use rotl/rotr in 8x Montgomery mul

adamant-pwn · adamant-pwn · commit 0f96754629cf · 2025-05-26T22:53:07.000+02:00
diff --git a/cp-algo/util/simd.hpp b/cp-algo/util/simd.hpp
@@ -41,6 +41,12 @@ namespace cp_algo {
     [[gnu::always_inline]] inline u64x4 low32(u64x4 x) {
         return x & uint32_t(-1);
     }
+    [[gnu::always_inline]] inline auto rotr(auto x) {
+        return decltype(x)(__builtin_shufflevector(u32x8(x), u32x8(x), 1, 2, 3, 0, 5, 6, 7, 4));
+    }
+    [[gnu::always_inline]] inline auto rotl(auto x) {
+        return decltype(x)(__builtin_shufflevector(u32x8(x), u32x8(x), 3, 0, 1, 2, 7, 4, 5, 6));
+    }
 
     [[gnu::always_inline]] inline u64x4 montgomery_reduce(u64x4 x, uint32_t mod, uint32_t imod) {
 #ifdef __AVX2__
@@ -50,7 +56,7 @@ namespace cp_algo {
         auto x_ninv = x * imod;
         x += low32(x_ninv) * mod;
 #endif
-        return x >> 32;
+        return rotr(x);
     }
 
     [[gnu::always_inline]] inline u64x4 montgomery_mul(u64x4 x, u64x4 y, uint32_t mod, uint32_t imod) {
@@ -60,16 +66,10 @@ namespace cp_algo {
         return montgomery_reduce(low32(x) * low32(y), mod, imod);
 #endif
     }
-
     [[gnu::always_inline]] inline u32x8 montgomery_mul(u32x8 x, u32x8 y, uint32_t mod, uint32_t imod) {
-        auto x0246 = u64x4(x);
-        auto y0246 = u64x4(y);
-        auto x1357 = u64x4(x) >> 32;
-        auto y1357 = u64x4(y) >> 32;
-        return u32x8(montgomery_mul(x0246, y0246, mod, imod)) |
-               u32x8(montgomery_mul(x1357, y1357, mod, imod) << 32);
+        return u32x8(montgomery_mul(u64x4(x), u64x4(y), mod, imod)) |
+               u32x8(rotl(montgomery_mul(u64x4(rotr(x)), u64x4(rotr(y)), mod, imod)));
     }
-
     [[gnu::always_inline]] inline dx4 rotate_right(dx4 x) {
         static constexpr u64x4 shuffler = {3, 0, 1, 2};
         return __builtin_shuffle(x, shuffler);
