master
1// Autogenerated: 'src/ExtractionOCaml/word_by_word_montgomery' --lang Zig --internal-static --public-function-case camelCase --private-function-case camelCase --public-type-case UpperCamelCase --private-type-case UpperCamelCase --no-prefix-fiat --package-name p384 '' 64 '2^384 - 2^128 - 2^96 + 2^32 - 1' mul square add sub opp from_montgomery to_montgomery nonzero selectznz to_bytes from_bytes one msat divstep divstep_precomp
2// curve description (via package name): p384
3// machine_wordsize = 64 (from "64")
4// requested operations: mul, square, add, sub, opp, from_montgomery, to_montgomery, nonzero, selectznz, to_bytes, from_bytes, one, msat, divstep, divstep_precomp
5// m = 0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff (from "2^384 - 2^128 - 2^96 + 2^32 - 1")
6//
7// NOTE: In addition to the bounds specified above each function, all
8// functions synthesized for this Montgomery arithmetic require the
9// input to be strictly less than the prime modulus (m), and also
10// require the input to be in the unique saturated representation.
11// All functions also ensure that these two properties are true of
12// return values.
13//
14// Computed values:
15// eval z = z[0] + (z[1] << 64) + (z[2] << 128) + (z[3] << 192) + (z[4] << 256) + (z[5] << 0x140)
16// bytes_eval z = z[0] + (z[1] << 8) + (z[2] << 16) + (z[3] << 24) + (z[4] << 32) + (z[5] << 40) + (z[6] << 48) + (z[7] << 56) + (z[8] << 64) + (z[9] << 72) + (z[10] << 80) + (z[11] << 88) + (z[12] << 96) + (z[13] << 104) + (z[14] << 112) + (z[15] << 120) + (z[16] << 128) + (z[17] << 136) + (z[18] << 144) + (z[19] << 152) + (z[20] << 160) + (z[21] << 168) + (z[22] << 176) + (z[23] << 184) + (z[24] << 192) + (z[25] << 200) + (z[26] << 208) + (z[27] << 216) + (z[28] << 224) + (z[29] << 232) + (z[30] << 240) + (z[31] << 248) + (z[32] << 256) + (z[33] << 0x108) + (z[34] << 0x110) + (z[35] << 0x118) + (z[36] << 0x120) + (z[37] << 0x128) + (z[38] << 0x130) + (z[39] << 0x138) + (z[40] << 0x140) + (z[41] << 0x148) + (z[42] << 0x150) + (z[43] << 0x158) + (z[44] << 0x160) + (z[45] << 0x168) + (z[46] << 0x170) + (z[47] << 0x178)
17// twos_complement_eval z = let x1 := z[0] + (z[1] << 64) + (z[2] << 128) + (z[3] << 192) + (z[4] << 256) + (z[5] << 0x140) in
18// if x1 & (2^384-1) < 2^383 then x1 & (2^384-1) else (x1 & (2^384-1)) - 2^384
19
20const std = @import("std");
21const mode = @import("builtin").mode; // Checked arithmetic is disabled in non-debug modes to avoid side channels
22
23// The type MontgomeryDomainFieldElement is a field element in the Montgomery domain.
24// Bounds: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
25pub const MontgomeryDomainFieldElement = [6]u64;
26
27// The type NonMontgomeryDomainFieldElement is a field element NOT in the Montgomery domain.
28// Bounds: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
29pub const NonMontgomeryDomainFieldElement = [6]u64;
30
31/// The function addcarryxU64 is an addition with carry.
32///
33/// Postconditions:
34/// out1 = (arg1 + arg2 + arg3) mod 2^64
35/// out2 = ⌊(arg1 + arg2 + arg3) / 2^64⌋
36///
37/// Input Bounds:
38/// arg1: [0x0 ~> 0x1]
39/// arg2: [0x0 ~> 0xffffffffffffffff]
40/// arg3: [0x0 ~> 0xffffffffffffffff]
41/// Output Bounds:
42/// out1: [0x0 ~> 0xffffffffffffffff]
43/// out2: [0x0 ~> 0x1]
44fn addcarryxU64(out1: *u64, out2: *u1, arg1: u1, arg2: u64, arg3: u64) void {
45 const x = @as(u128, arg2) +% arg3 +% arg1;
46 out1.* = @truncate(x);
47 out2.* = @truncate(x >> 64);
48}
49
50/// The function subborrowxU64 is a subtraction with borrow.
51///
52/// Postconditions:
53/// out1 = (-arg1 + arg2 + -arg3) mod 2^64
54/// out2 = -⌊(-arg1 + arg2 + -arg3) / 2^64⌋
55///
56/// Input Bounds:
57/// arg1: [0x0 ~> 0x1]
58/// arg2: [0x0 ~> 0xffffffffffffffff]
59/// arg3: [0x0 ~> 0xffffffffffffffff]
60/// Output Bounds:
61/// out1: [0x0 ~> 0xffffffffffffffff]
62/// out2: [0x0 ~> 0x1]
63fn subborrowxU64(out1: *u64, out2: *u1, arg1: u1, arg2: u64, arg3: u64) void {
64 const x = @as(u128, arg2) -% arg3 -% arg1;
65 out1.* = @truncate(x);
66 out2.* = @truncate(x >> 64);
67}
68
69/// The function mulxU64 is a multiplication, returning the full double-width result.
70///
71/// Postconditions:
72/// out1 = (arg1 * arg2) mod 2^64
73/// out2 = ⌊arg1 * arg2 / 2^64⌋
74///
75/// Input Bounds:
76/// arg1: [0x0 ~> 0xffffffffffffffff]
77/// arg2: [0x0 ~> 0xffffffffffffffff]
78/// Output Bounds:
79/// out1: [0x0 ~> 0xffffffffffffffff]
80/// out2: [0x0 ~> 0xffffffffffffffff]
81fn mulxU64(out1: *u64, out2: *u64, arg1: u64, arg2: u64) void {
82 @setRuntimeSafety(mode == .Debug);
83
84 const x = @as(u128, arg1) * @as(u128, arg2);
85 out1.* = @as(u64, @truncate(x));
86 out2.* = @as(u64, @truncate(x >> 64));
87}
88
89/// The function cmovznzU64 is a single-word conditional move.
90///
91/// Postconditions:
92/// out1 = (if arg1 = 0 then arg2 else arg3)
93///
94/// Input Bounds:
95/// arg1: [0x0 ~> 0x1]
96/// arg2: [0x0 ~> 0xffffffffffffffff]
97/// arg3: [0x0 ~> 0xffffffffffffffff]
98/// Output Bounds:
99/// out1: [0x0 ~> 0xffffffffffffffff]
100fn cmovznzU64(out1: *u64, arg1: u1, arg2: u64, arg3: u64) void {
101 @setRuntimeSafety(mode == .Debug);
102
103 const mask = 0 -% @as(u64, arg1);
104 out1.* = (mask & arg3) | ((~mask) & arg2);
105}
106
107/// The function mul multiplies two field elements in the Montgomery domain.
108///
109/// Preconditions:
110/// 0 ≤ eval arg1 < m
111/// 0 ≤ eval arg2 < m
112/// Postconditions:
113/// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg2)) mod m
114/// 0 ≤ eval out1 < m
115///
116pub fn mul(out1: *MontgomeryDomainFieldElement, arg1: MontgomeryDomainFieldElement, arg2: MontgomeryDomainFieldElement) void {
117 @setRuntimeSafety(mode == .Debug);
118
119 const x1 = (arg1[1]);
120 const x2 = (arg1[2]);
121 const x3 = (arg1[3]);
122 const x4 = (arg1[4]);
123 const x5 = (arg1[5]);
124 const x6 = (arg1[0]);
125 var x7: u64 = undefined;
126 var x8: u64 = undefined;
127 mulxU64(&x7, &x8, x6, (arg2[5]));
128 var x9: u64 = undefined;
129 var x10: u64 = undefined;
130 mulxU64(&x9, &x10, x6, (arg2[4]));
131 var x11: u64 = undefined;
132 var x12: u64 = undefined;
133 mulxU64(&x11, &x12, x6, (arg2[3]));
134 var x13: u64 = undefined;
135 var x14: u64 = undefined;
136 mulxU64(&x13, &x14, x6, (arg2[2]));
137 var x15: u64 = undefined;
138 var x16: u64 = undefined;
139 mulxU64(&x15, &x16, x6, (arg2[1]));
140 var x17: u64 = undefined;
141 var x18: u64 = undefined;
142 mulxU64(&x17, &x18, x6, (arg2[0]));
143 var x19: u64 = undefined;
144 var x20: u1 = undefined;
145 addcarryxU64(&x19, &x20, 0x0, x18, x15);
146 var x21: u64 = undefined;
147 var x22: u1 = undefined;
148 addcarryxU64(&x21, &x22, x20, x16, x13);
149 var x23: u64 = undefined;
150 var x24: u1 = undefined;
151 addcarryxU64(&x23, &x24, x22, x14, x11);
152 var x25: u64 = undefined;
153 var x26: u1 = undefined;
154 addcarryxU64(&x25, &x26, x24, x12, x9);
155 var x27: u64 = undefined;
156 var x28: u1 = undefined;
157 addcarryxU64(&x27, &x28, x26, x10, x7);
158 const x29 = (@as(u64, x28) + x8);
159 var x30: u64 = undefined;
160 var x31: u64 = undefined;
161 mulxU64(&x30, &x31, x17, 0x100000001);
162 var x32: u64 = undefined;
163 var x33: u64 = undefined;
164 mulxU64(&x32, &x33, x30, 0xffffffffffffffff);
165 var x34: u64 = undefined;
166 var x35: u64 = undefined;
167 mulxU64(&x34, &x35, x30, 0xffffffffffffffff);
168 var x36: u64 = undefined;
169 var x37: u64 = undefined;
170 mulxU64(&x36, &x37, x30, 0xffffffffffffffff);
171 var x38: u64 = undefined;
172 var x39: u64 = undefined;
173 mulxU64(&x38, &x39, x30, 0xfffffffffffffffe);
174 var x40: u64 = undefined;
175 var x41: u64 = undefined;
176 mulxU64(&x40, &x41, x30, 0xffffffff00000000);
177 var x42: u64 = undefined;
178 var x43: u64 = undefined;
179 mulxU64(&x42, &x43, x30, 0xffffffff);
180 var x44: u64 = undefined;
181 var x45: u1 = undefined;
182 addcarryxU64(&x44, &x45, 0x0, x43, x40);
183 var x46: u64 = undefined;
184 var x47: u1 = undefined;
185 addcarryxU64(&x46, &x47, x45, x41, x38);
186 var x48: u64 = undefined;
187 var x49: u1 = undefined;
188 addcarryxU64(&x48, &x49, x47, x39, x36);
189 var x50: u64 = undefined;
190 var x51: u1 = undefined;
191 addcarryxU64(&x50, &x51, x49, x37, x34);
192 var x52: u64 = undefined;
193 var x53: u1 = undefined;
194 addcarryxU64(&x52, &x53, x51, x35, x32);
195 const x54 = (@as(u64, x53) + x33);
196 var x55: u64 = undefined;
197 var x56: u1 = undefined;
198 addcarryxU64(&x55, &x56, 0x0, x17, x42);
199 var x57: u64 = undefined;
200 var x58: u1 = undefined;
201 addcarryxU64(&x57, &x58, x56, x19, x44);
202 var x59: u64 = undefined;
203 var x60: u1 = undefined;
204 addcarryxU64(&x59, &x60, x58, x21, x46);
205 var x61: u64 = undefined;
206 var x62: u1 = undefined;
207 addcarryxU64(&x61, &x62, x60, x23, x48);
208 var x63: u64 = undefined;
209 var x64: u1 = undefined;
210 addcarryxU64(&x63, &x64, x62, x25, x50);
211 var x65: u64 = undefined;
212 var x66: u1 = undefined;
213 addcarryxU64(&x65, &x66, x64, x27, x52);
214 var x67: u64 = undefined;
215 var x68: u1 = undefined;
216 addcarryxU64(&x67, &x68, x66, x29, x54);
217 var x69: u64 = undefined;
218 var x70: u64 = undefined;
219 mulxU64(&x69, &x70, x1, (arg2[5]));
220 var x71: u64 = undefined;
221 var x72: u64 = undefined;
222 mulxU64(&x71, &x72, x1, (arg2[4]));
223 var x73: u64 = undefined;
224 var x74: u64 = undefined;
225 mulxU64(&x73, &x74, x1, (arg2[3]));
226 var x75: u64 = undefined;
227 var x76: u64 = undefined;
228 mulxU64(&x75, &x76, x1, (arg2[2]));
229 var x77: u64 = undefined;
230 var x78: u64 = undefined;
231 mulxU64(&x77, &x78, x1, (arg2[1]));
232 var x79: u64 = undefined;
233 var x80: u64 = undefined;
234 mulxU64(&x79, &x80, x1, (arg2[0]));
235 var x81: u64 = undefined;
236 var x82: u1 = undefined;
237 addcarryxU64(&x81, &x82, 0x0, x80, x77);
238 var x83: u64 = undefined;
239 var x84: u1 = undefined;
240 addcarryxU64(&x83, &x84, x82, x78, x75);
241 var x85: u64 = undefined;
242 var x86: u1 = undefined;
243 addcarryxU64(&x85, &x86, x84, x76, x73);
244 var x87: u64 = undefined;
245 var x88: u1 = undefined;
246 addcarryxU64(&x87, &x88, x86, x74, x71);
247 var x89: u64 = undefined;
248 var x90: u1 = undefined;
249 addcarryxU64(&x89, &x90, x88, x72, x69);
250 const x91 = (@as(u64, x90) + x70);
251 var x92: u64 = undefined;
252 var x93: u1 = undefined;
253 addcarryxU64(&x92, &x93, 0x0, x57, x79);
254 var x94: u64 = undefined;
255 var x95: u1 = undefined;
256 addcarryxU64(&x94, &x95, x93, x59, x81);
257 var x96: u64 = undefined;
258 var x97: u1 = undefined;
259 addcarryxU64(&x96, &x97, x95, x61, x83);
260 var x98: u64 = undefined;
261 var x99: u1 = undefined;
262 addcarryxU64(&x98, &x99, x97, x63, x85);
263 var x100: u64 = undefined;
264 var x101: u1 = undefined;
265 addcarryxU64(&x100, &x101, x99, x65, x87);
266 var x102: u64 = undefined;
267 var x103: u1 = undefined;
268 addcarryxU64(&x102, &x103, x101, x67, x89);
269 var x104: u64 = undefined;
270 var x105: u1 = undefined;
271 addcarryxU64(&x104, &x105, x103, @as(u64, x68), x91);
272 var x106: u64 = undefined;
273 var x107: u64 = undefined;
274 mulxU64(&x106, &x107, x92, 0x100000001);
275 var x108: u64 = undefined;
276 var x109: u64 = undefined;
277 mulxU64(&x108, &x109, x106, 0xffffffffffffffff);
278 var x110: u64 = undefined;
279 var x111: u64 = undefined;
280 mulxU64(&x110, &x111, x106, 0xffffffffffffffff);
281 var x112: u64 = undefined;
282 var x113: u64 = undefined;
283 mulxU64(&x112, &x113, x106, 0xffffffffffffffff);
284 var x114: u64 = undefined;
285 var x115: u64 = undefined;
286 mulxU64(&x114, &x115, x106, 0xfffffffffffffffe);
287 var x116: u64 = undefined;
288 var x117: u64 = undefined;
289 mulxU64(&x116, &x117, x106, 0xffffffff00000000);
290 var x118: u64 = undefined;
291 var x119: u64 = undefined;
292 mulxU64(&x118, &x119, x106, 0xffffffff);
293 var x120: u64 = undefined;
294 var x121: u1 = undefined;
295 addcarryxU64(&x120, &x121, 0x0, x119, x116);
296 var x122: u64 = undefined;
297 var x123: u1 = undefined;
298 addcarryxU64(&x122, &x123, x121, x117, x114);
299 var x124: u64 = undefined;
300 var x125: u1 = undefined;
301 addcarryxU64(&x124, &x125, x123, x115, x112);
302 var x126: u64 = undefined;
303 var x127: u1 = undefined;
304 addcarryxU64(&x126, &x127, x125, x113, x110);
305 var x128: u64 = undefined;
306 var x129: u1 = undefined;
307 addcarryxU64(&x128, &x129, x127, x111, x108);
308 const x130 = (@as(u64, x129) + x109);
309 var x131: u64 = undefined;
310 var x132: u1 = undefined;
311 addcarryxU64(&x131, &x132, 0x0, x92, x118);
312 var x133: u64 = undefined;
313 var x134: u1 = undefined;
314 addcarryxU64(&x133, &x134, x132, x94, x120);
315 var x135: u64 = undefined;
316 var x136: u1 = undefined;
317 addcarryxU64(&x135, &x136, x134, x96, x122);
318 var x137: u64 = undefined;
319 var x138: u1 = undefined;
320 addcarryxU64(&x137, &x138, x136, x98, x124);
321 var x139: u64 = undefined;
322 var x140: u1 = undefined;
323 addcarryxU64(&x139, &x140, x138, x100, x126);
324 var x141: u64 = undefined;
325 var x142: u1 = undefined;
326 addcarryxU64(&x141, &x142, x140, x102, x128);
327 var x143: u64 = undefined;
328 var x144: u1 = undefined;
329 addcarryxU64(&x143, &x144, x142, x104, x130);
330 const x145 = (@as(u64, x144) + @as(u64, x105));
331 var x146: u64 = undefined;
332 var x147: u64 = undefined;
333 mulxU64(&x146, &x147, x2, (arg2[5]));
334 var x148: u64 = undefined;
335 var x149: u64 = undefined;
336 mulxU64(&x148, &x149, x2, (arg2[4]));
337 var x150: u64 = undefined;
338 var x151: u64 = undefined;
339 mulxU64(&x150, &x151, x2, (arg2[3]));
340 var x152: u64 = undefined;
341 var x153: u64 = undefined;
342 mulxU64(&x152, &x153, x2, (arg2[2]));
343 var x154: u64 = undefined;
344 var x155: u64 = undefined;
345 mulxU64(&x154, &x155, x2, (arg2[1]));
346 var x156: u64 = undefined;
347 var x157: u64 = undefined;
348 mulxU64(&x156, &x157, x2, (arg2[0]));
349 var x158: u64 = undefined;
350 var x159: u1 = undefined;
351 addcarryxU64(&x158, &x159, 0x0, x157, x154);
352 var x160: u64 = undefined;
353 var x161: u1 = undefined;
354 addcarryxU64(&x160, &x161, x159, x155, x152);
355 var x162: u64 = undefined;
356 var x163: u1 = undefined;
357 addcarryxU64(&x162, &x163, x161, x153, x150);
358 var x164: u64 = undefined;
359 var x165: u1 = undefined;
360 addcarryxU64(&x164, &x165, x163, x151, x148);
361 var x166: u64 = undefined;
362 var x167: u1 = undefined;
363 addcarryxU64(&x166, &x167, x165, x149, x146);
364 const x168 = (@as(u64, x167) + x147);
365 var x169: u64 = undefined;
366 var x170: u1 = undefined;
367 addcarryxU64(&x169, &x170, 0x0, x133, x156);
368 var x171: u64 = undefined;
369 var x172: u1 = undefined;
370 addcarryxU64(&x171, &x172, x170, x135, x158);
371 var x173: u64 = undefined;
372 var x174: u1 = undefined;
373 addcarryxU64(&x173, &x174, x172, x137, x160);
374 var x175: u64 = undefined;
375 var x176: u1 = undefined;
376 addcarryxU64(&x175, &x176, x174, x139, x162);
377 var x177: u64 = undefined;
378 var x178: u1 = undefined;
379 addcarryxU64(&x177, &x178, x176, x141, x164);
380 var x179: u64 = undefined;
381 var x180: u1 = undefined;
382 addcarryxU64(&x179, &x180, x178, x143, x166);
383 var x181: u64 = undefined;
384 var x182: u1 = undefined;
385 addcarryxU64(&x181, &x182, x180, x145, x168);
386 var x183: u64 = undefined;
387 var x184: u64 = undefined;
388 mulxU64(&x183, &x184, x169, 0x100000001);
389 var x185: u64 = undefined;
390 var x186: u64 = undefined;
391 mulxU64(&x185, &x186, x183, 0xffffffffffffffff);
392 var x187: u64 = undefined;
393 var x188: u64 = undefined;
394 mulxU64(&x187, &x188, x183, 0xffffffffffffffff);
395 var x189: u64 = undefined;
396 var x190: u64 = undefined;
397 mulxU64(&x189, &x190, x183, 0xffffffffffffffff);
398 var x191: u64 = undefined;
399 var x192: u64 = undefined;
400 mulxU64(&x191, &x192, x183, 0xfffffffffffffffe);
401 var x193: u64 = undefined;
402 var x194: u64 = undefined;
403 mulxU64(&x193, &x194, x183, 0xffffffff00000000);
404 var x195: u64 = undefined;
405 var x196: u64 = undefined;
406 mulxU64(&x195, &x196, x183, 0xffffffff);
407 var x197: u64 = undefined;
408 var x198: u1 = undefined;
409 addcarryxU64(&x197, &x198, 0x0, x196, x193);
410 var x199: u64 = undefined;
411 var x200: u1 = undefined;
412 addcarryxU64(&x199, &x200, x198, x194, x191);
413 var x201: u64 = undefined;
414 var x202: u1 = undefined;
415 addcarryxU64(&x201, &x202, x200, x192, x189);
416 var x203: u64 = undefined;
417 var x204: u1 = undefined;
418 addcarryxU64(&x203, &x204, x202, x190, x187);
419 var x205: u64 = undefined;
420 var x206: u1 = undefined;
421 addcarryxU64(&x205, &x206, x204, x188, x185);
422 const x207 = (@as(u64, x206) + x186);
423 var x208: u64 = undefined;
424 var x209: u1 = undefined;
425 addcarryxU64(&x208, &x209, 0x0, x169, x195);
426 var x210: u64 = undefined;
427 var x211: u1 = undefined;
428 addcarryxU64(&x210, &x211, x209, x171, x197);
429 var x212: u64 = undefined;
430 var x213: u1 = undefined;
431 addcarryxU64(&x212, &x213, x211, x173, x199);
432 var x214: u64 = undefined;
433 var x215: u1 = undefined;
434 addcarryxU64(&x214, &x215, x213, x175, x201);
435 var x216: u64 = undefined;
436 var x217: u1 = undefined;
437 addcarryxU64(&x216, &x217, x215, x177, x203);
438 var x218: u64 = undefined;
439 var x219: u1 = undefined;
440 addcarryxU64(&x218, &x219, x217, x179, x205);
441 var x220: u64 = undefined;
442 var x221: u1 = undefined;
443 addcarryxU64(&x220, &x221, x219, x181, x207);
444 const x222 = (@as(u64, x221) + @as(u64, x182));
445 var x223: u64 = undefined;
446 var x224: u64 = undefined;
447 mulxU64(&x223, &x224, x3, (arg2[5]));
448 var x225: u64 = undefined;
449 var x226: u64 = undefined;
450 mulxU64(&x225, &x226, x3, (arg2[4]));
451 var x227: u64 = undefined;
452 var x228: u64 = undefined;
453 mulxU64(&x227, &x228, x3, (arg2[3]));
454 var x229: u64 = undefined;
455 var x230: u64 = undefined;
456 mulxU64(&x229, &x230, x3, (arg2[2]));
457 var x231: u64 = undefined;
458 var x232: u64 = undefined;
459 mulxU64(&x231, &x232, x3, (arg2[1]));
460 var x233: u64 = undefined;
461 var x234: u64 = undefined;
462 mulxU64(&x233, &x234, x3, (arg2[0]));
463 var x235: u64 = undefined;
464 var x236: u1 = undefined;
465 addcarryxU64(&x235, &x236, 0x0, x234, x231);
466 var x237: u64 = undefined;
467 var x238: u1 = undefined;
468 addcarryxU64(&x237, &x238, x236, x232, x229);
469 var x239: u64 = undefined;
470 var x240: u1 = undefined;
471 addcarryxU64(&x239, &x240, x238, x230, x227);
472 var x241: u64 = undefined;
473 var x242: u1 = undefined;
474 addcarryxU64(&x241, &x242, x240, x228, x225);
475 var x243: u64 = undefined;
476 var x244: u1 = undefined;
477 addcarryxU64(&x243, &x244, x242, x226, x223);
478 const x245 = (@as(u64, x244) + x224);
479 var x246: u64 = undefined;
480 var x247: u1 = undefined;
481 addcarryxU64(&x246, &x247, 0x0, x210, x233);
482 var x248: u64 = undefined;
483 var x249: u1 = undefined;
484 addcarryxU64(&x248, &x249, x247, x212, x235);
485 var x250: u64 = undefined;
486 var x251: u1 = undefined;
487 addcarryxU64(&x250, &x251, x249, x214, x237);
488 var x252: u64 = undefined;
489 var x253: u1 = undefined;
490 addcarryxU64(&x252, &x253, x251, x216, x239);
491 var x254: u64 = undefined;
492 var x255: u1 = undefined;
493 addcarryxU64(&x254, &x255, x253, x218, x241);
494 var x256: u64 = undefined;
495 var x257: u1 = undefined;
496 addcarryxU64(&x256, &x257, x255, x220, x243);
497 var x258: u64 = undefined;
498 var x259: u1 = undefined;
499 addcarryxU64(&x258, &x259, x257, x222, x245);
500 var x260: u64 = undefined;
501 var x261: u64 = undefined;
502 mulxU64(&x260, &x261, x246, 0x100000001);
503 var x262: u64 = undefined;
504 var x263: u64 = undefined;
505 mulxU64(&x262, &x263, x260, 0xffffffffffffffff);
506 var x264: u64 = undefined;
507 var x265: u64 = undefined;
508 mulxU64(&x264, &x265, x260, 0xffffffffffffffff);
509 var x266: u64 = undefined;
510 var x267: u64 = undefined;
511 mulxU64(&x266, &x267, x260, 0xffffffffffffffff);
512 var x268: u64 = undefined;
513 var x269: u64 = undefined;
514 mulxU64(&x268, &x269, x260, 0xfffffffffffffffe);
515 var x270: u64 = undefined;
516 var x271: u64 = undefined;
517 mulxU64(&x270, &x271, x260, 0xffffffff00000000);
518 var x272: u64 = undefined;
519 var x273: u64 = undefined;
520 mulxU64(&x272, &x273, x260, 0xffffffff);
521 var x274: u64 = undefined;
522 var x275: u1 = undefined;
523 addcarryxU64(&x274, &x275, 0x0, x273, x270);
524 var x276: u64 = undefined;
525 var x277: u1 = undefined;
526 addcarryxU64(&x276, &x277, x275, x271, x268);
527 var x278: u64 = undefined;
528 var x279: u1 = undefined;
529 addcarryxU64(&x278, &x279, x277, x269, x266);
530 var x280: u64 = undefined;
531 var x281: u1 = undefined;
532 addcarryxU64(&x280, &x281, x279, x267, x264);
533 var x282: u64 = undefined;
534 var x283: u1 = undefined;
535 addcarryxU64(&x282, &x283, x281, x265, x262);
536 const x284 = (@as(u64, x283) + x263);
537 var x285: u64 = undefined;
538 var x286: u1 = undefined;
539 addcarryxU64(&x285, &x286, 0x0, x246, x272);
540 var x287: u64 = undefined;
541 var x288: u1 = undefined;
542 addcarryxU64(&x287, &x288, x286, x248, x274);
543 var x289: u64 = undefined;
544 var x290: u1 = undefined;
545 addcarryxU64(&x289, &x290, x288, x250, x276);
546 var x291: u64 = undefined;
547 var x292: u1 = undefined;
548 addcarryxU64(&x291, &x292, x290, x252, x278);
549 var x293: u64 = undefined;
550 var x294: u1 = undefined;
551 addcarryxU64(&x293, &x294, x292, x254, x280);
552 var x295: u64 = undefined;
553 var x296: u1 = undefined;
554 addcarryxU64(&x295, &x296, x294, x256, x282);
555 var x297: u64 = undefined;
556 var x298: u1 = undefined;
557 addcarryxU64(&x297, &x298, x296, x258, x284);
558 const x299 = (@as(u64, x298) + @as(u64, x259));
559 var x300: u64 = undefined;
560 var x301: u64 = undefined;
561 mulxU64(&x300, &x301, x4, (arg2[5]));
562 var x302: u64 = undefined;
563 var x303: u64 = undefined;
564 mulxU64(&x302, &x303, x4, (arg2[4]));
565 var x304: u64 = undefined;
566 var x305: u64 = undefined;
567 mulxU64(&x304, &x305, x4, (arg2[3]));
568 var x306: u64 = undefined;
569 var x307: u64 = undefined;
570 mulxU64(&x306, &x307, x4, (arg2[2]));
571 var x308: u64 = undefined;
572 var x309: u64 = undefined;
573 mulxU64(&x308, &x309, x4, (arg2[1]));
574 var x310: u64 = undefined;
575 var x311: u64 = undefined;
576 mulxU64(&x310, &x311, x4, (arg2[0]));
577 var x312: u64 = undefined;
578 var x313: u1 = undefined;
579 addcarryxU64(&x312, &x313, 0x0, x311, x308);
580 var x314: u64 = undefined;
581 var x315: u1 = undefined;
582 addcarryxU64(&x314, &x315, x313, x309, x306);
583 var x316: u64 = undefined;
584 var x317: u1 = undefined;
585 addcarryxU64(&x316, &x317, x315, x307, x304);
586 var x318: u64 = undefined;
587 var x319: u1 = undefined;
588 addcarryxU64(&x318, &x319, x317, x305, x302);
589 var x320: u64 = undefined;
590 var x321: u1 = undefined;
591 addcarryxU64(&x320, &x321, x319, x303, x300);
592 const x322 = (@as(u64, x321) + x301);
593 var x323: u64 = undefined;
594 var x324: u1 = undefined;
595 addcarryxU64(&x323, &x324, 0x0, x287, x310);
596 var x325: u64 = undefined;
597 var x326: u1 = undefined;
598 addcarryxU64(&x325, &x326, x324, x289, x312);
599 var x327: u64 = undefined;
600 var x328: u1 = undefined;
601 addcarryxU64(&x327, &x328, x326, x291, x314);
602 var x329: u64 = undefined;
603 var x330: u1 = undefined;
604 addcarryxU64(&x329, &x330, x328, x293, x316);
605 var x331: u64 = undefined;
606 var x332: u1 = undefined;
607 addcarryxU64(&x331, &x332, x330, x295, x318);
608 var x333: u64 = undefined;
609 var x334: u1 = undefined;
610 addcarryxU64(&x333, &x334, x332, x297, x320);
611 var x335: u64 = undefined;
612 var x336: u1 = undefined;
613 addcarryxU64(&x335, &x336, x334, x299, x322);
614 var x337: u64 = undefined;
615 var x338: u64 = undefined;
616 mulxU64(&x337, &x338, x323, 0x100000001);
617 var x339: u64 = undefined;
618 var x340: u64 = undefined;
619 mulxU64(&x339, &x340, x337, 0xffffffffffffffff);
620 var x341: u64 = undefined;
621 var x342: u64 = undefined;
622 mulxU64(&x341, &x342, x337, 0xffffffffffffffff);
623 var x343: u64 = undefined;
624 var x344: u64 = undefined;
625 mulxU64(&x343, &x344, x337, 0xffffffffffffffff);
626 var x345: u64 = undefined;
627 var x346: u64 = undefined;
628 mulxU64(&x345, &x346, x337, 0xfffffffffffffffe);
629 var x347: u64 = undefined;
630 var x348: u64 = undefined;
631 mulxU64(&x347, &x348, x337, 0xffffffff00000000);
632 var x349: u64 = undefined;
633 var x350: u64 = undefined;
634 mulxU64(&x349, &x350, x337, 0xffffffff);
635 var x351: u64 = undefined;
636 var x352: u1 = undefined;
637 addcarryxU64(&x351, &x352, 0x0, x350, x347);
638 var x353: u64 = undefined;
639 var x354: u1 = undefined;
640 addcarryxU64(&x353, &x354, x352, x348, x345);
641 var x355: u64 = undefined;
642 var x356: u1 = undefined;
643 addcarryxU64(&x355, &x356, x354, x346, x343);
644 var x357: u64 = undefined;
645 var x358: u1 = undefined;
646 addcarryxU64(&x357, &x358, x356, x344, x341);
647 var x359: u64 = undefined;
648 var x360: u1 = undefined;
649 addcarryxU64(&x359, &x360, x358, x342, x339);
650 const x361 = (@as(u64, x360) + x340);
651 var x362: u64 = undefined;
652 var x363: u1 = undefined;
653 addcarryxU64(&x362, &x363, 0x0, x323, x349);
654 var x364: u64 = undefined;
655 var x365: u1 = undefined;
656 addcarryxU64(&x364, &x365, x363, x325, x351);
657 var x366: u64 = undefined;
658 var x367: u1 = undefined;
659 addcarryxU64(&x366, &x367, x365, x327, x353);
660 var x368: u64 = undefined;
661 var x369: u1 = undefined;
662 addcarryxU64(&x368, &x369, x367, x329, x355);
663 var x370: u64 = undefined;
664 var x371: u1 = undefined;
665 addcarryxU64(&x370, &x371, x369, x331, x357);
666 var x372: u64 = undefined;
667 var x373: u1 = undefined;
668 addcarryxU64(&x372, &x373, x371, x333, x359);
669 var x374: u64 = undefined;
670 var x375: u1 = undefined;
671 addcarryxU64(&x374, &x375, x373, x335, x361);
672 const x376 = (@as(u64, x375) + @as(u64, x336));
673 var x377: u64 = undefined;
674 var x378: u64 = undefined;
675 mulxU64(&x377, &x378, x5, (arg2[5]));
676 var x379: u64 = undefined;
677 var x380: u64 = undefined;
678 mulxU64(&x379, &x380, x5, (arg2[4]));
679 var x381: u64 = undefined;
680 var x382: u64 = undefined;
681 mulxU64(&x381, &x382, x5, (arg2[3]));
682 var x383: u64 = undefined;
683 var x384: u64 = undefined;
684 mulxU64(&x383, &x384, x5, (arg2[2]));
685 var x385: u64 = undefined;
686 var x386: u64 = undefined;
687 mulxU64(&x385, &x386, x5, (arg2[1]));
688 var x387: u64 = undefined;
689 var x388: u64 = undefined;
690 mulxU64(&x387, &x388, x5, (arg2[0]));
691 var x389: u64 = undefined;
692 var x390: u1 = undefined;
693 addcarryxU64(&x389, &x390, 0x0, x388, x385);
694 var x391: u64 = undefined;
695 var x392: u1 = undefined;
696 addcarryxU64(&x391, &x392, x390, x386, x383);
697 var x393: u64 = undefined;
698 var x394: u1 = undefined;
699 addcarryxU64(&x393, &x394, x392, x384, x381);
700 var x395: u64 = undefined;
701 var x396: u1 = undefined;
702 addcarryxU64(&x395, &x396, x394, x382, x379);
703 var x397: u64 = undefined;
704 var x398: u1 = undefined;
705 addcarryxU64(&x397, &x398, x396, x380, x377);
706 const x399 = (@as(u64, x398) + x378);
707 var x400: u64 = undefined;
708 var x401: u1 = undefined;
709 addcarryxU64(&x400, &x401, 0x0, x364, x387);
710 var x402: u64 = undefined;
711 var x403: u1 = undefined;
712 addcarryxU64(&x402, &x403, x401, x366, x389);
713 var x404: u64 = undefined;
714 var x405: u1 = undefined;
715 addcarryxU64(&x404, &x405, x403, x368, x391);
716 var x406: u64 = undefined;
717 var x407: u1 = undefined;
718 addcarryxU64(&x406, &x407, x405, x370, x393);
719 var x408: u64 = undefined;
720 var x409: u1 = undefined;
721 addcarryxU64(&x408, &x409, x407, x372, x395);
722 var x410: u64 = undefined;
723 var x411: u1 = undefined;
724 addcarryxU64(&x410, &x411, x409, x374, x397);
725 var x412: u64 = undefined;
726 var x413: u1 = undefined;
727 addcarryxU64(&x412, &x413, x411, x376, x399);
728 var x414: u64 = undefined;
729 var x415: u64 = undefined;
730 mulxU64(&x414, &x415, x400, 0x100000001);
731 var x416: u64 = undefined;
732 var x417: u64 = undefined;
733 mulxU64(&x416, &x417, x414, 0xffffffffffffffff);
734 var x418: u64 = undefined;
735 var x419: u64 = undefined;
736 mulxU64(&x418, &x419, x414, 0xffffffffffffffff);
737 var x420: u64 = undefined;
738 var x421: u64 = undefined;
739 mulxU64(&x420, &x421, x414, 0xffffffffffffffff);
740 var x422: u64 = undefined;
741 var x423: u64 = undefined;
742 mulxU64(&x422, &x423, x414, 0xfffffffffffffffe);
743 var x424: u64 = undefined;
744 var x425: u64 = undefined;
745 mulxU64(&x424, &x425, x414, 0xffffffff00000000);
746 var x426: u64 = undefined;
747 var x427: u64 = undefined;
748 mulxU64(&x426, &x427, x414, 0xffffffff);
749 var x428: u64 = undefined;
750 var x429: u1 = undefined;
751 addcarryxU64(&x428, &x429, 0x0, x427, x424);
752 var x430: u64 = undefined;
753 var x431: u1 = undefined;
754 addcarryxU64(&x430, &x431, x429, x425, x422);
755 var x432: u64 = undefined;
756 var x433: u1 = undefined;
757 addcarryxU64(&x432, &x433, x431, x423, x420);
758 var x434: u64 = undefined;
759 var x435: u1 = undefined;
760 addcarryxU64(&x434, &x435, x433, x421, x418);
761 var x436: u64 = undefined;
762 var x437: u1 = undefined;
763 addcarryxU64(&x436, &x437, x435, x419, x416);
764 const x438 = (@as(u64, x437) + x417);
765 var x439: u64 = undefined;
766 var x440: u1 = undefined;
767 addcarryxU64(&x439, &x440, 0x0, x400, x426);
768 var x441: u64 = undefined;
769 var x442: u1 = undefined;
770 addcarryxU64(&x441, &x442, x440, x402, x428);
771 var x443: u64 = undefined;
772 var x444: u1 = undefined;
773 addcarryxU64(&x443, &x444, x442, x404, x430);
774 var x445: u64 = undefined;
775 var x446: u1 = undefined;
776 addcarryxU64(&x445, &x446, x444, x406, x432);
777 var x447: u64 = undefined;
778 var x448: u1 = undefined;
779 addcarryxU64(&x447, &x448, x446, x408, x434);
780 var x449: u64 = undefined;
781 var x450: u1 = undefined;
782 addcarryxU64(&x449, &x450, x448, x410, x436);
783 var x451: u64 = undefined;
784 var x452: u1 = undefined;
785 addcarryxU64(&x451, &x452, x450, x412, x438);
786 const x453 = (@as(u64, x452) + @as(u64, x413));
787 var x454: u64 = undefined;
788 var x455: u1 = undefined;
789 subborrowxU64(&x454, &x455, 0x0, x441, 0xffffffff);
790 var x456: u64 = undefined;
791 var x457: u1 = undefined;
792 subborrowxU64(&x456, &x457, x455, x443, 0xffffffff00000000);
793 var x458: u64 = undefined;
794 var x459: u1 = undefined;
795 subborrowxU64(&x458, &x459, x457, x445, 0xfffffffffffffffe);
796 var x460: u64 = undefined;
797 var x461: u1 = undefined;
798 subborrowxU64(&x460, &x461, x459, x447, 0xffffffffffffffff);
799 var x462: u64 = undefined;
800 var x463: u1 = undefined;
801 subborrowxU64(&x462, &x463, x461, x449, 0xffffffffffffffff);
802 var x464: u64 = undefined;
803 var x465: u1 = undefined;
804 subborrowxU64(&x464, &x465, x463, x451, 0xffffffffffffffff);
805 var x466: u64 = undefined;
806 var x467: u1 = undefined;
807 subborrowxU64(&x466, &x467, x465, x453, 0x0);
808 var x468: u64 = undefined;
809 cmovznzU64(&x468, x467, x454, x441);
810 var x469: u64 = undefined;
811 cmovznzU64(&x469, x467, x456, x443);
812 var x470: u64 = undefined;
813 cmovznzU64(&x470, x467, x458, x445);
814 var x471: u64 = undefined;
815 cmovznzU64(&x471, x467, x460, x447);
816 var x472: u64 = undefined;
817 cmovznzU64(&x472, x467, x462, x449);
818 var x473: u64 = undefined;
819 cmovznzU64(&x473, x467, x464, x451);
820 out1[0] = x468;
821 out1[1] = x469;
822 out1[2] = x470;
823 out1[3] = x471;
824 out1[4] = x472;
825 out1[5] = x473;
826}
827
828/// The function square squares a field element in the Montgomery domain.
829///
830/// Preconditions:
831/// 0 ≤ eval arg1 < m
832/// Postconditions:
833/// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg1)) mod m
834/// 0 ≤ eval out1 < m
835///
836pub fn square(out1: *MontgomeryDomainFieldElement, arg1: MontgomeryDomainFieldElement) void {
837 @setRuntimeSafety(mode == .Debug);
838
839 const x1 = (arg1[1]);
840 const x2 = (arg1[2]);
841 const x3 = (arg1[3]);
842 const x4 = (arg1[4]);
843 const x5 = (arg1[5]);
844 const x6 = (arg1[0]);
845 var x7: u64 = undefined;
846 var x8: u64 = undefined;
847 mulxU64(&x7, &x8, x6, (arg1[5]));
848 var x9: u64 = undefined;
849 var x10: u64 = undefined;
850 mulxU64(&x9, &x10, x6, (arg1[4]));
851 var x11: u64 = undefined;
852 var x12: u64 = undefined;
853 mulxU64(&x11, &x12, x6, (arg1[3]));
854 var x13: u64 = undefined;
855 var x14: u64 = undefined;
856 mulxU64(&x13, &x14, x6, (arg1[2]));
857 var x15: u64 = undefined;
858 var x16: u64 = undefined;
859 mulxU64(&x15, &x16, x6, (arg1[1]));
860 var x17: u64 = undefined;
861 var x18: u64 = undefined;
862 mulxU64(&x17, &x18, x6, (arg1[0]));
863 var x19: u64 = undefined;
864 var x20: u1 = undefined;
865 addcarryxU64(&x19, &x20, 0x0, x18, x15);
866 var x21: u64 = undefined;
867 var x22: u1 = undefined;
868 addcarryxU64(&x21, &x22, x20, x16, x13);
869 var x23: u64 = undefined;
870 var x24: u1 = undefined;
871 addcarryxU64(&x23, &x24, x22, x14, x11);
872 var x25: u64 = undefined;
873 var x26: u1 = undefined;
874 addcarryxU64(&x25, &x26, x24, x12, x9);
875 var x27: u64 = undefined;
876 var x28: u1 = undefined;
877 addcarryxU64(&x27, &x28, x26, x10, x7);
878 const x29 = (@as(u64, x28) + x8);
879 var x30: u64 = undefined;
880 var x31: u64 = undefined;
881 mulxU64(&x30, &x31, x17, 0x100000001);
882 var x32: u64 = undefined;
883 var x33: u64 = undefined;
884 mulxU64(&x32, &x33, x30, 0xffffffffffffffff);
885 var x34: u64 = undefined;
886 var x35: u64 = undefined;
887 mulxU64(&x34, &x35, x30, 0xffffffffffffffff);
888 var x36: u64 = undefined;
889 var x37: u64 = undefined;
890 mulxU64(&x36, &x37, x30, 0xffffffffffffffff);
891 var x38: u64 = undefined;
892 var x39: u64 = undefined;
893 mulxU64(&x38, &x39, x30, 0xfffffffffffffffe);
894 var x40: u64 = undefined;
895 var x41: u64 = undefined;
896 mulxU64(&x40, &x41, x30, 0xffffffff00000000);
897 var x42: u64 = undefined;
898 var x43: u64 = undefined;
899 mulxU64(&x42, &x43, x30, 0xffffffff);
900 var x44: u64 = undefined;
901 var x45: u1 = undefined;
902 addcarryxU64(&x44, &x45, 0x0, x43, x40);
903 var x46: u64 = undefined;
904 var x47: u1 = undefined;
905 addcarryxU64(&x46, &x47, x45, x41, x38);
906 var x48: u64 = undefined;
907 var x49: u1 = undefined;
908 addcarryxU64(&x48, &x49, x47, x39, x36);
909 var x50: u64 = undefined;
910 var x51: u1 = undefined;
911 addcarryxU64(&x50, &x51, x49, x37, x34);
912 var x52: u64 = undefined;
913 var x53: u1 = undefined;
914 addcarryxU64(&x52, &x53, x51, x35, x32);
915 const x54 = (@as(u64, x53) + x33);
916 var x55: u64 = undefined;
917 var x56: u1 = undefined;
918 addcarryxU64(&x55, &x56, 0x0, x17, x42);
919 var x57: u64 = undefined;
920 var x58: u1 = undefined;
921 addcarryxU64(&x57, &x58, x56, x19, x44);
922 var x59: u64 = undefined;
923 var x60: u1 = undefined;
924 addcarryxU64(&x59, &x60, x58, x21, x46);
925 var x61: u64 = undefined;
926 var x62: u1 = undefined;
927 addcarryxU64(&x61, &x62, x60, x23, x48);
928 var x63: u64 = undefined;
929 var x64: u1 = undefined;
930 addcarryxU64(&x63, &x64, x62, x25, x50);
931 var x65: u64 = undefined;
932 var x66: u1 = undefined;
933 addcarryxU64(&x65, &x66, x64, x27, x52);
934 var x67: u64 = undefined;
935 var x68: u1 = undefined;
936 addcarryxU64(&x67, &x68, x66, x29, x54);
937 var x69: u64 = undefined;
938 var x70: u64 = undefined;
939 mulxU64(&x69, &x70, x1, (arg1[5]));
940 var x71: u64 = undefined;
941 var x72: u64 = undefined;
942 mulxU64(&x71, &x72, x1, (arg1[4]));
943 var x73: u64 = undefined;
944 var x74: u64 = undefined;
945 mulxU64(&x73, &x74, x1, (arg1[3]));
946 var x75: u64 = undefined;
947 var x76: u64 = undefined;
948 mulxU64(&x75, &x76, x1, (arg1[2]));
949 var x77: u64 = undefined;
950 var x78: u64 = undefined;
951 mulxU64(&x77, &x78, x1, (arg1[1]));
952 var x79: u64 = undefined;
953 var x80: u64 = undefined;
954 mulxU64(&x79, &x80, x1, (arg1[0]));
955 var x81: u64 = undefined;
956 var x82: u1 = undefined;
957 addcarryxU64(&x81, &x82, 0x0, x80, x77);
958 var x83: u64 = undefined;
959 var x84: u1 = undefined;
960 addcarryxU64(&x83, &x84, x82, x78, x75);
961 var x85: u64 = undefined;
962 var x86: u1 = undefined;
963 addcarryxU64(&x85, &x86, x84, x76, x73);
964 var x87: u64 = undefined;
965 var x88: u1 = undefined;
966 addcarryxU64(&x87, &x88, x86, x74, x71);
967 var x89: u64 = undefined;
968 var x90: u1 = undefined;
969 addcarryxU64(&x89, &x90, x88, x72, x69);
970 const x91 = (@as(u64, x90) + x70);
971 var x92: u64 = undefined;
972 var x93: u1 = undefined;
973 addcarryxU64(&x92, &x93, 0x0, x57, x79);
974 var x94: u64 = undefined;
975 var x95: u1 = undefined;
976 addcarryxU64(&x94, &x95, x93, x59, x81);
977 var x96: u64 = undefined;
978 var x97: u1 = undefined;
979 addcarryxU64(&x96, &x97, x95, x61, x83);
980 var x98: u64 = undefined;
981 var x99: u1 = undefined;
982 addcarryxU64(&x98, &x99, x97, x63, x85);
983 var x100: u64 = undefined;
984 var x101: u1 = undefined;
985 addcarryxU64(&x100, &x101, x99, x65, x87);
986 var x102: u64 = undefined;
987 var x103: u1 = undefined;
988 addcarryxU64(&x102, &x103, x101, x67, x89);
989 var x104: u64 = undefined;
990 var x105: u1 = undefined;
991 addcarryxU64(&x104, &x105, x103, @as(u64, x68), x91);
992 var x106: u64 = undefined;
993 var x107: u64 = undefined;
994 mulxU64(&x106, &x107, x92, 0x100000001);
995 var x108: u64 = undefined;
996 var x109: u64 = undefined;
997 mulxU64(&x108, &x109, x106, 0xffffffffffffffff);
998 var x110: u64 = undefined;
999 var x111: u64 = undefined;
1000 mulxU64(&x110, &x111, x106, 0xffffffffffffffff);
1001 var x112: u64 = undefined;
1002 var x113: u64 = undefined;
1003 mulxU64(&x112, &x113, x106, 0xffffffffffffffff);
1004 var x114: u64 = undefined;
1005 var x115: u64 = undefined;
1006 mulxU64(&x114, &x115, x106, 0xfffffffffffffffe);
1007 var x116: u64 = undefined;
1008 var x117: u64 = undefined;
1009 mulxU64(&x116, &x117, x106, 0xffffffff00000000);
1010 var x118: u64 = undefined;
1011 var x119: u64 = undefined;
1012 mulxU64(&x118, &x119, x106, 0xffffffff);
1013 var x120: u64 = undefined;
1014 var x121: u1 = undefined;
1015 addcarryxU64(&x120, &x121, 0x0, x119, x116);
1016 var x122: u64 = undefined;
1017 var x123: u1 = undefined;
1018 addcarryxU64(&x122, &x123, x121, x117, x114);
1019 var x124: u64 = undefined;
1020 var x125: u1 = undefined;
1021 addcarryxU64(&x124, &x125, x123, x115, x112);
1022 var x126: u64 = undefined;
1023 var x127: u1 = undefined;
1024 addcarryxU64(&x126, &x127, x125, x113, x110);
1025 var x128: u64 = undefined;
1026 var x129: u1 = undefined;
1027 addcarryxU64(&x128, &x129, x127, x111, x108);
1028 const x130 = (@as(u64, x129) + x109);
1029 var x131: u64 = undefined;
1030 var x132: u1 = undefined;
1031 addcarryxU64(&x131, &x132, 0x0, x92, x118);
1032 var x133: u64 = undefined;
1033 var x134: u1 = undefined;
1034 addcarryxU64(&x133, &x134, x132, x94, x120);
1035 var x135: u64 = undefined;
1036 var x136: u1 = undefined;
1037 addcarryxU64(&x135, &x136, x134, x96, x122);
1038 var x137: u64 = undefined;
1039 var x138: u1 = undefined;
1040 addcarryxU64(&x137, &x138, x136, x98, x124);
1041 var x139: u64 = undefined;
1042 var x140: u1 = undefined;
1043 addcarryxU64(&x139, &x140, x138, x100, x126);
1044 var x141: u64 = undefined;
1045 var x142: u1 = undefined;
1046 addcarryxU64(&x141, &x142, x140, x102, x128);
1047 var x143: u64 = undefined;
1048 var x144: u1 = undefined;
1049 addcarryxU64(&x143, &x144, x142, x104, x130);
1050 const x145 = (@as(u64, x144) + @as(u64, x105));
1051 var x146: u64 = undefined;
1052 var x147: u64 = undefined;
1053 mulxU64(&x146, &x147, x2, (arg1[5]));
1054 var x148: u64 = undefined;
1055 var x149: u64 = undefined;
1056 mulxU64(&x148, &x149, x2, (arg1[4]));
1057 var x150: u64 = undefined;
1058 var x151: u64 = undefined;
1059 mulxU64(&x150, &x151, x2, (arg1[3]));
1060 var x152: u64 = undefined;
1061 var x153: u64 = undefined;
1062 mulxU64(&x152, &x153, x2, (arg1[2]));
1063 var x154: u64 = undefined;
1064 var x155: u64 = undefined;
1065 mulxU64(&x154, &x155, x2, (arg1[1]));
1066 var x156: u64 = undefined;
1067 var x157: u64 = undefined;
1068 mulxU64(&x156, &x157, x2, (arg1[0]));
1069 var x158: u64 = undefined;
1070 var x159: u1 = undefined;
1071 addcarryxU64(&x158, &x159, 0x0, x157, x154);
1072 var x160: u64 = undefined;
1073 var x161: u1 = undefined;
1074 addcarryxU64(&x160, &x161, x159, x155, x152);
1075 var x162: u64 = undefined;
1076 var x163: u1 = undefined;
1077 addcarryxU64(&x162, &x163, x161, x153, x150);
1078 var x164: u64 = undefined;
1079 var x165: u1 = undefined;
1080 addcarryxU64(&x164, &x165, x163, x151, x148);
1081 var x166: u64 = undefined;
1082 var x167: u1 = undefined;
1083 addcarryxU64(&x166, &x167, x165, x149, x146);
1084 const x168 = (@as(u64, x167) + x147);
1085 var x169: u64 = undefined;
1086 var x170: u1 = undefined;
1087 addcarryxU64(&x169, &x170, 0x0, x133, x156);
1088 var x171: u64 = undefined;
1089 var x172: u1 = undefined;
1090 addcarryxU64(&x171, &x172, x170, x135, x158);
1091 var x173: u64 = undefined;
1092 var x174: u1 = undefined;
1093 addcarryxU64(&x173, &x174, x172, x137, x160);
1094 var x175: u64 = undefined;
1095 var x176: u1 = undefined;
1096 addcarryxU64(&x175, &x176, x174, x139, x162);
1097 var x177: u64 = undefined;
1098 var x178: u1 = undefined;
1099 addcarryxU64(&x177, &x178, x176, x141, x164);
1100 var x179: u64 = undefined;
1101 var x180: u1 = undefined;
1102 addcarryxU64(&x179, &x180, x178, x143, x166);
1103 var x181: u64 = undefined;
1104 var x182: u1 = undefined;
1105 addcarryxU64(&x181, &x182, x180, x145, x168);
1106 var x183: u64 = undefined;
1107 var x184: u64 = undefined;
1108 mulxU64(&x183, &x184, x169, 0x100000001);
1109 var x185: u64 = undefined;
1110 var x186: u64 = undefined;
1111 mulxU64(&x185, &x186, x183, 0xffffffffffffffff);
1112 var x187: u64 = undefined;
1113 var x188: u64 = undefined;
1114 mulxU64(&x187, &x188, x183, 0xffffffffffffffff);
1115 var x189: u64 = undefined;
1116 var x190: u64 = undefined;
1117 mulxU64(&x189, &x190, x183, 0xffffffffffffffff);
1118 var x191: u64 = undefined;
1119 var x192: u64 = undefined;
1120 mulxU64(&x191, &x192, x183, 0xfffffffffffffffe);
1121 var x193: u64 = undefined;
1122 var x194: u64 = undefined;
1123 mulxU64(&x193, &x194, x183, 0xffffffff00000000);
1124 var x195: u64 = undefined;
1125 var x196: u64 = undefined;
1126 mulxU64(&x195, &x196, x183, 0xffffffff);
1127 var x197: u64 = undefined;
1128 var x198: u1 = undefined;
1129 addcarryxU64(&x197, &x198, 0x0, x196, x193);
1130 var x199: u64 = undefined;
1131 var x200: u1 = undefined;
1132 addcarryxU64(&x199, &x200, x198, x194, x191);
1133 var x201: u64 = undefined;
1134 var x202: u1 = undefined;
1135 addcarryxU64(&x201, &x202, x200, x192, x189);
1136 var x203: u64 = undefined;
1137 var x204: u1 = undefined;
1138 addcarryxU64(&x203, &x204, x202, x190, x187);
1139 var x205: u64 = undefined;
1140 var x206: u1 = undefined;
1141 addcarryxU64(&x205, &x206, x204, x188, x185);
1142 const x207 = (@as(u64, x206) + x186);
1143 var x208: u64 = undefined;
1144 var x209: u1 = undefined;
1145 addcarryxU64(&x208, &x209, 0x0, x169, x195);
1146 var x210: u64 = undefined;
1147 var x211: u1 = undefined;
1148 addcarryxU64(&x210, &x211, x209, x171, x197);
1149 var x212: u64 = undefined;
1150 var x213: u1 = undefined;
1151 addcarryxU64(&x212, &x213, x211, x173, x199);
1152 var x214: u64 = undefined;
1153 var x215: u1 = undefined;
1154 addcarryxU64(&x214, &x215, x213, x175, x201);
1155 var x216: u64 = undefined;
1156 var x217: u1 = undefined;
1157 addcarryxU64(&x216, &x217, x215, x177, x203);
1158 var x218: u64 = undefined;
1159 var x219: u1 = undefined;
1160 addcarryxU64(&x218, &x219, x217, x179, x205);
1161 var x220: u64 = undefined;
1162 var x221: u1 = undefined;
1163 addcarryxU64(&x220, &x221, x219, x181, x207);
1164 const x222 = (@as(u64, x221) + @as(u64, x182));
1165 var x223: u64 = undefined;
1166 var x224: u64 = undefined;
1167 mulxU64(&x223, &x224, x3, (arg1[5]));
1168 var x225: u64 = undefined;
1169 var x226: u64 = undefined;
1170 mulxU64(&x225, &x226, x3, (arg1[4]));
1171 var x227: u64 = undefined;
1172 var x228: u64 = undefined;
1173 mulxU64(&x227, &x228, x3, (arg1[3]));
1174 var x229: u64 = undefined;
1175 var x230: u64 = undefined;
1176 mulxU64(&x229, &x230, x3, (arg1[2]));
1177 var x231: u64 = undefined;
1178 var x232: u64 = undefined;
1179 mulxU64(&x231, &x232, x3, (arg1[1]));
1180 var x233: u64 = undefined;
1181 var x234: u64 = undefined;
1182 mulxU64(&x233, &x234, x3, (arg1[0]));
1183 var x235: u64 = undefined;
1184 var x236: u1 = undefined;
1185 addcarryxU64(&x235, &x236, 0x0, x234, x231);
1186 var x237: u64 = undefined;
1187 var x238: u1 = undefined;
1188 addcarryxU64(&x237, &x238, x236, x232, x229);
1189 var x239: u64 = undefined;
1190 var x240: u1 = undefined;
1191 addcarryxU64(&x239, &x240, x238, x230, x227);
1192 var x241: u64 = undefined;
1193 var x242: u1 = undefined;
1194 addcarryxU64(&x241, &x242, x240, x228, x225);
1195 var x243: u64 = undefined;
1196 var x244: u1 = undefined;
1197 addcarryxU64(&x243, &x244, x242, x226, x223);
1198 const x245 = (@as(u64, x244) + x224);
1199 var x246: u64 = undefined;
1200 var x247: u1 = undefined;
1201 addcarryxU64(&x246, &x247, 0x0, x210, x233);
1202 var x248: u64 = undefined;
1203 var x249: u1 = undefined;
1204 addcarryxU64(&x248, &x249, x247, x212, x235);
1205 var x250: u64 = undefined;
1206 var x251: u1 = undefined;
1207 addcarryxU64(&x250, &x251, x249, x214, x237);
1208 var x252: u64 = undefined;
1209 var x253: u1 = undefined;
1210 addcarryxU64(&x252, &x253, x251, x216, x239);
1211 var x254: u64 = undefined;
1212 var x255: u1 = undefined;
1213 addcarryxU64(&x254, &x255, x253, x218, x241);
1214 var x256: u64 = undefined;
1215 var x257: u1 = undefined;
1216 addcarryxU64(&x256, &x257, x255, x220, x243);
1217 var x258: u64 = undefined;
1218 var x259: u1 = undefined;
1219 addcarryxU64(&x258, &x259, x257, x222, x245);
1220 var x260: u64 = undefined;
1221 var x261: u64 = undefined;
1222 mulxU64(&x260, &x261, x246, 0x100000001);
1223 var x262: u64 = undefined;
1224 var x263: u64 = undefined;
1225 mulxU64(&x262, &x263, x260, 0xffffffffffffffff);
1226 var x264: u64 = undefined;
1227 var x265: u64 = undefined;
1228 mulxU64(&x264, &x265, x260, 0xffffffffffffffff);
1229 var x266: u64 = undefined;
1230 var x267: u64 = undefined;
1231 mulxU64(&x266, &x267, x260, 0xffffffffffffffff);
1232 var x268: u64 = undefined;
1233 var x269: u64 = undefined;
1234 mulxU64(&x268, &x269, x260, 0xfffffffffffffffe);
1235 var x270: u64 = undefined;
1236 var x271: u64 = undefined;
1237 mulxU64(&x270, &x271, x260, 0xffffffff00000000);
1238 var x272: u64 = undefined;
1239 var x273: u64 = undefined;
1240 mulxU64(&x272, &x273, x260, 0xffffffff);
1241 var x274: u64 = undefined;
1242 var x275: u1 = undefined;
1243 addcarryxU64(&x274, &x275, 0x0, x273, x270);
1244 var x276: u64 = undefined;
1245 var x277: u1 = undefined;
1246 addcarryxU64(&x276, &x277, x275, x271, x268);
1247 var x278: u64 = undefined;
1248 var x279: u1 = undefined;
1249 addcarryxU64(&x278, &x279, x277, x269, x266);
1250 var x280: u64 = undefined;
1251 var x281: u1 = undefined;
1252 addcarryxU64(&x280, &x281, x279, x267, x264);
1253 var x282: u64 = undefined;
1254 var x283: u1 = undefined;
1255 addcarryxU64(&x282, &x283, x281, x265, x262);
1256 const x284 = (@as(u64, x283) + x263);
1257 var x285: u64 = undefined;
1258 var x286: u1 = undefined;
1259 addcarryxU64(&x285, &x286, 0x0, x246, x272);
1260 var x287: u64 = undefined;
1261 var x288: u1 = undefined;
1262 addcarryxU64(&x287, &x288, x286, x248, x274);
1263 var x289: u64 = undefined;
1264 var x290: u1 = undefined;
1265 addcarryxU64(&x289, &x290, x288, x250, x276);
1266 var x291: u64 = undefined;
1267 var x292: u1 = undefined;
1268 addcarryxU64(&x291, &x292, x290, x252, x278);
1269 var x293: u64 = undefined;
1270 var x294: u1 = undefined;
1271 addcarryxU64(&x293, &x294, x292, x254, x280);
1272 var x295: u64 = undefined;
1273 var x296: u1 = undefined;
1274 addcarryxU64(&x295, &x296, x294, x256, x282);
1275 var x297: u64 = undefined;
1276 var x298: u1 = undefined;
1277 addcarryxU64(&x297, &x298, x296, x258, x284);
1278 const x299 = (@as(u64, x298) + @as(u64, x259));
1279 var x300: u64 = undefined;
1280 var x301: u64 = undefined;
1281 mulxU64(&x300, &x301, x4, (arg1[5]));
1282 var x302: u64 = undefined;
1283 var x303: u64 = undefined;
1284 mulxU64(&x302, &x303, x4, (arg1[4]));
1285 var x304: u64 = undefined;
1286 var x305: u64 = undefined;
1287 mulxU64(&x304, &x305, x4, (arg1[3]));
1288 var x306: u64 = undefined;
1289 var x307: u64 = undefined;
1290 mulxU64(&x306, &x307, x4, (arg1[2]));
1291 var x308: u64 = undefined;
1292 var x309: u64 = undefined;
1293 mulxU64(&x308, &x309, x4, (arg1[1]));
1294 var x310: u64 = undefined;
1295 var x311: u64 = undefined;
1296 mulxU64(&x310, &x311, x4, (arg1[0]));
1297 var x312: u64 = undefined;
1298 var x313: u1 = undefined;
1299 addcarryxU64(&x312, &x313, 0x0, x311, x308);
1300 var x314: u64 = undefined;
1301 var x315: u1 = undefined;
1302 addcarryxU64(&x314, &x315, x313, x309, x306);
1303 var x316: u64 = undefined;
1304 var x317: u1 = undefined;
1305 addcarryxU64(&x316, &x317, x315, x307, x304);
1306 var x318: u64 = undefined;
1307 var x319: u1 = undefined;
1308 addcarryxU64(&x318, &x319, x317, x305, x302);
1309 var x320: u64 = undefined;
1310 var x321: u1 = undefined;
1311 addcarryxU64(&x320, &x321, x319, x303, x300);
1312 const x322 = (@as(u64, x321) + x301);
1313 var x323: u64 = undefined;
1314 var x324: u1 = undefined;
1315 addcarryxU64(&x323, &x324, 0x0, x287, x310);
1316 var x325: u64 = undefined;
1317 var x326: u1 = undefined;
1318 addcarryxU64(&x325, &x326, x324, x289, x312);
1319 var x327: u64 = undefined;
1320 var x328: u1 = undefined;
1321 addcarryxU64(&x327, &x328, x326, x291, x314);
1322 var x329: u64 = undefined;
1323 var x330: u1 = undefined;
1324 addcarryxU64(&x329, &x330, x328, x293, x316);
1325 var x331: u64 = undefined;
1326 var x332: u1 = undefined;
1327 addcarryxU64(&x331, &x332, x330, x295, x318);
1328 var x333: u64 = undefined;
1329 var x334: u1 = undefined;
1330 addcarryxU64(&x333, &x334, x332, x297, x320);
1331 var x335: u64 = undefined;
1332 var x336: u1 = undefined;
1333 addcarryxU64(&x335, &x336, x334, x299, x322);
1334 var x337: u64 = undefined;
1335 var x338: u64 = undefined;
1336 mulxU64(&x337, &x338, x323, 0x100000001);
1337 var x339: u64 = undefined;
1338 var x340: u64 = undefined;
1339 mulxU64(&x339, &x340, x337, 0xffffffffffffffff);
1340 var x341: u64 = undefined;
1341 var x342: u64 = undefined;
1342 mulxU64(&x341, &x342, x337, 0xffffffffffffffff);
1343 var x343: u64 = undefined;
1344 var x344: u64 = undefined;
1345 mulxU64(&x343, &x344, x337, 0xffffffffffffffff);
1346 var x345: u64 = undefined;
1347 var x346: u64 = undefined;
1348 mulxU64(&x345, &x346, x337, 0xfffffffffffffffe);
1349 var x347: u64 = undefined;
1350 var x348: u64 = undefined;
1351 mulxU64(&x347, &x348, x337, 0xffffffff00000000);
1352 var x349: u64 = undefined;
1353 var x350: u64 = undefined;
1354 mulxU64(&x349, &x350, x337, 0xffffffff);
1355 var x351: u64 = undefined;
1356 var x352: u1 = undefined;
1357 addcarryxU64(&x351, &x352, 0x0, x350, x347);
1358 var x353: u64 = undefined;
1359 var x354: u1 = undefined;
1360 addcarryxU64(&x353, &x354, x352, x348, x345);
1361 var x355: u64 = undefined;
1362 var x356: u1 = undefined;
1363 addcarryxU64(&x355, &x356, x354, x346, x343);
1364 var x357: u64 = undefined;
1365 var x358: u1 = undefined;
1366 addcarryxU64(&x357, &x358, x356, x344, x341);
1367 var x359: u64 = undefined;
1368 var x360: u1 = undefined;
1369 addcarryxU64(&x359, &x360, x358, x342, x339);
1370 const x361 = (@as(u64, x360) + x340);
1371 var x362: u64 = undefined;
1372 var x363: u1 = undefined;
1373 addcarryxU64(&x362, &x363, 0x0, x323, x349);
1374 var x364: u64 = undefined;
1375 var x365: u1 = undefined;
1376 addcarryxU64(&x364, &x365, x363, x325, x351);
1377 var x366: u64 = undefined;
1378 var x367: u1 = undefined;
1379 addcarryxU64(&x366, &x367, x365, x327, x353);
1380 var x368: u64 = undefined;
1381 var x369: u1 = undefined;
1382 addcarryxU64(&x368, &x369, x367, x329, x355);
1383 var x370: u64 = undefined;
1384 var x371: u1 = undefined;
1385 addcarryxU64(&x370, &x371, x369, x331, x357);
1386 var x372: u64 = undefined;
1387 var x373: u1 = undefined;
1388 addcarryxU64(&x372, &x373, x371, x333, x359);
1389 var x374: u64 = undefined;
1390 var x375: u1 = undefined;
1391 addcarryxU64(&x374, &x375, x373, x335, x361);
1392 const x376 = (@as(u64, x375) + @as(u64, x336));
1393 var x377: u64 = undefined;
1394 var x378: u64 = undefined;
1395 mulxU64(&x377, &x378, x5, (arg1[5]));
1396 var x379: u64 = undefined;
1397 var x380: u64 = undefined;
1398 mulxU64(&x379, &x380, x5, (arg1[4]));
1399 var x381: u64 = undefined;
1400 var x382: u64 = undefined;
1401 mulxU64(&x381, &x382, x5, (arg1[3]));
1402 var x383: u64 = undefined;
1403 var x384: u64 = undefined;
1404 mulxU64(&x383, &x384, x5, (arg1[2]));
1405 var x385: u64 = undefined;
1406 var x386: u64 = undefined;
1407 mulxU64(&x385, &x386, x5, (arg1[1]));
1408 var x387: u64 = undefined;
1409 var x388: u64 = undefined;
1410 mulxU64(&x387, &x388, x5, (arg1[0]));
1411 var x389: u64 = undefined;
1412 var x390: u1 = undefined;
1413 addcarryxU64(&x389, &x390, 0x0, x388, x385);
1414 var x391: u64 = undefined;
1415 var x392: u1 = undefined;
1416 addcarryxU64(&x391, &x392, x390, x386, x383);
1417 var x393: u64 = undefined;
1418 var x394: u1 = undefined;
1419 addcarryxU64(&x393, &x394, x392, x384, x381);
1420 var x395: u64 = undefined;
1421 var x396: u1 = undefined;
1422 addcarryxU64(&x395, &x396, x394, x382, x379);
1423 var x397: u64 = undefined;
1424 var x398: u1 = undefined;
1425 addcarryxU64(&x397, &x398, x396, x380, x377);
1426 const x399 = (@as(u64, x398) + x378);
1427 var x400: u64 = undefined;
1428 var x401: u1 = undefined;
1429 addcarryxU64(&x400, &x401, 0x0, x364, x387);
1430 var x402: u64 = undefined;
1431 var x403: u1 = undefined;
1432 addcarryxU64(&x402, &x403, x401, x366, x389);
1433 var x404: u64 = undefined;
1434 var x405: u1 = undefined;
1435 addcarryxU64(&x404, &x405, x403, x368, x391);
1436 var x406: u64 = undefined;
1437 var x407: u1 = undefined;
1438 addcarryxU64(&x406, &x407, x405, x370, x393);
1439 var x408: u64 = undefined;
1440 var x409: u1 = undefined;
1441 addcarryxU64(&x408, &x409, x407, x372, x395);
1442 var x410: u64 = undefined;
1443 var x411: u1 = undefined;
1444 addcarryxU64(&x410, &x411, x409, x374, x397);
1445 var x412: u64 = undefined;
1446 var x413: u1 = undefined;
1447 addcarryxU64(&x412, &x413, x411, x376, x399);
1448 var x414: u64 = undefined;
1449 var x415: u64 = undefined;
1450 mulxU64(&x414, &x415, x400, 0x100000001);
1451 var x416: u64 = undefined;
1452 var x417: u64 = undefined;
1453 mulxU64(&x416, &x417, x414, 0xffffffffffffffff);
1454 var x418: u64 = undefined;
1455 var x419: u64 = undefined;
1456 mulxU64(&x418, &x419, x414, 0xffffffffffffffff);
1457 var x420: u64 = undefined;
1458 var x421: u64 = undefined;
1459 mulxU64(&x420, &x421, x414, 0xffffffffffffffff);
1460 var x422: u64 = undefined;
1461 var x423: u64 = undefined;
1462 mulxU64(&x422, &x423, x414, 0xfffffffffffffffe);
1463 var x424: u64 = undefined;
1464 var x425: u64 = undefined;
1465 mulxU64(&x424, &x425, x414, 0xffffffff00000000);
1466 var x426: u64 = undefined;
1467 var x427: u64 = undefined;
1468 mulxU64(&x426, &x427, x414, 0xffffffff);
1469 var x428: u64 = undefined;
1470 var x429: u1 = undefined;
1471 addcarryxU64(&x428, &x429, 0x0, x427, x424);
1472 var x430: u64 = undefined;
1473 var x431: u1 = undefined;
1474 addcarryxU64(&x430, &x431, x429, x425, x422);
1475 var x432: u64 = undefined;
1476 var x433: u1 = undefined;
1477 addcarryxU64(&x432, &x433, x431, x423, x420);
1478 var x434: u64 = undefined;
1479 var x435: u1 = undefined;
1480 addcarryxU64(&x434, &x435, x433, x421, x418);
1481 var x436: u64 = undefined;
1482 var x437: u1 = undefined;
1483 addcarryxU64(&x436, &x437, x435, x419, x416);
1484 const x438 = (@as(u64, x437) + x417);
1485 var x439: u64 = undefined;
1486 var x440: u1 = undefined;
1487 addcarryxU64(&x439, &x440, 0x0, x400, x426);
1488 var x441: u64 = undefined;
1489 var x442: u1 = undefined;
1490 addcarryxU64(&x441, &x442, x440, x402, x428);
1491 var x443: u64 = undefined;
1492 var x444: u1 = undefined;
1493 addcarryxU64(&x443, &x444, x442, x404, x430);
1494 var x445: u64 = undefined;
1495 var x446: u1 = undefined;
1496 addcarryxU64(&x445, &x446, x444, x406, x432);
1497 var x447: u64 = undefined;
1498 var x448: u1 = undefined;
1499 addcarryxU64(&x447, &x448, x446, x408, x434);
1500 var x449: u64 = undefined;
1501 var x450: u1 = undefined;
1502 addcarryxU64(&x449, &x450, x448, x410, x436);
1503 var x451: u64 = undefined;
1504 var x452: u1 = undefined;
1505 addcarryxU64(&x451, &x452, x450, x412, x438);
1506 const x453 = (@as(u64, x452) + @as(u64, x413));
1507 var x454: u64 = undefined;
1508 var x455: u1 = undefined;
1509 subborrowxU64(&x454, &x455, 0x0, x441, 0xffffffff);
1510 var x456: u64 = undefined;
1511 var x457: u1 = undefined;
1512 subborrowxU64(&x456, &x457, x455, x443, 0xffffffff00000000);
1513 var x458: u64 = undefined;
1514 var x459: u1 = undefined;
1515 subborrowxU64(&x458, &x459, x457, x445, 0xfffffffffffffffe);
1516 var x460: u64 = undefined;
1517 var x461: u1 = undefined;
1518 subborrowxU64(&x460, &x461, x459, x447, 0xffffffffffffffff);
1519 var x462: u64 = undefined;
1520 var x463: u1 = undefined;
1521 subborrowxU64(&x462, &x463, x461, x449, 0xffffffffffffffff);
1522 var x464: u64 = undefined;
1523 var x465: u1 = undefined;
1524 subborrowxU64(&x464, &x465, x463, x451, 0xffffffffffffffff);
1525 var x466: u64 = undefined;
1526 var x467: u1 = undefined;
1527 subborrowxU64(&x466, &x467, x465, x453, 0x0);
1528 var x468: u64 = undefined;
1529 cmovznzU64(&x468, x467, x454, x441);
1530 var x469: u64 = undefined;
1531 cmovznzU64(&x469, x467, x456, x443);
1532 var x470: u64 = undefined;
1533 cmovznzU64(&x470, x467, x458, x445);
1534 var x471: u64 = undefined;
1535 cmovznzU64(&x471, x467, x460, x447);
1536 var x472: u64 = undefined;
1537 cmovznzU64(&x472, x467, x462, x449);
1538 var x473: u64 = undefined;
1539 cmovznzU64(&x473, x467, x464, x451);
1540 out1[0] = x468;
1541 out1[1] = x469;
1542 out1[2] = x470;
1543 out1[3] = x471;
1544 out1[4] = x472;
1545 out1[5] = x473;
1546}
1547
1548/// The function add adds two field elements in the Montgomery domain.
1549///
1550/// Preconditions:
1551/// 0 ≤ eval arg1 < m
1552/// 0 ≤ eval arg2 < m
1553/// Postconditions:
1554/// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) + eval (from_montgomery arg2)) mod m
1555/// 0 ≤ eval out1 < m
1556///
1557pub fn add(out1: *MontgomeryDomainFieldElement, arg1: MontgomeryDomainFieldElement, arg2: MontgomeryDomainFieldElement) void {
1558 @setRuntimeSafety(mode == .Debug);
1559
1560 var x1: u64 = undefined;
1561 var x2: u1 = undefined;
1562 addcarryxU64(&x1, &x2, 0x0, (arg1[0]), (arg2[0]));
1563 var x3: u64 = undefined;
1564 var x4: u1 = undefined;
1565 addcarryxU64(&x3, &x4, x2, (arg1[1]), (arg2[1]));
1566 var x5: u64 = undefined;
1567 var x6: u1 = undefined;
1568 addcarryxU64(&x5, &x6, x4, (arg1[2]), (arg2[2]));
1569 var x7: u64 = undefined;
1570 var x8: u1 = undefined;
1571 addcarryxU64(&x7, &x8, x6, (arg1[3]), (arg2[3]));
1572 var x9: u64 = undefined;
1573 var x10: u1 = undefined;
1574 addcarryxU64(&x9, &x10, x8, (arg1[4]), (arg2[4]));
1575 var x11: u64 = undefined;
1576 var x12: u1 = undefined;
1577 addcarryxU64(&x11, &x12, x10, (arg1[5]), (arg2[5]));
1578 var x13: u64 = undefined;
1579 var x14: u1 = undefined;
1580 subborrowxU64(&x13, &x14, 0x0, x1, 0xffffffff);
1581 var x15: u64 = undefined;
1582 var x16: u1 = undefined;
1583 subborrowxU64(&x15, &x16, x14, x3, 0xffffffff00000000);
1584 var x17: u64 = undefined;
1585 var x18: u1 = undefined;
1586 subborrowxU64(&x17, &x18, x16, x5, 0xfffffffffffffffe);
1587 var x19: u64 = undefined;
1588 var x20: u1 = undefined;
1589 subborrowxU64(&x19, &x20, x18, x7, 0xffffffffffffffff);
1590 var x21: u64 = undefined;
1591 var x22: u1 = undefined;
1592 subborrowxU64(&x21, &x22, x20, x9, 0xffffffffffffffff);
1593 var x23: u64 = undefined;
1594 var x24: u1 = undefined;
1595 subborrowxU64(&x23, &x24, x22, x11, 0xffffffffffffffff);
1596 var x25: u64 = undefined;
1597 var x26: u1 = undefined;
1598 subborrowxU64(&x25, &x26, x24, @as(u64, x12), 0x0);
1599 var x27: u64 = undefined;
1600 cmovznzU64(&x27, x26, x13, x1);
1601 var x28: u64 = undefined;
1602 cmovznzU64(&x28, x26, x15, x3);
1603 var x29: u64 = undefined;
1604 cmovznzU64(&x29, x26, x17, x5);
1605 var x30: u64 = undefined;
1606 cmovznzU64(&x30, x26, x19, x7);
1607 var x31: u64 = undefined;
1608 cmovznzU64(&x31, x26, x21, x9);
1609 var x32: u64 = undefined;
1610 cmovznzU64(&x32, x26, x23, x11);
1611 out1[0] = x27;
1612 out1[1] = x28;
1613 out1[2] = x29;
1614 out1[3] = x30;
1615 out1[4] = x31;
1616 out1[5] = x32;
1617}
1618
1619/// The function sub subtracts two field elements in the Montgomery domain.
1620///
1621/// Preconditions:
1622/// 0 ≤ eval arg1 < m
1623/// 0 ≤ eval arg2 < m
1624/// Postconditions:
1625/// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) - eval (from_montgomery arg2)) mod m
1626/// 0 ≤ eval out1 < m
1627///
1628pub fn sub(out1: *MontgomeryDomainFieldElement, arg1: MontgomeryDomainFieldElement, arg2: MontgomeryDomainFieldElement) void {
1629 @setRuntimeSafety(mode == .Debug);
1630
1631 var x1: u64 = undefined;
1632 var x2: u1 = undefined;
1633 subborrowxU64(&x1, &x2, 0x0, (arg1[0]), (arg2[0]));
1634 var x3: u64 = undefined;
1635 var x4: u1 = undefined;
1636 subborrowxU64(&x3, &x4, x2, (arg1[1]), (arg2[1]));
1637 var x5: u64 = undefined;
1638 var x6: u1 = undefined;
1639 subborrowxU64(&x5, &x6, x4, (arg1[2]), (arg2[2]));
1640 var x7: u64 = undefined;
1641 var x8: u1 = undefined;
1642 subborrowxU64(&x7, &x8, x6, (arg1[3]), (arg2[3]));
1643 var x9: u64 = undefined;
1644 var x10: u1 = undefined;
1645 subborrowxU64(&x9, &x10, x8, (arg1[4]), (arg2[4]));
1646 var x11: u64 = undefined;
1647 var x12: u1 = undefined;
1648 subborrowxU64(&x11, &x12, x10, (arg1[5]), (arg2[5]));
1649 var x13: u64 = undefined;
1650 cmovznzU64(&x13, x12, 0x0, 0xffffffffffffffff);
1651 var x14: u64 = undefined;
1652 var x15: u1 = undefined;
1653 addcarryxU64(&x14, &x15, 0x0, x1, (x13 & 0xffffffff));
1654 var x16: u64 = undefined;
1655 var x17: u1 = undefined;
1656 addcarryxU64(&x16, &x17, x15, x3, (x13 & 0xffffffff00000000));
1657 var x18: u64 = undefined;
1658 var x19: u1 = undefined;
1659 addcarryxU64(&x18, &x19, x17, x5, (x13 & 0xfffffffffffffffe));
1660 var x20: u64 = undefined;
1661 var x21: u1 = undefined;
1662 addcarryxU64(&x20, &x21, x19, x7, x13);
1663 var x22: u64 = undefined;
1664 var x23: u1 = undefined;
1665 addcarryxU64(&x22, &x23, x21, x9, x13);
1666 var x24: u64 = undefined;
1667 var x25: u1 = undefined;
1668 addcarryxU64(&x24, &x25, x23, x11, x13);
1669 out1[0] = x14;
1670 out1[1] = x16;
1671 out1[2] = x18;
1672 out1[3] = x20;
1673 out1[4] = x22;
1674 out1[5] = x24;
1675}
1676
1677/// The function opp negates a field element in the Montgomery domain.
1678///
1679/// Preconditions:
1680/// 0 ≤ eval arg1 < m
1681/// Postconditions:
1682/// eval (from_montgomery out1) mod m = -eval (from_montgomery arg1) mod m
1683/// 0 ≤ eval out1 < m
1684///
1685pub fn opp(out1: *MontgomeryDomainFieldElement, arg1: MontgomeryDomainFieldElement) void {
1686 @setRuntimeSafety(mode == .Debug);
1687
1688 var x1: u64 = undefined;
1689 var x2: u1 = undefined;
1690 subborrowxU64(&x1, &x2, 0x0, 0x0, (arg1[0]));
1691 var x3: u64 = undefined;
1692 var x4: u1 = undefined;
1693 subborrowxU64(&x3, &x4, x2, 0x0, (arg1[1]));
1694 var x5: u64 = undefined;
1695 var x6: u1 = undefined;
1696 subborrowxU64(&x5, &x6, x4, 0x0, (arg1[2]));
1697 var x7: u64 = undefined;
1698 var x8: u1 = undefined;
1699 subborrowxU64(&x7, &x8, x6, 0x0, (arg1[3]));
1700 var x9: u64 = undefined;
1701 var x10: u1 = undefined;
1702 subborrowxU64(&x9, &x10, x8, 0x0, (arg1[4]));
1703 var x11: u64 = undefined;
1704 var x12: u1 = undefined;
1705 subborrowxU64(&x11, &x12, x10, 0x0, (arg1[5]));
1706 var x13: u64 = undefined;
1707 cmovznzU64(&x13, x12, 0x0, 0xffffffffffffffff);
1708 var x14: u64 = undefined;
1709 var x15: u1 = undefined;
1710 addcarryxU64(&x14, &x15, 0x0, x1, (x13 & 0xffffffff));
1711 var x16: u64 = undefined;
1712 var x17: u1 = undefined;
1713 addcarryxU64(&x16, &x17, x15, x3, (x13 & 0xffffffff00000000));
1714 var x18: u64 = undefined;
1715 var x19: u1 = undefined;
1716 addcarryxU64(&x18, &x19, x17, x5, (x13 & 0xfffffffffffffffe));
1717 var x20: u64 = undefined;
1718 var x21: u1 = undefined;
1719 addcarryxU64(&x20, &x21, x19, x7, x13);
1720 var x22: u64 = undefined;
1721 var x23: u1 = undefined;
1722 addcarryxU64(&x22, &x23, x21, x9, x13);
1723 var x24: u64 = undefined;
1724 var x25: u1 = undefined;
1725 addcarryxU64(&x24, &x25, x23, x11, x13);
1726 out1[0] = x14;
1727 out1[1] = x16;
1728 out1[2] = x18;
1729 out1[3] = x20;
1730 out1[4] = x22;
1731 out1[5] = x24;
1732}
1733
1734/// The function fromMontgomery translates a field element out of the Montgomery domain.
1735///
1736/// Preconditions:
1737/// 0 ≤ eval arg1 < m
1738/// Postconditions:
1739/// eval out1 mod m = (eval arg1 * ((2^64)⁻¹ mod m)^6) mod m
1740/// 0 ≤ eval out1 < m
1741///
1742pub fn fromMontgomery(out1: *NonMontgomeryDomainFieldElement, arg1: MontgomeryDomainFieldElement) void {
1743 @setRuntimeSafety(mode == .Debug);
1744
1745 const x1 = (arg1[0]);
1746 var x2: u64 = undefined;
1747 var x3: u64 = undefined;
1748 mulxU64(&x2, &x3, x1, 0x100000001);
1749 var x4: u64 = undefined;
1750 var x5: u64 = undefined;
1751 mulxU64(&x4, &x5, x2, 0xffffffffffffffff);
1752 var x6: u64 = undefined;
1753 var x7: u64 = undefined;
1754 mulxU64(&x6, &x7, x2, 0xffffffffffffffff);
1755 var x8: u64 = undefined;
1756 var x9: u64 = undefined;
1757 mulxU64(&x8, &x9, x2, 0xffffffffffffffff);
1758 var x10: u64 = undefined;
1759 var x11: u64 = undefined;
1760 mulxU64(&x10, &x11, x2, 0xfffffffffffffffe);
1761 var x12: u64 = undefined;
1762 var x13: u64 = undefined;
1763 mulxU64(&x12, &x13, x2, 0xffffffff00000000);
1764 var x14: u64 = undefined;
1765 var x15: u64 = undefined;
1766 mulxU64(&x14, &x15, x2, 0xffffffff);
1767 var x16: u64 = undefined;
1768 var x17: u1 = undefined;
1769 addcarryxU64(&x16, &x17, 0x0, x15, x12);
1770 var x18: u64 = undefined;
1771 var x19: u1 = undefined;
1772 addcarryxU64(&x18, &x19, x17, x13, x10);
1773 var x20: u64 = undefined;
1774 var x21: u1 = undefined;
1775 addcarryxU64(&x20, &x21, x19, x11, x8);
1776 var x22: u64 = undefined;
1777 var x23: u1 = undefined;
1778 addcarryxU64(&x22, &x23, x21, x9, x6);
1779 var x24: u64 = undefined;
1780 var x25: u1 = undefined;
1781 addcarryxU64(&x24, &x25, x23, x7, x4);
1782 var x26: u64 = undefined;
1783 var x27: u1 = undefined;
1784 addcarryxU64(&x26, &x27, 0x0, x1, x14);
1785 var x28: u64 = undefined;
1786 var x29: u1 = undefined;
1787 addcarryxU64(&x28, &x29, x27, 0x0, x16);
1788 var x30: u64 = undefined;
1789 var x31: u1 = undefined;
1790 addcarryxU64(&x30, &x31, x29, 0x0, x18);
1791 var x32: u64 = undefined;
1792 var x33: u1 = undefined;
1793 addcarryxU64(&x32, &x33, x31, 0x0, x20);
1794 var x34: u64 = undefined;
1795 var x35: u1 = undefined;
1796 addcarryxU64(&x34, &x35, x33, 0x0, x22);
1797 var x36: u64 = undefined;
1798 var x37: u1 = undefined;
1799 addcarryxU64(&x36, &x37, x35, 0x0, x24);
1800 var x38: u64 = undefined;
1801 var x39: u1 = undefined;
1802 addcarryxU64(&x38, &x39, x37, 0x0, (@as(u64, x25) + x5));
1803 var x40: u64 = undefined;
1804 var x41: u1 = undefined;
1805 addcarryxU64(&x40, &x41, 0x0, x28, (arg1[1]));
1806 var x42: u64 = undefined;
1807 var x43: u1 = undefined;
1808 addcarryxU64(&x42, &x43, x41, x30, 0x0);
1809 var x44: u64 = undefined;
1810 var x45: u1 = undefined;
1811 addcarryxU64(&x44, &x45, x43, x32, 0x0);
1812 var x46: u64 = undefined;
1813 var x47: u1 = undefined;
1814 addcarryxU64(&x46, &x47, x45, x34, 0x0);
1815 var x48: u64 = undefined;
1816 var x49: u1 = undefined;
1817 addcarryxU64(&x48, &x49, x47, x36, 0x0);
1818 var x50: u64 = undefined;
1819 var x51: u1 = undefined;
1820 addcarryxU64(&x50, &x51, x49, x38, 0x0);
1821 var x52: u64 = undefined;
1822 var x53: u64 = undefined;
1823 mulxU64(&x52, &x53, x40, 0x100000001);
1824 var x54: u64 = undefined;
1825 var x55: u64 = undefined;
1826 mulxU64(&x54, &x55, x52, 0xffffffffffffffff);
1827 var x56: u64 = undefined;
1828 var x57: u64 = undefined;
1829 mulxU64(&x56, &x57, x52, 0xffffffffffffffff);
1830 var x58: u64 = undefined;
1831 var x59: u64 = undefined;
1832 mulxU64(&x58, &x59, x52, 0xffffffffffffffff);
1833 var x60: u64 = undefined;
1834 var x61: u64 = undefined;
1835 mulxU64(&x60, &x61, x52, 0xfffffffffffffffe);
1836 var x62: u64 = undefined;
1837 var x63: u64 = undefined;
1838 mulxU64(&x62, &x63, x52, 0xffffffff00000000);
1839 var x64: u64 = undefined;
1840 var x65: u64 = undefined;
1841 mulxU64(&x64, &x65, x52, 0xffffffff);
1842 var x66: u64 = undefined;
1843 var x67: u1 = undefined;
1844 addcarryxU64(&x66, &x67, 0x0, x65, x62);
1845 var x68: u64 = undefined;
1846 var x69: u1 = undefined;
1847 addcarryxU64(&x68, &x69, x67, x63, x60);
1848 var x70: u64 = undefined;
1849 var x71: u1 = undefined;
1850 addcarryxU64(&x70, &x71, x69, x61, x58);
1851 var x72: u64 = undefined;
1852 var x73: u1 = undefined;
1853 addcarryxU64(&x72, &x73, x71, x59, x56);
1854 var x74: u64 = undefined;
1855 var x75: u1 = undefined;
1856 addcarryxU64(&x74, &x75, x73, x57, x54);
1857 var x76: u64 = undefined;
1858 var x77: u1 = undefined;
1859 addcarryxU64(&x76, &x77, 0x0, x40, x64);
1860 var x78: u64 = undefined;
1861 var x79: u1 = undefined;
1862 addcarryxU64(&x78, &x79, x77, x42, x66);
1863 var x80: u64 = undefined;
1864 var x81: u1 = undefined;
1865 addcarryxU64(&x80, &x81, x79, x44, x68);
1866 var x82: u64 = undefined;
1867 var x83: u1 = undefined;
1868 addcarryxU64(&x82, &x83, x81, x46, x70);
1869 var x84: u64 = undefined;
1870 var x85: u1 = undefined;
1871 addcarryxU64(&x84, &x85, x83, x48, x72);
1872 var x86: u64 = undefined;
1873 var x87: u1 = undefined;
1874 addcarryxU64(&x86, &x87, x85, x50, x74);
1875 var x88: u64 = undefined;
1876 var x89: u1 = undefined;
1877 addcarryxU64(&x88, &x89, x87, (@as(u64, x51) + @as(u64, x39)), (@as(u64, x75) + x55));
1878 var x90: u64 = undefined;
1879 var x91: u1 = undefined;
1880 addcarryxU64(&x90, &x91, 0x0, x78, (arg1[2]));
1881 var x92: u64 = undefined;
1882 var x93: u1 = undefined;
1883 addcarryxU64(&x92, &x93, x91, x80, 0x0);
1884 var x94: u64 = undefined;
1885 var x95: u1 = undefined;
1886 addcarryxU64(&x94, &x95, x93, x82, 0x0);
1887 var x96: u64 = undefined;
1888 var x97: u1 = undefined;
1889 addcarryxU64(&x96, &x97, x95, x84, 0x0);
1890 var x98: u64 = undefined;
1891 var x99: u1 = undefined;
1892 addcarryxU64(&x98, &x99, x97, x86, 0x0);
1893 var x100: u64 = undefined;
1894 var x101: u1 = undefined;
1895 addcarryxU64(&x100, &x101, x99, x88, 0x0);
1896 var x102: u64 = undefined;
1897 var x103: u64 = undefined;
1898 mulxU64(&x102, &x103, x90, 0x100000001);
1899 var x104: u64 = undefined;
1900 var x105: u64 = undefined;
1901 mulxU64(&x104, &x105, x102, 0xffffffffffffffff);
1902 var x106: u64 = undefined;
1903 var x107: u64 = undefined;
1904 mulxU64(&x106, &x107, x102, 0xffffffffffffffff);
1905 var x108: u64 = undefined;
1906 var x109: u64 = undefined;
1907 mulxU64(&x108, &x109, x102, 0xffffffffffffffff);
1908 var x110: u64 = undefined;
1909 var x111: u64 = undefined;
1910 mulxU64(&x110, &x111, x102, 0xfffffffffffffffe);
1911 var x112: u64 = undefined;
1912 var x113: u64 = undefined;
1913 mulxU64(&x112, &x113, x102, 0xffffffff00000000);
1914 var x114: u64 = undefined;
1915 var x115: u64 = undefined;
1916 mulxU64(&x114, &x115, x102, 0xffffffff);
1917 var x116: u64 = undefined;
1918 var x117: u1 = undefined;
1919 addcarryxU64(&x116, &x117, 0x0, x115, x112);
1920 var x118: u64 = undefined;
1921 var x119: u1 = undefined;
1922 addcarryxU64(&x118, &x119, x117, x113, x110);
1923 var x120: u64 = undefined;
1924 var x121: u1 = undefined;
1925 addcarryxU64(&x120, &x121, x119, x111, x108);
1926 var x122: u64 = undefined;
1927 var x123: u1 = undefined;
1928 addcarryxU64(&x122, &x123, x121, x109, x106);
1929 var x124: u64 = undefined;
1930 var x125: u1 = undefined;
1931 addcarryxU64(&x124, &x125, x123, x107, x104);
1932 var x126: u64 = undefined;
1933 var x127: u1 = undefined;
1934 addcarryxU64(&x126, &x127, 0x0, x90, x114);
1935 var x128: u64 = undefined;
1936 var x129: u1 = undefined;
1937 addcarryxU64(&x128, &x129, x127, x92, x116);
1938 var x130: u64 = undefined;
1939 var x131: u1 = undefined;
1940 addcarryxU64(&x130, &x131, x129, x94, x118);
1941 var x132: u64 = undefined;
1942 var x133: u1 = undefined;
1943 addcarryxU64(&x132, &x133, x131, x96, x120);
1944 var x134: u64 = undefined;
1945 var x135: u1 = undefined;
1946 addcarryxU64(&x134, &x135, x133, x98, x122);
1947 var x136: u64 = undefined;
1948 var x137: u1 = undefined;
1949 addcarryxU64(&x136, &x137, x135, x100, x124);
1950 var x138: u64 = undefined;
1951 var x139: u1 = undefined;
1952 addcarryxU64(&x138, &x139, x137, (@as(u64, x101) + @as(u64, x89)), (@as(u64, x125) + x105));
1953 var x140: u64 = undefined;
1954 var x141: u1 = undefined;
1955 addcarryxU64(&x140, &x141, 0x0, x128, (arg1[3]));
1956 var x142: u64 = undefined;
1957 var x143: u1 = undefined;
1958 addcarryxU64(&x142, &x143, x141, x130, 0x0);
1959 var x144: u64 = undefined;
1960 var x145: u1 = undefined;
1961 addcarryxU64(&x144, &x145, x143, x132, 0x0);
1962 var x146: u64 = undefined;
1963 var x147: u1 = undefined;
1964 addcarryxU64(&x146, &x147, x145, x134, 0x0);
1965 var x148: u64 = undefined;
1966 var x149: u1 = undefined;
1967 addcarryxU64(&x148, &x149, x147, x136, 0x0);
1968 var x150: u64 = undefined;
1969 var x151: u1 = undefined;
1970 addcarryxU64(&x150, &x151, x149, x138, 0x0);
1971 var x152: u64 = undefined;
1972 var x153: u64 = undefined;
1973 mulxU64(&x152, &x153, x140, 0x100000001);
1974 var x154: u64 = undefined;
1975 var x155: u64 = undefined;
1976 mulxU64(&x154, &x155, x152, 0xffffffffffffffff);
1977 var x156: u64 = undefined;
1978 var x157: u64 = undefined;
1979 mulxU64(&x156, &x157, x152, 0xffffffffffffffff);
1980 var x158: u64 = undefined;
1981 var x159: u64 = undefined;
1982 mulxU64(&x158, &x159, x152, 0xffffffffffffffff);
1983 var x160: u64 = undefined;
1984 var x161: u64 = undefined;
1985 mulxU64(&x160, &x161, x152, 0xfffffffffffffffe);
1986 var x162: u64 = undefined;
1987 var x163: u64 = undefined;
1988 mulxU64(&x162, &x163, x152, 0xffffffff00000000);
1989 var x164: u64 = undefined;
1990 var x165: u64 = undefined;
1991 mulxU64(&x164, &x165, x152, 0xffffffff);
1992 var x166: u64 = undefined;
1993 var x167: u1 = undefined;
1994 addcarryxU64(&x166, &x167, 0x0, x165, x162);
1995 var x168: u64 = undefined;
1996 var x169: u1 = undefined;
1997 addcarryxU64(&x168, &x169, x167, x163, x160);
1998 var x170: u64 = undefined;
1999 var x171: u1 = undefined;
2000 addcarryxU64(&x170, &x171, x169, x161, x158);
2001 var x172: u64 = undefined;
2002 var x173: u1 = undefined;
2003 addcarryxU64(&x172, &x173, x171, x159, x156);
2004 var x174: u64 = undefined;
2005 var x175: u1 = undefined;
2006 addcarryxU64(&x174, &x175, x173, x157, x154);
2007 var x176: u64 = undefined;
2008 var x177: u1 = undefined;
2009 addcarryxU64(&x176, &x177, 0x0, x140, x164);
2010 var x178: u64 = undefined;
2011 var x179: u1 = undefined;
2012 addcarryxU64(&x178, &x179, x177, x142, x166);
2013 var x180: u64 = undefined;
2014 var x181: u1 = undefined;
2015 addcarryxU64(&x180, &x181, x179, x144, x168);
2016 var x182: u64 = undefined;
2017 var x183: u1 = undefined;
2018 addcarryxU64(&x182, &x183, x181, x146, x170);
2019 var x184: u64 = undefined;
2020 var x185: u1 = undefined;
2021 addcarryxU64(&x184, &x185, x183, x148, x172);
2022 var x186: u64 = undefined;
2023 var x187: u1 = undefined;
2024 addcarryxU64(&x186, &x187, x185, x150, x174);
2025 var x188: u64 = undefined;
2026 var x189: u1 = undefined;
2027 addcarryxU64(&x188, &x189, x187, (@as(u64, x151) + @as(u64, x139)), (@as(u64, x175) + x155));
2028 var x190: u64 = undefined;
2029 var x191: u1 = undefined;
2030 addcarryxU64(&x190, &x191, 0x0, x178, (arg1[4]));
2031 var x192: u64 = undefined;
2032 var x193: u1 = undefined;
2033 addcarryxU64(&x192, &x193, x191, x180, 0x0);
2034 var x194: u64 = undefined;
2035 var x195: u1 = undefined;
2036 addcarryxU64(&x194, &x195, x193, x182, 0x0);
2037 var x196: u64 = undefined;
2038 var x197: u1 = undefined;
2039 addcarryxU64(&x196, &x197, x195, x184, 0x0);
2040 var x198: u64 = undefined;
2041 var x199: u1 = undefined;
2042 addcarryxU64(&x198, &x199, x197, x186, 0x0);
2043 var x200: u64 = undefined;
2044 var x201: u1 = undefined;
2045 addcarryxU64(&x200, &x201, x199, x188, 0x0);
2046 var x202: u64 = undefined;
2047 var x203: u64 = undefined;
2048 mulxU64(&x202, &x203, x190, 0x100000001);
2049 var x204: u64 = undefined;
2050 var x205: u64 = undefined;
2051 mulxU64(&x204, &x205, x202, 0xffffffffffffffff);
2052 var x206: u64 = undefined;
2053 var x207: u64 = undefined;
2054 mulxU64(&x206, &x207, x202, 0xffffffffffffffff);
2055 var x208: u64 = undefined;
2056 var x209: u64 = undefined;
2057 mulxU64(&x208, &x209, x202, 0xffffffffffffffff);
2058 var x210: u64 = undefined;
2059 var x211: u64 = undefined;
2060 mulxU64(&x210, &x211, x202, 0xfffffffffffffffe);
2061 var x212: u64 = undefined;
2062 var x213: u64 = undefined;
2063 mulxU64(&x212, &x213, x202, 0xffffffff00000000);
2064 var x214: u64 = undefined;
2065 var x215: u64 = undefined;
2066 mulxU64(&x214, &x215, x202, 0xffffffff);
2067 var x216: u64 = undefined;
2068 var x217: u1 = undefined;
2069 addcarryxU64(&x216, &x217, 0x0, x215, x212);
2070 var x218: u64 = undefined;
2071 var x219: u1 = undefined;
2072 addcarryxU64(&x218, &x219, x217, x213, x210);
2073 var x220: u64 = undefined;
2074 var x221: u1 = undefined;
2075 addcarryxU64(&x220, &x221, x219, x211, x208);
2076 var x222: u64 = undefined;
2077 var x223: u1 = undefined;
2078 addcarryxU64(&x222, &x223, x221, x209, x206);
2079 var x224: u64 = undefined;
2080 var x225: u1 = undefined;
2081 addcarryxU64(&x224, &x225, x223, x207, x204);
2082 var x226: u64 = undefined;
2083 var x227: u1 = undefined;
2084 addcarryxU64(&x226, &x227, 0x0, x190, x214);
2085 var x228: u64 = undefined;
2086 var x229: u1 = undefined;
2087 addcarryxU64(&x228, &x229, x227, x192, x216);
2088 var x230: u64 = undefined;
2089 var x231: u1 = undefined;
2090 addcarryxU64(&x230, &x231, x229, x194, x218);
2091 var x232: u64 = undefined;
2092 var x233: u1 = undefined;
2093 addcarryxU64(&x232, &x233, x231, x196, x220);
2094 var x234: u64 = undefined;
2095 var x235: u1 = undefined;
2096 addcarryxU64(&x234, &x235, x233, x198, x222);
2097 var x236: u64 = undefined;
2098 var x237: u1 = undefined;
2099 addcarryxU64(&x236, &x237, x235, x200, x224);
2100 var x238: u64 = undefined;
2101 var x239: u1 = undefined;
2102 addcarryxU64(&x238, &x239, x237, (@as(u64, x201) + @as(u64, x189)), (@as(u64, x225) + x205));
2103 var x240: u64 = undefined;
2104 var x241: u1 = undefined;
2105 addcarryxU64(&x240, &x241, 0x0, x228, (arg1[5]));
2106 var x242: u64 = undefined;
2107 var x243: u1 = undefined;
2108 addcarryxU64(&x242, &x243, x241, x230, 0x0);
2109 var x244: u64 = undefined;
2110 var x245: u1 = undefined;
2111 addcarryxU64(&x244, &x245, x243, x232, 0x0);
2112 var x246: u64 = undefined;
2113 var x247: u1 = undefined;
2114 addcarryxU64(&x246, &x247, x245, x234, 0x0);
2115 var x248: u64 = undefined;
2116 var x249: u1 = undefined;
2117 addcarryxU64(&x248, &x249, x247, x236, 0x0);
2118 var x250: u64 = undefined;
2119 var x251: u1 = undefined;
2120 addcarryxU64(&x250, &x251, x249, x238, 0x0);
2121 var x252: u64 = undefined;
2122 var x253: u64 = undefined;
2123 mulxU64(&x252, &x253, x240, 0x100000001);
2124 var x254: u64 = undefined;
2125 var x255: u64 = undefined;
2126 mulxU64(&x254, &x255, x252, 0xffffffffffffffff);
2127 var x256: u64 = undefined;
2128 var x257: u64 = undefined;
2129 mulxU64(&x256, &x257, x252, 0xffffffffffffffff);
2130 var x258: u64 = undefined;
2131 var x259: u64 = undefined;
2132 mulxU64(&x258, &x259, x252, 0xffffffffffffffff);
2133 var x260: u64 = undefined;
2134 var x261: u64 = undefined;
2135 mulxU64(&x260, &x261, x252, 0xfffffffffffffffe);
2136 var x262: u64 = undefined;
2137 var x263: u64 = undefined;
2138 mulxU64(&x262, &x263, x252, 0xffffffff00000000);
2139 var x264: u64 = undefined;
2140 var x265: u64 = undefined;
2141 mulxU64(&x264, &x265, x252, 0xffffffff);
2142 var x266: u64 = undefined;
2143 var x267: u1 = undefined;
2144 addcarryxU64(&x266, &x267, 0x0, x265, x262);
2145 var x268: u64 = undefined;
2146 var x269: u1 = undefined;
2147 addcarryxU64(&x268, &x269, x267, x263, x260);
2148 var x270: u64 = undefined;
2149 var x271: u1 = undefined;
2150 addcarryxU64(&x270, &x271, x269, x261, x258);
2151 var x272: u64 = undefined;
2152 var x273: u1 = undefined;
2153 addcarryxU64(&x272, &x273, x271, x259, x256);
2154 var x274: u64 = undefined;
2155 var x275: u1 = undefined;
2156 addcarryxU64(&x274, &x275, x273, x257, x254);
2157 var x276: u64 = undefined;
2158 var x277: u1 = undefined;
2159 addcarryxU64(&x276, &x277, 0x0, x240, x264);
2160 var x278: u64 = undefined;
2161 var x279: u1 = undefined;
2162 addcarryxU64(&x278, &x279, x277, x242, x266);
2163 var x280: u64 = undefined;
2164 var x281: u1 = undefined;
2165 addcarryxU64(&x280, &x281, x279, x244, x268);
2166 var x282: u64 = undefined;
2167 var x283: u1 = undefined;
2168 addcarryxU64(&x282, &x283, x281, x246, x270);
2169 var x284: u64 = undefined;
2170 var x285: u1 = undefined;
2171 addcarryxU64(&x284, &x285, x283, x248, x272);
2172 var x286: u64 = undefined;
2173 var x287: u1 = undefined;
2174 addcarryxU64(&x286, &x287, x285, x250, x274);
2175 var x288: u64 = undefined;
2176 var x289: u1 = undefined;
2177 addcarryxU64(&x288, &x289, x287, (@as(u64, x251) + @as(u64, x239)), (@as(u64, x275) + x255));
2178 var x290: u64 = undefined;
2179 var x291: u1 = undefined;
2180 subborrowxU64(&x290, &x291, 0x0, x278, 0xffffffff);
2181 var x292: u64 = undefined;
2182 var x293: u1 = undefined;
2183 subborrowxU64(&x292, &x293, x291, x280, 0xffffffff00000000);
2184 var x294: u64 = undefined;
2185 var x295: u1 = undefined;
2186 subborrowxU64(&x294, &x295, x293, x282, 0xfffffffffffffffe);
2187 var x296: u64 = undefined;
2188 var x297: u1 = undefined;
2189 subborrowxU64(&x296, &x297, x295, x284, 0xffffffffffffffff);
2190 var x298: u64 = undefined;
2191 var x299: u1 = undefined;
2192 subborrowxU64(&x298, &x299, x297, x286, 0xffffffffffffffff);
2193 var x300: u64 = undefined;
2194 var x301: u1 = undefined;
2195 subborrowxU64(&x300, &x301, x299, x288, 0xffffffffffffffff);
2196 var x302: u64 = undefined;
2197 var x303: u1 = undefined;
2198 subborrowxU64(&x302, &x303, x301, @as(u64, x289), 0x0);
2199 var x304: u64 = undefined;
2200 cmovznzU64(&x304, x303, x290, x278);
2201 var x305: u64 = undefined;
2202 cmovznzU64(&x305, x303, x292, x280);
2203 var x306: u64 = undefined;
2204 cmovznzU64(&x306, x303, x294, x282);
2205 var x307: u64 = undefined;
2206 cmovznzU64(&x307, x303, x296, x284);
2207 var x308: u64 = undefined;
2208 cmovznzU64(&x308, x303, x298, x286);
2209 var x309: u64 = undefined;
2210 cmovznzU64(&x309, x303, x300, x288);
2211 out1[0] = x304;
2212 out1[1] = x305;
2213 out1[2] = x306;
2214 out1[3] = x307;
2215 out1[4] = x308;
2216 out1[5] = x309;
2217}
2218
2219/// The function toMontgomery translates a field element into the Montgomery domain.
2220///
2221/// Preconditions:
2222/// 0 ≤ eval arg1 < m
2223/// Postconditions:
2224/// eval (from_montgomery out1) mod m = eval arg1 mod m
2225/// 0 ≤ eval out1 < m
2226///
2227pub fn toMontgomery(out1: *MontgomeryDomainFieldElement, arg1: NonMontgomeryDomainFieldElement) void {
2228 @setRuntimeSafety(mode == .Debug);
2229
2230 const x1 = (arg1[1]);
2231 const x2 = (arg1[2]);
2232 const x3 = (arg1[3]);
2233 const x4 = (arg1[4]);
2234 const x5 = (arg1[5]);
2235 const x6 = (arg1[0]);
2236 var x7: u64 = undefined;
2237 var x8: u64 = undefined;
2238 mulxU64(&x7, &x8, x6, 0x200000000);
2239 var x9: u64 = undefined;
2240 var x10: u64 = undefined;
2241 mulxU64(&x9, &x10, x6, 0xfffffffe00000000);
2242 var x11: u64 = undefined;
2243 var x12: u64 = undefined;
2244 mulxU64(&x11, &x12, x6, 0x200000000);
2245 var x13: u64 = undefined;
2246 var x14: u64 = undefined;
2247 mulxU64(&x13, &x14, x6, 0xfffffffe00000001);
2248 var x15: u64 = undefined;
2249 var x16: u1 = undefined;
2250 addcarryxU64(&x15, &x16, 0x0, x14, x11);
2251 var x17: u64 = undefined;
2252 var x18: u1 = undefined;
2253 addcarryxU64(&x17, &x18, x16, x12, x9);
2254 var x19: u64 = undefined;
2255 var x20: u1 = undefined;
2256 addcarryxU64(&x19, &x20, x18, x10, x7);
2257 var x21: u64 = undefined;
2258 var x22: u1 = undefined;
2259 addcarryxU64(&x21, &x22, x20, x8, x6);
2260 var x23: u64 = undefined;
2261 var x24: u64 = undefined;
2262 mulxU64(&x23, &x24, x13, 0x100000001);
2263 var x25: u64 = undefined;
2264 var x26: u64 = undefined;
2265 mulxU64(&x25, &x26, x23, 0xffffffffffffffff);
2266 var x27: u64 = undefined;
2267 var x28: u64 = undefined;
2268 mulxU64(&x27, &x28, x23, 0xffffffffffffffff);
2269 var x29: u64 = undefined;
2270 var x30: u64 = undefined;
2271 mulxU64(&x29, &x30, x23, 0xffffffffffffffff);
2272 var x31: u64 = undefined;
2273 var x32: u64 = undefined;
2274 mulxU64(&x31, &x32, x23, 0xfffffffffffffffe);
2275 var x33: u64 = undefined;
2276 var x34: u64 = undefined;
2277 mulxU64(&x33, &x34, x23, 0xffffffff00000000);
2278 var x35: u64 = undefined;
2279 var x36: u64 = undefined;
2280 mulxU64(&x35, &x36, x23, 0xffffffff);
2281 var x37: u64 = undefined;
2282 var x38: u1 = undefined;
2283 addcarryxU64(&x37, &x38, 0x0, x36, x33);
2284 var x39: u64 = undefined;
2285 var x40: u1 = undefined;
2286 addcarryxU64(&x39, &x40, x38, x34, x31);
2287 var x41: u64 = undefined;
2288 var x42: u1 = undefined;
2289 addcarryxU64(&x41, &x42, x40, x32, x29);
2290 var x43: u64 = undefined;
2291 var x44: u1 = undefined;
2292 addcarryxU64(&x43, &x44, x42, x30, x27);
2293 var x45: u64 = undefined;
2294 var x46: u1 = undefined;
2295 addcarryxU64(&x45, &x46, x44, x28, x25);
2296 var x47: u64 = undefined;
2297 var x48: u1 = undefined;
2298 addcarryxU64(&x47, &x48, 0x0, x13, x35);
2299 var x49: u64 = undefined;
2300 var x50: u1 = undefined;
2301 addcarryxU64(&x49, &x50, x48, x15, x37);
2302 var x51: u64 = undefined;
2303 var x52: u1 = undefined;
2304 addcarryxU64(&x51, &x52, x50, x17, x39);
2305 var x53: u64 = undefined;
2306 var x54: u1 = undefined;
2307 addcarryxU64(&x53, &x54, x52, x19, x41);
2308 var x55: u64 = undefined;
2309 var x56: u1 = undefined;
2310 addcarryxU64(&x55, &x56, x54, x21, x43);
2311 var x57: u64 = undefined;
2312 var x58: u1 = undefined;
2313 addcarryxU64(&x57, &x58, x56, @as(u64, x22), x45);
2314 var x59: u64 = undefined;
2315 var x60: u1 = undefined;
2316 addcarryxU64(&x59, &x60, x58, 0x0, (@as(u64, x46) + x26));
2317 var x61: u64 = undefined;
2318 var x62: u64 = undefined;
2319 mulxU64(&x61, &x62, x1, 0x200000000);
2320 var x63: u64 = undefined;
2321 var x64: u64 = undefined;
2322 mulxU64(&x63, &x64, x1, 0xfffffffe00000000);
2323 var x65: u64 = undefined;
2324 var x66: u64 = undefined;
2325 mulxU64(&x65, &x66, x1, 0x200000000);
2326 var x67: u64 = undefined;
2327 var x68: u64 = undefined;
2328 mulxU64(&x67, &x68, x1, 0xfffffffe00000001);
2329 var x69: u64 = undefined;
2330 var x70: u1 = undefined;
2331 addcarryxU64(&x69, &x70, 0x0, x68, x65);
2332 var x71: u64 = undefined;
2333 var x72: u1 = undefined;
2334 addcarryxU64(&x71, &x72, x70, x66, x63);
2335 var x73: u64 = undefined;
2336 var x74: u1 = undefined;
2337 addcarryxU64(&x73, &x74, x72, x64, x61);
2338 var x75: u64 = undefined;
2339 var x76: u1 = undefined;
2340 addcarryxU64(&x75, &x76, x74, x62, x1);
2341 var x77: u64 = undefined;
2342 var x78: u1 = undefined;
2343 addcarryxU64(&x77, &x78, 0x0, x49, x67);
2344 var x79: u64 = undefined;
2345 var x80: u1 = undefined;
2346 addcarryxU64(&x79, &x80, x78, x51, x69);
2347 var x81: u64 = undefined;
2348 var x82: u1 = undefined;
2349 addcarryxU64(&x81, &x82, x80, x53, x71);
2350 var x83: u64 = undefined;
2351 var x84: u1 = undefined;
2352 addcarryxU64(&x83, &x84, x82, x55, x73);
2353 var x85: u64 = undefined;
2354 var x86: u1 = undefined;
2355 addcarryxU64(&x85, &x86, x84, x57, x75);
2356 var x87: u64 = undefined;
2357 var x88: u1 = undefined;
2358 addcarryxU64(&x87, &x88, x86, x59, @as(u64, x76));
2359 var x89: u64 = undefined;
2360 var x90: u64 = undefined;
2361 mulxU64(&x89, &x90, x77, 0x100000001);
2362 var x91: u64 = undefined;
2363 var x92: u64 = undefined;
2364 mulxU64(&x91, &x92, x89, 0xffffffffffffffff);
2365 var x93: u64 = undefined;
2366 var x94: u64 = undefined;
2367 mulxU64(&x93, &x94, x89, 0xffffffffffffffff);
2368 var x95: u64 = undefined;
2369 var x96: u64 = undefined;
2370 mulxU64(&x95, &x96, x89, 0xffffffffffffffff);
2371 var x97: u64 = undefined;
2372 var x98: u64 = undefined;
2373 mulxU64(&x97, &x98, x89, 0xfffffffffffffffe);
2374 var x99: u64 = undefined;
2375 var x100: u64 = undefined;
2376 mulxU64(&x99, &x100, x89, 0xffffffff00000000);
2377 var x101: u64 = undefined;
2378 var x102: u64 = undefined;
2379 mulxU64(&x101, &x102, x89, 0xffffffff);
2380 var x103: u64 = undefined;
2381 var x104: u1 = undefined;
2382 addcarryxU64(&x103, &x104, 0x0, x102, x99);
2383 var x105: u64 = undefined;
2384 var x106: u1 = undefined;
2385 addcarryxU64(&x105, &x106, x104, x100, x97);
2386 var x107: u64 = undefined;
2387 var x108: u1 = undefined;
2388 addcarryxU64(&x107, &x108, x106, x98, x95);
2389 var x109: u64 = undefined;
2390 var x110: u1 = undefined;
2391 addcarryxU64(&x109, &x110, x108, x96, x93);
2392 var x111: u64 = undefined;
2393 var x112: u1 = undefined;
2394 addcarryxU64(&x111, &x112, x110, x94, x91);
2395 var x113: u64 = undefined;
2396 var x114: u1 = undefined;
2397 addcarryxU64(&x113, &x114, 0x0, x77, x101);
2398 var x115: u64 = undefined;
2399 var x116: u1 = undefined;
2400 addcarryxU64(&x115, &x116, x114, x79, x103);
2401 var x117: u64 = undefined;
2402 var x118: u1 = undefined;
2403 addcarryxU64(&x117, &x118, x116, x81, x105);
2404 var x119: u64 = undefined;
2405 var x120: u1 = undefined;
2406 addcarryxU64(&x119, &x120, x118, x83, x107);
2407 var x121: u64 = undefined;
2408 var x122: u1 = undefined;
2409 addcarryxU64(&x121, &x122, x120, x85, x109);
2410 var x123: u64 = undefined;
2411 var x124: u1 = undefined;
2412 addcarryxU64(&x123, &x124, x122, x87, x111);
2413 var x125: u64 = undefined;
2414 var x126: u1 = undefined;
2415 addcarryxU64(&x125, &x126, x124, (@as(u64, x88) + @as(u64, x60)), (@as(u64, x112) + x92));
2416 var x127: u64 = undefined;
2417 var x128: u64 = undefined;
2418 mulxU64(&x127, &x128, x2, 0x200000000);
2419 var x129: u64 = undefined;
2420 var x130: u64 = undefined;
2421 mulxU64(&x129, &x130, x2, 0xfffffffe00000000);
2422 var x131: u64 = undefined;
2423 var x132: u64 = undefined;
2424 mulxU64(&x131, &x132, x2, 0x200000000);
2425 var x133: u64 = undefined;
2426 var x134: u64 = undefined;
2427 mulxU64(&x133, &x134, x2, 0xfffffffe00000001);
2428 var x135: u64 = undefined;
2429 var x136: u1 = undefined;
2430 addcarryxU64(&x135, &x136, 0x0, x134, x131);
2431 var x137: u64 = undefined;
2432 var x138: u1 = undefined;
2433 addcarryxU64(&x137, &x138, x136, x132, x129);
2434 var x139: u64 = undefined;
2435 var x140: u1 = undefined;
2436 addcarryxU64(&x139, &x140, x138, x130, x127);
2437 var x141: u64 = undefined;
2438 var x142: u1 = undefined;
2439 addcarryxU64(&x141, &x142, x140, x128, x2);
2440 var x143: u64 = undefined;
2441 var x144: u1 = undefined;
2442 addcarryxU64(&x143, &x144, 0x0, x115, x133);
2443 var x145: u64 = undefined;
2444 var x146: u1 = undefined;
2445 addcarryxU64(&x145, &x146, x144, x117, x135);
2446 var x147: u64 = undefined;
2447 var x148: u1 = undefined;
2448 addcarryxU64(&x147, &x148, x146, x119, x137);
2449 var x149: u64 = undefined;
2450 var x150: u1 = undefined;
2451 addcarryxU64(&x149, &x150, x148, x121, x139);
2452 var x151: u64 = undefined;
2453 var x152: u1 = undefined;
2454 addcarryxU64(&x151, &x152, x150, x123, x141);
2455 var x153: u64 = undefined;
2456 var x154: u1 = undefined;
2457 addcarryxU64(&x153, &x154, x152, x125, @as(u64, x142));
2458 var x155: u64 = undefined;
2459 var x156: u64 = undefined;
2460 mulxU64(&x155, &x156, x143, 0x100000001);
2461 var x157: u64 = undefined;
2462 var x158: u64 = undefined;
2463 mulxU64(&x157, &x158, x155, 0xffffffffffffffff);
2464 var x159: u64 = undefined;
2465 var x160: u64 = undefined;
2466 mulxU64(&x159, &x160, x155, 0xffffffffffffffff);
2467 var x161: u64 = undefined;
2468 var x162: u64 = undefined;
2469 mulxU64(&x161, &x162, x155, 0xffffffffffffffff);
2470 var x163: u64 = undefined;
2471 var x164: u64 = undefined;
2472 mulxU64(&x163, &x164, x155, 0xfffffffffffffffe);
2473 var x165: u64 = undefined;
2474 var x166: u64 = undefined;
2475 mulxU64(&x165, &x166, x155, 0xffffffff00000000);
2476 var x167: u64 = undefined;
2477 var x168: u64 = undefined;
2478 mulxU64(&x167, &x168, x155, 0xffffffff);
2479 var x169: u64 = undefined;
2480 var x170: u1 = undefined;
2481 addcarryxU64(&x169, &x170, 0x0, x168, x165);
2482 var x171: u64 = undefined;
2483 var x172: u1 = undefined;
2484 addcarryxU64(&x171, &x172, x170, x166, x163);
2485 var x173: u64 = undefined;
2486 var x174: u1 = undefined;
2487 addcarryxU64(&x173, &x174, x172, x164, x161);
2488 var x175: u64 = undefined;
2489 var x176: u1 = undefined;
2490 addcarryxU64(&x175, &x176, x174, x162, x159);
2491 var x177: u64 = undefined;
2492 var x178: u1 = undefined;
2493 addcarryxU64(&x177, &x178, x176, x160, x157);
2494 var x179: u64 = undefined;
2495 var x180: u1 = undefined;
2496 addcarryxU64(&x179, &x180, 0x0, x143, x167);
2497 var x181: u64 = undefined;
2498 var x182: u1 = undefined;
2499 addcarryxU64(&x181, &x182, x180, x145, x169);
2500 var x183: u64 = undefined;
2501 var x184: u1 = undefined;
2502 addcarryxU64(&x183, &x184, x182, x147, x171);
2503 var x185: u64 = undefined;
2504 var x186: u1 = undefined;
2505 addcarryxU64(&x185, &x186, x184, x149, x173);
2506 var x187: u64 = undefined;
2507 var x188: u1 = undefined;
2508 addcarryxU64(&x187, &x188, x186, x151, x175);
2509 var x189: u64 = undefined;
2510 var x190: u1 = undefined;
2511 addcarryxU64(&x189, &x190, x188, x153, x177);
2512 var x191: u64 = undefined;
2513 var x192: u1 = undefined;
2514 addcarryxU64(&x191, &x192, x190, (@as(u64, x154) + @as(u64, x126)), (@as(u64, x178) + x158));
2515 var x193: u64 = undefined;
2516 var x194: u64 = undefined;
2517 mulxU64(&x193, &x194, x3, 0x200000000);
2518 var x195: u64 = undefined;
2519 var x196: u64 = undefined;
2520 mulxU64(&x195, &x196, x3, 0xfffffffe00000000);
2521 var x197: u64 = undefined;
2522 var x198: u64 = undefined;
2523 mulxU64(&x197, &x198, x3, 0x200000000);
2524 var x199: u64 = undefined;
2525 var x200: u64 = undefined;
2526 mulxU64(&x199, &x200, x3, 0xfffffffe00000001);
2527 var x201: u64 = undefined;
2528 var x202: u1 = undefined;
2529 addcarryxU64(&x201, &x202, 0x0, x200, x197);
2530 var x203: u64 = undefined;
2531 var x204: u1 = undefined;
2532 addcarryxU64(&x203, &x204, x202, x198, x195);
2533 var x205: u64 = undefined;
2534 var x206: u1 = undefined;
2535 addcarryxU64(&x205, &x206, x204, x196, x193);
2536 var x207: u64 = undefined;
2537 var x208: u1 = undefined;
2538 addcarryxU64(&x207, &x208, x206, x194, x3);
2539 var x209: u64 = undefined;
2540 var x210: u1 = undefined;
2541 addcarryxU64(&x209, &x210, 0x0, x181, x199);
2542 var x211: u64 = undefined;
2543 var x212: u1 = undefined;
2544 addcarryxU64(&x211, &x212, x210, x183, x201);
2545 var x213: u64 = undefined;
2546 var x214: u1 = undefined;
2547 addcarryxU64(&x213, &x214, x212, x185, x203);
2548 var x215: u64 = undefined;
2549 var x216: u1 = undefined;
2550 addcarryxU64(&x215, &x216, x214, x187, x205);
2551 var x217: u64 = undefined;
2552 var x218: u1 = undefined;
2553 addcarryxU64(&x217, &x218, x216, x189, x207);
2554 var x219: u64 = undefined;
2555 var x220: u1 = undefined;
2556 addcarryxU64(&x219, &x220, x218, x191, @as(u64, x208));
2557 var x221: u64 = undefined;
2558 var x222: u64 = undefined;
2559 mulxU64(&x221, &x222, x209, 0x100000001);
2560 var x223: u64 = undefined;
2561 var x224: u64 = undefined;
2562 mulxU64(&x223, &x224, x221, 0xffffffffffffffff);
2563 var x225: u64 = undefined;
2564 var x226: u64 = undefined;
2565 mulxU64(&x225, &x226, x221, 0xffffffffffffffff);
2566 var x227: u64 = undefined;
2567 var x228: u64 = undefined;
2568 mulxU64(&x227, &x228, x221, 0xffffffffffffffff);
2569 var x229: u64 = undefined;
2570 var x230: u64 = undefined;
2571 mulxU64(&x229, &x230, x221, 0xfffffffffffffffe);
2572 var x231: u64 = undefined;
2573 var x232: u64 = undefined;
2574 mulxU64(&x231, &x232, x221, 0xffffffff00000000);
2575 var x233: u64 = undefined;
2576 var x234: u64 = undefined;
2577 mulxU64(&x233, &x234, x221, 0xffffffff);
2578 var x235: u64 = undefined;
2579 var x236: u1 = undefined;
2580 addcarryxU64(&x235, &x236, 0x0, x234, x231);
2581 var x237: u64 = undefined;
2582 var x238: u1 = undefined;
2583 addcarryxU64(&x237, &x238, x236, x232, x229);
2584 var x239: u64 = undefined;
2585 var x240: u1 = undefined;
2586 addcarryxU64(&x239, &x240, x238, x230, x227);
2587 var x241: u64 = undefined;
2588 var x242: u1 = undefined;
2589 addcarryxU64(&x241, &x242, x240, x228, x225);
2590 var x243: u64 = undefined;
2591 var x244: u1 = undefined;
2592 addcarryxU64(&x243, &x244, x242, x226, x223);
2593 var x245: u64 = undefined;
2594 var x246: u1 = undefined;
2595 addcarryxU64(&x245, &x246, 0x0, x209, x233);
2596 var x247: u64 = undefined;
2597 var x248: u1 = undefined;
2598 addcarryxU64(&x247, &x248, x246, x211, x235);
2599 var x249: u64 = undefined;
2600 var x250: u1 = undefined;
2601 addcarryxU64(&x249, &x250, x248, x213, x237);
2602 var x251: u64 = undefined;
2603 var x252: u1 = undefined;
2604 addcarryxU64(&x251, &x252, x250, x215, x239);
2605 var x253: u64 = undefined;
2606 var x254: u1 = undefined;
2607 addcarryxU64(&x253, &x254, x252, x217, x241);
2608 var x255: u64 = undefined;
2609 var x256: u1 = undefined;
2610 addcarryxU64(&x255, &x256, x254, x219, x243);
2611 var x257: u64 = undefined;
2612 var x258: u1 = undefined;
2613 addcarryxU64(&x257, &x258, x256, (@as(u64, x220) + @as(u64, x192)), (@as(u64, x244) + x224));
2614 var x259: u64 = undefined;
2615 var x260: u64 = undefined;
2616 mulxU64(&x259, &x260, x4, 0x200000000);
2617 var x261: u64 = undefined;
2618 var x262: u64 = undefined;
2619 mulxU64(&x261, &x262, x4, 0xfffffffe00000000);
2620 var x263: u64 = undefined;
2621 var x264: u64 = undefined;
2622 mulxU64(&x263, &x264, x4, 0x200000000);
2623 var x265: u64 = undefined;
2624 var x266: u64 = undefined;
2625 mulxU64(&x265, &x266, x4, 0xfffffffe00000001);
2626 var x267: u64 = undefined;
2627 var x268: u1 = undefined;
2628 addcarryxU64(&x267, &x268, 0x0, x266, x263);
2629 var x269: u64 = undefined;
2630 var x270: u1 = undefined;
2631 addcarryxU64(&x269, &x270, x268, x264, x261);
2632 var x271: u64 = undefined;
2633 var x272: u1 = undefined;
2634 addcarryxU64(&x271, &x272, x270, x262, x259);
2635 var x273: u64 = undefined;
2636 var x274: u1 = undefined;
2637 addcarryxU64(&x273, &x274, x272, x260, x4);
2638 var x275: u64 = undefined;
2639 var x276: u1 = undefined;
2640 addcarryxU64(&x275, &x276, 0x0, x247, x265);
2641 var x277: u64 = undefined;
2642 var x278: u1 = undefined;
2643 addcarryxU64(&x277, &x278, x276, x249, x267);
2644 var x279: u64 = undefined;
2645 var x280: u1 = undefined;
2646 addcarryxU64(&x279, &x280, x278, x251, x269);
2647 var x281: u64 = undefined;
2648 var x282: u1 = undefined;
2649 addcarryxU64(&x281, &x282, x280, x253, x271);
2650 var x283: u64 = undefined;
2651 var x284: u1 = undefined;
2652 addcarryxU64(&x283, &x284, x282, x255, x273);
2653 var x285: u64 = undefined;
2654 var x286: u1 = undefined;
2655 addcarryxU64(&x285, &x286, x284, x257, @as(u64, x274));
2656 var x287: u64 = undefined;
2657 var x288: u64 = undefined;
2658 mulxU64(&x287, &x288, x275, 0x100000001);
2659 var x289: u64 = undefined;
2660 var x290: u64 = undefined;
2661 mulxU64(&x289, &x290, x287, 0xffffffffffffffff);
2662 var x291: u64 = undefined;
2663 var x292: u64 = undefined;
2664 mulxU64(&x291, &x292, x287, 0xffffffffffffffff);
2665 var x293: u64 = undefined;
2666 var x294: u64 = undefined;
2667 mulxU64(&x293, &x294, x287, 0xffffffffffffffff);
2668 var x295: u64 = undefined;
2669 var x296: u64 = undefined;
2670 mulxU64(&x295, &x296, x287, 0xfffffffffffffffe);
2671 var x297: u64 = undefined;
2672 var x298: u64 = undefined;
2673 mulxU64(&x297, &x298, x287, 0xffffffff00000000);
2674 var x299: u64 = undefined;
2675 var x300: u64 = undefined;
2676 mulxU64(&x299, &x300, x287, 0xffffffff);
2677 var x301: u64 = undefined;
2678 var x302: u1 = undefined;
2679 addcarryxU64(&x301, &x302, 0x0, x300, x297);
2680 var x303: u64 = undefined;
2681 var x304: u1 = undefined;
2682 addcarryxU64(&x303, &x304, x302, x298, x295);
2683 var x305: u64 = undefined;
2684 var x306: u1 = undefined;
2685 addcarryxU64(&x305, &x306, x304, x296, x293);
2686 var x307: u64 = undefined;
2687 var x308: u1 = undefined;
2688 addcarryxU64(&x307, &x308, x306, x294, x291);
2689 var x309: u64 = undefined;
2690 var x310: u1 = undefined;
2691 addcarryxU64(&x309, &x310, x308, x292, x289);
2692 var x311: u64 = undefined;
2693 var x312: u1 = undefined;
2694 addcarryxU64(&x311, &x312, 0x0, x275, x299);
2695 var x313: u64 = undefined;
2696 var x314: u1 = undefined;
2697 addcarryxU64(&x313, &x314, x312, x277, x301);
2698 var x315: u64 = undefined;
2699 var x316: u1 = undefined;
2700 addcarryxU64(&x315, &x316, x314, x279, x303);
2701 var x317: u64 = undefined;
2702 var x318: u1 = undefined;
2703 addcarryxU64(&x317, &x318, x316, x281, x305);
2704 var x319: u64 = undefined;
2705 var x320: u1 = undefined;
2706 addcarryxU64(&x319, &x320, x318, x283, x307);
2707 var x321: u64 = undefined;
2708 var x322: u1 = undefined;
2709 addcarryxU64(&x321, &x322, x320, x285, x309);
2710 var x323: u64 = undefined;
2711 var x324: u1 = undefined;
2712 addcarryxU64(&x323, &x324, x322, (@as(u64, x286) + @as(u64, x258)), (@as(u64, x310) + x290));
2713 var x325: u64 = undefined;
2714 var x326: u64 = undefined;
2715 mulxU64(&x325, &x326, x5, 0x200000000);
2716 var x327: u64 = undefined;
2717 var x328: u64 = undefined;
2718 mulxU64(&x327, &x328, x5, 0xfffffffe00000000);
2719 var x329: u64 = undefined;
2720 var x330: u64 = undefined;
2721 mulxU64(&x329, &x330, x5, 0x200000000);
2722 var x331: u64 = undefined;
2723 var x332: u64 = undefined;
2724 mulxU64(&x331, &x332, x5, 0xfffffffe00000001);
2725 var x333: u64 = undefined;
2726 var x334: u1 = undefined;
2727 addcarryxU64(&x333, &x334, 0x0, x332, x329);
2728 var x335: u64 = undefined;
2729 var x336: u1 = undefined;
2730 addcarryxU64(&x335, &x336, x334, x330, x327);
2731 var x337: u64 = undefined;
2732 var x338: u1 = undefined;
2733 addcarryxU64(&x337, &x338, x336, x328, x325);
2734 var x339: u64 = undefined;
2735 var x340: u1 = undefined;
2736 addcarryxU64(&x339, &x340, x338, x326, x5);
2737 var x341: u64 = undefined;
2738 var x342: u1 = undefined;
2739 addcarryxU64(&x341, &x342, 0x0, x313, x331);
2740 var x343: u64 = undefined;
2741 var x344: u1 = undefined;
2742 addcarryxU64(&x343, &x344, x342, x315, x333);
2743 var x345: u64 = undefined;
2744 var x346: u1 = undefined;
2745 addcarryxU64(&x345, &x346, x344, x317, x335);
2746 var x347: u64 = undefined;
2747 var x348: u1 = undefined;
2748 addcarryxU64(&x347, &x348, x346, x319, x337);
2749 var x349: u64 = undefined;
2750 var x350: u1 = undefined;
2751 addcarryxU64(&x349, &x350, x348, x321, x339);
2752 var x351: u64 = undefined;
2753 var x352: u1 = undefined;
2754 addcarryxU64(&x351, &x352, x350, x323, @as(u64, x340));
2755 var x353: u64 = undefined;
2756 var x354: u64 = undefined;
2757 mulxU64(&x353, &x354, x341, 0x100000001);
2758 var x355: u64 = undefined;
2759 var x356: u64 = undefined;
2760 mulxU64(&x355, &x356, x353, 0xffffffffffffffff);
2761 var x357: u64 = undefined;
2762 var x358: u64 = undefined;
2763 mulxU64(&x357, &x358, x353, 0xffffffffffffffff);
2764 var x359: u64 = undefined;
2765 var x360: u64 = undefined;
2766 mulxU64(&x359, &x360, x353, 0xffffffffffffffff);
2767 var x361: u64 = undefined;
2768 var x362: u64 = undefined;
2769 mulxU64(&x361, &x362, x353, 0xfffffffffffffffe);
2770 var x363: u64 = undefined;
2771 var x364: u64 = undefined;
2772 mulxU64(&x363, &x364, x353, 0xffffffff00000000);
2773 var x365: u64 = undefined;
2774 var x366: u64 = undefined;
2775 mulxU64(&x365, &x366, x353, 0xffffffff);
2776 var x367: u64 = undefined;
2777 var x368: u1 = undefined;
2778 addcarryxU64(&x367, &x368, 0x0, x366, x363);
2779 var x369: u64 = undefined;
2780 var x370: u1 = undefined;
2781 addcarryxU64(&x369, &x370, x368, x364, x361);
2782 var x371: u64 = undefined;
2783 var x372: u1 = undefined;
2784 addcarryxU64(&x371, &x372, x370, x362, x359);
2785 var x373: u64 = undefined;
2786 var x374: u1 = undefined;
2787 addcarryxU64(&x373, &x374, x372, x360, x357);
2788 var x375: u64 = undefined;
2789 var x376: u1 = undefined;
2790 addcarryxU64(&x375, &x376, x374, x358, x355);
2791 var x377: u64 = undefined;
2792 var x378: u1 = undefined;
2793 addcarryxU64(&x377, &x378, 0x0, x341, x365);
2794 var x379: u64 = undefined;
2795 var x380: u1 = undefined;
2796 addcarryxU64(&x379, &x380, x378, x343, x367);
2797 var x381: u64 = undefined;
2798 var x382: u1 = undefined;
2799 addcarryxU64(&x381, &x382, x380, x345, x369);
2800 var x383: u64 = undefined;
2801 var x384: u1 = undefined;
2802 addcarryxU64(&x383, &x384, x382, x347, x371);
2803 var x385: u64 = undefined;
2804 var x386: u1 = undefined;
2805 addcarryxU64(&x385, &x386, x384, x349, x373);
2806 var x387: u64 = undefined;
2807 var x388: u1 = undefined;
2808 addcarryxU64(&x387, &x388, x386, x351, x375);
2809 var x389: u64 = undefined;
2810 var x390: u1 = undefined;
2811 addcarryxU64(&x389, &x390, x388, (@as(u64, x352) + @as(u64, x324)), (@as(u64, x376) + x356));
2812 var x391: u64 = undefined;
2813 var x392: u1 = undefined;
2814 subborrowxU64(&x391, &x392, 0x0, x379, 0xffffffff);
2815 var x393: u64 = undefined;
2816 var x394: u1 = undefined;
2817 subborrowxU64(&x393, &x394, x392, x381, 0xffffffff00000000);
2818 var x395: u64 = undefined;
2819 var x396: u1 = undefined;
2820 subborrowxU64(&x395, &x396, x394, x383, 0xfffffffffffffffe);
2821 var x397: u64 = undefined;
2822 var x398: u1 = undefined;
2823 subborrowxU64(&x397, &x398, x396, x385, 0xffffffffffffffff);
2824 var x399: u64 = undefined;
2825 var x400: u1 = undefined;
2826 subborrowxU64(&x399, &x400, x398, x387, 0xffffffffffffffff);
2827 var x401: u64 = undefined;
2828 var x402: u1 = undefined;
2829 subborrowxU64(&x401, &x402, x400, x389, 0xffffffffffffffff);
2830 var x403: u64 = undefined;
2831 var x404: u1 = undefined;
2832 subborrowxU64(&x403, &x404, x402, @as(u64, x390), 0x0);
2833 var x405: u64 = undefined;
2834 cmovznzU64(&x405, x404, x391, x379);
2835 var x406: u64 = undefined;
2836 cmovznzU64(&x406, x404, x393, x381);
2837 var x407: u64 = undefined;
2838 cmovznzU64(&x407, x404, x395, x383);
2839 var x408: u64 = undefined;
2840 cmovznzU64(&x408, x404, x397, x385);
2841 var x409: u64 = undefined;
2842 cmovznzU64(&x409, x404, x399, x387);
2843 var x410: u64 = undefined;
2844 cmovznzU64(&x410, x404, x401, x389);
2845 out1[0] = x405;
2846 out1[1] = x406;
2847 out1[2] = x407;
2848 out1[3] = x408;
2849 out1[4] = x409;
2850 out1[5] = x410;
2851}
2852
2853/// The function nonzero outputs a single non-zero word if the input is non-zero and zero otherwise.
2854///
2855/// Preconditions:
2856/// 0 ≤ eval arg1 < m
2857/// Postconditions:
2858/// out1 = 0 ↔ eval (from_montgomery arg1) mod m = 0
2859///
2860/// Input Bounds:
2861/// arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
2862/// Output Bounds:
2863/// out1: [0x0 ~> 0xffffffffffffffff]
2864pub fn nonzero(out1: *u64, arg1: [6]u64) void {
2865 @setRuntimeSafety(mode == .Debug);
2866
2867 const x1 = ((arg1[0]) | ((arg1[1]) | ((arg1[2]) | ((arg1[3]) | ((arg1[4]) | (arg1[5]))))));
2868 out1.* = x1;
2869}
2870
2871/// The function selectznz is a multi-limb conditional select.
2872///
2873/// Postconditions:
2874/// out1 = (if arg1 = 0 then arg2 else arg3)
2875///
2876/// Input Bounds:
2877/// arg1: [0x0 ~> 0x1]
2878/// arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
2879/// arg3: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
2880/// Output Bounds:
2881/// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
2882pub fn selectznz(out1: *[6]u64, arg1: u1, arg2: [6]u64, arg3: [6]u64) void {
2883 @setRuntimeSafety(mode == .Debug);
2884
2885 var x1: u64 = undefined;
2886 cmovznzU64(&x1, arg1, (arg2[0]), (arg3[0]));
2887 var x2: u64 = undefined;
2888 cmovznzU64(&x2, arg1, (arg2[1]), (arg3[1]));
2889 var x3: u64 = undefined;
2890 cmovznzU64(&x3, arg1, (arg2[2]), (arg3[2]));
2891 var x4: u64 = undefined;
2892 cmovznzU64(&x4, arg1, (arg2[3]), (arg3[3]));
2893 var x5: u64 = undefined;
2894 cmovznzU64(&x5, arg1, (arg2[4]), (arg3[4]));
2895 var x6: u64 = undefined;
2896 cmovznzU64(&x6, arg1, (arg2[5]), (arg3[5]));
2897 out1[0] = x1;
2898 out1[1] = x2;
2899 out1[2] = x3;
2900 out1[3] = x4;
2901 out1[4] = x5;
2902 out1[5] = x6;
2903}
2904
2905/// The function toBytes serializes a field element NOT in the Montgomery domain to bytes in little-endian order.
2906///
2907/// Preconditions:
2908/// 0 ≤ eval arg1 < m
2909/// Postconditions:
2910/// out1 = map (λ x, ⌊((eval arg1 mod m) mod 2^(8 * (x + 1))) / 2^(8 * x)⌋) [0..47]
2911///
2912/// Input Bounds:
2913/// arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
2914/// Output Bounds:
2915/// out1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff]]
2916pub fn toBytes(out1: *[48]u8, arg1: [6]u64) void {
2917 @setRuntimeSafety(mode == .Debug);
2918
2919 const x1 = (arg1[5]);
2920 const x2 = (arg1[4]);
2921 const x3 = (arg1[3]);
2922 const x4 = (arg1[2]);
2923 const x5 = (arg1[1]);
2924 const x6 = (arg1[0]);
2925 const x7 = @as(u8, @truncate((x6 & 0xff)));
2926 const x8 = (x6 >> 8);
2927 const x9 = @as(u8, @truncate((x8 & 0xff)));
2928 const x10 = (x8 >> 8);
2929 const x11 = @as(u8, @truncate((x10 & 0xff)));
2930 const x12 = (x10 >> 8);
2931 const x13 = @as(u8, @truncate((x12 & 0xff)));
2932 const x14 = (x12 >> 8);
2933 const x15 = @as(u8, @truncate((x14 & 0xff)));
2934 const x16 = (x14 >> 8);
2935 const x17 = @as(u8, @truncate((x16 & 0xff)));
2936 const x18 = (x16 >> 8);
2937 const x19 = @as(u8, @truncate((x18 & 0xff)));
2938 const x20 = @as(u8, @truncate((x18 >> 8)));
2939 const x21 = @as(u8, @truncate((x5 & 0xff)));
2940 const x22 = (x5 >> 8);
2941 const x23 = @as(u8, @truncate((x22 & 0xff)));
2942 const x24 = (x22 >> 8);
2943 const x25 = @as(u8, @truncate((x24 & 0xff)));
2944 const x26 = (x24 >> 8);
2945 const x27 = @as(u8, @truncate((x26 & 0xff)));
2946 const x28 = (x26 >> 8);
2947 const x29 = @as(u8, @truncate((x28 & 0xff)));
2948 const x30 = (x28 >> 8);
2949 const x31 = @as(u8, @truncate((x30 & 0xff)));
2950 const x32 = (x30 >> 8);
2951 const x33 = @as(u8, @truncate((x32 & 0xff)));
2952 const x34 = @as(u8, @truncate((x32 >> 8)));
2953 const x35 = @as(u8, @truncate((x4 & 0xff)));
2954 const x36 = (x4 >> 8);
2955 const x37 = @as(u8, @truncate((x36 & 0xff)));
2956 const x38 = (x36 >> 8);
2957 const x39 = @as(u8, @truncate((x38 & 0xff)));
2958 const x40 = (x38 >> 8);
2959 const x41 = @as(u8, @truncate((x40 & 0xff)));
2960 const x42 = (x40 >> 8);
2961 const x43 = @as(u8, @truncate((x42 & 0xff)));
2962 const x44 = (x42 >> 8);
2963 const x45 = @as(u8, @truncate((x44 & 0xff)));
2964 const x46 = (x44 >> 8);
2965 const x47 = @as(u8, @truncate((x46 & 0xff)));
2966 const x48 = @as(u8, @truncate((x46 >> 8)));
2967 const x49 = @as(u8, @truncate((x3 & 0xff)));
2968 const x50 = (x3 >> 8);
2969 const x51 = @as(u8, @truncate((x50 & 0xff)));
2970 const x52 = (x50 >> 8);
2971 const x53 = @as(u8, @truncate((x52 & 0xff)));
2972 const x54 = (x52 >> 8);
2973 const x55 = @as(u8, @truncate((x54 & 0xff)));
2974 const x56 = (x54 >> 8);
2975 const x57 = @as(u8, @truncate((x56 & 0xff)));
2976 const x58 = (x56 >> 8);
2977 const x59 = @as(u8, @truncate((x58 & 0xff)));
2978 const x60 = (x58 >> 8);
2979 const x61 = @as(u8, @truncate((x60 & 0xff)));
2980 const x62 = @as(u8, @truncate((x60 >> 8)));
2981 const x63 = @as(u8, @truncate((x2 & 0xff)));
2982 const x64 = (x2 >> 8);
2983 const x65 = @as(u8, @truncate((x64 & 0xff)));
2984 const x66 = (x64 >> 8);
2985 const x67 = @as(u8, @truncate((x66 & 0xff)));
2986 const x68 = (x66 >> 8);
2987 const x69 = @as(u8, @truncate((x68 & 0xff)));
2988 const x70 = (x68 >> 8);
2989 const x71 = @as(u8, @truncate((x70 & 0xff)));
2990 const x72 = (x70 >> 8);
2991 const x73 = @as(u8, @truncate((x72 & 0xff)));
2992 const x74 = (x72 >> 8);
2993 const x75 = @as(u8, @truncate((x74 & 0xff)));
2994 const x76 = @as(u8, @truncate((x74 >> 8)));
2995 const x77 = @as(u8, @truncate((x1 & 0xff)));
2996 const x78 = (x1 >> 8);
2997 const x79 = @as(u8, @truncate((x78 & 0xff)));
2998 const x80 = (x78 >> 8);
2999 const x81 = @as(u8, @truncate((x80 & 0xff)));
3000 const x82 = (x80 >> 8);
3001 const x83 = @as(u8, @truncate((x82 & 0xff)));
3002 const x84 = (x82 >> 8);
3003 const x85 = @as(u8, @truncate((x84 & 0xff)));
3004 const x86 = (x84 >> 8);
3005 const x87 = @as(u8, @truncate((x86 & 0xff)));
3006 const x88 = (x86 >> 8);
3007 const x89 = @as(u8, @truncate((x88 & 0xff)));
3008 const x90 = @as(u8, @truncate((x88 >> 8)));
3009 out1[0] = x7;
3010 out1[1] = x9;
3011 out1[2] = x11;
3012 out1[3] = x13;
3013 out1[4] = x15;
3014 out1[5] = x17;
3015 out1[6] = x19;
3016 out1[7] = x20;
3017 out1[8] = x21;
3018 out1[9] = x23;
3019 out1[10] = x25;
3020 out1[11] = x27;
3021 out1[12] = x29;
3022 out1[13] = x31;
3023 out1[14] = x33;
3024 out1[15] = x34;
3025 out1[16] = x35;
3026 out1[17] = x37;
3027 out1[18] = x39;
3028 out1[19] = x41;
3029 out1[20] = x43;
3030 out1[21] = x45;
3031 out1[22] = x47;
3032 out1[23] = x48;
3033 out1[24] = x49;
3034 out1[25] = x51;
3035 out1[26] = x53;
3036 out1[27] = x55;
3037 out1[28] = x57;
3038 out1[29] = x59;
3039 out1[30] = x61;
3040 out1[31] = x62;
3041 out1[32] = x63;
3042 out1[33] = x65;
3043 out1[34] = x67;
3044 out1[35] = x69;
3045 out1[36] = x71;
3046 out1[37] = x73;
3047 out1[38] = x75;
3048 out1[39] = x76;
3049 out1[40] = x77;
3050 out1[41] = x79;
3051 out1[42] = x81;
3052 out1[43] = x83;
3053 out1[44] = x85;
3054 out1[45] = x87;
3055 out1[46] = x89;
3056 out1[47] = x90;
3057}
3058
3059/// The function fromBytes deserializes a field element NOT in the Montgomery domain from bytes in little-endian order.
3060///
3061/// Preconditions:
3062/// 0 ≤ bytes_eval arg1 < m
3063/// Postconditions:
3064/// eval out1 mod m = bytes_eval arg1 mod m
3065/// 0 ≤ eval out1 < m
3066///
3067/// Input Bounds:
3068/// arg1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff]]
3069/// Output Bounds:
3070/// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
3071pub fn fromBytes(out1: *[6]u64, arg1: [48]u8) void {
3072 @setRuntimeSafety(mode == .Debug);
3073
3074 const x1 = (@as(u64, (arg1[47])) << 56);
3075 const x2 = (@as(u64, (arg1[46])) << 48);
3076 const x3 = (@as(u64, (arg1[45])) << 40);
3077 const x4 = (@as(u64, (arg1[44])) << 32);
3078 const x5 = (@as(u64, (arg1[43])) << 24);
3079 const x6 = (@as(u64, (arg1[42])) << 16);
3080 const x7 = (@as(u64, (arg1[41])) << 8);
3081 const x8 = (arg1[40]);
3082 const x9 = (@as(u64, (arg1[39])) << 56);
3083 const x10 = (@as(u64, (arg1[38])) << 48);
3084 const x11 = (@as(u64, (arg1[37])) << 40);
3085 const x12 = (@as(u64, (arg1[36])) << 32);
3086 const x13 = (@as(u64, (arg1[35])) << 24);
3087 const x14 = (@as(u64, (arg1[34])) << 16);
3088 const x15 = (@as(u64, (arg1[33])) << 8);
3089 const x16 = (arg1[32]);
3090 const x17 = (@as(u64, (arg1[31])) << 56);
3091 const x18 = (@as(u64, (arg1[30])) << 48);
3092 const x19 = (@as(u64, (arg1[29])) << 40);
3093 const x20 = (@as(u64, (arg1[28])) << 32);
3094 const x21 = (@as(u64, (arg1[27])) << 24);
3095 const x22 = (@as(u64, (arg1[26])) << 16);
3096 const x23 = (@as(u64, (arg1[25])) << 8);
3097 const x24 = (arg1[24]);
3098 const x25 = (@as(u64, (arg1[23])) << 56);
3099 const x26 = (@as(u64, (arg1[22])) << 48);
3100 const x27 = (@as(u64, (arg1[21])) << 40);
3101 const x28 = (@as(u64, (arg1[20])) << 32);
3102 const x29 = (@as(u64, (arg1[19])) << 24);
3103 const x30 = (@as(u64, (arg1[18])) << 16);
3104 const x31 = (@as(u64, (arg1[17])) << 8);
3105 const x32 = (arg1[16]);
3106 const x33 = (@as(u64, (arg1[15])) << 56);
3107 const x34 = (@as(u64, (arg1[14])) << 48);
3108 const x35 = (@as(u64, (arg1[13])) << 40);
3109 const x36 = (@as(u64, (arg1[12])) << 32);
3110 const x37 = (@as(u64, (arg1[11])) << 24);
3111 const x38 = (@as(u64, (arg1[10])) << 16);
3112 const x39 = (@as(u64, (arg1[9])) << 8);
3113 const x40 = (arg1[8]);
3114 const x41 = (@as(u64, (arg1[7])) << 56);
3115 const x42 = (@as(u64, (arg1[6])) << 48);
3116 const x43 = (@as(u64, (arg1[5])) << 40);
3117 const x44 = (@as(u64, (arg1[4])) << 32);
3118 const x45 = (@as(u64, (arg1[3])) << 24);
3119 const x46 = (@as(u64, (arg1[2])) << 16);
3120 const x47 = (@as(u64, (arg1[1])) << 8);
3121 const x48 = (arg1[0]);
3122 const x49 = (x47 + @as(u64, x48));
3123 const x50 = (x46 + x49);
3124 const x51 = (x45 + x50);
3125 const x52 = (x44 + x51);
3126 const x53 = (x43 + x52);
3127 const x54 = (x42 + x53);
3128 const x55 = (x41 + x54);
3129 const x56 = (x39 + @as(u64, x40));
3130 const x57 = (x38 + x56);
3131 const x58 = (x37 + x57);
3132 const x59 = (x36 + x58);
3133 const x60 = (x35 + x59);
3134 const x61 = (x34 + x60);
3135 const x62 = (x33 + x61);
3136 const x63 = (x31 + @as(u64, x32));
3137 const x64 = (x30 + x63);
3138 const x65 = (x29 + x64);
3139 const x66 = (x28 + x65);
3140 const x67 = (x27 + x66);
3141 const x68 = (x26 + x67);
3142 const x69 = (x25 + x68);
3143 const x70 = (x23 + @as(u64, x24));
3144 const x71 = (x22 + x70);
3145 const x72 = (x21 + x71);
3146 const x73 = (x20 + x72);
3147 const x74 = (x19 + x73);
3148 const x75 = (x18 + x74);
3149 const x76 = (x17 + x75);
3150 const x77 = (x15 + @as(u64, x16));
3151 const x78 = (x14 + x77);
3152 const x79 = (x13 + x78);
3153 const x80 = (x12 + x79);
3154 const x81 = (x11 + x80);
3155 const x82 = (x10 + x81);
3156 const x83 = (x9 + x82);
3157 const x84 = (x7 + @as(u64, x8));
3158 const x85 = (x6 + x84);
3159 const x86 = (x5 + x85);
3160 const x87 = (x4 + x86);
3161 const x88 = (x3 + x87);
3162 const x89 = (x2 + x88);
3163 const x90 = (x1 + x89);
3164 out1[0] = x55;
3165 out1[1] = x62;
3166 out1[2] = x69;
3167 out1[3] = x76;
3168 out1[4] = x83;
3169 out1[5] = x90;
3170}
3171
3172/// The function setOne returns the field element one in the Montgomery domain.
3173///
3174/// Postconditions:
3175/// eval (from_montgomery out1) mod m = 1 mod m
3176/// 0 ≤ eval out1 < m
3177///
3178pub fn setOne(out1: *MontgomeryDomainFieldElement) void {
3179 @setRuntimeSafety(mode == .Debug);
3180
3181 out1[0] = 0xffffffff00000001;
3182 out1[1] = 0xffffffff;
3183 out1[2] = 0x1;
3184 out1[3] = 0x0;
3185 out1[4] = 0x0;
3186 out1[5] = 0x0;
3187}
3188
3189/// The function msat returns the saturated representation of the prime modulus.
3190///
3191/// Postconditions:
3192/// twos_complement_eval out1 = m
3193/// 0 ≤ eval out1 < m
3194///
3195/// Output Bounds:
3196/// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
3197pub fn msat(out1: *[7]u64) void {
3198 @setRuntimeSafety(mode == .Debug);
3199
3200 out1[0] = 0xffffffff;
3201 out1[1] = 0xffffffff00000000;
3202 out1[2] = 0xfffffffffffffffe;
3203 out1[3] = 0xffffffffffffffff;
3204 out1[4] = 0xffffffffffffffff;
3205 out1[5] = 0xffffffffffffffff;
3206 out1[6] = 0x0;
3207}
3208
3209/// The function divstep computes a divstep.
3210///
3211/// Preconditions:
3212/// 0 ≤ eval arg4 < m
3213/// 0 ≤ eval arg5 < m
3214/// Postconditions:
3215/// out1 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then 1 - arg1 else 1 + arg1)
3216/// twos_complement_eval out2 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then twos_complement_eval arg3 else twos_complement_eval arg2)
3217/// twos_complement_eval out3 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then ⌊(twos_complement_eval arg3 - twos_complement_eval arg2) / 2⌋ else ⌊(twos_complement_eval arg3 + (twos_complement_eval arg3 mod 2) * twos_complement_eval arg2) / 2⌋)
3218/// eval (from_montgomery out4) mod m = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then (2 * eval (from_montgomery arg5)) mod m else (2 * eval (from_montgomery arg4)) mod m)
3219/// eval (from_montgomery out5) mod m = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then (eval (from_montgomery arg4) - eval (from_montgomery arg4)) mod m else (eval (from_montgomery arg5) + (twos_complement_eval arg3 mod 2) * eval (from_montgomery arg4)) mod m)
3220/// 0 ≤ eval out5 < m
3221/// 0 ≤ eval out5 < m
3222/// 0 ≤ eval out2 < m
3223/// 0 ≤ eval out3 < m
3224///
3225/// Input Bounds:
3226/// arg1: [0x0 ~> 0xffffffffffffffff]
3227/// arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
3228/// arg3: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
3229/// arg4: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
3230/// arg5: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
3231/// Output Bounds:
3232/// out1: [0x0 ~> 0xffffffffffffffff]
3233/// out2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
3234/// out3: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
3235/// out4: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
3236/// out5: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
3237pub fn divstep(out1: *u64, out2: *[7]u64, out3: *[7]u64, out4: *[6]u64, out5: *[6]u64, arg1: u64, arg2: [7]u64, arg3: [7]u64, arg4: [6]u64, arg5: [6]u64) void {
3238 @setRuntimeSafety(mode == .Debug);
3239
3240 var x1: u64 = undefined;
3241 var x2: u1 = undefined;
3242 addcarryxU64(&x1, &x2, 0x0, (~arg1), 0x1);
3243 const x3 = (@as(u1, @truncate((x1 >> 63))) & @as(u1, @truncate(((arg3[0]) & 0x1))));
3244 var x4: u64 = undefined;
3245 var x5: u1 = undefined;
3246 addcarryxU64(&x4, &x5, 0x0, (~arg1), 0x1);
3247 var x6: u64 = undefined;
3248 cmovznzU64(&x6, x3, arg1, x4);
3249 var x7: u64 = undefined;
3250 cmovznzU64(&x7, x3, (arg2[0]), (arg3[0]));
3251 var x8: u64 = undefined;
3252 cmovznzU64(&x8, x3, (arg2[1]), (arg3[1]));
3253 var x9: u64 = undefined;
3254 cmovznzU64(&x9, x3, (arg2[2]), (arg3[2]));
3255 var x10: u64 = undefined;
3256 cmovznzU64(&x10, x3, (arg2[3]), (arg3[3]));
3257 var x11: u64 = undefined;
3258 cmovznzU64(&x11, x3, (arg2[4]), (arg3[4]));
3259 var x12: u64 = undefined;
3260 cmovznzU64(&x12, x3, (arg2[5]), (arg3[5]));
3261 var x13: u64 = undefined;
3262 cmovznzU64(&x13, x3, (arg2[6]), (arg3[6]));
3263 var x14: u64 = undefined;
3264 var x15: u1 = undefined;
3265 addcarryxU64(&x14, &x15, 0x0, 0x1, (~(arg2[0])));
3266 var x16: u64 = undefined;
3267 var x17: u1 = undefined;
3268 addcarryxU64(&x16, &x17, x15, 0x0, (~(arg2[1])));
3269 var x18: u64 = undefined;
3270 var x19: u1 = undefined;
3271 addcarryxU64(&x18, &x19, x17, 0x0, (~(arg2[2])));
3272 var x20: u64 = undefined;
3273 var x21: u1 = undefined;
3274 addcarryxU64(&x20, &x21, x19, 0x0, (~(arg2[3])));
3275 var x22: u64 = undefined;
3276 var x23: u1 = undefined;
3277 addcarryxU64(&x22, &x23, x21, 0x0, (~(arg2[4])));
3278 var x24: u64 = undefined;
3279 var x25: u1 = undefined;
3280 addcarryxU64(&x24, &x25, x23, 0x0, (~(arg2[5])));
3281 var x26: u64 = undefined;
3282 var x27: u1 = undefined;
3283 addcarryxU64(&x26, &x27, x25, 0x0, (~(arg2[6])));
3284 var x28: u64 = undefined;
3285 cmovznzU64(&x28, x3, (arg3[0]), x14);
3286 var x29: u64 = undefined;
3287 cmovznzU64(&x29, x3, (arg3[1]), x16);
3288 var x30: u64 = undefined;
3289 cmovznzU64(&x30, x3, (arg3[2]), x18);
3290 var x31: u64 = undefined;
3291 cmovznzU64(&x31, x3, (arg3[3]), x20);
3292 var x32: u64 = undefined;
3293 cmovznzU64(&x32, x3, (arg3[4]), x22);
3294 var x33: u64 = undefined;
3295 cmovznzU64(&x33, x3, (arg3[5]), x24);
3296 var x34: u64 = undefined;
3297 cmovznzU64(&x34, x3, (arg3[6]), x26);
3298 var x35: u64 = undefined;
3299 cmovznzU64(&x35, x3, (arg4[0]), (arg5[0]));
3300 var x36: u64 = undefined;
3301 cmovznzU64(&x36, x3, (arg4[1]), (arg5[1]));
3302 var x37: u64 = undefined;
3303 cmovznzU64(&x37, x3, (arg4[2]), (arg5[2]));
3304 var x38: u64 = undefined;
3305 cmovznzU64(&x38, x3, (arg4[3]), (arg5[3]));
3306 var x39: u64 = undefined;
3307 cmovznzU64(&x39, x3, (arg4[4]), (arg5[4]));
3308 var x40: u64 = undefined;
3309 cmovznzU64(&x40, x3, (arg4[5]), (arg5[5]));
3310 var x41: u64 = undefined;
3311 var x42: u1 = undefined;
3312 addcarryxU64(&x41, &x42, 0x0, x35, x35);
3313 var x43: u64 = undefined;
3314 var x44: u1 = undefined;
3315 addcarryxU64(&x43, &x44, x42, x36, x36);
3316 var x45: u64 = undefined;
3317 var x46: u1 = undefined;
3318 addcarryxU64(&x45, &x46, x44, x37, x37);
3319 var x47: u64 = undefined;
3320 var x48: u1 = undefined;
3321 addcarryxU64(&x47, &x48, x46, x38, x38);
3322 var x49: u64 = undefined;
3323 var x50: u1 = undefined;
3324 addcarryxU64(&x49, &x50, x48, x39, x39);
3325 var x51: u64 = undefined;
3326 var x52: u1 = undefined;
3327 addcarryxU64(&x51, &x52, x50, x40, x40);
3328 var x53: u64 = undefined;
3329 var x54: u1 = undefined;
3330 subborrowxU64(&x53, &x54, 0x0, x41, 0xffffffff);
3331 var x55: u64 = undefined;
3332 var x56: u1 = undefined;
3333 subborrowxU64(&x55, &x56, x54, x43, 0xffffffff00000000);
3334 var x57: u64 = undefined;
3335 var x58: u1 = undefined;
3336 subborrowxU64(&x57, &x58, x56, x45, 0xfffffffffffffffe);
3337 var x59: u64 = undefined;
3338 var x60: u1 = undefined;
3339 subborrowxU64(&x59, &x60, x58, x47, 0xffffffffffffffff);
3340 var x61: u64 = undefined;
3341 var x62: u1 = undefined;
3342 subborrowxU64(&x61, &x62, x60, x49, 0xffffffffffffffff);
3343 var x63: u64 = undefined;
3344 var x64: u1 = undefined;
3345 subborrowxU64(&x63, &x64, x62, x51, 0xffffffffffffffff);
3346 var x65: u64 = undefined;
3347 var x66: u1 = undefined;
3348 subborrowxU64(&x65, &x66, x64, @as(u64, x52), 0x0);
3349 const x67 = (arg4[5]);
3350 const x68 = (arg4[4]);
3351 const x69 = (arg4[3]);
3352 const x70 = (arg4[2]);
3353 const x71 = (arg4[1]);
3354 const x72 = (arg4[0]);
3355 var x73: u64 = undefined;
3356 var x74: u1 = undefined;
3357 subborrowxU64(&x73, &x74, 0x0, 0x0, x72);
3358 var x75: u64 = undefined;
3359 var x76: u1 = undefined;
3360 subborrowxU64(&x75, &x76, x74, 0x0, x71);
3361 var x77: u64 = undefined;
3362 var x78: u1 = undefined;
3363 subborrowxU64(&x77, &x78, x76, 0x0, x70);
3364 var x79: u64 = undefined;
3365 var x80: u1 = undefined;
3366 subborrowxU64(&x79, &x80, x78, 0x0, x69);
3367 var x81: u64 = undefined;
3368 var x82: u1 = undefined;
3369 subborrowxU64(&x81, &x82, x80, 0x0, x68);
3370 var x83: u64 = undefined;
3371 var x84: u1 = undefined;
3372 subborrowxU64(&x83, &x84, x82, 0x0, x67);
3373 var x85: u64 = undefined;
3374 cmovznzU64(&x85, x84, 0x0, 0xffffffffffffffff);
3375 var x86: u64 = undefined;
3376 var x87: u1 = undefined;
3377 addcarryxU64(&x86, &x87, 0x0, x73, (x85 & 0xffffffff));
3378 var x88: u64 = undefined;
3379 var x89: u1 = undefined;
3380 addcarryxU64(&x88, &x89, x87, x75, (x85 & 0xffffffff00000000));
3381 var x90: u64 = undefined;
3382 var x91: u1 = undefined;
3383 addcarryxU64(&x90, &x91, x89, x77, (x85 & 0xfffffffffffffffe));
3384 var x92: u64 = undefined;
3385 var x93: u1 = undefined;
3386 addcarryxU64(&x92, &x93, x91, x79, x85);
3387 var x94: u64 = undefined;
3388 var x95: u1 = undefined;
3389 addcarryxU64(&x94, &x95, x93, x81, x85);
3390 var x96: u64 = undefined;
3391 var x97: u1 = undefined;
3392 addcarryxU64(&x96, &x97, x95, x83, x85);
3393 var x98: u64 = undefined;
3394 cmovznzU64(&x98, x3, (arg5[0]), x86);
3395 var x99: u64 = undefined;
3396 cmovznzU64(&x99, x3, (arg5[1]), x88);
3397 var x100: u64 = undefined;
3398 cmovznzU64(&x100, x3, (arg5[2]), x90);
3399 var x101: u64 = undefined;
3400 cmovznzU64(&x101, x3, (arg5[3]), x92);
3401 var x102: u64 = undefined;
3402 cmovznzU64(&x102, x3, (arg5[4]), x94);
3403 var x103: u64 = undefined;
3404 cmovznzU64(&x103, x3, (arg5[5]), x96);
3405 const x104 = @as(u1, @truncate((x28 & 0x1)));
3406 var x105: u64 = undefined;
3407 cmovznzU64(&x105, x104, 0x0, x7);
3408 var x106: u64 = undefined;
3409 cmovznzU64(&x106, x104, 0x0, x8);
3410 var x107: u64 = undefined;
3411 cmovznzU64(&x107, x104, 0x0, x9);
3412 var x108: u64 = undefined;
3413 cmovznzU64(&x108, x104, 0x0, x10);
3414 var x109: u64 = undefined;
3415 cmovznzU64(&x109, x104, 0x0, x11);
3416 var x110: u64 = undefined;
3417 cmovznzU64(&x110, x104, 0x0, x12);
3418 var x111: u64 = undefined;
3419 cmovznzU64(&x111, x104, 0x0, x13);
3420 var x112: u64 = undefined;
3421 var x113: u1 = undefined;
3422 addcarryxU64(&x112, &x113, 0x0, x28, x105);
3423 var x114: u64 = undefined;
3424 var x115: u1 = undefined;
3425 addcarryxU64(&x114, &x115, x113, x29, x106);
3426 var x116: u64 = undefined;
3427 var x117: u1 = undefined;
3428 addcarryxU64(&x116, &x117, x115, x30, x107);
3429 var x118: u64 = undefined;
3430 var x119: u1 = undefined;
3431 addcarryxU64(&x118, &x119, x117, x31, x108);
3432 var x120: u64 = undefined;
3433 var x121: u1 = undefined;
3434 addcarryxU64(&x120, &x121, x119, x32, x109);
3435 var x122: u64 = undefined;
3436 var x123: u1 = undefined;
3437 addcarryxU64(&x122, &x123, x121, x33, x110);
3438 var x124: u64 = undefined;
3439 var x125: u1 = undefined;
3440 addcarryxU64(&x124, &x125, x123, x34, x111);
3441 var x126: u64 = undefined;
3442 cmovznzU64(&x126, x104, 0x0, x35);
3443 var x127: u64 = undefined;
3444 cmovznzU64(&x127, x104, 0x0, x36);
3445 var x128: u64 = undefined;
3446 cmovznzU64(&x128, x104, 0x0, x37);
3447 var x129: u64 = undefined;
3448 cmovznzU64(&x129, x104, 0x0, x38);
3449 var x130: u64 = undefined;
3450 cmovznzU64(&x130, x104, 0x0, x39);
3451 var x131: u64 = undefined;
3452 cmovznzU64(&x131, x104, 0x0, x40);
3453 var x132: u64 = undefined;
3454 var x133: u1 = undefined;
3455 addcarryxU64(&x132, &x133, 0x0, x98, x126);
3456 var x134: u64 = undefined;
3457 var x135: u1 = undefined;
3458 addcarryxU64(&x134, &x135, x133, x99, x127);
3459 var x136: u64 = undefined;
3460 var x137: u1 = undefined;
3461 addcarryxU64(&x136, &x137, x135, x100, x128);
3462 var x138: u64 = undefined;
3463 var x139: u1 = undefined;
3464 addcarryxU64(&x138, &x139, x137, x101, x129);
3465 var x140: u64 = undefined;
3466 var x141: u1 = undefined;
3467 addcarryxU64(&x140, &x141, x139, x102, x130);
3468 var x142: u64 = undefined;
3469 var x143: u1 = undefined;
3470 addcarryxU64(&x142, &x143, x141, x103, x131);
3471 var x144: u64 = undefined;
3472 var x145: u1 = undefined;
3473 subborrowxU64(&x144, &x145, 0x0, x132, 0xffffffff);
3474 var x146: u64 = undefined;
3475 var x147: u1 = undefined;
3476 subborrowxU64(&x146, &x147, x145, x134, 0xffffffff00000000);
3477 var x148: u64 = undefined;
3478 var x149: u1 = undefined;
3479 subborrowxU64(&x148, &x149, x147, x136, 0xfffffffffffffffe);
3480 var x150: u64 = undefined;
3481 var x151: u1 = undefined;
3482 subborrowxU64(&x150, &x151, x149, x138, 0xffffffffffffffff);
3483 var x152: u64 = undefined;
3484 var x153: u1 = undefined;
3485 subborrowxU64(&x152, &x153, x151, x140, 0xffffffffffffffff);
3486 var x154: u64 = undefined;
3487 var x155: u1 = undefined;
3488 subborrowxU64(&x154, &x155, x153, x142, 0xffffffffffffffff);
3489 var x156: u64 = undefined;
3490 var x157: u1 = undefined;
3491 subborrowxU64(&x156, &x157, x155, @as(u64, x143), 0x0);
3492 var x158: u64 = undefined;
3493 var x159: u1 = undefined;
3494 addcarryxU64(&x158, &x159, 0x0, x6, 0x1);
3495 const x160 = ((x112 >> 1) | ((x114 << 63) & 0xffffffffffffffff));
3496 const x161 = ((x114 >> 1) | ((x116 << 63) & 0xffffffffffffffff));
3497 const x162 = ((x116 >> 1) | ((x118 << 63) & 0xffffffffffffffff));
3498 const x163 = ((x118 >> 1) | ((x120 << 63) & 0xffffffffffffffff));
3499 const x164 = ((x120 >> 1) | ((x122 << 63) & 0xffffffffffffffff));
3500 const x165 = ((x122 >> 1) | ((x124 << 63) & 0xffffffffffffffff));
3501 const x166 = ((x124 & 0x8000000000000000) | (x124 >> 1));
3502 var x167: u64 = undefined;
3503 cmovznzU64(&x167, x66, x53, x41);
3504 var x168: u64 = undefined;
3505 cmovznzU64(&x168, x66, x55, x43);
3506 var x169: u64 = undefined;
3507 cmovznzU64(&x169, x66, x57, x45);
3508 var x170: u64 = undefined;
3509 cmovznzU64(&x170, x66, x59, x47);
3510 var x171: u64 = undefined;
3511 cmovznzU64(&x171, x66, x61, x49);
3512 var x172: u64 = undefined;
3513 cmovznzU64(&x172, x66, x63, x51);
3514 var x173: u64 = undefined;
3515 cmovznzU64(&x173, x157, x144, x132);
3516 var x174: u64 = undefined;
3517 cmovznzU64(&x174, x157, x146, x134);
3518 var x175: u64 = undefined;
3519 cmovznzU64(&x175, x157, x148, x136);
3520 var x176: u64 = undefined;
3521 cmovznzU64(&x176, x157, x150, x138);
3522 var x177: u64 = undefined;
3523 cmovznzU64(&x177, x157, x152, x140);
3524 var x178: u64 = undefined;
3525 cmovznzU64(&x178, x157, x154, x142);
3526 out1.* = x158;
3527 out2[0] = x7;
3528 out2[1] = x8;
3529 out2[2] = x9;
3530 out2[3] = x10;
3531 out2[4] = x11;
3532 out2[5] = x12;
3533 out2[6] = x13;
3534 out3[0] = x160;
3535 out3[1] = x161;
3536 out3[2] = x162;
3537 out3[3] = x163;
3538 out3[4] = x164;
3539 out3[5] = x165;
3540 out3[6] = x166;
3541 out4[0] = x167;
3542 out4[1] = x168;
3543 out4[2] = x169;
3544 out4[3] = x170;
3545 out4[4] = x171;
3546 out4[5] = x172;
3547 out5[0] = x173;
3548 out5[1] = x174;
3549 out5[2] = x175;
3550 out5[3] = x176;
3551 out5[4] = x177;
3552 out5[5] = x178;
3553}
3554
3555/// The function divstepPrecomp returns the precomputed value for Bernstein-Yang-inversion (in montgomery form).
3556///
3557/// Postconditions:
3558/// eval (from_montgomery out1) = ⌊(m - 1) / 2⌋^(if ⌊log2 m⌋ + 1 < 46 then ⌊(49 * (⌊log2 m⌋ + 1) + 80) / 17⌋ else ⌊(49 * (⌊log2 m⌋ + 1) + 57) / 17⌋)
3559/// 0 ≤ eval out1 < m
3560///
3561/// Output Bounds:
3562/// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
3563pub fn divstepPrecomp(out1: *[6]u64) void {
3564 @setRuntimeSafety(mode == .Debug);
3565
3566 out1[0] = 0xfff69400fff18fff;
3567 out1[1] = 0x2b7feffffd3ff;
3568 out1[2] = 0xfffedbfffffe97ff;
3569 out1[3] = 0x2840000002fff;
3570 out1[4] = 0x6040000050400;
3571 out1[5] = 0xfffc480000038000;
3572}