Skip to content

Commit b53e0cd

Browse files
peterdettmanpeterdettman
committed
Avoid overly-wide multiplications
1 parent 875d68b commit b53e0cd

File tree

1 file changed

+22
-23
lines changed

1 file changed

+22
-23
lines changed

src/field_5x52_int128_impl.h

Lines changed: 22 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -49,23 +49,23 @@ SECP256K1_INLINE static void secp256k1_fe_mul_inner(uint64_t *r, const uint64_t
4949
c = (uint128_t)a4 * b[4];
5050
VERIFY_BITS(c, 112);
5151
/* [c 0 0 0 0 d 0 0 0] = [p8 0 0 0 0 p3 0 0 0] */
52-
d += (c & M) * R; c >>= 52;
52+
d += (uint128_t)R * (uint64_t)c; c >>= 64;
5353
VERIFY_BITS(d, 115);
54-
VERIFY_BITS(c, 60);
55-
/* [c 0 0 0 0 0 d 0 0 0] = [p8 0 0 0 0 p3 0 0 0] */
54+
VERIFY_BITS(c, 48);
55+
/* [(c<<12) 0 0 0 0 0 d 0 0 0] = [p8 0 0 0 0 p3 0 0 0] */
5656
t3 = d & M; d >>= 52;
5757
VERIFY_BITS(t3, 52);
5858
VERIFY_BITS(d, 63);
59-
/* [c 0 0 0 0 d t3 0 0 0] = [p8 0 0 0 0 p3 0 0 0] */
59+
/* [(c<<12) 0 0 0 0 d t3 0 0 0] = [p8 0 0 0 0 p3 0 0 0] */
6060

6161
d += (uint128_t)a0 * b[4]
6262
+ (uint128_t)a1 * b[3]
6363
+ (uint128_t)a2 * b[2]
6464
+ (uint128_t)a3 * b[1]
6565
+ (uint128_t)a4 * b[0];
6666
VERIFY_BITS(d, 115);
67-
/* [c 0 0 0 0 d t3 0 0 0] = [p8 0 0 0 p4 p3 0 0 0] */
68-
d += c * R;
67+
/* [(c<<12) 0 0 0 0 d t3 0 0 0] = [p8 0 0 0 p4 p3 0 0 0] */
68+
d += (uint128_t)(R << 12) * (uint64_t)c;
6969
VERIFY_BITS(d, 116);
7070
/* [d t3 0 0 0] = [p8 0 0 0 p4 p3 0 0 0] */
7171
t4 = d & M; d >>= 52;
@@ -129,17 +129,16 @@ SECP256K1_INLINE static void secp256k1_fe_mul_inner(uint64_t *r, const uint64_t
129129
+ (uint128_t)a4 * b[3];
130130
VERIFY_BITS(d, 114);
131131
/* [d 0 0 t4 t3 c t1 r0] = [p8 p7 p6 p5 p4 p3 p2 p1 p0] */
132-
c += (d & M) * R; d >>= 52;
132+
c += (uint128_t)R * (uint64_t)d; d >>= 64;
133133
VERIFY_BITS(c, 115);
134-
VERIFY_BITS(d, 62);
135-
/* [d 0 0 0 t4 t3 c r1 r0] = [p8 p7 p6 p5 p4 p3 p2 p1 p0] */
134+
VERIFY_BITS(d, 50);
135+
/* [(d<<12) 0 0 0 t4 t3 c r1 r0] = [p8 p7 p6 p5 p4 p3 p2 p1 p0] */
136136

137-
/* [d 0 0 0 t4 t3 c r1 r0] = [p8 p7 p6 p5 p4 p3 p2 p1 p0] */
138137
r[2] = c & M; c >>= 52;
139138
VERIFY_BITS(r[2], 52);
140139
VERIFY_BITS(c, 63);
141-
/* [d 0 0 0 t4 t3+c r2 r1 r0] = [p8 p7 p6 p5 p4 p3 p2 p1 p0] */
142-
c += d * R + t3;
140+
/* [(d<<12) 0 0 0 t4 t3+c r2 r1 r0] = [p8 p7 p6 p5 p4 p3 p2 p1 p0] */
141+
c += (uint128_t)(R << 12) * (uint64_t)d + t3;
143142
VERIFY_BITS(c, 100);
144143
/* [t4 c r2 r1 r0] = [p8 p7 p6 p5 p4 p3 p2 p1 p0] */
145144
r[3] = c & M; c >>= 52;
@@ -178,22 +177,22 @@ SECP256K1_INLINE static void secp256k1_fe_sqr_inner(uint64_t *r, const uint64_t
178177
c = (uint128_t)a4 * a4;
179178
VERIFY_BITS(c, 112);
180179
/* [c 0 0 0 0 d 0 0 0] = [p8 0 0 0 0 p3 0 0 0] */
181-
d += (c & M) * R; c >>= 52;
180+
d += (uint128_t)R * (uint64_t)c; c >>= 64;
182181
VERIFY_BITS(d, 115);
183-
VERIFY_BITS(c, 60);
184-
/* [c 0 0 0 0 0 d 0 0 0] = [p8 0 0 0 0 p3 0 0 0] */
182+
VERIFY_BITS(c, 48);
183+
/* [(c<<12) 0 0 0 0 0 d 0 0 0] = [p8 0 0 0 0 p3 0 0 0] */
185184
t3 = d & M; d >>= 52;
186185
VERIFY_BITS(t3, 52);
187186
VERIFY_BITS(d, 63);
188-
/* [c 0 0 0 0 d t3 0 0 0] = [p8 0 0 0 0 p3 0 0 0] */
187+
/* [(c<<12) 0 0 0 0 d t3 0 0 0] = [p8 0 0 0 0 p3 0 0 0] */
189188

190189
a4 *= 2;
191190
d += (uint128_t)a0 * a4
192191
+ (uint128_t)(a1*2) * a3
193192
+ (uint128_t)a2 * a2;
194193
VERIFY_BITS(d, 115);
195-
/* [c 0 0 0 0 d t3 0 0 0] = [p8 0 0 0 p4 p3 0 0 0] */
196-
d += c * R;
194+
/* [(c<<12) 0 0 0 0 d t3 0 0 0] = [p8 0 0 0 p4 p3 0 0 0] */
195+
d += (uint128_t)(R << 12) * (uint64_t)c;
197196
VERIFY_BITS(d, 116);
198197
/* [d t3 0 0 0] = [p8 0 0 0 p4 p3 0 0 0] */
199198
t4 = d & M; d >>= 52;
@@ -252,16 +251,16 @@ SECP256K1_INLINE static void secp256k1_fe_sqr_inner(uint64_t *r, const uint64_t
252251
d += (uint128_t)a3 * a4;
253252
VERIFY_BITS(d, 114);
254253
/* [d 0 0 t4 t3 c r1 r0] = [p8 p7 p6 p5 p4 p3 p2 p1 p0] */
255-
c += (d & M) * R; d >>= 52;
254+
c += (uint128_t)R * (uint64_t)d; d >>= 64;
256255
VERIFY_BITS(c, 115);
257-
VERIFY_BITS(d, 62);
258-
/* [d 0 0 0 t4 t3 c r1 r0] = [p8 p7 p6 p5 p4 p3 p2 p1 p0] */
256+
VERIFY_BITS(d, 50);
257+
/* [(d<<12) 0 0 0 t4 t3 c r1 r0] = [p8 p7 p6 p5 p4 p3 p2 p1 p0] */
259258
r[2] = c & M; c >>= 52;
260259
VERIFY_BITS(r[2], 52);
261260
VERIFY_BITS(c, 63);
262-
/* [d 0 0 0 t4 t3+c r2 r1 r0] = [p8 p7 p6 p5 p4 p3 p2 p1 p0] */
261+
/* [(d<<12) 0 0 0 t4 t3+c r2 r1 r0] = [p8 p7 p6 p5 p4 p3 p2 p1 p0] */
263262

264-
c += d * R + t3;
263+
c += (uint128_t)(R << 12) * (uint64_t)d + t3;
265264
VERIFY_BITS(c, 100);
266265
/* [t4 c r2 r1 r0] = [p8 p7 p6 p5 p4 p3 p2 p1 p0] */
267266
r[3] = c & M; c >>= 52;

0 commit comments

Comments
 (0)