t arg1[17]) { uint32_t x1 = (uint32_t)(arg1[16]); uint64_t x2 = (x1 * (uint64_t)0x2); uint64_t x3 = ((uint32_t)(arg1[16]) * (uint64_t)0x2); uint64_t x4 = (arg1[15]); uint64_t x5 = (x4 * (uint64_t)0x2); uint64_t x6 = ((arg1[15]) * (uint64_t)0x2); uint32_t x7 = (uint32_t)(arg1[14]); uint64_t x8 = (x7 * (uint64_t)0x2); uint64_t x9 = ((uint32_t)(arg1[14]) * (uint64_t)0x2); uint64_t x10 = (arg1[13]); uint64_t x11 = (x10 * (uint64_t)0x2); uint64_t x12 = ((arg1[13]) * (uint64_t)0x2); uint64_t x13 = (arg1[12]); uint64_t x14 = (x13 * (uint64_t)0x2); uint64_t x15 = ((arg1[12]) * (uint64_t)0x2); uint32_t x16 = (uint32_t)(arg1[11]); uint64_t x17 = (x16 * (uint64_t)0x2); uint64_t x18 = ((uint32_t)(arg1[11]) * (uint64_t)0x2); uint64_t x19 = (arg1[10]); uint64_t x20 = (x19 * (uint64_t)0x2); uint64_t x21 = ((arg1[10]) * (uint64_t)0x2); uint64_t x22 = (arg1[9]); uint64_t x23 = (x22 * (uint64_t)0x2); uint64_t x24 = ((arg1[9]) * (uint64_t)0x2); uint64_t x25 = ((uint32_t)(arg1[8]) * (uint64_t)0x2); uint64_t x26 = ((arg1[7]) * (uint64_t)0x2); uint64_t x27 = ((arg1[6]) * (uint64_t)0x2); uint64_t x28 = ((uint32_t)(arg1[5]) * (uint64_t)0x2); uint64_t x29 = ((arg1[4]) * (uint64_t)0x2); uint64_t x30 = ((arg1[3]) * (uint64_t)0x2); uint64_t x31 = ((uint32_t)(arg1[2]) * (uint64_t)0x2); uint64_t x32 = ((arg1[1]) * (uint64_t)0x2); fiat_p521_uint128 x33 = ((uint32_t)(arg1[16]) * (fiat_p521_uint128)(x1 * (uint64_t)0x2)); fiat_p521_uint128 x34 = ((fiat_p521_uint128)(arg1[15]) * x2); fiat_p521_uint128 x35 = ((fiat_p521_uint128)(arg1[15]) * x4); fiat_p521_uint128 x36 = ((uint32_t)(arg1[14]) * (fiat_p521_uint128)(x2 * (uint64_t)0x2)); fiat_p521_uint128 x37 = ((uint32_t)(arg1[14]) * (fiat_p521_uint128)(x5 * (uint64_t)0x2)); fiat_p521_uint128 x38 = ((uint32_t)(arg1[14]) * (fiat_p521_uint128)(x7 * (uint64_t)0x2)); fiat_p521_uint128 x39 = ((fiat_p521_uint128)(arg1[13]) * (x2 * (uint64_t)0x2)); fiat_p521_uint128 x40 = ((fiat_p521_uint128)(arg1[13]) * x5); fiat_p521_uint128 x41 = ((fiat_p521_uint128)(arg1[13]) * (x8 * (uint64_t)0x2)); fiat_p521_uint128 x42 = ((fiat_p521_uint128)(arg1[13]) * (x10 * (uint64_t)0x2)); fiat_p521_uint128 x43 = ((fiat_p521_uint128)(arg1[12]) * x2); fiat_p521_uint128 x44 = ((fiat_p521_uint128)(arg1[12]) * x5); fiat_p521_uint128 x45 = ((fiat_p521_uint128)(arg1[12]) * (x8 * (uint64_t)0x2)); fiat_p521_uint128 x46 = ((fiat_p521_uint128)(arg1[12]) * x11); fiat_p521_uint128 x47 = ((fiat_p521_uint128)(arg1[12]) * x13); fiat_p521_uint128 x48 = ((uint32_t)(arg1[11]) * (fiat_p521_uint128)(x2 * (uint64_t)0x2)); fiat_p521_uint128 x49 = ((uint32_t)(arg1[11]) * (fiat_p521_uint128)(x5 * (uint64_t)0x2)); fiat_p521_uint128 x50 = ((uint32_t)(arg1[11]) * (fiat_p521_uint128)(x8 * (uint64_t)0x2)); fiat_p521_uint128 x51 = ((uint32_t)(arg1[11]) * (fiat_p521_uint128)(x11 * (uint64_t)0x2)); fiat_p521_uint128 x52 = ((uint32_t)(arg1[11]) * (fiat_p521_uint128)(x14 * (uint64_t)0x2)); fiat_p521_uint128 x53 = ((uint32_t)(arg1[11]) * (fiat_p521_uint128)(x16 * (uint64_t)0x2)); fiat_p521_uint128 x54 = ((fiat_p521_uint128)(arg1[10]) * (x2 * (uint64_t)0x2)); fiat_p521_uint128 x55 = ((fiat_p521_uint128)(arg1[10]) * x5); fiat_p521_uint128 x56 = ((fiat_p521_uint128)(arg1[10]) * (x8 * (uint64_t)0x2)); fiat_p521_uint128 x57 = ((fiat_p521_uint128)(arg1[10]) * (x11 * (uint64_t)0x2)); fiat_p521_uint128 x58 = ((fiat_p521_uint128)(arg1[10]) * x14); fiat_p521_uint128 x59 = ((fiat_p521_uint128)(arg1[10]) * (x17 * (uint64_t)0x2)); fiat_p521_uint128 x60 = ((fiat_p521_uint128)(arg1[10]) * (x19 * (uint64_t)0x2)); fiat_p521_uint128 x61 = ((fiat_p521_uint128)(arg1[9]) * x2); fiat_p521_uint128 x62 = ((fiat_p521_uint128)(arg1[9]) * x5); fiat_p521_uint128 x63 = ((fiat_p521_uint128)(arg1[9]) * (x8 * (uint64_t)0x2)); fiat_p521_uint128 x64 = ((fiat_p521_uint128)(arg1[9]) * x11); fiat_p521_uint128 x65 = ((fiat_p521_uint128)(arg1[9]) * x14); fiat_p521_uint128 x66 = ((fiat_p521_uint128)(arg1[9]) * (x17 * (uint64_t)0x2)); fiat_p521_uint128 x67 = ((fiat_p521_uint128)(arg1[9]) * x20); fiat_p521_uint128 x68 = ((fiat_p521_uint128)(arg1[9]) * x22); fiat_p521_uint128 x69 = ((uint32_t)(arg1[8]) * (fiat_p521_uint128)(x2 * (uint64_t)0x2)); fiat_p521_uint128 x70 = ((uint32_t)(arg1[8]) * (fiat_p521_uint128)(x5 * (uint64_t)0x2)); fiat_p521_uint128 x71 = ((uint32_t)(arg1[8]) * (fiat_p521_uint128)(x8 * (uint64_t)0x2)); fiat_p521_uint128 x72 = ((uint32_t)(arg1[8]) * (fiat_p521_uint128)(x11 * (uint64_t)0x2)); fiat_p521_uint128 x73 = ((uint32_t)(arg1[8]) * (fiat_p521_uint128)(x14 * (uint64_t)0x2)); fiat_p521_uint128 x74 = ((uint32_t)(arg1[8]) * (fiat_p521_uint128)(x17 * (uint64_t)0x2)); fiat_p521_uint128 x75 = ((uint32_t)(arg1[8]) * (fiat_p521_uint128)(x20 * (uint64_t)0x2)); fiat_p521_uint128 x76 = ((uint32_t)(arg1[8]) * (fiat_p521_uint128)(x23 * (uint64_t)0x2)); fiat_p521_uint128 x77 = ((uint32_t)(arg1[8]) * (fiat_p521_uint128)((uint32_t)(arg1[8]) * (uint64_t)0x2)); fiat_p521_uint128 x78 = ((fiat_p521_uint128)(arg1[7]) * (x2 * (uint64_t)0x2)); fiat_p521_uint128 x79 = ((fiat_p521_uint128)(arg1[7]) * x5); fiat_p521_uint128 x80 = ((fiat_p521_uint128)(arg1[7]) * (x8 * (uint64_t)0x2)); fiat_p521_uint128 x81 = ((fiat_p521_uint128)(arg1[7]) * (x11 * (uint64_t)0x2)); fiat_p521_uint128 x82 = ((fiat_p521_uint128)(arg1[7]) * x14); fiat_p521_uint128 x83 = ((fiat_p521_uint128)(arg1[7]) * (x17 * (uint64_t)0x2)); fiat_p521_uint128 x84 = ((fiat_p521_uint128)(arg1[7]) * (x20 * (uint64_t)0x2)); fiat_p521_uint128 x85 = ((fiat_p521_uint128)(arg1[7]) * x24); fiat_p521_uint128 x86 = ((fiat_p521_uint128)(arg1[7]) * (x25 * (uint64_t)0x2)); fiat_p521_uint128 x87 = ((fiat_p521_uint128)(arg1[7]) * (arg1[7])); fiat_p521_uint128 x88 = ((fiat_p521_uint128)(arg1[6]) * x2); fiat_p521_uint128 x89 = ((fiat_p521_uint128)(arg1[6]) * x5); fiat_p521_uint128 x90 = ((fiat_p521_uint128)(arg1[6]) * (x8 * (uint64_t)0x2)); fiat_p521_uint128 x91 = ((fiat_p521_uint128)(arg1[6]) * x11); fiat_p521_uint128 x92 = ((fiat_p521_uint128)(arg1[6]) * x14); fiat_p521_uint128 x93 = ((fiat_p521_uint128)(arg1[6]) * (x17 * (uint64_t)0x2)); fiat_p521_uint128 x94 = ((fiat_p521_uint128)(arg1[6]) * x21); fiat_p521_uint128 x95 = ((fiat_p521_uint128)(arg1[6]) * x24); fiat_p521_uint128 x96 = ((fiat_p521_uint128)(arg1[6]) * x25); fiat_p521_uint128 x97 = ((fiat_p521_uint128)(arg1[6]) * x26); fiat_p521_uint128 x98 = ((fiat_p521_uint128)(arg1[6]) * (arg1[6])); fiat_p521_uint128 x99 = ((uint32_t)(arg1[5]) * (fiat_p521_uint128)(x2 * (uint64_t)0x2)); fiat_p521_uint128 x100 = ((uint32_t)(arg1[5]) * (fiat_p521_uint128)(x5 * (uint64_t)0x2)); fiat_p521_uint128 x101 = ((uint32_t)(arg1[5]) * (fiat_p521_uint128)(x8 * (uint64_t)0x2)); fiat_p521_uint128 x102 = ((uint32_t)(arg1[5]) * (fiat_p521_uint128)(x11 * (uint64_t)0x2)); fiat_p521_uint128 x103 = ((uint32_t)(arg1[5]) * (fiat_p521_uint128)(x14 * (uint64_t)0x2)); fiat_p521_uint128 x104 = ((uint32_t)(arg1[5]) * (fiat_p521_uint128)(x18 * (uint64_t)0x2)); fiat_p521_uint128 x105 = ((uint32_t)(arg1[5]) * (fiat_p521_uint128)(x21 * (uint64_t)0x2)); fiat_p521_uint128 x106 = ((uint32_t)(arg1[5]) * (fiat_p521_uint128)x24); fiat_p521_uint128 x107 = ((uint32_t)(arg1[5]) * (fiat_p521_uint128)(x25 * (uint64_t)0x2)); fiat_p521_uint128 x108 = ((uint32_t)(arg1[5]) * (fiat_p521_uint128)(x26 * (uint64_t)0x2)); fiat_p521_uint128 x109 = ((uint32_t)(arg1[5]) * (fiat_p521_uint128)x27); fiat_p521_uint128 x110 = ((uint32_t)(arg1[5]) * (fiat_p521_uint128)((uint32_t)(arg1[5]) * (uint64_t)0x2)); fiat_p521_uint128 x111 = ((fiat_p521_uint128)(arg1[4]) * (x2 * (uint64_t)0x2)); fiat_p521_uint128 x112 = ((fiat_p521_uint128)(arg1[4]) * x5); fiat_p521_uint128 x113 = ((fiat_p521_uint128)(arg1[4]) * (x8 * (uint64_t)0x2)); fiat_p521_uint128 x114 = ((fiat_p521_uint128)(arg1[4]) * (x11 * (uint64_t)0x2)); fiat_p521_uint128 x115 = ((fiat_p521_uint128)(arg1[4]) * x15); fiat_p521_uint128 x116 = ((fiat_p521_uint128)(arg1[4]) * (x18 * (uint64_t)0x2)); fiat_p521_uint128 x117 = ((fiat_p521_uint128)(arg1[4]) * x21); fiat_p521_uint128 x118 = ((fiat_p521_uint128)(arg1[4]) * x24); fiat_p521_uint128 x119 = ((fiat_p521_uint128)(arg1[4]) * (x25 * (uint64_t)0x2)); fiat_p521_uint128 x120 = ((fiat_p521_uint128)(arg1[4]) * x26); fiat_p521_uint128 x121 = ((fiat_p521_uint128)(arg1[4]) * x27); fiat_p521_uint128 x122 = ((fiat_p521_uint128)(arg1[4]) * (x28 * (uint64_t)0x2)); fiat_p521_uint128 x123 = ((fiat_p521_uint128)(arg1[4]) * (arg1[4])); fiat_p521_uint128 x124 = ((fiat_p521_uint128)(arg1[3]) * x2); fiat_p521_uint128 x125 = ((fiat_p521_uint128)(arg1[3]) * x5); fiat_p521_uint128 x126 = ((fiat_p521_uint128)(arg1[3]) * (x8 * (uint64_t)0x2)); fiat_p521_uint128 x127 = ((fiat_p521_uint128)(arg1[3]) * x12); fiat_p521_uint128 x128 = ((fiat_p521_uint128)(arg1[3]) * x15); fiat_p521_uint128 x129 = ((fiat_p521_uint128)(arg1[3]) * x18); fiat_p521_uint128 x130 = ((fiat_p521_uint128)(arg1[3]) * x21); fiat_p521_uint128 x131 = ((fiat_p521_uint128)(arg1[3]) * x24); fiat_p521_uint128 x132 = ((fiat_p521_uint128)(arg1[3]) * x25); fiat_p521_uint128 x133 = ((fiat_p521_uint128)(arg1[3]) * x26); fiat_p521_uint128 x134 = ((fiat_p521_uint128)(arg1[3]) * x27); fiat_p521_uint128 x135 = ((fiat_p521_uint128)(arg1[3]) * x28); fiat_p521_uint128 x136 = ((fiat_p521_uint128)(arg1[3]) * x29); fiat_p521_uint128 x137 = ((fiat_p521_uint128)(arg1[3]) * (arg1[3])); fiat_p521_uint128 x138 = ((uint32_t)(arg1[2]) * (fiat_p521_uint128)(x2 * (uint64_t)0x2)); fiat_p521_uint128 x139 = ((uint32_t)(arg1[2]) * (fiat_p521_uint128)(x5 * (uint64_t)0x2)); fiat_p521_uint128 x140 = ((uint32_t)(arg1[2]) * (fiat_p521_uint128)(x9 * (uint64_t)0x2)); fiat_p521_uint128 x141 = ((uint32_t)(arg1[2]) * (fiat_p521_uint128)(x12 * (uint64_t)0x2)); fiat_p521_uint128 x142 = ((uint32_t)(arg1[2]) * (fiat_p521_uint128)x15); fiat_p521_uint128 x143 = ((uint32_t)(arg1[2]) * (fiat_p521_uint128)(x18 * (uint64_t)0x2)); fiat_p521_uint128 x144 = ((uint32_t)(arg1[2]) * (fiat_p521_uint128)(x21 * (uint64_t)0x2)); fiat_p521_uint128 x145 = ((uint32_t)(arg1[2]) * (fiat_p521_uint128)x24); fiat_p521_uint128 x146 = ((uint32_t)(arg1[2]) * (fiat_p521_uint128)(x25 * (uint64_t)0x2)); fiat_p521_uint128 x147 = ((uint32_t)(arg1[2]) * (fiat_p521_uint128)(x26 * (uint64_t)0x2)); fiat_p521_uint128 x148 = ((uint32_t)(arg1[2]) * (fiat_p521_uint128)x27); fiat_p521_uint128 x149 = ((uint32_t)(arg1[2]) * (fiat_p521_uint128)(x28 * (uint64_t)0x2)); fiat_p521_uint128 x150 = ((uint32_t)(arg1[2]) * (fiat_p521_uint128)(x29 * (uint64_t)0x2)); fiat_p521_uint128 x151 = ((uint32_t)(arg1[2]) * (fiat_p521_uint128)x30); fiat_p521_uint128 x152 = ((uint32_t)(arg1[2]) * (fiat_p521_uint128)((uint32_t)(arg1[2]) * (uint64_t)0x2)); fiat_p521_uint128 x153 = ((fiat_p521_uint128)(arg1[1]) * (x2 * (uint64_t)0x2)); fiat_p521_uint128 x154 = ((fiat_p521_uint128)(arg1[1]) * x6); fiat_p521_uint128 x155 = ((fiat_p521_uint128)(arg1[1]) * (x9 * (uint64_t)0x2)); fiat_p521_uint128 x156 = ((fiat_p521_uint128)(arg1[1]) * x12); fiat_p521_uint128 x157 = ((fiat_p521_uint128)(arg1[1]) * x15); fiat_p521_uint128 x158 = ((fiat_p521_uint128)(arg1[1]) * (x18 * (uint64_t)0x2)); fiat_p521_uint128 x159 = ((fiat_p521_uint128)(arg1[1]) * x21); fiat_p521_uint128 x160 = ((fiat_p521_uint128)(arg1[1]) * x24); fiat_p521_uint128 x161 = ((fiat_p521_uint128)(arg1[1]) * (x25 * (uint64_t)0x2)); fiat_p521_uint128 x162 = ((fiat_p521_uint128)(arg1[1]) * x26); fiat_p521_uint128 x163 = ((fiat_p521_uint128)(arg1[1]) * x27); fiat_p521_uint128 x164 = ((fiat_p521_uint128)(arg1[1]) * (x28 * (uint64_t)0x2)); fiat_p521_uint128 x165 = ((fiat_p521_uint128)(arg1[1]) * x29); fiat_p521_uint128 x166 = ((fiat_p521_uint128)(arg1[1]) * x30); fiat_p521_uint128 x167 = ((fiat_p521_uint128)(arg1[1]) * (x31 * (uint64_t)0x2)); fiat_p521_uint128 x168 = ((fiat_p521_uint128)(arg1[1]) * (arg1[1])); fiat_p521_uint128 x169 = ((fiat_p521_uint128)(arg1[0]) * x3); fiat_p521_uint128 x170 = ((fiat_p521_uint128)(arg1[0]) * x6); fiat_p521_uint128 x171 = ((fiat_p521_uint128)(arg1[0]) * x9); fiat_p521_uint128 x172 = ((fiat_p521_uint128)(arg1[0]) * x12); fiat_p521_uint128 x173 = ((fiat_p521_uint128)(arg1[0]) * x15); fiat_p521_uint128 x174 = ((fiat_p521_uint128)(arg1[0]) * x18); fiat_p521_uint128 x175 = ((fiat_p521_uint128)(arg1[0]) * x21); fiat_p521_uint128 x176 = ((fiat_p521_uint128)(arg1[0]) * x24); fiat_p521_uint128 x177 = ((fiat_p521_uint128)(arg1[0]) * x25); fiat_p521_uint128 x178 = ((fiat_p521_uint128)(arg1[0]) * x26); fiat_p521_uint128 x179 = ((fiat_p521_uint128)(arg1[0]) * x27); fiat_p521_uint128 x180 = ((fiat_p521_uint128)(arg1[0]) * x28); fiat_p521_uint128 x181 = ((fiat_p521_uint128)(arg1[0]) * x29); fiat_p521_uint128 x182 = ((fiat_p521_uint128)(arg1[0]) * x30); fiat_p521_uint128 x183 = ((fiat_p521_uint128)(arg1[0]) * x31); fiat_p521_uint128 x184 = ((fiat_p521_uint128)(arg1[0]) * x32); fiat_p521_uint128 x185 = ((fiat_p521_uint128)(arg1[0]) * (arg1[0])); fiat_p521_uint128 x186 = (x185 + (x153 + (x139 + (x126 + (x114 + (x103 + (x93 + (x84 + x76)))))))); uint64_t x187 = (uint64_t)(x186 >> 31); uint32_t x188 = (uint32_t)(x186 & UINT32_C(0x7fffffff)); fiat_p521_uint128 x189 = (x169 + (x154 + (x140 + (x127 + (x115 + (x104 + (x94 + (x85 + x77)))))))); fiat_p521_uint128 x190 = (x170 + (x155 + (x141 + (x128 + (x116 + (x105 + (x95 + (x86 + x33)))))))); fiat_p521_uint128 x191 = (x171 + (x156 + (x142 + (x129 + (x117 + (x106 + (x96 + (x87 + x34)))))))); fiat_p521_uint128 x192 = (x172 + (x157 + (x143 + (x130 + (x118 + (x107 + (x97 + (x36 + x35)))))))); fiat_p521_uint128 x193 = (x173 + (x158 + (x144 + (x131 + (x119 + (x108 + (x98 + (x39 + x37)))))))); fiat_p521_uint128 x194 = (x174 + (x159 + (x145 + (x132 + (x120 + (x109 + (x43 + (x40 + x38)))))))); fiat_p521_uint128 x195 = (x175 + (x160 + (x146 + (x133 + (x121 + (x110 + (x48 + (x44 + x41)))))))); fiat_p521_uint128 x196 = (x176 + (x161 + (x147 + (x134 + (x122 + (x54 + (x49 + (x45 + x42)))))))); fiat_p521_uint128 x197 = (x177 + (x162 + (x148 + (x135 + (x123 + (x61 + (x55 + (x50 + x46)))))))); fiat_p521_uint128 x198 = (x178 + (x163 + (x149 + (x136 + (x69 + (x62 + (x56 + (x51 + x47)))))))); fiat_p521_uint128 x199 = (x179 + (x164 + (x150 + (x137 + (x78 + (x70 + (x63 + (x57 + x52)))))))); fiat_p521_uint128 x200 = (x180 + (x165 + (x151 + (x88 + (x79 + (x71 + (x64 + (x58 + x53)))))))); fiat_p521_uint128 x201 = (x181 + (x166 + (x152 + (x99 + (x89 + (x80 + (x72 + (x65 + x59)))))))); fiat_p521_uint128 x202 = (x182 + (x167 + (x111 + (x100 + (x90 + (x81 + (x73 + (x66 + x60)))))))); fiat_p521_uint128 x203 = (x183 + (x168 + (x124 + (x112 + (x101 + (x91 + (x82 + (x74 + x67)))))))); fiat_p521_uint128 x204 = (x184 + (x138 + (x125 + (x113 + (x102 + (x92 + (x83 + (x75 + x68)))))))); fiat_p521_uint128 x205 = (x187 + x204); uint64_t x206 = (uint64_t)(x205 >> 31); uint32_t x207 = (uint32_t)(x205 & UINT32_C(0x7fffffff)); fiat_p521_uint128 x208 = (x206 + x203); uint64_t x209 = (uint64_t)(x208 >> 30); uint32_t x210 = (uint32_t)(x208 & UINT32_C(0x3fffffff)); fiat_p521_uint128 x211 = (x209 + x202); uint64_t x212 = (uint64_t)(x211 >> 31); uint32_t x213 = (uint32_t)(x211 & UINT32_C(0x7fffffff)); fiat_p521_uint128 x214 = (x212 + x201); uint64_t x215 = (uint64_t)(x214 >> 31); uint32_t x216 = (uint32_t)(x214 & UINT32_C(0x7fffffff)); fiat_p521_uint128 x217 = (x215 + x200); uint64_t x218 = (uint64_t)(x217 >> 30); uint32_t x219 = (uint32_t)(x217 & UINT32_C(0x3fffffff)); fiat_p521_uint128 x220 = (x218 + x199); uint64_t x221 = (uint64_t)(x220 >> 31); uint32_t x222 = (uint32_t)(x220 & UINT32_C(0x7fffffff)); fiat_p521_uint128 x223 = (x221 + x198); uint64_t x224 = (uint64_t)(x223 >> 31); uint32_t x225 = (uint32_t)(x223 & UINT32_C(0x7fffffff)); fiat_p521_uint128 x226 = (x224 + x197); uint64_t x227 = (uint64_t)(x226 >> 30); uint32_t x228 = (uint32_t)(x226 & UINT32_C(0x3fffffff)); fiat_p521_uint128 x229 = (x227 + x196); uint64_t x230 = (uint64_t)(x229 >> 31); uint32_t x231 = (uint32_t)(x229 & UINT32_C(0x7fffffff)); fiat_p521_uint128 x232 = (x230 + x195); uint64_t x233 = (uint64_t)(x232 >> 31); uint32_t x234 = (uint32_t)(x232 & UINT32_C(0x7fffffff)); fiat_p521_uint128 x235 = (x233 + x194); uint64_t x236 = (uint64_t)(x235 >> 30); uint32_t x237 = (uint32_t)(x235 & UINT32_C(0x3fffffff)); fiat_p521_uint128 x238 = (x236 + x193); uint64_t x239 = (uint64_t)(x238 >> 31); uint32_t x240 = (uint32_t)(x238 & UINT32_C(0x7fffffff)); fiat_p521_uint128 x241 = (x239 + x192); uint64_t x242 = (uint64_t)(x241 >> 31); uint32_t x243 = (uint32_t)(x241 & UINT32_C(0x7fffffff)); fiat_p521_uint128 x244 = (x242 + x191); uint64_t x245 = (uint64_t)(x244 >> 30); uint32_t x246 = (uint32_t)(x244 & UINT32_C(0x3fffffff)); fiat_p521_uint128 x247 = (x245 + x190); uint64_t x248 = (uint64_t)(x247 >> 31); uint32_t x249 = (uint32_t)(x247 & UINT32_C(0x7fffffff)); fiat_p521_uint128 x250 = (x248 + x189); uint64_t x251 = (uint64_t)(x250 >> 30); uint32_t x252 = (uint32_t)(x250 & UINT32_C(0x3fffffff)); uint64_t x253 = (x188 + x251); uint32_t x254 = (uint32_t)(x253 >> 31); uint32_t x255 = (uint32_t)(x253 & UINT32_C(0x7fffffff)); uint32_t x256 = (x254 + x207); uint32_t x257 = (x256 >> 31); uint32_t x258 = (x256 & UINT32_C(0x7fffffff)); uint32_t x259 = (x257 + x210); out1[0] = x255; out1[1] = x258; out1[2] = x259; out1[3] = x213; out1[4] = x216; out1[5] = x219; out1[6] = x222; out1[7] = x225; out1[8] = x228; out1[9] = x231; out1[10] = x234; out1[11] = x237; out1[12] = x240; out1[13] = x243; out1[14] = x246; out1[15] = x249; out1[16] = x252; } /* * The function fiat_p521_carry reduces a field element. * Postconditions: * eval out1 mod m = eval arg1 mod m * * Input Bounds: * arg1: [[0x0 ~> 0x1a6666664], [0x0 ~> 0x1a6666664], [0x0 ~> 0xd3333332], [0x0 ~> 0x1a6666664], [0x0 ~> 0x1a6666664], [0x0 ~> 0xd3333332], [0x0 ~> 0x1a6666664], [0x0 ~> 0x1a6666664], [0x0 ~> 0xd3333332], [0x0 ~> 0x1a6666664], [0x0 ~> 0x1a6666664], [0x0 ~> 0xd3333332], [0x0 ~> 0x1a6666664], [0x0 ~> 0x1a6666664], [0x0 ~> 0xd3333332], [0x0 ~> 0x1a6666664], [0x0 ~> 0xd3333332]] * Output Bounds: * out1: [[0x0 ~> 0x8ccccccc], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x46666666], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x46666666], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x46666666], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x46666666], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x46666666], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x46666666]] */ static void fiat_p521_carry(uint32_t out1[17], const uint64_t arg1[17]) { uint64_t x1 = (arg1[0]); uint64_t x2 = ((uint32_t)(x1 >> 31) + (arg1[1])); uint32_t x3 = ((uint32_t)(x2 >> 31) + (uint32_t)(arg1[2])); uint64_t x4 = ((x3 >> 30) + (arg1[3])); uint64_t x5 = ((uint32_t)(x4 >> 31) + (arg1[4])); uint32_t x6 = ((uint32_t)(x5 >> 31) + (uint32_t)(arg1[5])); uint64_t x7 = ((x6 >> 30) + (arg1[6])); uint64_t x8 = ((uint32_t)(x7 >> 31) + (arg1[7])); uint32_t x9 = ((uint32_t)(x8 >> 31) + (uint32_t)(arg1[8])); uint64_t x10 = ((x9 >> 30) + (arg1[9])); uint64_t x11 = ((uint32_t)(x10 >> 31) + (arg1[10])); uint32_t x12 = ((uint32_t)(x11 >> 31) + (uint32_t)(arg1[11])); uint64_t x13 = ((x12 >> 30) + (arg1[12])); uint64_t x14 = ((uint32_t)(x13 >> 31) + (arg1[13])); uint32_t x15 = ((uint32_t)(x14 >> 31) + (uint32_t)(arg1[14])); uint64_t x16 = ((x15 >> 30) + (arg1[15])); uint32_t x17 = ((uint32_t)(x16 >> 31) + (uint32_t)(arg1[16])); uint32_t x18 = ((uint32_t)(x1 & UINT32_C(0x7fffffff)) + (x17 >> 30)); uint32_t x19 = ((x18 >> 31) + (uint32_t)(x2 & UINT32_C(0x7fffffff))); uint32_t x20 = (x18 & UINT32_C(0x7fffffff)); uint32_t x21 = (x19 & UINT32_C(0x7fffffff)); uint32_t x22 = ((x19 >> 31) + (x3 & UINT32_C(0x3fffffff))); uint32_t x23 = (uint32_t)(x4 & UINT32_C(0x7fffffff)); uint32_t x24 = (uint32_t)(x5 & UINT32_C(0x7fffffff)); uint32_t x25 = (x6 & UINT32_C(0x3fffffff)); uint32_t x26 = (uint32_t)(x7 & UINT32_C(0x7fffffff)); uint32_t x27 = (uint32_t)(x8 & UINT32_C(0x7fffffff)); uint32_t x28 = (x9 & UINT32_C(0x3fffffff)); uint32_t x29 = (uint32_t)(x10 & UINT32_C(0x7fffffff)); uint32_t x30 = (uint32_t)(x11 & UINT32_C(0x7fffffff)); uint32_t x31 = (x12 & UINT32_C(0x3fffffff)); uint32_t x32 = (uint32_t)(x13 & UINT32_C(0x7fffffff)); uint32_t x33 = (uint32_t)(x14 & UINT32_C(0x7fffffff)); uint32_t x34 = (x15 & UINT32_C(0x3fffffff)); uint32_t x35 = (uint32_t)(x16 & UINT32_C(0x7fffffff)); uint32_t x36 = (x17 & UINT32_C(0x3fffffff)); out1[0] = x20; out1[1] = x21; out1[2] = x22; out1[3] = x23; out1[4] = x24; out1[5] = x25; out1[6] = x26; out1[7] = x27; out1[8] = x28; out1[9] = x29; out1[10] = x30; out1[11] = x31; out1[12] = x32; out1[13] = x33; out1[14] = x34; out1[15] = x35; out1[16] = x36; } /* * The function fiat_p521_add adds two field elements. * Postconditions: * eval out1 mod m = (eval arg1 + eval arg2) mod m * * Input Bounds: * arg1: [[0x0 ~> 0x8ccccccc], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x46666666], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x46666666], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x46666666], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x46666666], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x46666666], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x46666666]] * arg2: [[0x0 ~> 0x8ccccccc], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x46666666], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x46666666], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x46666666], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x46666666], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x46666666], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x46666666]] * Output Bounds: * out1: [[0x0 ~> 0x1a6666664], [0x0 ~> 0x1a6666664], [0x0 ~> 0xd3333332], [0x0 ~> 0x1a6666664], [0x0 ~> 0x1a6666664], [0x0 ~> 0xd3333332], [0x0 ~> 0x1a6666664], [0x0 ~> 0x1a6666664], [0x0 ~> 0xd3333332], [0x0 ~> 0x1a6666664], [0x0 ~> 0x1a6666664], [0x0 ~> 0xd3333332], [0x0 ~> 0x1a6666664], [0x0 ~> 0x1a6666664], [0x0 ~> 0xd3333332], [0x0 ~> 0x1a6666664], [0x0 ~> 0xd3333332]] */ static void fiat_p521_add(uint64_t out1[17], const uint32_t arg1[17], const uint32_t arg2[17]) { uint64_t x1 = ((uint64_t)(arg1[0]) + (arg2[0])); uint64_t x2 = ((uint64_t)(arg1[1]) + (arg2[1])); uint32_t x3 = ((arg1[2]) + (arg2[2])); uint64_t x4 = ((uint64_t)(arg1[3]) + (arg2[3])); uint64_t x5 = ((uint64_t)(arg1[4]) + (arg2[4])); uint32_t x6 = ((arg1[5]) + (arg2[5])); uint64_t x7 = ((uint64_t)(arg1[6]) + (arg2[6])); uint64_t x8 = ((uint64_t)(arg1[7]) + (arg2[7])); uint32_t x9 = ((arg1[8]) + (arg2[8])); uint64_t x10 = ((uint64_t)(arg1[9]) + (arg2[9])); uint64_t x11 = ((uint64_t)(arg1[10]) + (arg2[10])); uint32_t x12 = ((arg1[11]) + (arg2[11])); uint64_t x13 = ((uint64_t)(arg1[12]) + (arg2[12])); uint64_t x14 = ((uint64_t)(arg1[13]) + (arg2[13])); uint32_t x15 = ((arg1[14]) + (arg2[14])); uint64_t x16 = ((uint64_t)(arg1[15]) + (arg2[15])); uint32_t x17 = ((arg1[16]) + (arg2[16])); out1[0] = x1; out1[1] = x2; out1[2] = x3; out1[3] = x4; out1[4] = x5; out1[5] = x6; out1[6] = x7; out1[7] = x8; out1[8] = x9; out1[9] = x10; out1[10] = x11; out1[11] = x12; out1[12] = x13; out1[13] = x14; out1[14] = x15; out1[15] = x16; out1[16] = x17; } /* * The function fiat_p521_sub subtracts two field elements. * Postconditions: * eval out1 mod m = (eval arg1 - eval arg2) mod m * * Input Bounds: * arg1: [[0x0 ~> 0x8ccccccc], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x46666666], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x46666666], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x46666666], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x46666666], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x46666666], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x46666666]] * arg2: [[0x0 ~> 0x8ccccccc], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x46666666], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x46666666], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x46666666], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x46666666], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x46666666], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x46666666]] * Output Bounds: * out1: [[0x0 ~> 0x1a6666664], [0x0 ~> 0x1a6666664], [0x0 ~> 0xd3333332], [0x0 ~> 0x1a6666664], [0x0 ~> 0x1a6666664], [0x0 ~> 0xd3333332], [0x0 ~> 0x1a6666664], [0x0 ~> 0x1a6666664], [0x0 ~> 0xd3333332], [0x0 ~> 0x1a6666664], [0x0 ~> 0x1a6666664], [0x0 ~> 0xd3333332], [0x0 ~> 0x1a6666664], [0x0 ~> 0x1a6666664], [0x0 ~> 0xd3333332], [0x0 ~> 0x1a6666664], [0x0 ~> 0xd3333332]] */ static void fiat_p521_sub(uint64_t out1[17], const uint32_t arg1[17], const uint32_t arg2[17]) { uint64_t x1 = (((uint64_t)UINT32_C(0xfffffffe) + (arg1[0])) - (arg2[0])); uint64_t x2 = (((uint64_t)UINT32_C(0xfffffffe) + (arg1[1])) - (arg2[1])); uint32_t x3 = ((UINT32_C(0x7ffffffe) + (arg1[2])) - (arg2[2])); uint64_t x4 = (((uint64_t)UINT32_C(0xfffffffe) + (arg1[3])) - (arg2[3])); uint64_t x5 = (((uint64_t)UINT32_C(0xfffffffe) + (arg1[4])) - (arg2[4])); uint32_t x6 = ((UINT32_C(0x7ffffffe) + (arg1[5])) - (arg2[5])); uint64_t x7 = (((uint64_t)UINT32_C(0xfffffffe) + (arg1[6])) - (arg2[6])); uint64_t x8 = (((uint64_t)UINT32_C(0xfffffffe) + (arg1[7])) - (arg2[7])); uint32_t x9 = ((UINT32_C(0x7ffffffe) + (arg1[8])) - (arg2[8])); uint64_t x10 = (((uint64_t)UINT32_C(0xfffffffe) + (arg1[9])) - (arg2[9])); uint64_t x11 = (((uint64_t)UINT32_C(0xfffffffe) + (arg1[10])) - (arg2[10])); uint32_t x12 = ((UINT32_C(0x7ffffffe) + (arg1[11])) - (arg2[11])); uint64_t x13 = (((uint64_t)UINT32_C(0xfffffffe) + (arg1[12])) - (arg2[12])); uint64_t x14 = (((uint64_t)UINT32_C(0xfffffffe) + (arg1[13])) - (arg2[13])); uint32_t x15 = ((UINT32_C(0x7ffffffe) + (arg1[14])) - (arg2[14])); uint64_t x16 = (((uint64_t)UINT32_C(0xfffffffe) + (arg1[15])) - (arg2[15])); uint32_t x17 = ((UINT32_C(0x7ffffffe) + (arg1[16])) - (arg2[16])); out1[0] = x1; out1[1] = x2; out1[2] = x3; out1[3] = x4; out1[4] = x5; out1[5] = x6; out1[6] = x7; out1[7] = x8; out1[8] = x9; out1[9] = x10; out1[10] = x11; out1[11] = x12; out1[12] = x13; out1[13] = x14; out1[14] = x15; out1[15] = x16; out1[16] = x17; } /* * The function fiat_p521_opp negates a field element. * Postconditions: * eval out1 mod m = -eval arg1 mod m * * Input Bounds: * arg1: [[0x0 ~> 0x8ccccccc], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x46666666], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x46666666], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x46666666], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x46666666], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x46666666], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x46666666]] * Output Bounds: * out1: [[0x0 ~> 0x1a6666664], [0x0 ~> 0x1a6666664], [0x0 ~> 0xd3333332], [0x0 ~> 0x1a6666664], [0x0 ~> 0x1a6666664], [0x0 ~> 0xd3333332], [0x0 ~> 0x1a6666664], [0x0 ~> 0x1a6666664], [0x0 ~> 0xd3333332], [0x0 ~> 0x1a6666664], [0x0 ~> 0x1a6666664], [0x0 ~> 0xd3333332], [0x0 ~> 0x1a6666664], [0x0 ~> 0x1a6666664], [0x0 ~> 0xd3333332], [0x0 ~> 0x1a6666664], [0x0 ~> 0xd3333332]] */ static void fiat_p521_opp(uint32_t out1[17], const uint32_t arg1[17]) { uint32_t x1 = (UINT32_C(0xfffffffe) - (arg1[0])); uint32_t x2 = (UINT32_C(0xfffffffe) - (arg1[1])); uint32_t x3 = (UINT32_C(0x7ffffffe) - (arg1[2])); uint32_t x4 = (UINT32_C(0xfffffffe) - (arg1[3])); uint32_t x5 = (UINT32_C(0xfffffffe) - (arg1[4])); uint32_t x6 = (UINT32_C(0x7ffffffe) - (arg1[5])); uint32_t x7 = (UINT32_C(0xfffffffe) - (arg1[6])); uint32_t x8 = (UINT32_C(0xfffffffe) - (arg1[7])); uint32_t x9 = (UINT32_C(0x7ffffffe) - (arg1[8])); uint32_t x10 = (UINT32_C(0xfffffffe) - (arg1[9])); uint32_t x11 = (UINT32_C(0xfffffffe) - (arg1[10])); uint32_t x12 = (UINT32_C(0x7ffffffe) - (arg1[11])); uint32_t x13 = (UINT32_C(0xfffffffe) - (arg1[12])); uint32_t x14 = (UINT32_C(0xfffffffe) - (arg1[13])); uint32_t x15 = (UINT32_C(0x7ffffffe) - (arg1[14])); uint32_t x16 = (UINT32_C(0xfffffffe) - (arg1[15])); uint32_t x17 = (UINT32_C(0x7ffffffe) - (arg1[16])); out1[0] = x1; out1[1] = x2; out1[2] = x3; out1[3] = x4; out1[4] = x5; out1[5] = x6; out1[6] = x7; out1[7] = x8; out1[8] = x9; out1[9] = x10; out1[10] = x11; out1[11] = x12; out1[12] = x13; out1[13] = x14; out1[14] = x15; out1[15] = x16; out1[16] = x17; } /* * The function fiat_p521_selectznz is a multi-limb conditional select. * Postconditions: * eval out1 = (if arg1 = 0 then eval arg2 else eval arg3) * * Input Bounds: * arg1: [0x0 ~> 0x1] * arg2: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] * arg3: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] * Output Bounds: * out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] */ static void fiat_p521_selectznz(uint32_t out1[17], fiat_p521_uint1 arg1, const uint32_t arg2[17], const uint32_t arg3[17]) { uint32_t x1; fiat_p521_cmovznz_u32(&x1, arg1, (arg2[0]), (arg3[0])); uint32_t x2; fiat_p521_cmovznz_u32(&x2, arg1, (arg2[1]), (arg3[1])); uint32_t x3; fiat_p521_cmovznz_u32(&x3, arg1, (arg2[2]), (arg3[2])); uint32_t x4; fiat_p521_cmovznz_u32(&x4, arg1, (arg2[3]), (arg3[3])); uint32_t x5; fiat_p521_cmovznz_u32(&x5, arg1, (arg2[4]), (arg3[4])); uint32_t x6; fiat_p521_cmovznz_u32(&x6, arg1, (arg2[5]), (arg3[5])); uint32_t x7; fiat_p521_cmovznz_u32(&x7, arg1, (arg2[6]), (arg3[6])); uint32_t x8; fiat_p521_cmovznz_u32(&x8, arg1, (arg2[7]), (arg3[7])); uint32_t x9; fiat_p521_cmovznz_u32(&x9, arg1, (arg2[8]), (arg3[8])); uint32_t x10; fiat_p521_cmovznz_u32(&x10, arg1, (arg2[9]), (arg3[9])); uint32_t x11; fiat_p521_cmovznz_u32(&x11, arg1, (arg2[10]), (arg3[10])); uint32_t x12; fiat_p521_cmovznz_u32(&x12, arg1, (arg2[11]), (arg3[11])); uint32_t x13; fiat_p521_cmovznz_u32(&x13, arg1, (arg2[12]), (arg3[12])); uint32_t x14; fiat_p521_cmovznz_u32(&x14, arg1, (arg2[13]), (arg3[13])); uint32_t x15; fiat_p521_cmovznz_u32(&x15, arg1, (arg2[14]), (arg3[14])); uint32_t x16; fiat_p521_cmovznz_u32(&x16, arg1, (arg2[15]), (arg3[15])); uint32_t x17; fiat_p521_cmovznz_u32(&x17, arg1, (arg2[16]), (arg3[16])); out1[0] = x1; out1[1] = x2; out1[2] = x3; out1[3] = x4; out1[4] = x5; out1[5] = x6; out1[6] = x7; out1[7] = x8; out1[8] = x9; out1[9] = x10; out1[10] = x11; out1[11] = x12; out1[12] = x13; out1[13] = x14; out1[14] = x15; out1[15] = x16; out1[16] = x17; } /* * The function fiat_p521_to_bytes serializes a field element to bytes in little-endian order. * Postconditions: * out1 = map (λ x, ⌊((eval arg1 mod m) mod 2^(8 * (x + 1))) / 2^(8 * x)⌋) [0..65] * * Input Bounds: * arg1: [[0x0 ~> 0x8ccccccc], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x46666666], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x46666666], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x46666666], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x46666666], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x46666666], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x46666666]] * Output Bounds: * out1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0x1]] */ static void fiat_p521_to_bytes(uint8_t out1[66], const uint32_t arg1[17]) { uint32_t x1; fiat_p521_uint1 x2; fiat_p521_subborrowx_u31(&x1, &x2, 0x0, (arg1[0]), UINT32_C(0x7fffffff)); uint32_t x3; fiat_p521_uint1 x4; fiat_p521_subborrowx_u31(&x3, &x4, x2, (arg1[1]), UINT32_C(0x7fffffff)); uint32_t x5; fiat_p521_uint1 x6; fiat_p521_subborrowx_u30(&x5, &x6, x4, (arg1[2]), UINT32_C(0x3fffffff)); uint32_t x7; fiat_p521_uint1 x8; fiat_p521_subborrowx_u31(&x7, &x8, x6, (arg1[3]), UINT32_C(0x7fffffff)); uint32_t x9; fiat_p521_uint1 x10; fiat_p521_subborrowx_u31(&x9, &x10, x8, (arg1[4]), UINT32_C(0x7fffffff)); uint32_t x11; fiat_p521_uint1 x12; fiat_p521_subborrowx_u30(&x11, &x12, x10, (arg1[5]), UINT32_C(0x3fffffff)); uint32_t x13; fiat_p521_uint1 x14; fiat_p521_subborrowx_u31(&x13, &x14, x12, (arg1[6]), UINT32_C(0x7fffffff)); uint32_t x15; fiat_p521_uint1 x16; fiat_p521_subborrowx_u31(&x15, &x16, x14, (arg1[7]), UINT32_C(0x7fffffff)); uint32_t x17; fiat_p521_uint1 x18; fiat_p521_subborrowx_u30(&x17, &x18, x16, (arg1[8]), UINT32_C(0x3fffffff)); uint32_t x19; fiat_p521_uint1 x20; fiat_p521_subborrowx_u31(&x19, &x20, x18, (arg1[9]), UINT32_C(0x7fffffff)); uint32_t x21; fiat_p521_uint1 x22; fiat_p521_subborrowx_u31(&x21, &x22, x20, (arg1[10]), UINT32_C(0x7fffffff)); uint32_t x23; fiat_p521_uint1 x24; fiat_p521_subborrowx_u30(&x23, &x24, x22, (arg1[11]), UINT32_C(0x3fffffff)); uint32_t x25; fiat_p521_uint1 x26; fiat_p521_subborrowx_u31(&x25, &x26, x24, (arg1[12]), UINT32_C(0x7fffffff)); uint32_t x27; fiat_p521_uint1 x28; fiat_p521_subborrowx_u31(&x27, &x28, x26, (arg1[13]), UINT32_C(0x7fffffff)); uint32_t x29; fiat_p521_uint1 x30; fiat_p521_subborrowx_u30(&x29, &x30, x28, (arg1[14]), UINT32_C(0x3fffffff)); uint32_t x31; fiat_p521_uint1 x32; fiat_p521_subborrowx_u31(&x31, &x32, x30, (arg1[15]), UINT32_C(0x7fffffff)); uint32_t x33; fiat_p521_uint1 x34; fiat_p521_subborrowx_u30(&x33, &x34, x32, (arg1[16]), UINT32_C(0x3fffffff)); uint32_t x35; fiat_p521_cmovznz_u32(&x35, x34, 0x0, UINT32_C(0xffffffff)); uint32_t x36; fiat_p521_uint1 x37; fiat_p521_addcarryx_u31(&x36, &x37, 0x0, x1, (x35 & UINT32_C(0x7fffffff))); uint32_t x38; fiat_p521_uint1 x39; fiat_p521_addcarryx_u31(&x38, &x39, x37, x3, (x35 & UINT32_C(0x7fffffff))); uint32_t x40; fiat_p521_uint1 x41; fiat_p521_addcarryx_u30(&x40, &x41, x39, x5, (x35 & UINT32_C(0x3fffffff))); uint32_t x42; fiat_p521_uint1 x43; fiat_p521_addcarryx_u31(&x42, &x43, x41, x7, (x35 & UINT32_C(0x7fffffff))); uint32_t x44; fiat_p521_uint1 x45; fiat_p521_addcarryx_u31(&x44, &x45, x43, x9, (x35 & UINT32_C(0x7fffffff))); uint32_t x46; fiat_p521_uint1 x47; fiat_p521_addcarryx_u30(&x46, &x47, x45, x11, (x35 & UINT32_C(0x3fffffff))); uint32_t x48; fiat_p521_uint1 x49; fiat_p521_addcarryx_u31(&x48, &x49, x47, x13, (x35 & UINT32_C(0x7fffffff))); uint32_t x50; fiat_p521_uint1 x51; fiat_p521_addcarryx_u31(&x50, &x51, x49, x15, (x35 & UINT32_C(0x7fffffff))); uint32_t x52; fiat_p521_uint1 x53; fiat_p521_addcarryx_u30(&x52, &x53, x51, x17, (x35 & UINT32_C(0x3fffffff))); uint32_t x54; fiat_p521_uint1 x55; fiat_p521_addcarryx_u31(&x54, &x55, x53, x19, (x35 & UINT32_C(0x7fffffff))); uint32_t x56; fiat_p521_uint1 x57; fiat_p521_addcarryx_u31(&x56, &x57, x55, x21, (x35 & UINT32_C(0x7fffffff))); uint32_t x58; fiat_p521_uint1 x59; fiat_p521_addcarryx_u30(&x58, &x59, x57, x23, (x35 & UINT32_C(0x3fffffff))); uint32_t x60; fiat_p521_uint1 x61; fiat_p521_addcarryx_u31(&x60, &x61, x59, x25, (x35 & UINT32_C(0x7fffffff))); uint32_t x62; fiat_p521_uint1 x63; fiat_p521_addcarryx_u31(&x62, &x63, x61, x27, (x35 & UINT32_C(0x7fffffff))); uint32_t x64; fiat_p521_uint1 x65; fiat_p521_addcarryx_u30(&x64, &x65, x63, x29, (x35 & UINT32_C(0x3fffffff))); uint32_t x66; fiat_p521_uint1 x67; fiat_p521_addcarryx_u31(&x66, &x67, x65, x31, (x35 & UINT32_C(0x7fffffff))); uint32_t x68; fiat_p521_uint1 x69; fiat_p521_addcarryx_u30(&x68, &x69, x67, x33, (x35 & UINT32_C(0x3fffffff))); uint64_t x70 = ((uint64_t)x68 << 3); uint64_t x71 = ((uint64_t)x66 << 4); uint64_t x72 = ((uint64_t)x64 << 6); uint64_t x73 = ((uint64_t)x62 << 7); uint32_t x74 = (x58 << 2); uint64_t x75 = ((uint64_t)x56 << 3); uint64_t x76 = ((uint64_t)x54 << 4); uint64_t x77 = ((uint64_t)x52 << 6); uint64_t x78 = ((uint64_t)x50 << 7); uint32_t x79 = (x46 << 2); uint64_t x80 = ((uint64_t)x44 << 3); uint64_t x81 = ((uint64_t)x42 << 4); uint64_t x82 = ((uint64_t)x40 << 6); uint64_t x83 = ((uint64_t)x38 << 7); uint32_t x84 = (x36 >> 8); uint8_t x85 = (uint8_t)(x36 & UINT8_C(0xff)); uint32_t x86 = (x84 >> 8); uint8_t x87 = (uint8_t)(x84 & UINT8_C(0xff)); uint8_t x88 = (uint8_t)(x86 >> 8); uint8_t x89 = (uint8_t)(x86 & UINT8_C(0xff)); uint64_t x90 = (x88 + x83); uint32_t x91 = (uint32_t)(x90 >> 8); uint8_t x92 = (uint8_t)(x90 & UINT8_C(0xff)); uint32_t x93 = (x91 >> 8); uint8_t x94 = (uint8_t)(x91 & UINT8_C(0xff)); uint32_t x95 = (x93 >> 8); uint8_t x96 = (uint8_t)(x93 & UINT8_C(0xff)); uint8_t x97 = (uint8_t)(x95 >> 8); uint8_t x98 = (uint8_t)(x95 & UINT8_C(0xff)); uint64_t x99 = (x97 + x82); uint32_t x100 = (uint32_t)(x99 >> 8); uint8_t x101 = (uint8_t)(x99 & UINT8_C(0xff)); uint32_t x102 = (x100 >> 8); uint8_t x103 = (uint8_t)(x100 & UINT8_C(0xff)); uint32_t x104 = (x102 >> 8); uint8_t x105 = (uint8_t)(x102 & UINT8_C(0xff)); uint8_t x106 = (uint8_t)(x104 >> 8); uint8_t x107 = (uint8_t)(x104 & UINT8_C(0xff)); uint64_t x108 = (x106 + x81); uint32_t x109 = (uint32_t)(x108 >> 8); uint8_t x110 = (uint8_t)(x108 & UINT8_C(0xff)); uint32_t x111 = (x109 >> 8); uint8_t x112 = (uint8_t)(x109 & UINT8_C(0xff)); uint32_t x113 = (x111 >> 8); uint8_t x114 = (uint8_t)(x111 & UINT8_C(0xff)); uint8_t x115 = (uint8_t)(x113 >> 8); uint8_t x116 = (uint8_t)(x113 & UINT8_C(0xff)); uint64_t x117 = (x115 + x80); uint32_t x118 = (uint32_t)(x117 >> 8); uint8_t x119 = (uint8_t)(x117 & UINT8_C(0xff)); uint32_t x120 = (x118 >> 8); uint8_t x121 = (uint8_t)(x118 & UINT8_C(0xff)); uint32_t x122 = (x120 >> 8); uint8_t x123 = (uint8_t)(x120 & UINT8_C(0xff)); uint8_t x124 = (uint8_t)(x122 >> 8); uint8_t x125 = (uint8_t)(x122 & UINT8_C(0xff)); uint32_t x126 = (x124 + x79); uint32_t x127 = (x126 >> 8); uint8_t x128 = (uint8_t)(x126 & UINT8_C(0xff)); uint32_t x129 = (x127 >> 8); uint8_t x130 = (uint8_t)(x127 & UINT8_C(0xff)); uint8_t x131 = (uint8_t)(x129 >> 8); uint8_t x132 = (uint8_t)(x129 & UINT8_C(0xff)); uint8_t x133 = (uint8_t)(x131 & UINT8_C(0xff)); uint32_t x134 = (x48 >> 8); uint8_t x135 = (uint8_t)(x48 & UINT8_C(0xff)); uint32_t x136 = (x134 >> 8); uint8_t x137 = (uint8_t)(x134 & UINT8_C(0xff)); uint8_t x138 = (uint8_t)(x136 >> 8); uint8_t x139 = (uint8_t)(x136 & UINT8_C(0xff)); uint64_t x140 = (x138 + x78); uint32_t x141 = (uint32_t)(x140 >> 8); uint8_t x142 = (uint8_t)(x140 & UINT8_C(0xff)); uint32_t x143 = (x141 >> 8); uint8_t x144 = (uint8_t)(x141 & UINT8_C(0xff)); uint32_t x145 = (x143 >> 8); uint8_t x146 = (uint8_t)(x143 & UINT8_C(0xff)); uint8_t x147 = (uint8_t)(x145 >> 8); uint8_t x148 = (uint8_t)(x145 & UINT8_C(0xff)); uint64_t x149 = (x147 + x77); uint32_t x150 = (uint32_t)(x149 >> 8); uint8_t x151 = (uint8_t)(x149 & UINT8_C(0xff)); uint32_t x152 = (x150 >> 8); uint8_t x153 = (uint8_t)(x150 & UINT8_C(0xff)); uint32_t x154 = (x152 >> 8); uint8_t x155 = (uint8_t)(x152 & UINT8_C(0xff)); uint8_t x156 = (uint8_t)(x154 >> 8); uint8_t x157 = (uint8_t)(x154 & UINT8_C(0xff)); uint64_t x158 = (x156 + x76); uint32_t x159 = (uint32_t)(x158 >> 8); uint8_t x160 = (uint8_t)(x158 & UINT8_C(0xff)); uint32_t x161 = (x159 >> 8); uint8_t x162 = (uint8_t)(x159 & UINT8_C(0xff)); uint32_t x163 = (x161 >> 8); uint8_t x164 = (uint8_t)(x161 & UINT8_C(0xff)); uint8_t x165 = (uint8_t)(x163 >> 8); uint8_t x166 = (uint8_t)(x163 & UINT8_C(0xff)); uint64_t x167 = (x165 + x75); uint32_t x168 = (uint32_t)(x167 >> 8); uint8_t x169 = (uint8_t)(x167 & UINT8_C(0xff)); uint32_t x170 = (x168 >> 8); uint8_t x171 = (uint8_t)(x168 & UINT8_C(0xff)); uint32_t x172 = (x170 >> 8); uint8_t x173 = (uint8_t)(x170 & UINT8_C(0xff)); uint8_t x174 = (uint8_t)(x172 >> 8); uint8_t x175 = (uint8_t)(x172 & UINT8_C(0xff)); uint32_t x176 = (x174 + x74); uint32_t x177 = (x176 >> 8); uint8_t x178 = (uint8_t)(x176 & UINT8_C(0xff)); uint32_t x179 = (x177 >> 8); uint8_t x180 = (uint8_t)(x177 & UINT8_C(0xff)); uint8_t x181 = (uint8_t)(x179 >> 8); uint8_t x182 = (uint8_t)(x179 & UINT8_C(0xff)); uint8_t x183 = (uint8_t)(x181 & UINT8_C(0xff)); uint32_t x184 = (x60 >> 8); uint8_t x185 = (uint8_t)(x60 & UINT8_C(0xff)); uint32_t x186 = (x184 >> 8); uint8_t x187 = (uint8_t)(x184 & UINT8_C(0xff)); uint8_t x188 = (uint8_t)(x186 >> 8); uint8_t x189 = (uint8_t)(x186 & UINT8_C(0xff)); uint64_t x190 = (x188 + x73); uint32_t x191 = (uint32_t)(x190 >> 8); uint8_t x192 = (uint8_t)(x190 & UINT8_C(0xff)); uint32_t x193 = (x191 >> 8); uint8_t x194 = (uint8_t)(x191 & UINT8_C(0xff)); uint32_t x195 = (x193 >> 8); uint8_t x196 = (uint8_t)(x193 & UINT8_C(0xff)); uint8_t x197 = (uint8_t)(x195 >> 8); uint8_t x198 = (uint8_t)(x195 & UINT8_C(0xff)); uint64_t x199 = (x197 + x72); uint32_t x200 = (uint32_t)(x199 >> 8); uint8_t x201 = (uint8_t)(x199 & UINT8_C(0xff)); uint32_t x202 = (x200 >> 8); uint8_t x203 = (uint8_t)(x200 & UINT8_C(0xff)); uint32_t x204 = (x202 >> 8); uint8_t x205 = (uint8_t)(x202 & UINT8_C(0xff)); uint8_t x206 = (uint8_t)(x204 >> 8); uint8_t x207 = (uint8_t)(x204 & UINT8_C(0xff)); uint64_t x208 = (x206 + x71); uint32_t x209 = (uint32_t)(x208 >> 8); uint8_t x210 = (uint8_t)(x208 & UINT8_C(0xff)); uint32_t x211 = (x209 >> 8); uint8_t x212 = (uint8_t)(x209 & UINT8_C(0xff)); uint32_t x213 = (x211 >> 8); uint8_t x214 = (uint8_t)(x211 & UINT8_C(0xff)); uint8_t x215 = (uint8_t)(x213 >> 8); uint8_t x216 = (uint8_t)(x213 & UINT8_C(0xff)); uint64_t x217 = (x215 + x70); uint32_t x218 = (uint32_t)(x217 >> 8); uint8_t x219 = (uint8_t)(x217 & UINT8_C(0xff)); uint32_t x220 = (x218 >> 8); uint8_t x221 = (uint8_t)(x218 & UINT8_C(0xff)); uint32_t x222 = (x220 >> 8); uint8_t x223 = (uint8_t)(x220 & UINT8_C(0xff)); fiat_p521_uint1 x224 = (fiat_p521_uint1)(x222 >> 8); uint8_t x225 = (uint8_t)(x222 & UINT8_C(0xff)); out1[0] = x85; out1[1] = x87; out1[2] = x89; out1[3] = x92; out1[4] = x94; out1[5] = x96; out1[6] = x98; out1[7] = x101; out1[8] = x103; out1[9] = x105; out1[10] = x107; out1[11] = x110; out1[12] = x112; out1[13] = x114; out1[14] = x116; out1[15] = x119; out1[16] = x121; out1[17] = x123; out1[18] = x125; out1[19] = x128; out1[20] = x130; out1[21] = x132; out1[22] = x133; out1[23] = x135; out1[24] = x137; out1[25] = x139; out1[26] = x142; out1[27] = x144; out1[28] = x146; out1[29] = x148; out1[30] = x151; out1[31] = x153; out1[32] = x155; out1[33] = x157; out1[34] = x160; out1[35] = x162; out1[36] = x164; out1[37] = x166; out1[38] = x169; out1[39] = x171; out1[40] = x173; out1[41] = x175; out1[42] = x178; out1[43] = x180; out1[44] = x182; out1[45] = x183; out1[46] = x185; out1[47] = x187; out1[48] = x189; out1[49] = x192; out1[50] = x194; out1[51] = x196; out1[52] = x198; out1[53] = x201; out1[54] = x203; out1[55] = x205; out1[56] = x207; out1[57] = x210; out1[58] = x212; out1[59] = x214; out1[60] = x216; out1[61] = x219; out1[62] = x221; out1[63] = x223; out1[64] = x225; out1[65] = x224; } /* * The function fiat_p521_from_bytes deserializes a field element from bytes in little-endian order. * Postconditions: * eval out1 mod m = bytes_eval arg1 mod m * * Input Bounds: * arg1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0x1]] * Output Bounds: * out1: [[0x0 ~> 0x8ccccccc], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x46666666], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x46666666], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x46666666], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x46666666], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x46666666], [0x0 ~> 0x8ccccccc], [0x0 ~> 0x46666666]] */ static void fiat_p521_from_bytes(uint32_t out1[17], const uint8_t arg1[66]) { uint32_t x1 = ((uint32_t)(fiat_p521_uint1)(arg1[65]) << 29); uint32_t x2 = ((uint32_t)(arg1[64]) << 21); uint32_t x3 = ((uint32_t)(arg1[63]) << 13); uint32_t x4 = ((uint32_t)(arg1[62]) << 5); uint64_t x5 = ((uint64_t)(arg1[61]) << 28); uint32_t x6 = ((uint32_t)(arg1[60]) << 20); uint32_t x7 = ((uint32_t)(arg1[59]) << 12); uint32_t x8 = ((uint32_t)(arg1[58]) << 4); uint64_t x9 = ((uint64_t)(arg1[57]) << 26); uint32_t x10 = ((uint32_t)(arg1[56]) << 18); uint32_t x11 = ((uint32_t)(arg1[55]) << 10); uint32_t x12 = ((uint32_t)(arg1[54]) << 2); uint64_t x13 = ((uint64_t)(arg1[53]) << 25); uint32_t x14 = ((uint32_t)(arg1[52]) << 17); uint32_t x15 = ((uint32_t)(arg1[51]) << 9); uint32_t x16 = ((uint32_t)(arg1[50]) * 0x2); uint32_t x17 = ((uint32_t)(arg1[49]) << 24); uint32_t x18 = ((uint32_t)(arg1[48]) << 16); uint32_t x19 = ((uint32_t)(arg1[47]) << 8); uint8_t x20 = (arg1[46]); uint32_t x21 = ((uint32_t)(arg1[45]) << 22); uint32_t x22 = ((uint32_t)(arg1[44]) << 14); uint32_t x23 = ((uint32_t)(arg1[43]) << 6); uint64_t x24 = ((uint64_t)(arg1[42]) << 29); uint32_t x25 = ((uint32_t)(arg1[41]) << 21); uint32_t x26 = ((uint32_t)(arg1[40]) << 13); uint32_t x27 = ((uint32_t)(arg1[39]) << 5); uint64_t x28 = ((uint64_t)(arg1[38]) << 28); uint32_t x29 = ((uint32_t)(arg1[37]) << 20); uint32_t x30 = ((uint32_t)(arg1[36]) << 12); uint32_t x31 = ((uint32_t)(arg1[35]) << 4); uint64_t x32 = ((uint64_t)(arg1[34]) << 26); uint32_t x33 = ((uint32_t)(arg1[33]) << 18); uint32_t x34 = ((uint32_t)(arg1[32]) << 10); uint32_t x35 = ((uint32_t)(arg1[31]) << 2); uint64_t x36 = ((uint64_t)(arg1[30]) << 25); uint32_t x37 = ((uint32_t)(arg1[29]) << 17); uint32_t x38 = ((uint32_t)(arg1[28]) << 9); uint32_t x39 = ((uint32_t)(arg1[27]) * 0x2); uint32_t x40 = ((uint32_t)(arg1[26]) << 24); uint32_t x41 = ((uint32_t)(arg1[25]) << 16); uint32_t x42 = ((uint32_t)(arg1[24]) << 8); uint8_t x43 = (arg1[23]); uint32_t x44 = ((uint32_t)(arg1[22]) << 22); uint32_t x45 = ((uint32_t)(arg1[21]) << 14); uint32_t x46 = ((uint32_t)(arg1[20]) << 6); uint64_t x47 = ((uint64_t)(arg1[19]) << 29); uint32_t x48 = ((uint32_t)(arg1[18]) << 21); uint32_t x49 = ((uint32_t)(arg1[17]) << 13); uint32_t x50 = ((uint32_t)(arg1[16]) << 5); uint64_t x51 = ((uint64_t)(arg1[15]) << 28); uint32_t x52 = ((uint32_t)(arg1[14]) << 20); uint32_t x53 = ((uint32_t)(arg1[13]) << 12); uint32_t x54 = ((uint32_t)(arg1[12]) << 4); uint64_t x55 = ((uint64_t)(arg1[11]) << 26); uint32_t x56 = ((uint32_t)(arg1[10]) << 18); uint32_t x57 = ((uint32_t)(arg1[9]) << 10); uint32_t x58 = ((uint32_t)(arg1[8]) << 2); uint64_t x59 = ((uint64_t)(arg1[7]) << 25); uint32_t x60 = ((uint32_t)(arg1[6]) << 17); uint32_t x61 = ((uint32_t)(arg1[5]) << 9); uint32_t x62 = ((uint32_t)(arg1[4]) * 0x2); uint32_t x63 = ((uint32_t)(arg1[3]) << 24); uint32_t x64 = ((uint32_t)(arg1[2]) << 16); uint32_t x65 = ((uint32_t)(arg1[1]) << 8); uint8_t x66 = (arg1[0]); uint32_t x67 = (x66 + (x65 + (x64 + x63))); fiat_p521_uint1 x68 = (fiat_p521_uint1)(x67 >> 31); uint32_t x69 = (x67 & UINT32_C(0x7fffffff)); uint32_t x70 = (x4 + (x3 + (x2 + x1))); uint64_t x71 = (x8 + (x7 + (x6 + x5))); uint64_t x72 = (x12 + (x11 + (x10 + x9))); uint64_t x73 = (x16 + (x15 + (x14 + x13))); uint32_t x74 = (x20 + (x19 + (x18 + x17))); uint32_t x75 = (x23 + (x22 + x21)); uint64_t x76 = (x27 + (x26 + (x25 + x24))); uint64_t x77 = (x31 + (x30 + (x29 + x28))); uint64_t x78 = (x35 + (x34 + (x33 + x32))); uint64_t x79 = (x39 + (x38 + (x37 + x36))); uint32_t x80 = (x43 + (x42 + (x41 + x40))); uint32_t x81 = (x46 + (x45 + x44)); uint64_t x82 = (x50 + (x49 + (x48 + x47))); uint64_t x83 = (x54 + (x53 + (x52 + x51))); uint64_t x84 = (x58 + (x57 + (x56 + x55))); uint64_t x85 = (x62 + (x61 + (x60 + x59))); uint64_t x86 = (x68 + x85); uint8_t x87 = (uint8_t)(x86 >> 31); uint32_t x88 = (uint32_t)(x86 & UINT32_C(0x7fffffff)); uint64_t x89 = (x87 + x84); uint8_t x90 = (uint8_t)(x89 >> 30); uint32_t x91 = (uint32_t)(x89 & UINT32_C(0x3fffffff)); uint64_t x92 = (x90 + x83); uint8_t x93 = (uint8_t)(x92 >> 31); uint32_t x94 = (uint32_t)(x92 & UINT32_C(0x7fffffff)); uint64_t x95 = (x93 + x82); uint8_t x96 = (uint8_t)(x95 >> 31); uint32_t x97 = (uint32_t)(x95 & UINT32_C(0x7fffffff)); uint32_t x98 = (x96 + x81); uint32_t x99 = (x98 & UINT32_C(0x3fffffff)); fiat_p521_uint1 x100 = (fiat_p521_uint1)(x80 >> 31); uint32_t x101 = (x80 & UINT32_C(0x7fffffff)); uint64_t x102 = (x100 + x79); uint8_t x103 = (uint8_t)(x102 >> 31); uint32_t x104 = (uint32_t)(x102 & UINT32_C(0x7fffffff)); uint64_t x105 = (x103 + x78); uint8_t x106 = (uint8_t)(x105 >> 30); uint32_t x107 = (uint32_t)(x105 & UINT32_C(0x3fffffff)); uint64_t x108 = (x106 + x77); uint8_t x109 = (uint8_t)(x108 >> 31); uint32_t x110 = (uint32_t)(x108 & UINT32_C(0x7fffffff)); uint64_t x111 = (x109 + x76); uint8_t x112 = (uint8_t)(x111 >> 31); uint32_t x113 = (uint32_t)(x111 & UINT32_C(0x7fffffff)); uint32_t x114 = (x112 + x75); uint32_t x115 = (x114 & UINT32_C(0x3fffffff)); fiat_p521_uint1 x116 = (fiat_p521_uint1)(x74 >> 31); uint32_t x117 = (x74 & UINT32_C(0x7fffffff)); uint64_t x118 = (x116 + x73); uint8_t x119 = (uint8_t)(x118 >> 31); uint32_t x120 = (uint32_t)(x118 & UINT32_C(0x7fffffff)); uint64_t x121 = (x119 + x72); uint8_t x122 = (uint8_t)(x121 >> 30); uint32_t x123 = (uint32_t)(x121 & UINT32_C(0x3fffffff)); uint64_t x124 = (x122 + x71); uint8_t x125 = (uint8_t)(x124 >> 31); uint32_t x126 = (uint32_t)(x124 & UINT32_C(0x7fffffff)); uint32_t x127 = (x125 + x70); out1[0] = x69; out1[1] = x88; out1[2] = x91; out1[3] = x94; out1[4] = x97; out1[5] = x99; out1[6] = x101; out1[7] = x104; out1[8] = x107; out1[9] = x110; out1[10] = x113; out1[11] = x115; out1[12] = x117; out1[13] = x120; out1[14] = x123; out1[15] = x126; out1[16] = x127; }