master
1// Autogenerated: 'src/ExtractionOCaml/word_by_word_montgomery' --lang Zig --internal-static --public-function-case camelCase --private-function-case camelCase --public-type-case UpperCamelCase --private-type-case UpperCamelCase --no-prefix-fiat --package-name p384_scalar '' 64 '2^384 - 1388124618062372383947042015309946732620727252194336364173' mul square add sub opp from_montgomery to_montgomery nonzero selectznz to_bytes from_bytes one msat divstep divstep_precomp
2// curve description (via package name): p384_scalar
3// machine_wordsize = 64 (from "64")
4// requested operations: mul, square, add, sub, opp, from_montgomery, to_montgomery, nonzero, selectznz, to_bytes, from_bytes, one, msat, divstep, divstep_precomp
5// m = 0xffffffffffffffffffffffffffffffffffffffffffffffffc7634d81f4372ddf581a0db248b0a77aecec196accc52973 (from "2^384 - 1388124618062372383947042015309946732620727252194336364173")
6//
7// NOTE: In addition to the bounds specified above each function, all
8// functions synthesized for this Montgomery arithmetic require the
9// input to be strictly less than the prime modulus (m), and also
10// require the input to be in the unique saturated representation.
11// All functions also ensure that these two properties are true of
12// return values.
13//
14// Computed values:
15// eval z = z[0] + (z[1] << 64) + (z[2] << 128) + (z[3] << 192) + (z[4] << 256) + (z[5] << 0x140)
16// bytes_eval z = z[0] + (z[1] << 8) + (z[2] << 16) + (z[3] << 24) + (z[4] << 32) + (z[5] << 40) + (z[6] << 48) + (z[7] << 56) + (z[8] << 64) + (z[9] << 72) + (z[10] << 80) + (z[11] << 88) + (z[12] << 96) + (z[13] << 104) + (z[14] << 112) + (z[15] << 120) + (z[16] << 128) + (z[17] << 136) + (z[18] << 144) + (z[19] << 152) + (z[20] << 160) + (z[21] << 168) + (z[22] << 176) + (z[23] << 184) + (z[24] << 192) + (z[25] << 200) + (z[26] << 208) + (z[27] << 216) + (z[28] << 224) + (z[29] << 232) + (z[30] << 240) + (z[31] << 248) + (z[32] << 256) + (z[33] << 0x108) + (z[34] << 0x110) + (z[35] << 0x118) + (z[36] << 0x120) + (z[37] << 0x128) + (z[38] << 0x130) + (z[39] << 0x138) + (z[40] << 0x140) + (z[41] << 0x148) + (z[42] << 0x150) + (z[43] << 0x158) + (z[44] << 0x160) + (z[45] << 0x168) + (z[46] << 0x170) + (z[47] << 0x178)
17// twos_complement_eval z = let x1 := z[0] + (z[1] << 64) + (z[2] << 128) + (z[3] << 192) + (z[4] << 256) + (z[5] << 0x140) in
18// if x1 & (2^384-1) < 2^383 then x1 & (2^384-1) else (x1 & (2^384-1)) - 2^384
19
20const std = @import("std");
21const mode = @import("builtin").mode; // Checked arithmetic is disabled in non-debug modes to avoid side channels
22
23// The type MontgomeryDomainFieldElement is a field element in the Montgomery domain.
24// Bounds: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
25pub const MontgomeryDomainFieldElement = [6]u64;
26
27// The type NonMontgomeryDomainFieldElement is a field element NOT in the Montgomery domain.
28// Bounds: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
29pub const NonMontgomeryDomainFieldElement = [6]u64;
30
31/// The function addcarryxU64 is an addition with carry.
32///
33/// Postconditions:
34/// out1 = (arg1 + arg2 + arg3) mod 2^64
35/// out2 = ⌊(arg1 + arg2 + arg3) / 2^64⌋
36///
37/// Input Bounds:
38/// arg1: [0x0 ~> 0x1]
39/// arg2: [0x0 ~> 0xffffffffffffffff]
40/// arg3: [0x0 ~> 0xffffffffffffffff]
41/// Output Bounds:
42/// out1: [0x0 ~> 0xffffffffffffffff]
43/// out2: [0x0 ~> 0x1]
44fn addcarryxU64(out1: *u64, out2: *u1, arg1: u1, arg2: u64, arg3: u64) void {
45 const x = @as(u128, arg2) +% arg3 +% arg1;
46 out1.* = @truncate(x);
47 out2.* = @truncate(x >> 64);
48}
49
50/// The function subborrowxU64 is a subtraction with borrow.
51///
52/// Postconditions:
53/// out1 = (-arg1 + arg2 + -arg3) mod 2^64
54/// out2 = -⌊(-arg1 + arg2 + -arg3) / 2^64⌋
55///
56/// Input Bounds:
57/// arg1: [0x0 ~> 0x1]
58/// arg2: [0x0 ~> 0xffffffffffffffff]
59/// arg3: [0x0 ~> 0xffffffffffffffff]
60/// Output Bounds:
61/// out1: [0x0 ~> 0xffffffffffffffff]
62/// out2: [0x0 ~> 0x1]
63fn subborrowxU64(out1: *u64, out2: *u1, arg1: u1, arg2: u64, arg3: u64) void {
64 const x = @as(u128, arg2) -% arg3 -% arg1;
65 out1.* = @truncate(x);
66 out2.* = @truncate(x >> 64);
67}
68
69/// The function mulxU64 is a multiplication, returning the full double-width result.
70///
71/// Postconditions:
72/// out1 = (arg1 * arg2) mod 2^64
73/// out2 = ⌊arg1 * arg2 / 2^64⌋
74///
75/// Input Bounds:
76/// arg1: [0x0 ~> 0xffffffffffffffff]
77/// arg2: [0x0 ~> 0xffffffffffffffff]
78/// Output Bounds:
79/// out1: [0x0 ~> 0xffffffffffffffff]
80/// out2: [0x0 ~> 0xffffffffffffffff]
81fn mulxU64(out1: *u64, out2: *u64, arg1: u64, arg2: u64) void {
82 @setRuntimeSafety(mode == .Debug);
83
84 const x = @as(u128, arg1) * @as(u128, arg2);
85 out1.* = @as(u64, @truncate(x));
86 out2.* = @as(u64, @truncate(x >> 64));
87}
88
89/// The function cmovznzU64 is a single-word conditional move.
90///
91/// Postconditions:
92/// out1 = (if arg1 = 0 then arg2 else arg3)
93///
94/// Input Bounds:
95/// arg1: [0x0 ~> 0x1]
96/// arg2: [0x0 ~> 0xffffffffffffffff]
97/// arg3: [0x0 ~> 0xffffffffffffffff]
98/// Output Bounds:
99/// out1: [0x0 ~> 0xffffffffffffffff]
100fn cmovznzU64(out1: *u64, arg1: u1, arg2: u64, arg3: u64) void {
101 @setRuntimeSafety(mode == .Debug);
102
103 const mask = 0 -% @as(u64, arg1);
104 out1.* = (mask & arg3) | ((~mask) & arg2);
105}
106
107/// The function mul multiplies two field elements in the Montgomery domain.
108///
109/// Preconditions:
110/// 0 ≤ eval arg1 < m
111/// 0 ≤ eval arg2 < m
112/// Postconditions:
113/// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg2)) mod m
114/// 0 ≤ eval out1 < m
115///
116pub fn mul(out1: *MontgomeryDomainFieldElement, arg1: MontgomeryDomainFieldElement, arg2: MontgomeryDomainFieldElement) void {
117 @setRuntimeSafety(mode == .Debug);
118
119 const x1 = (arg1[1]);
120 const x2 = (arg1[2]);
121 const x3 = (arg1[3]);
122 const x4 = (arg1[4]);
123 const x5 = (arg1[5]);
124 const x6 = (arg1[0]);
125 var x7: u64 = undefined;
126 var x8: u64 = undefined;
127 mulxU64(&x7, &x8, x6, (arg2[5]));
128 var x9: u64 = undefined;
129 var x10: u64 = undefined;
130 mulxU64(&x9, &x10, x6, (arg2[4]));
131 var x11: u64 = undefined;
132 var x12: u64 = undefined;
133 mulxU64(&x11, &x12, x6, (arg2[3]));
134 var x13: u64 = undefined;
135 var x14: u64 = undefined;
136 mulxU64(&x13, &x14, x6, (arg2[2]));
137 var x15: u64 = undefined;
138 var x16: u64 = undefined;
139 mulxU64(&x15, &x16, x6, (arg2[1]));
140 var x17: u64 = undefined;
141 var x18: u64 = undefined;
142 mulxU64(&x17, &x18, x6, (arg2[0]));
143 var x19: u64 = undefined;
144 var x20: u1 = undefined;
145 addcarryxU64(&x19, &x20, 0x0, x18, x15);
146 var x21: u64 = undefined;
147 var x22: u1 = undefined;
148 addcarryxU64(&x21, &x22, x20, x16, x13);
149 var x23: u64 = undefined;
150 var x24: u1 = undefined;
151 addcarryxU64(&x23, &x24, x22, x14, x11);
152 var x25: u64 = undefined;
153 var x26: u1 = undefined;
154 addcarryxU64(&x25, &x26, x24, x12, x9);
155 var x27: u64 = undefined;
156 var x28: u1 = undefined;
157 addcarryxU64(&x27, &x28, x26, x10, x7);
158 const x29 = (@as(u64, x28) + x8);
159 var x30: u64 = undefined;
160 var x31: u64 = undefined;
161 mulxU64(&x30, &x31, x17, 0x6ed46089e88fdc45);
162 var x32: u64 = undefined;
163 var x33: u64 = undefined;
164 mulxU64(&x32, &x33, x30, 0xffffffffffffffff);
165 var x34: u64 = undefined;
166 var x35: u64 = undefined;
167 mulxU64(&x34, &x35, x30, 0xffffffffffffffff);
168 var x36: u64 = undefined;
169 var x37: u64 = undefined;
170 mulxU64(&x36, &x37, x30, 0xffffffffffffffff);
171 var x38: u64 = undefined;
172 var x39: u64 = undefined;
173 mulxU64(&x38, &x39, x30, 0xc7634d81f4372ddf);
174 var x40: u64 = undefined;
175 var x41: u64 = undefined;
176 mulxU64(&x40, &x41, x30, 0x581a0db248b0a77a);
177 var x42: u64 = undefined;
178 var x43: u64 = undefined;
179 mulxU64(&x42, &x43, x30, 0xecec196accc52973);
180 var x44: u64 = undefined;
181 var x45: u1 = undefined;
182 addcarryxU64(&x44, &x45, 0x0, x43, x40);
183 var x46: u64 = undefined;
184 var x47: u1 = undefined;
185 addcarryxU64(&x46, &x47, x45, x41, x38);
186 var x48: u64 = undefined;
187 var x49: u1 = undefined;
188 addcarryxU64(&x48, &x49, x47, x39, x36);
189 var x50: u64 = undefined;
190 var x51: u1 = undefined;
191 addcarryxU64(&x50, &x51, x49, x37, x34);
192 var x52: u64 = undefined;
193 var x53: u1 = undefined;
194 addcarryxU64(&x52, &x53, x51, x35, x32);
195 const x54 = (@as(u64, x53) + x33);
196 var x55: u64 = undefined;
197 var x56: u1 = undefined;
198 addcarryxU64(&x55, &x56, 0x0, x17, x42);
199 var x57: u64 = undefined;
200 var x58: u1 = undefined;
201 addcarryxU64(&x57, &x58, x56, x19, x44);
202 var x59: u64 = undefined;
203 var x60: u1 = undefined;
204 addcarryxU64(&x59, &x60, x58, x21, x46);
205 var x61: u64 = undefined;
206 var x62: u1 = undefined;
207 addcarryxU64(&x61, &x62, x60, x23, x48);
208 var x63: u64 = undefined;
209 var x64: u1 = undefined;
210 addcarryxU64(&x63, &x64, x62, x25, x50);
211 var x65: u64 = undefined;
212 var x66: u1 = undefined;
213 addcarryxU64(&x65, &x66, x64, x27, x52);
214 var x67: u64 = undefined;
215 var x68: u1 = undefined;
216 addcarryxU64(&x67, &x68, x66, x29, x54);
217 var x69: u64 = undefined;
218 var x70: u64 = undefined;
219 mulxU64(&x69, &x70, x1, (arg2[5]));
220 var x71: u64 = undefined;
221 var x72: u64 = undefined;
222 mulxU64(&x71, &x72, x1, (arg2[4]));
223 var x73: u64 = undefined;
224 var x74: u64 = undefined;
225 mulxU64(&x73, &x74, x1, (arg2[3]));
226 var x75: u64 = undefined;
227 var x76: u64 = undefined;
228 mulxU64(&x75, &x76, x1, (arg2[2]));
229 var x77: u64 = undefined;
230 var x78: u64 = undefined;
231 mulxU64(&x77, &x78, x1, (arg2[1]));
232 var x79: u64 = undefined;
233 var x80: u64 = undefined;
234 mulxU64(&x79, &x80, x1, (arg2[0]));
235 var x81: u64 = undefined;
236 var x82: u1 = undefined;
237 addcarryxU64(&x81, &x82, 0x0, x80, x77);
238 var x83: u64 = undefined;
239 var x84: u1 = undefined;
240 addcarryxU64(&x83, &x84, x82, x78, x75);
241 var x85: u64 = undefined;
242 var x86: u1 = undefined;
243 addcarryxU64(&x85, &x86, x84, x76, x73);
244 var x87: u64 = undefined;
245 var x88: u1 = undefined;
246 addcarryxU64(&x87, &x88, x86, x74, x71);
247 var x89: u64 = undefined;
248 var x90: u1 = undefined;
249 addcarryxU64(&x89, &x90, x88, x72, x69);
250 const x91 = (@as(u64, x90) + x70);
251 var x92: u64 = undefined;
252 var x93: u1 = undefined;
253 addcarryxU64(&x92, &x93, 0x0, x57, x79);
254 var x94: u64 = undefined;
255 var x95: u1 = undefined;
256 addcarryxU64(&x94, &x95, x93, x59, x81);
257 var x96: u64 = undefined;
258 var x97: u1 = undefined;
259 addcarryxU64(&x96, &x97, x95, x61, x83);
260 var x98: u64 = undefined;
261 var x99: u1 = undefined;
262 addcarryxU64(&x98, &x99, x97, x63, x85);
263 var x100: u64 = undefined;
264 var x101: u1 = undefined;
265 addcarryxU64(&x100, &x101, x99, x65, x87);
266 var x102: u64 = undefined;
267 var x103: u1 = undefined;
268 addcarryxU64(&x102, &x103, x101, x67, x89);
269 var x104: u64 = undefined;
270 var x105: u1 = undefined;
271 addcarryxU64(&x104, &x105, x103, @as(u64, x68), x91);
272 var x106: u64 = undefined;
273 var x107: u64 = undefined;
274 mulxU64(&x106, &x107, x92, 0x6ed46089e88fdc45);
275 var x108: u64 = undefined;
276 var x109: u64 = undefined;
277 mulxU64(&x108, &x109, x106, 0xffffffffffffffff);
278 var x110: u64 = undefined;
279 var x111: u64 = undefined;
280 mulxU64(&x110, &x111, x106, 0xffffffffffffffff);
281 var x112: u64 = undefined;
282 var x113: u64 = undefined;
283 mulxU64(&x112, &x113, x106, 0xffffffffffffffff);
284 var x114: u64 = undefined;
285 var x115: u64 = undefined;
286 mulxU64(&x114, &x115, x106, 0xc7634d81f4372ddf);
287 var x116: u64 = undefined;
288 var x117: u64 = undefined;
289 mulxU64(&x116, &x117, x106, 0x581a0db248b0a77a);
290 var x118: u64 = undefined;
291 var x119: u64 = undefined;
292 mulxU64(&x118, &x119, x106, 0xecec196accc52973);
293 var x120: u64 = undefined;
294 var x121: u1 = undefined;
295 addcarryxU64(&x120, &x121, 0x0, x119, x116);
296 var x122: u64 = undefined;
297 var x123: u1 = undefined;
298 addcarryxU64(&x122, &x123, x121, x117, x114);
299 var x124: u64 = undefined;
300 var x125: u1 = undefined;
301 addcarryxU64(&x124, &x125, x123, x115, x112);
302 var x126: u64 = undefined;
303 var x127: u1 = undefined;
304 addcarryxU64(&x126, &x127, x125, x113, x110);
305 var x128: u64 = undefined;
306 var x129: u1 = undefined;
307 addcarryxU64(&x128, &x129, x127, x111, x108);
308 const x130 = (@as(u64, x129) + x109);
309 var x131: u64 = undefined;
310 var x132: u1 = undefined;
311 addcarryxU64(&x131, &x132, 0x0, x92, x118);
312 var x133: u64 = undefined;
313 var x134: u1 = undefined;
314 addcarryxU64(&x133, &x134, x132, x94, x120);
315 var x135: u64 = undefined;
316 var x136: u1 = undefined;
317 addcarryxU64(&x135, &x136, x134, x96, x122);
318 var x137: u64 = undefined;
319 var x138: u1 = undefined;
320 addcarryxU64(&x137, &x138, x136, x98, x124);
321 var x139: u64 = undefined;
322 var x140: u1 = undefined;
323 addcarryxU64(&x139, &x140, x138, x100, x126);
324 var x141: u64 = undefined;
325 var x142: u1 = undefined;
326 addcarryxU64(&x141, &x142, x140, x102, x128);
327 var x143: u64 = undefined;
328 var x144: u1 = undefined;
329 addcarryxU64(&x143, &x144, x142, x104, x130);
330 const x145 = (@as(u64, x144) + @as(u64, x105));
331 var x146: u64 = undefined;
332 var x147: u64 = undefined;
333 mulxU64(&x146, &x147, x2, (arg2[5]));
334 var x148: u64 = undefined;
335 var x149: u64 = undefined;
336 mulxU64(&x148, &x149, x2, (arg2[4]));
337 var x150: u64 = undefined;
338 var x151: u64 = undefined;
339 mulxU64(&x150, &x151, x2, (arg2[3]));
340 var x152: u64 = undefined;
341 var x153: u64 = undefined;
342 mulxU64(&x152, &x153, x2, (arg2[2]));
343 var x154: u64 = undefined;
344 var x155: u64 = undefined;
345 mulxU64(&x154, &x155, x2, (arg2[1]));
346 var x156: u64 = undefined;
347 var x157: u64 = undefined;
348 mulxU64(&x156, &x157, x2, (arg2[0]));
349 var x158: u64 = undefined;
350 var x159: u1 = undefined;
351 addcarryxU64(&x158, &x159, 0x0, x157, x154);
352 var x160: u64 = undefined;
353 var x161: u1 = undefined;
354 addcarryxU64(&x160, &x161, x159, x155, x152);
355 var x162: u64 = undefined;
356 var x163: u1 = undefined;
357 addcarryxU64(&x162, &x163, x161, x153, x150);
358 var x164: u64 = undefined;
359 var x165: u1 = undefined;
360 addcarryxU64(&x164, &x165, x163, x151, x148);
361 var x166: u64 = undefined;
362 var x167: u1 = undefined;
363 addcarryxU64(&x166, &x167, x165, x149, x146);
364 const x168 = (@as(u64, x167) + x147);
365 var x169: u64 = undefined;
366 var x170: u1 = undefined;
367 addcarryxU64(&x169, &x170, 0x0, x133, x156);
368 var x171: u64 = undefined;
369 var x172: u1 = undefined;
370 addcarryxU64(&x171, &x172, x170, x135, x158);
371 var x173: u64 = undefined;
372 var x174: u1 = undefined;
373 addcarryxU64(&x173, &x174, x172, x137, x160);
374 var x175: u64 = undefined;
375 var x176: u1 = undefined;
376 addcarryxU64(&x175, &x176, x174, x139, x162);
377 var x177: u64 = undefined;
378 var x178: u1 = undefined;
379 addcarryxU64(&x177, &x178, x176, x141, x164);
380 var x179: u64 = undefined;
381 var x180: u1 = undefined;
382 addcarryxU64(&x179, &x180, x178, x143, x166);
383 var x181: u64 = undefined;
384 var x182: u1 = undefined;
385 addcarryxU64(&x181, &x182, x180, x145, x168);
386 var x183: u64 = undefined;
387 var x184: u64 = undefined;
388 mulxU64(&x183, &x184, x169, 0x6ed46089e88fdc45);
389 var x185: u64 = undefined;
390 var x186: u64 = undefined;
391 mulxU64(&x185, &x186, x183, 0xffffffffffffffff);
392 var x187: u64 = undefined;
393 var x188: u64 = undefined;
394 mulxU64(&x187, &x188, x183, 0xffffffffffffffff);
395 var x189: u64 = undefined;
396 var x190: u64 = undefined;
397 mulxU64(&x189, &x190, x183, 0xffffffffffffffff);
398 var x191: u64 = undefined;
399 var x192: u64 = undefined;
400 mulxU64(&x191, &x192, x183, 0xc7634d81f4372ddf);
401 var x193: u64 = undefined;
402 var x194: u64 = undefined;
403 mulxU64(&x193, &x194, x183, 0x581a0db248b0a77a);
404 var x195: u64 = undefined;
405 var x196: u64 = undefined;
406 mulxU64(&x195, &x196, x183, 0xecec196accc52973);
407 var x197: u64 = undefined;
408 var x198: u1 = undefined;
409 addcarryxU64(&x197, &x198, 0x0, x196, x193);
410 var x199: u64 = undefined;
411 var x200: u1 = undefined;
412 addcarryxU64(&x199, &x200, x198, x194, x191);
413 var x201: u64 = undefined;
414 var x202: u1 = undefined;
415 addcarryxU64(&x201, &x202, x200, x192, x189);
416 var x203: u64 = undefined;
417 var x204: u1 = undefined;
418 addcarryxU64(&x203, &x204, x202, x190, x187);
419 var x205: u64 = undefined;
420 var x206: u1 = undefined;
421 addcarryxU64(&x205, &x206, x204, x188, x185);
422 const x207 = (@as(u64, x206) + x186);
423 var x208: u64 = undefined;
424 var x209: u1 = undefined;
425 addcarryxU64(&x208, &x209, 0x0, x169, x195);
426 var x210: u64 = undefined;
427 var x211: u1 = undefined;
428 addcarryxU64(&x210, &x211, x209, x171, x197);
429 var x212: u64 = undefined;
430 var x213: u1 = undefined;
431 addcarryxU64(&x212, &x213, x211, x173, x199);
432 var x214: u64 = undefined;
433 var x215: u1 = undefined;
434 addcarryxU64(&x214, &x215, x213, x175, x201);
435 var x216: u64 = undefined;
436 var x217: u1 = undefined;
437 addcarryxU64(&x216, &x217, x215, x177, x203);
438 var x218: u64 = undefined;
439 var x219: u1 = undefined;
440 addcarryxU64(&x218, &x219, x217, x179, x205);
441 var x220: u64 = undefined;
442 var x221: u1 = undefined;
443 addcarryxU64(&x220, &x221, x219, x181, x207);
444 const x222 = (@as(u64, x221) + @as(u64, x182));
445 var x223: u64 = undefined;
446 var x224: u64 = undefined;
447 mulxU64(&x223, &x224, x3, (arg2[5]));
448 var x225: u64 = undefined;
449 var x226: u64 = undefined;
450 mulxU64(&x225, &x226, x3, (arg2[4]));
451 var x227: u64 = undefined;
452 var x228: u64 = undefined;
453 mulxU64(&x227, &x228, x3, (arg2[3]));
454 var x229: u64 = undefined;
455 var x230: u64 = undefined;
456 mulxU64(&x229, &x230, x3, (arg2[2]));
457 var x231: u64 = undefined;
458 var x232: u64 = undefined;
459 mulxU64(&x231, &x232, x3, (arg2[1]));
460 var x233: u64 = undefined;
461 var x234: u64 = undefined;
462 mulxU64(&x233, &x234, x3, (arg2[0]));
463 var x235: u64 = undefined;
464 var x236: u1 = undefined;
465 addcarryxU64(&x235, &x236, 0x0, x234, x231);
466 var x237: u64 = undefined;
467 var x238: u1 = undefined;
468 addcarryxU64(&x237, &x238, x236, x232, x229);
469 var x239: u64 = undefined;
470 var x240: u1 = undefined;
471 addcarryxU64(&x239, &x240, x238, x230, x227);
472 var x241: u64 = undefined;
473 var x242: u1 = undefined;
474 addcarryxU64(&x241, &x242, x240, x228, x225);
475 var x243: u64 = undefined;
476 var x244: u1 = undefined;
477 addcarryxU64(&x243, &x244, x242, x226, x223);
478 const x245 = (@as(u64, x244) + x224);
479 var x246: u64 = undefined;
480 var x247: u1 = undefined;
481 addcarryxU64(&x246, &x247, 0x0, x210, x233);
482 var x248: u64 = undefined;
483 var x249: u1 = undefined;
484 addcarryxU64(&x248, &x249, x247, x212, x235);
485 var x250: u64 = undefined;
486 var x251: u1 = undefined;
487 addcarryxU64(&x250, &x251, x249, x214, x237);
488 var x252: u64 = undefined;
489 var x253: u1 = undefined;
490 addcarryxU64(&x252, &x253, x251, x216, x239);
491 var x254: u64 = undefined;
492 var x255: u1 = undefined;
493 addcarryxU64(&x254, &x255, x253, x218, x241);
494 var x256: u64 = undefined;
495 var x257: u1 = undefined;
496 addcarryxU64(&x256, &x257, x255, x220, x243);
497 var x258: u64 = undefined;
498 var x259: u1 = undefined;
499 addcarryxU64(&x258, &x259, x257, x222, x245);
500 var x260: u64 = undefined;
501 var x261: u64 = undefined;
502 mulxU64(&x260, &x261, x246, 0x6ed46089e88fdc45);
503 var x262: u64 = undefined;
504 var x263: u64 = undefined;
505 mulxU64(&x262, &x263, x260, 0xffffffffffffffff);
506 var x264: u64 = undefined;
507 var x265: u64 = undefined;
508 mulxU64(&x264, &x265, x260, 0xffffffffffffffff);
509 var x266: u64 = undefined;
510 var x267: u64 = undefined;
511 mulxU64(&x266, &x267, x260, 0xffffffffffffffff);
512 var x268: u64 = undefined;
513 var x269: u64 = undefined;
514 mulxU64(&x268, &x269, x260, 0xc7634d81f4372ddf);
515 var x270: u64 = undefined;
516 var x271: u64 = undefined;
517 mulxU64(&x270, &x271, x260, 0x581a0db248b0a77a);
518 var x272: u64 = undefined;
519 var x273: u64 = undefined;
520 mulxU64(&x272, &x273, x260, 0xecec196accc52973);
521 var x274: u64 = undefined;
522 var x275: u1 = undefined;
523 addcarryxU64(&x274, &x275, 0x0, x273, x270);
524 var x276: u64 = undefined;
525 var x277: u1 = undefined;
526 addcarryxU64(&x276, &x277, x275, x271, x268);
527 var x278: u64 = undefined;
528 var x279: u1 = undefined;
529 addcarryxU64(&x278, &x279, x277, x269, x266);
530 var x280: u64 = undefined;
531 var x281: u1 = undefined;
532 addcarryxU64(&x280, &x281, x279, x267, x264);
533 var x282: u64 = undefined;
534 var x283: u1 = undefined;
535 addcarryxU64(&x282, &x283, x281, x265, x262);
536 const x284 = (@as(u64, x283) + x263);
537 var x285: u64 = undefined;
538 var x286: u1 = undefined;
539 addcarryxU64(&x285, &x286, 0x0, x246, x272);
540 var x287: u64 = undefined;
541 var x288: u1 = undefined;
542 addcarryxU64(&x287, &x288, x286, x248, x274);
543 var x289: u64 = undefined;
544 var x290: u1 = undefined;
545 addcarryxU64(&x289, &x290, x288, x250, x276);
546 var x291: u64 = undefined;
547 var x292: u1 = undefined;
548 addcarryxU64(&x291, &x292, x290, x252, x278);
549 var x293: u64 = undefined;
550 var x294: u1 = undefined;
551 addcarryxU64(&x293, &x294, x292, x254, x280);
552 var x295: u64 = undefined;
553 var x296: u1 = undefined;
554 addcarryxU64(&x295, &x296, x294, x256, x282);
555 var x297: u64 = undefined;
556 var x298: u1 = undefined;
557 addcarryxU64(&x297, &x298, x296, x258, x284);
558 const x299 = (@as(u64, x298) + @as(u64, x259));
559 var x300: u64 = undefined;
560 var x301: u64 = undefined;
561 mulxU64(&x300, &x301, x4, (arg2[5]));
562 var x302: u64 = undefined;
563 var x303: u64 = undefined;
564 mulxU64(&x302, &x303, x4, (arg2[4]));
565 var x304: u64 = undefined;
566 var x305: u64 = undefined;
567 mulxU64(&x304, &x305, x4, (arg2[3]));
568 var x306: u64 = undefined;
569 var x307: u64 = undefined;
570 mulxU64(&x306, &x307, x4, (arg2[2]));
571 var x308: u64 = undefined;
572 var x309: u64 = undefined;
573 mulxU64(&x308, &x309, x4, (arg2[1]));
574 var x310: u64 = undefined;
575 var x311: u64 = undefined;
576 mulxU64(&x310, &x311, x4, (arg2[0]));
577 var x312: u64 = undefined;
578 var x313: u1 = undefined;
579 addcarryxU64(&x312, &x313, 0x0, x311, x308);
580 var x314: u64 = undefined;
581 var x315: u1 = undefined;
582 addcarryxU64(&x314, &x315, x313, x309, x306);
583 var x316: u64 = undefined;
584 var x317: u1 = undefined;
585 addcarryxU64(&x316, &x317, x315, x307, x304);
586 var x318: u64 = undefined;
587 var x319: u1 = undefined;
588 addcarryxU64(&x318, &x319, x317, x305, x302);
589 var x320: u64 = undefined;
590 var x321: u1 = undefined;
591 addcarryxU64(&x320, &x321, x319, x303, x300);
592 const x322 = (@as(u64, x321) + x301);
593 var x323: u64 = undefined;
594 var x324: u1 = undefined;
595 addcarryxU64(&x323, &x324, 0x0, x287, x310);
596 var x325: u64 = undefined;
597 var x326: u1 = undefined;
598 addcarryxU64(&x325, &x326, x324, x289, x312);
599 var x327: u64 = undefined;
600 var x328: u1 = undefined;
601 addcarryxU64(&x327, &x328, x326, x291, x314);
602 var x329: u64 = undefined;
603 var x330: u1 = undefined;
604 addcarryxU64(&x329, &x330, x328, x293, x316);
605 var x331: u64 = undefined;
606 var x332: u1 = undefined;
607 addcarryxU64(&x331, &x332, x330, x295, x318);
608 var x333: u64 = undefined;
609 var x334: u1 = undefined;
610 addcarryxU64(&x333, &x334, x332, x297, x320);
611 var x335: u64 = undefined;
612 var x336: u1 = undefined;
613 addcarryxU64(&x335, &x336, x334, x299, x322);
614 var x337: u64 = undefined;
615 var x338: u64 = undefined;
616 mulxU64(&x337, &x338, x323, 0x6ed46089e88fdc45);
617 var x339: u64 = undefined;
618 var x340: u64 = undefined;
619 mulxU64(&x339, &x340, x337, 0xffffffffffffffff);
620 var x341: u64 = undefined;
621 var x342: u64 = undefined;
622 mulxU64(&x341, &x342, x337, 0xffffffffffffffff);
623 var x343: u64 = undefined;
624 var x344: u64 = undefined;
625 mulxU64(&x343, &x344, x337, 0xffffffffffffffff);
626 var x345: u64 = undefined;
627 var x346: u64 = undefined;
628 mulxU64(&x345, &x346, x337, 0xc7634d81f4372ddf);
629 var x347: u64 = undefined;
630 var x348: u64 = undefined;
631 mulxU64(&x347, &x348, x337, 0x581a0db248b0a77a);
632 var x349: u64 = undefined;
633 var x350: u64 = undefined;
634 mulxU64(&x349, &x350, x337, 0xecec196accc52973);
635 var x351: u64 = undefined;
636 var x352: u1 = undefined;
637 addcarryxU64(&x351, &x352, 0x0, x350, x347);
638 var x353: u64 = undefined;
639 var x354: u1 = undefined;
640 addcarryxU64(&x353, &x354, x352, x348, x345);
641 var x355: u64 = undefined;
642 var x356: u1 = undefined;
643 addcarryxU64(&x355, &x356, x354, x346, x343);
644 var x357: u64 = undefined;
645 var x358: u1 = undefined;
646 addcarryxU64(&x357, &x358, x356, x344, x341);
647 var x359: u64 = undefined;
648 var x360: u1 = undefined;
649 addcarryxU64(&x359, &x360, x358, x342, x339);
650 const x361 = (@as(u64, x360) + x340);
651 var x362: u64 = undefined;
652 var x363: u1 = undefined;
653 addcarryxU64(&x362, &x363, 0x0, x323, x349);
654 var x364: u64 = undefined;
655 var x365: u1 = undefined;
656 addcarryxU64(&x364, &x365, x363, x325, x351);
657 var x366: u64 = undefined;
658 var x367: u1 = undefined;
659 addcarryxU64(&x366, &x367, x365, x327, x353);
660 var x368: u64 = undefined;
661 var x369: u1 = undefined;
662 addcarryxU64(&x368, &x369, x367, x329, x355);
663 var x370: u64 = undefined;
664 var x371: u1 = undefined;
665 addcarryxU64(&x370, &x371, x369, x331, x357);
666 var x372: u64 = undefined;
667 var x373: u1 = undefined;
668 addcarryxU64(&x372, &x373, x371, x333, x359);
669 var x374: u64 = undefined;
670 var x375: u1 = undefined;
671 addcarryxU64(&x374, &x375, x373, x335, x361);
672 const x376 = (@as(u64, x375) + @as(u64, x336));
673 var x377: u64 = undefined;
674 var x378: u64 = undefined;
675 mulxU64(&x377, &x378, x5, (arg2[5]));
676 var x379: u64 = undefined;
677 var x380: u64 = undefined;
678 mulxU64(&x379, &x380, x5, (arg2[4]));
679 var x381: u64 = undefined;
680 var x382: u64 = undefined;
681 mulxU64(&x381, &x382, x5, (arg2[3]));
682 var x383: u64 = undefined;
683 var x384: u64 = undefined;
684 mulxU64(&x383, &x384, x5, (arg2[2]));
685 var x385: u64 = undefined;
686 var x386: u64 = undefined;
687 mulxU64(&x385, &x386, x5, (arg2[1]));
688 var x387: u64 = undefined;
689 var x388: u64 = undefined;
690 mulxU64(&x387, &x388, x5, (arg2[0]));
691 var x389: u64 = undefined;
692 var x390: u1 = undefined;
693 addcarryxU64(&x389, &x390, 0x0, x388, x385);
694 var x391: u64 = undefined;
695 var x392: u1 = undefined;
696 addcarryxU64(&x391, &x392, x390, x386, x383);
697 var x393: u64 = undefined;
698 var x394: u1 = undefined;
699 addcarryxU64(&x393, &x394, x392, x384, x381);
700 var x395: u64 = undefined;
701 var x396: u1 = undefined;
702 addcarryxU64(&x395, &x396, x394, x382, x379);
703 var x397: u64 = undefined;
704 var x398: u1 = undefined;
705 addcarryxU64(&x397, &x398, x396, x380, x377);
706 const x399 = (@as(u64, x398) + x378);
707 var x400: u64 = undefined;
708 var x401: u1 = undefined;
709 addcarryxU64(&x400, &x401, 0x0, x364, x387);
710 var x402: u64 = undefined;
711 var x403: u1 = undefined;
712 addcarryxU64(&x402, &x403, x401, x366, x389);
713 var x404: u64 = undefined;
714 var x405: u1 = undefined;
715 addcarryxU64(&x404, &x405, x403, x368, x391);
716 var x406: u64 = undefined;
717 var x407: u1 = undefined;
718 addcarryxU64(&x406, &x407, x405, x370, x393);
719 var x408: u64 = undefined;
720 var x409: u1 = undefined;
721 addcarryxU64(&x408, &x409, x407, x372, x395);
722 var x410: u64 = undefined;
723 var x411: u1 = undefined;
724 addcarryxU64(&x410, &x411, x409, x374, x397);
725 var x412: u64 = undefined;
726 var x413: u1 = undefined;
727 addcarryxU64(&x412, &x413, x411, x376, x399);
728 var x414: u64 = undefined;
729 var x415: u64 = undefined;
730 mulxU64(&x414, &x415, x400, 0x6ed46089e88fdc45);
731 var x416: u64 = undefined;
732 var x417: u64 = undefined;
733 mulxU64(&x416, &x417, x414, 0xffffffffffffffff);
734 var x418: u64 = undefined;
735 var x419: u64 = undefined;
736 mulxU64(&x418, &x419, x414, 0xffffffffffffffff);
737 var x420: u64 = undefined;
738 var x421: u64 = undefined;
739 mulxU64(&x420, &x421, x414, 0xffffffffffffffff);
740 var x422: u64 = undefined;
741 var x423: u64 = undefined;
742 mulxU64(&x422, &x423, x414, 0xc7634d81f4372ddf);
743 var x424: u64 = undefined;
744 var x425: u64 = undefined;
745 mulxU64(&x424, &x425, x414, 0x581a0db248b0a77a);
746 var x426: u64 = undefined;
747 var x427: u64 = undefined;
748 mulxU64(&x426, &x427, x414, 0xecec196accc52973);
749 var x428: u64 = undefined;
750 var x429: u1 = undefined;
751 addcarryxU64(&x428, &x429, 0x0, x427, x424);
752 var x430: u64 = undefined;
753 var x431: u1 = undefined;
754 addcarryxU64(&x430, &x431, x429, x425, x422);
755 var x432: u64 = undefined;
756 var x433: u1 = undefined;
757 addcarryxU64(&x432, &x433, x431, x423, x420);
758 var x434: u64 = undefined;
759 var x435: u1 = undefined;
760 addcarryxU64(&x434, &x435, x433, x421, x418);
761 var x436: u64 = undefined;
762 var x437: u1 = undefined;
763 addcarryxU64(&x436, &x437, x435, x419, x416);
764 const x438 = (@as(u64, x437) + x417);
765 var x439: u64 = undefined;
766 var x440: u1 = undefined;
767 addcarryxU64(&x439, &x440, 0x0, x400, x426);
768 var x441: u64 = undefined;
769 var x442: u1 = undefined;
770 addcarryxU64(&x441, &x442, x440, x402, x428);
771 var x443: u64 = undefined;
772 var x444: u1 = undefined;
773 addcarryxU64(&x443, &x444, x442, x404, x430);
774 var x445: u64 = undefined;
775 var x446: u1 = undefined;
776 addcarryxU64(&x445, &x446, x444, x406, x432);
777 var x447: u64 = undefined;
778 var x448: u1 = undefined;
779 addcarryxU64(&x447, &x448, x446, x408, x434);
780 var x449: u64 = undefined;
781 var x450: u1 = undefined;
782 addcarryxU64(&x449, &x450, x448, x410, x436);
783 var x451: u64 = undefined;
784 var x452: u1 = undefined;
785 addcarryxU64(&x451, &x452, x450, x412, x438);
786 const x453 = (@as(u64, x452) + @as(u64, x413));
787 var x454: u64 = undefined;
788 var x455: u1 = undefined;
789 subborrowxU64(&x454, &x455, 0x0, x441, 0xecec196accc52973);
790 var x456: u64 = undefined;
791 var x457: u1 = undefined;
792 subborrowxU64(&x456, &x457, x455, x443, 0x581a0db248b0a77a);
793 var x458: u64 = undefined;
794 var x459: u1 = undefined;
795 subborrowxU64(&x458, &x459, x457, x445, 0xc7634d81f4372ddf);
796 var x460: u64 = undefined;
797 var x461: u1 = undefined;
798 subborrowxU64(&x460, &x461, x459, x447, 0xffffffffffffffff);
799 var x462: u64 = undefined;
800 var x463: u1 = undefined;
801 subborrowxU64(&x462, &x463, x461, x449, 0xffffffffffffffff);
802 var x464: u64 = undefined;
803 var x465: u1 = undefined;
804 subborrowxU64(&x464, &x465, x463, x451, 0xffffffffffffffff);
805 var x466: u64 = undefined;
806 var x467: u1 = undefined;
807 subborrowxU64(&x466, &x467, x465, x453, 0x0);
808 var x468: u64 = undefined;
809 cmovznzU64(&x468, x467, x454, x441);
810 var x469: u64 = undefined;
811 cmovznzU64(&x469, x467, x456, x443);
812 var x470: u64 = undefined;
813 cmovznzU64(&x470, x467, x458, x445);
814 var x471: u64 = undefined;
815 cmovznzU64(&x471, x467, x460, x447);
816 var x472: u64 = undefined;
817 cmovznzU64(&x472, x467, x462, x449);
818 var x473: u64 = undefined;
819 cmovznzU64(&x473, x467, x464, x451);
820 out1[0] = x468;
821 out1[1] = x469;
822 out1[2] = x470;
823 out1[3] = x471;
824 out1[4] = x472;
825 out1[5] = x473;
826}
827
828/// The function square squares a field element in the Montgomery domain.
829///
830/// Preconditions:
831/// 0 ≤ eval arg1 < m
832/// Postconditions:
833/// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg1)) mod m
834/// 0 ≤ eval out1 < m
835///
836pub fn square(out1: *MontgomeryDomainFieldElement, arg1: MontgomeryDomainFieldElement) void {
837 @setRuntimeSafety(mode == .Debug);
838
839 const x1 = (arg1[1]);
840 const x2 = (arg1[2]);
841 const x3 = (arg1[3]);
842 const x4 = (arg1[4]);
843 const x5 = (arg1[5]);
844 const x6 = (arg1[0]);
845 var x7: u64 = undefined;
846 var x8: u64 = undefined;
847 mulxU64(&x7, &x8, x6, (arg1[5]));
848 var x9: u64 = undefined;
849 var x10: u64 = undefined;
850 mulxU64(&x9, &x10, x6, (arg1[4]));
851 var x11: u64 = undefined;
852 var x12: u64 = undefined;
853 mulxU64(&x11, &x12, x6, (arg1[3]));
854 var x13: u64 = undefined;
855 var x14: u64 = undefined;
856 mulxU64(&x13, &x14, x6, (arg1[2]));
857 var x15: u64 = undefined;
858 var x16: u64 = undefined;
859 mulxU64(&x15, &x16, x6, (arg1[1]));
860 var x17: u64 = undefined;
861 var x18: u64 = undefined;
862 mulxU64(&x17, &x18, x6, (arg1[0]));
863 var x19: u64 = undefined;
864 var x20: u1 = undefined;
865 addcarryxU64(&x19, &x20, 0x0, x18, x15);
866 var x21: u64 = undefined;
867 var x22: u1 = undefined;
868 addcarryxU64(&x21, &x22, x20, x16, x13);
869 var x23: u64 = undefined;
870 var x24: u1 = undefined;
871 addcarryxU64(&x23, &x24, x22, x14, x11);
872 var x25: u64 = undefined;
873 var x26: u1 = undefined;
874 addcarryxU64(&x25, &x26, x24, x12, x9);
875 var x27: u64 = undefined;
876 var x28: u1 = undefined;
877 addcarryxU64(&x27, &x28, x26, x10, x7);
878 const x29 = (@as(u64, x28) + x8);
879 var x30: u64 = undefined;
880 var x31: u64 = undefined;
881 mulxU64(&x30, &x31, x17, 0x6ed46089e88fdc45);
882 var x32: u64 = undefined;
883 var x33: u64 = undefined;
884 mulxU64(&x32, &x33, x30, 0xffffffffffffffff);
885 var x34: u64 = undefined;
886 var x35: u64 = undefined;
887 mulxU64(&x34, &x35, x30, 0xffffffffffffffff);
888 var x36: u64 = undefined;
889 var x37: u64 = undefined;
890 mulxU64(&x36, &x37, x30, 0xffffffffffffffff);
891 var x38: u64 = undefined;
892 var x39: u64 = undefined;
893 mulxU64(&x38, &x39, x30, 0xc7634d81f4372ddf);
894 var x40: u64 = undefined;
895 var x41: u64 = undefined;
896 mulxU64(&x40, &x41, x30, 0x581a0db248b0a77a);
897 var x42: u64 = undefined;
898 var x43: u64 = undefined;
899 mulxU64(&x42, &x43, x30, 0xecec196accc52973);
900 var x44: u64 = undefined;
901 var x45: u1 = undefined;
902 addcarryxU64(&x44, &x45, 0x0, x43, x40);
903 var x46: u64 = undefined;
904 var x47: u1 = undefined;
905 addcarryxU64(&x46, &x47, x45, x41, x38);
906 var x48: u64 = undefined;
907 var x49: u1 = undefined;
908 addcarryxU64(&x48, &x49, x47, x39, x36);
909 var x50: u64 = undefined;
910 var x51: u1 = undefined;
911 addcarryxU64(&x50, &x51, x49, x37, x34);
912 var x52: u64 = undefined;
913 var x53: u1 = undefined;
914 addcarryxU64(&x52, &x53, x51, x35, x32);
915 const x54 = (@as(u64, x53) + x33);
916 var x55: u64 = undefined;
917 var x56: u1 = undefined;
918 addcarryxU64(&x55, &x56, 0x0, x17, x42);
919 var x57: u64 = undefined;
920 var x58: u1 = undefined;
921 addcarryxU64(&x57, &x58, x56, x19, x44);
922 var x59: u64 = undefined;
923 var x60: u1 = undefined;
924 addcarryxU64(&x59, &x60, x58, x21, x46);
925 var x61: u64 = undefined;
926 var x62: u1 = undefined;
927 addcarryxU64(&x61, &x62, x60, x23, x48);
928 var x63: u64 = undefined;
929 var x64: u1 = undefined;
930 addcarryxU64(&x63, &x64, x62, x25, x50);
931 var x65: u64 = undefined;
932 var x66: u1 = undefined;
933 addcarryxU64(&x65, &x66, x64, x27, x52);
934 var x67: u64 = undefined;
935 var x68: u1 = undefined;
936 addcarryxU64(&x67, &x68, x66, x29, x54);
937 var x69: u64 = undefined;
938 var x70: u64 = undefined;
939 mulxU64(&x69, &x70, x1, (arg1[5]));
940 var x71: u64 = undefined;
941 var x72: u64 = undefined;
942 mulxU64(&x71, &x72, x1, (arg1[4]));
943 var x73: u64 = undefined;
944 var x74: u64 = undefined;
945 mulxU64(&x73, &x74, x1, (arg1[3]));
946 var x75: u64 = undefined;
947 var x76: u64 = undefined;
948 mulxU64(&x75, &x76, x1, (arg1[2]));
949 var x77: u64 = undefined;
950 var x78: u64 = undefined;
951 mulxU64(&x77, &x78, x1, (arg1[1]));
952 var x79: u64 = undefined;
953 var x80: u64 = undefined;
954 mulxU64(&x79, &x80, x1, (arg1[0]));
955 var x81: u64 = undefined;
956 var x82: u1 = undefined;
957 addcarryxU64(&x81, &x82, 0x0, x80, x77);
958 var x83: u64 = undefined;
959 var x84: u1 = undefined;
960 addcarryxU64(&x83, &x84, x82, x78, x75);
961 var x85: u64 = undefined;
962 var x86: u1 = undefined;
963 addcarryxU64(&x85, &x86, x84, x76, x73);
964 var x87: u64 = undefined;
965 var x88: u1 = undefined;
966 addcarryxU64(&x87, &x88, x86, x74, x71);
967 var x89: u64 = undefined;
968 var x90: u1 = undefined;
969 addcarryxU64(&x89, &x90, x88, x72, x69);
970 const x91 = (@as(u64, x90) + x70);
971 var x92: u64 = undefined;
972 var x93: u1 = undefined;
973 addcarryxU64(&x92, &x93, 0x0, x57, x79);
974 var x94: u64 = undefined;
975 var x95: u1 = undefined;
976 addcarryxU64(&x94, &x95, x93, x59, x81);
977 var x96: u64 = undefined;
978 var x97: u1 = undefined;
979 addcarryxU64(&x96, &x97, x95, x61, x83);
980 var x98: u64 = undefined;
981 var x99: u1 = undefined;
982 addcarryxU64(&x98, &x99, x97, x63, x85);
983 var x100: u64 = undefined;
984 var x101: u1 = undefined;
985 addcarryxU64(&x100, &x101, x99, x65, x87);
986 var x102: u64 = undefined;
987 var x103: u1 = undefined;
988 addcarryxU64(&x102, &x103, x101, x67, x89);
989 var x104: u64 = undefined;
990 var x105: u1 = undefined;
991 addcarryxU64(&x104, &x105, x103, @as(u64, x68), x91);
992 var x106: u64 = undefined;
993 var x107: u64 = undefined;
994 mulxU64(&x106, &x107, x92, 0x6ed46089e88fdc45);
995 var x108: u64 = undefined;
996 var x109: u64 = undefined;
997 mulxU64(&x108, &x109, x106, 0xffffffffffffffff);
998 var x110: u64 = undefined;
999 var x111: u64 = undefined;
1000 mulxU64(&x110, &x111, x106, 0xffffffffffffffff);
1001 var x112: u64 = undefined;
1002 var x113: u64 = undefined;
1003 mulxU64(&x112, &x113, x106, 0xffffffffffffffff);
1004 var x114: u64 = undefined;
1005 var x115: u64 = undefined;
1006 mulxU64(&x114, &x115, x106, 0xc7634d81f4372ddf);
1007 var x116: u64 = undefined;
1008 var x117: u64 = undefined;
1009 mulxU64(&x116, &x117, x106, 0x581a0db248b0a77a);
1010 var x118: u64 = undefined;
1011 var x119: u64 = undefined;
1012 mulxU64(&x118, &x119, x106, 0xecec196accc52973);
1013 var x120: u64 = undefined;
1014 var x121: u1 = undefined;
1015 addcarryxU64(&x120, &x121, 0x0, x119, x116);
1016 var x122: u64 = undefined;
1017 var x123: u1 = undefined;
1018 addcarryxU64(&x122, &x123, x121, x117, x114);
1019 var x124: u64 = undefined;
1020 var x125: u1 = undefined;
1021 addcarryxU64(&x124, &x125, x123, x115, x112);
1022 var x126: u64 = undefined;
1023 var x127: u1 = undefined;
1024 addcarryxU64(&x126, &x127, x125, x113, x110);
1025 var x128: u64 = undefined;
1026 var x129: u1 = undefined;
1027 addcarryxU64(&x128, &x129, x127, x111, x108);
1028 const x130 = (@as(u64, x129) + x109);
1029 var x131: u64 = undefined;
1030 var x132: u1 = undefined;
1031 addcarryxU64(&x131, &x132, 0x0, x92, x118);
1032 var x133: u64 = undefined;
1033 var x134: u1 = undefined;
1034 addcarryxU64(&x133, &x134, x132, x94, x120);
1035 var x135: u64 = undefined;
1036 var x136: u1 = undefined;
1037 addcarryxU64(&x135, &x136, x134, x96, x122);
1038 var x137: u64 = undefined;
1039 var x138: u1 = undefined;
1040 addcarryxU64(&x137, &x138, x136, x98, x124);
1041 var x139: u64 = undefined;
1042 var x140: u1 = undefined;
1043 addcarryxU64(&x139, &x140, x138, x100, x126);
1044 var x141: u64 = undefined;
1045 var x142: u1 = undefined;
1046 addcarryxU64(&x141, &x142, x140, x102, x128);
1047 var x143: u64 = undefined;
1048 var x144: u1 = undefined;
1049 addcarryxU64(&x143, &x144, x142, x104, x130);
1050 const x145 = (@as(u64, x144) + @as(u64, x105));
1051 var x146: u64 = undefined;
1052 var x147: u64 = undefined;
1053 mulxU64(&x146, &x147, x2, (arg1[5]));
1054 var x148: u64 = undefined;
1055 var x149: u64 = undefined;
1056 mulxU64(&x148, &x149, x2, (arg1[4]));
1057 var x150: u64 = undefined;
1058 var x151: u64 = undefined;
1059 mulxU64(&x150, &x151, x2, (arg1[3]));
1060 var x152: u64 = undefined;
1061 var x153: u64 = undefined;
1062 mulxU64(&x152, &x153, x2, (arg1[2]));
1063 var x154: u64 = undefined;
1064 var x155: u64 = undefined;
1065 mulxU64(&x154, &x155, x2, (arg1[1]));
1066 var x156: u64 = undefined;
1067 var x157: u64 = undefined;
1068 mulxU64(&x156, &x157, x2, (arg1[0]));
1069 var x158: u64 = undefined;
1070 var x159: u1 = undefined;
1071 addcarryxU64(&x158, &x159, 0x0, x157, x154);
1072 var x160: u64 = undefined;
1073 var x161: u1 = undefined;
1074 addcarryxU64(&x160, &x161, x159, x155, x152);
1075 var x162: u64 = undefined;
1076 var x163: u1 = undefined;
1077 addcarryxU64(&x162, &x163, x161, x153, x150);
1078 var x164: u64 = undefined;
1079 var x165: u1 = undefined;
1080 addcarryxU64(&x164, &x165, x163, x151, x148);
1081 var x166: u64 = undefined;
1082 var x167: u1 = undefined;
1083 addcarryxU64(&x166, &x167, x165, x149, x146);
1084 const x168 = (@as(u64, x167) + x147);
1085 var x169: u64 = undefined;
1086 var x170: u1 = undefined;
1087 addcarryxU64(&x169, &x170, 0x0, x133, x156);
1088 var x171: u64 = undefined;
1089 var x172: u1 = undefined;
1090 addcarryxU64(&x171, &x172, x170, x135, x158);
1091 var x173: u64 = undefined;
1092 var x174: u1 = undefined;
1093 addcarryxU64(&x173, &x174, x172, x137, x160);
1094 var x175: u64 = undefined;
1095 var x176: u1 = undefined;
1096 addcarryxU64(&x175, &x176, x174, x139, x162);
1097 var x177: u64 = undefined;
1098 var x178: u1 = undefined;
1099 addcarryxU64(&x177, &x178, x176, x141, x164);
1100 var x179: u64 = undefined;
1101 var x180: u1 = undefined;
1102 addcarryxU64(&x179, &x180, x178, x143, x166);
1103 var x181: u64 = undefined;
1104 var x182: u1 = undefined;
1105 addcarryxU64(&x181, &x182, x180, x145, x168);
1106 var x183: u64 = undefined;
1107 var x184: u64 = undefined;
1108 mulxU64(&x183, &x184, x169, 0x6ed46089e88fdc45);
1109 var x185: u64 = undefined;
1110 var x186: u64 = undefined;
1111 mulxU64(&x185, &x186, x183, 0xffffffffffffffff);
1112 var x187: u64 = undefined;
1113 var x188: u64 = undefined;
1114 mulxU64(&x187, &x188, x183, 0xffffffffffffffff);
1115 var x189: u64 = undefined;
1116 var x190: u64 = undefined;
1117 mulxU64(&x189, &x190, x183, 0xffffffffffffffff);
1118 var x191: u64 = undefined;
1119 var x192: u64 = undefined;
1120 mulxU64(&x191, &x192, x183, 0xc7634d81f4372ddf);
1121 var x193: u64 = undefined;
1122 var x194: u64 = undefined;
1123 mulxU64(&x193, &x194, x183, 0x581a0db248b0a77a);
1124 var x195: u64 = undefined;
1125 var x196: u64 = undefined;
1126 mulxU64(&x195, &x196, x183, 0xecec196accc52973);
1127 var x197: u64 = undefined;
1128 var x198: u1 = undefined;
1129 addcarryxU64(&x197, &x198, 0x0, x196, x193);
1130 var x199: u64 = undefined;
1131 var x200: u1 = undefined;
1132 addcarryxU64(&x199, &x200, x198, x194, x191);
1133 var x201: u64 = undefined;
1134 var x202: u1 = undefined;
1135 addcarryxU64(&x201, &x202, x200, x192, x189);
1136 var x203: u64 = undefined;
1137 var x204: u1 = undefined;
1138 addcarryxU64(&x203, &x204, x202, x190, x187);
1139 var x205: u64 = undefined;
1140 var x206: u1 = undefined;
1141 addcarryxU64(&x205, &x206, x204, x188, x185);
1142 const x207 = (@as(u64, x206) + x186);
1143 var x208: u64 = undefined;
1144 var x209: u1 = undefined;
1145 addcarryxU64(&x208, &x209, 0x0, x169, x195);
1146 var x210: u64 = undefined;
1147 var x211: u1 = undefined;
1148 addcarryxU64(&x210, &x211, x209, x171, x197);
1149 var x212: u64 = undefined;
1150 var x213: u1 = undefined;
1151 addcarryxU64(&x212, &x213, x211, x173, x199);
1152 var x214: u64 = undefined;
1153 var x215: u1 = undefined;
1154 addcarryxU64(&x214, &x215, x213, x175, x201);
1155 var x216: u64 = undefined;
1156 var x217: u1 = undefined;
1157 addcarryxU64(&x216, &x217, x215, x177, x203);
1158 var x218: u64 = undefined;
1159 var x219: u1 = undefined;
1160 addcarryxU64(&x218, &x219, x217, x179, x205);
1161 var x220: u64 = undefined;
1162 var x221: u1 = undefined;
1163 addcarryxU64(&x220, &x221, x219, x181, x207);
1164 const x222 = (@as(u64, x221) + @as(u64, x182));
1165 var x223: u64 = undefined;
1166 var x224: u64 = undefined;
1167 mulxU64(&x223, &x224, x3, (arg1[5]));
1168 var x225: u64 = undefined;
1169 var x226: u64 = undefined;
1170 mulxU64(&x225, &x226, x3, (arg1[4]));
1171 var x227: u64 = undefined;
1172 var x228: u64 = undefined;
1173 mulxU64(&x227, &x228, x3, (arg1[3]));
1174 var x229: u64 = undefined;
1175 var x230: u64 = undefined;
1176 mulxU64(&x229, &x230, x3, (arg1[2]));
1177 var x231: u64 = undefined;
1178 var x232: u64 = undefined;
1179 mulxU64(&x231, &x232, x3, (arg1[1]));
1180 var x233: u64 = undefined;
1181 var x234: u64 = undefined;
1182 mulxU64(&x233, &x234, x3, (arg1[0]));
1183 var x235: u64 = undefined;
1184 var x236: u1 = undefined;
1185 addcarryxU64(&x235, &x236, 0x0, x234, x231);
1186 var x237: u64 = undefined;
1187 var x238: u1 = undefined;
1188 addcarryxU64(&x237, &x238, x236, x232, x229);
1189 var x239: u64 = undefined;
1190 var x240: u1 = undefined;
1191 addcarryxU64(&x239, &x240, x238, x230, x227);
1192 var x241: u64 = undefined;
1193 var x242: u1 = undefined;
1194 addcarryxU64(&x241, &x242, x240, x228, x225);
1195 var x243: u64 = undefined;
1196 var x244: u1 = undefined;
1197 addcarryxU64(&x243, &x244, x242, x226, x223);
1198 const x245 = (@as(u64, x244) + x224);
1199 var x246: u64 = undefined;
1200 var x247: u1 = undefined;
1201 addcarryxU64(&x246, &x247, 0x0, x210, x233);
1202 var x248: u64 = undefined;
1203 var x249: u1 = undefined;
1204 addcarryxU64(&x248, &x249, x247, x212, x235);
1205 var x250: u64 = undefined;
1206 var x251: u1 = undefined;
1207 addcarryxU64(&x250, &x251, x249, x214, x237);
1208 var x252: u64 = undefined;
1209 var x253: u1 = undefined;
1210 addcarryxU64(&x252, &x253, x251, x216, x239);
1211 var x254: u64 = undefined;
1212 var x255: u1 = undefined;
1213 addcarryxU64(&x254, &x255, x253, x218, x241);
1214 var x256: u64 = undefined;
1215 var x257: u1 = undefined;
1216 addcarryxU64(&x256, &x257, x255, x220, x243);
1217 var x258: u64 = undefined;
1218 var x259: u1 = undefined;
1219 addcarryxU64(&x258, &x259, x257, x222, x245);
1220 var x260: u64 = undefined;
1221 var x261: u64 = undefined;
1222 mulxU64(&x260, &x261, x246, 0x6ed46089e88fdc45);
1223 var x262: u64 = undefined;
1224 var x263: u64 = undefined;
1225 mulxU64(&x262, &x263, x260, 0xffffffffffffffff);
1226 var x264: u64 = undefined;
1227 var x265: u64 = undefined;
1228 mulxU64(&x264, &x265, x260, 0xffffffffffffffff);
1229 var x266: u64 = undefined;
1230 var x267: u64 = undefined;
1231 mulxU64(&x266, &x267, x260, 0xffffffffffffffff);
1232 var x268: u64 = undefined;
1233 var x269: u64 = undefined;
1234 mulxU64(&x268, &x269, x260, 0xc7634d81f4372ddf);
1235 var x270: u64 = undefined;
1236 var x271: u64 = undefined;
1237 mulxU64(&x270, &x271, x260, 0x581a0db248b0a77a);
1238 var x272: u64 = undefined;
1239 var x273: u64 = undefined;
1240 mulxU64(&x272, &x273, x260, 0xecec196accc52973);
1241 var x274: u64 = undefined;
1242 var x275: u1 = undefined;
1243 addcarryxU64(&x274, &x275, 0x0, x273, x270);
1244 var x276: u64 = undefined;
1245 var x277: u1 = undefined;
1246 addcarryxU64(&x276, &x277, x275, x271, x268);
1247 var x278: u64 = undefined;
1248 var x279: u1 = undefined;
1249 addcarryxU64(&x278, &x279, x277, x269, x266);
1250 var x280: u64 = undefined;
1251 var x281: u1 = undefined;
1252 addcarryxU64(&x280, &x281, x279, x267, x264);
1253 var x282: u64 = undefined;
1254 var x283: u1 = undefined;
1255 addcarryxU64(&x282, &x283, x281, x265, x262);
1256 const x284 = (@as(u64, x283) + x263);
1257 var x285: u64 = undefined;
1258 var x286: u1 = undefined;
1259 addcarryxU64(&x285, &x286, 0x0, x246, x272);
1260 var x287: u64 = undefined;
1261 var x288: u1 = undefined;
1262 addcarryxU64(&x287, &x288, x286, x248, x274);
1263 var x289: u64 = undefined;
1264 var x290: u1 = undefined;
1265 addcarryxU64(&x289, &x290, x288, x250, x276);
1266 var x291: u64 = undefined;
1267 var x292: u1 = undefined;
1268 addcarryxU64(&x291, &x292, x290, x252, x278);
1269 var x293: u64 = undefined;
1270 var x294: u1 = undefined;
1271 addcarryxU64(&x293, &x294, x292, x254, x280);
1272 var x295: u64 = undefined;
1273 var x296: u1 = undefined;
1274 addcarryxU64(&x295, &x296, x294, x256, x282);
1275 var x297: u64 = undefined;
1276 var x298: u1 = undefined;
1277 addcarryxU64(&x297, &x298, x296, x258, x284);
1278 const x299 = (@as(u64, x298) + @as(u64, x259));
1279 var x300: u64 = undefined;
1280 var x301: u64 = undefined;
1281 mulxU64(&x300, &x301, x4, (arg1[5]));
1282 var x302: u64 = undefined;
1283 var x303: u64 = undefined;
1284 mulxU64(&x302, &x303, x4, (arg1[4]));
1285 var x304: u64 = undefined;
1286 var x305: u64 = undefined;
1287 mulxU64(&x304, &x305, x4, (arg1[3]));
1288 var x306: u64 = undefined;
1289 var x307: u64 = undefined;
1290 mulxU64(&x306, &x307, x4, (arg1[2]));
1291 var x308: u64 = undefined;
1292 var x309: u64 = undefined;
1293 mulxU64(&x308, &x309, x4, (arg1[1]));
1294 var x310: u64 = undefined;
1295 var x311: u64 = undefined;
1296 mulxU64(&x310, &x311, x4, (arg1[0]));
1297 var x312: u64 = undefined;
1298 var x313: u1 = undefined;
1299 addcarryxU64(&x312, &x313, 0x0, x311, x308);
1300 var x314: u64 = undefined;
1301 var x315: u1 = undefined;
1302 addcarryxU64(&x314, &x315, x313, x309, x306);
1303 var x316: u64 = undefined;
1304 var x317: u1 = undefined;
1305 addcarryxU64(&x316, &x317, x315, x307, x304);
1306 var x318: u64 = undefined;
1307 var x319: u1 = undefined;
1308 addcarryxU64(&x318, &x319, x317, x305, x302);
1309 var x320: u64 = undefined;
1310 var x321: u1 = undefined;
1311 addcarryxU64(&x320, &x321, x319, x303, x300);
1312 const x322 = (@as(u64, x321) + x301);
1313 var x323: u64 = undefined;
1314 var x324: u1 = undefined;
1315 addcarryxU64(&x323, &x324, 0x0, x287, x310);
1316 var x325: u64 = undefined;
1317 var x326: u1 = undefined;
1318 addcarryxU64(&x325, &x326, x324, x289, x312);
1319 var x327: u64 = undefined;
1320 var x328: u1 = undefined;
1321 addcarryxU64(&x327, &x328, x326, x291, x314);
1322 var x329: u64 = undefined;
1323 var x330: u1 = undefined;
1324 addcarryxU64(&x329, &x330, x328, x293, x316);
1325 var x331: u64 = undefined;
1326 var x332: u1 = undefined;
1327 addcarryxU64(&x331, &x332, x330, x295, x318);
1328 var x333: u64 = undefined;
1329 var x334: u1 = undefined;
1330 addcarryxU64(&x333, &x334, x332, x297, x320);
1331 var x335: u64 = undefined;
1332 var x336: u1 = undefined;
1333 addcarryxU64(&x335, &x336, x334, x299, x322);
1334 var x337: u64 = undefined;
1335 var x338: u64 = undefined;
1336 mulxU64(&x337, &x338, x323, 0x6ed46089e88fdc45);
1337 var x339: u64 = undefined;
1338 var x340: u64 = undefined;
1339 mulxU64(&x339, &x340, x337, 0xffffffffffffffff);
1340 var x341: u64 = undefined;
1341 var x342: u64 = undefined;
1342 mulxU64(&x341, &x342, x337, 0xffffffffffffffff);
1343 var x343: u64 = undefined;
1344 var x344: u64 = undefined;
1345 mulxU64(&x343, &x344, x337, 0xffffffffffffffff);
1346 var x345: u64 = undefined;
1347 var x346: u64 = undefined;
1348 mulxU64(&x345, &x346, x337, 0xc7634d81f4372ddf);
1349 var x347: u64 = undefined;
1350 var x348: u64 = undefined;
1351 mulxU64(&x347, &x348, x337, 0x581a0db248b0a77a);
1352 var x349: u64 = undefined;
1353 var x350: u64 = undefined;
1354 mulxU64(&x349, &x350, x337, 0xecec196accc52973);
1355 var x351: u64 = undefined;
1356 var x352: u1 = undefined;
1357 addcarryxU64(&x351, &x352, 0x0, x350, x347);
1358 var x353: u64 = undefined;
1359 var x354: u1 = undefined;
1360 addcarryxU64(&x353, &x354, x352, x348, x345);
1361 var x355: u64 = undefined;
1362 var x356: u1 = undefined;
1363 addcarryxU64(&x355, &x356, x354, x346, x343);
1364 var x357: u64 = undefined;
1365 var x358: u1 = undefined;
1366 addcarryxU64(&x357, &x358, x356, x344, x341);
1367 var x359: u64 = undefined;
1368 var x360: u1 = undefined;
1369 addcarryxU64(&x359, &x360, x358, x342, x339);
1370 const x361 = (@as(u64, x360) + x340);
1371 var x362: u64 = undefined;
1372 var x363: u1 = undefined;
1373 addcarryxU64(&x362, &x363, 0x0, x323, x349);
1374 var x364: u64 = undefined;
1375 var x365: u1 = undefined;
1376 addcarryxU64(&x364, &x365, x363, x325, x351);
1377 var x366: u64 = undefined;
1378 var x367: u1 = undefined;
1379 addcarryxU64(&x366, &x367, x365, x327, x353);
1380 var x368: u64 = undefined;
1381 var x369: u1 = undefined;
1382 addcarryxU64(&x368, &x369, x367, x329, x355);
1383 var x370: u64 = undefined;
1384 var x371: u1 = undefined;
1385 addcarryxU64(&x370, &x371, x369, x331, x357);
1386 var x372: u64 = undefined;
1387 var x373: u1 = undefined;
1388 addcarryxU64(&x372, &x373, x371, x333, x359);
1389 var x374: u64 = undefined;
1390 var x375: u1 = undefined;
1391 addcarryxU64(&x374, &x375, x373, x335, x361);
1392 const x376 = (@as(u64, x375) + @as(u64, x336));
1393 var x377: u64 = undefined;
1394 var x378: u64 = undefined;
1395 mulxU64(&x377, &x378, x5, (arg1[5]));
1396 var x379: u64 = undefined;
1397 var x380: u64 = undefined;
1398 mulxU64(&x379, &x380, x5, (arg1[4]));
1399 var x381: u64 = undefined;
1400 var x382: u64 = undefined;
1401 mulxU64(&x381, &x382, x5, (arg1[3]));
1402 var x383: u64 = undefined;
1403 var x384: u64 = undefined;
1404 mulxU64(&x383, &x384, x5, (arg1[2]));
1405 var x385: u64 = undefined;
1406 var x386: u64 = undefined;
1407 mulxU64(&x385, &x386, x5, (arg1[1]));
1408 var x387: u64 = undefined;
1409 var x388: u64 = undefined;
1410 mulxU64(&x387, &x388, x5, (arg1[0]));
1411 var x389: u64 = undefined;
1412 var x390: u1 = undefined;
1413 addcarryxU64(&x389, &x390, 0x0, x388, x385);
1414 var x391: u64 = undefined;
1415 var x392: u1 = undefined;
1416 addcarryxU64(&x391, &x392, x390, x386, x383);
1417 var x393: u64 = undefined;
1418 var x394: u1 = undefined;
1419 addcarryxU64(&x393, &x394, x392, x384, x381);
1420 var x395: u64 = undefined;
1421 var x396: u1 = undefined;
1422 addcarryxU64(&x395, &x396, x394, x382, x379);
1423 var x397: u64 = undefined;
1424 var x398: u1 = undefined;
1425 addcarryxU64(&x397, &x398, x396, x380, x377);
1426 const x399 = (@as(u64, x398) + x378);
1427 var x400: u64 = undefined;
1428 var x401: u1 = undefined;
1429 addcarryxU64(&x400, &x401, 0x0, x364, x387);
1430 var x402: u64 = undefined;
1431 var x403: u1 = undefined;
1432 addcarryxU64(&x402, &x403, x401, x366, x389);
1433 var x404: u64 = undefined;
1434 var x405: u1 = undefined;
1435 addcarryxU64(&x404, &x405, x403, x368, x391);
1436 var x406: u64 = undefined;
1437 var x407: u1 = undefined;
1438 addcarryxU64(&x406, &x407, x405, x370, x393);
1439 var x408: u64 = undefined;
1440 var x409: u1 = undefined;
1441 addcarryxU64(&x408, &x409, x407, x372, x395);
1442 var x410: u64 = undefined;
1443 var x411: u1 = undefined;
1444 addcarryxU64(&x410, &x411, x409, x374, x397);
1445 var x412: u64 = undefined;
1446 var x413: u1 = undefined;
1447 addcarryxU64(&x412, &x413, x411, x376, x399);
1448 var x414: u64 = undefined;
1449 var x415: u64 = undefined;
1450 mulxU64(&x414, &x415, x400, 0x6ed46089e88fdc45);
1451 var x416: u64 = undefined;
1452 var x417: u64 = undefined;
1453 mulxU64(&x416, &x417, x414, 0xffffffffffffffff);
1454 var x418: u64 = undefined;
1455 var x419: u64 = undefined;
1456 mulxU64(&x418, &x419, x414, 0xffffffffffffffff);
1457 var x420: u64 = undefined;
1458 var x421: u64 = undefined;
1459 mulxU64(&x420, &x421, x414, 0xffffffffffffffff);
1460 var x422: u64 = undefined;
1461 var x423: u64 = undefined;
1462 mulxU64(&x422, &x423, x414, 0xc7634d81f4372ddf);
1463 var x424: u64 = undefined;
1464 var x425: u64 = undefined;
1465 mulxU64(&x424, &x425, x414, 0x581a0db248b0a77a);
1466 var x426: u64 = undefined;
1467 var x427: u64 = undefined;
1468 mulxU64(&x426, &x427, x414, 0xecec196accc52973);
1469 var x428: u64 = undefined;
1470 var x429: u1 = undefined;
1471 addcarryxU64(&x428, &x429, 0x0, x427, x424);
1472 var x430: u64 = undefined;
1473 var x431: u1 = undefined;
1474 addcarryxU64(&x430, &x431, x429, x425, x422);
1475 var x432: u64 = undefined;
1476 var x433: u1 = undefined;
1477 addcarryxU64(&x432, &x433, x431, x423, x420);
1478 var x434: u64 = undefined;
1479 var x435: u1 = undefined;
1480 addcarryxU64(&x434, &x435, x433, x421, x418);
1481 var x436: u64 = undefined;
1482 var x437: u1 = undefined;
1483 addcarryxU64(&x436, &x437, x435, x419, x416);
1484 const x438 = (@as(u64, x437) + x417);
1485 var x439: u64 = undefined;
1486 var x440: u1 = undefined;
1487 addcarryxU64(&x439, &x440, 0x0, x400, x426);
1488 var x441: u64 = undefined;
1489 var x442: u1 = undefined;
1490 addcarryxU64(&x441, &x442, x440, x402, x428);
1491 var x443: u64 = undefined;
1492 var x444: u1 = undefined;
1493 addcarryxU64(&x443, &x444, x442, x404, x430);
1494 var x445: u64 = undefined;
1495 var x446: u1 = undefined;
1496 addcarryxU64(&x445, &x446, x444, x406, x432);
1497 var x447: u64 = undefined;
1498 var x448: u1 = undefined;
1499 addcarryxU64(&x447, &x448, x446, x408, x434);
1500 var x449: u64 = undefined;
1501 var x450: u1 = undefined;
1502 addcarryxU64(&x449, &x450, x448, x410, x436);
1503 var x451: u64 = undefined;
1504 var x452: u1 = undefined;
1505 addcarryxU64(&x451, &x452, x450, x412, x438);
1506 const x453 = (@as(u64, x452) + @as(u64, x413));
1507 var x454: u64 = undefined;
1508 var x455: u1 = undefined;
1509 subborrowxU64(&x454, &x455, 0x0, x441, 0xecec196accc52973);
1510 var x456: u64 = undefined;
1511 var x457: u1 = undefined;
1512 subborrowxU64(&x456, &x457, x455, x443, 0x581a0db248b0a77a);
1513 var x458: u64 = undefined;
1514 var x459: u1 = undefined;
1515 subborrowxU64(&x458, &x459, x457, x445, 0xc7634d81f4372ddf);
1516 var x460: u64 = undefined;
1517 var x461: u1 = undefined;
1518 subborrowxU64(&x460, &x461, x459, x447, 0xffffffffffffffff);
1519 var x462: u64 = undefined;
1520 var x463: u1 = undefined;
1521 subborrowxU64(&x462, &x463, x461, x449, 0xffffffffffffffff);
1522 var x464: u64 = undefined;
1523 var x465: u1 = undefined;
1524 subborrowxU64(&x464, &x465, x463, x451, 0xffffffffffffffff);
1525 var x466: u64 = undefined;
1526 var x467: u1 = undefined;
1527 subborrowxU64(&x466, &x467, x465, x453, 0x0);
1528 var x468: u64 = undefined;
1529 cmovznzU64(&x468, x467, x454, x441);
1530 var x469: u64 = undefined;
1531 cmovznzU64(&x469, x467, x456, x443);
1532 var x470: u64 = undefined;
1533 cmovznzU64(&x470, x467, x458, x445);
1534 var x471: u64 = undefined;
1535 cmovznzU64(&x471, x467, x460, x447);
1536 var x472: u64 = undefined;
1537 cmovznzU64(&x472, x467, x462, x449);
1538 var x473: u64 = undefined;
1539 cmovznzU64(&x473, x467, x464, x451);
1540 out1[0] = x468;
1541 out1[1] = x469;
1542 out1[2] = x470;
1543 out1[3] = x471;
1544 out1[4] = x472;
1545 out1[5] = x473;
1546}
1547
1548/// The function add adds two field elements in the Montgomery domain.
1549///
1550/// Preconditions:
1551/// 0 ≤ eval arg1 < m
1552/// 0 ≤ eval arg2 < m
1553/// Postconditions:
1554/// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) + eval (from_montgomery arg2)) mod m
1555/// 0 ≤ eval out1 < m
1556///
1557pub fn add(out1: *MontgomeryDomainFieldElement, arg1: MontgomeryDomainFieldElement, arg2: MontgomeryDomainFieldElement) void {
1558 @setRuntimeSafety(mode == .Debug);
1559
1560 var x1: u64 = undefined;
1561 var x2: u1 = undefined;
1562 addcarryxU64(&x1, &x2, 0x0, (arg1[0]), (arg2[0]));
1563 var x3: u64 = undefined;
1564 var x4: u1 = undefined;
1565 addcarryxU64(&x3, &x4, x2, (arg1[1]), (arg2[1]));
1566 var x5: u64 = undefined;
1567 var x6: u1 = undefined;
1568 addcarryxU64(&x5, &x6, x4, (arg1[2]), (arg2[2]));
1569 var x7: u64 = undefined;
1570 var x8: u1 = undefined;
1571 addcarryxU64(&x7, &x8, x6, (arg1[3]), (arg2[3]));
1572 var x9: u64 = undefined;
1573 var x10: u1 = undefined;
1574 addcarryxU64(&x9, &x10, x8, (arg1[4]), (arg2[4]));
1575 var x11: u64 = undefined;
1576 var x12: u1 = undefined;
1577 addcarryxU64(&x11, &x12, x10, (arg1[5]), (arg2[5]));
1578 var x13: u64 = undefined;
1579 var x14: u1 = undefined;
1580 subborrowxU64(&x13, &x14, 0x0, x1, 0xecec196accc52973);
1581 var x15: u64 = undefined;
1582 var x16: u1 = undefined;
1583 subborrowxU64(&x15, &x16, x14, x3, 0x581a0db248b0a77a);
1584 var x17: u64 = undefined;
1585 var x18: u1 = undefined;
1586 subborrowxU64(&x17, &x18, x16, x5, 0xc7634d81f4372ddf);
1587 var x19: u64 = undefined;
1588 var x20: u1 = undefined;
1589 subborrowxU64(&x19, &x20, x18, x7, 0xffffffffffffffff);
1590 var x21: u64 = undefined;
1591 var x22: u1 = undefined;
1592 subborrowxU64(&x21, &x22, x20, x9, 0xffffffffffffffff);
1593 var x23: u64 = undefined;
1594 var x24: u1 = undefined;
1595 subborrowxU64(&x23, &x24, x22, x11, 0xffffffffffffffff);
1596 var x25: u64 = undefined;
1597 var x26: u1 = undefined;
1598 subborrowxU64(&x25, &x26, x24, @as(u64, x12), 0x0);
1599 var x27: u64 = undefined;
1600 cmovznzU64(&x27, x26, x13, x1);
1601 var x28: u64 = undefined;
1602 cmovznzU64(&x28, x26, x15, x3);
1603 var x29: u64 = undefined;
1604 cmovznzU64(&x29, x26, x17, x5);
1605 var x30: u64 = undefined;
1606 cmovznzU64(&x30, x26, x19, x7);
1607 var x31: u64 = undefined;
1608 cmovznzU64(&x31, x26, x21, x9);
1609 var x32: u64 = undefined;
1610 cmovznzU64(&x32, x26, x23, x11);
1611 out1[0] = x27;
1612 out1[1] = x28;
1613 out1[2] = x29;
1614 out1[3] = x30;
1615 out1[4] = x31;
1616 out1[5] = x32;
1617}
1618
1619/// The function sub subtracts two field elements in the Montgomery domain.
1620///
1621/// Preconditions:
1622/// 0 ≤ eval arg1 < m
1623/// 0 ≤ eval arg2 < m
1624/// Postconditions:
1625/// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) - eval (from_montgomery arg2)) mod m
1626/// 0 ≤ eval out1 < m
1627///
1628pub fn sub(out1: *MontgomeryDomainFieldElement, arg1: MontgomeryDomainFieldElement, arg2: MontgomeryDomainFieldElement) void {
1629 @setRuntimeSafety(mode == .Debug);
1630
1631 var x1: u64 = undefined;
1632 var x2: u1 = undefined;
1633 subborrowxU64(&x1, &x2, 0x0, (arg1[0]), (arg2[0]));
1634 var x3: u64 = undefined;
1635 var x4: u1 = undefined;
1636 subborrowxU64(&x3, &x4, x2, (arg1[1]), (arg2[1]));
1637 var x5: u64 = undefined;
1638 var x6: u1 = undefined;
1639 subborrowxU64(&x5, &x6, x4, (arg1[2]), (arg2[2]));
1640 var x7: u64 = undefined;
1641 var x8: u1 = undefined;
1642 subborrowxU64(&x7, &x8, x6, (arg1[3]), (arg2[3]));
1643 var x9: u64 = undefined;
1644 var x10: u1 = undefined;
1645 subborrowxU64(&x9, &x10, x8, (arg1[4]), (arg2[4]));
1646 var x11: u64 = undefined;
1647 var x12: u1 = undefined;
1648 subborrowxU64(&x11, &x12, x10, (arg1[5]), (arg2[5]));
1649 var x13: u64 = undefined;
1650 cmovznzU64(&x13, x12, 0x0, 0xffffffffffffffff);
1651 var x14: u64 = undefined;
1652 var x15: u1 = undefined;
1653 addcarryxU64(&x14, &x15, 0x0, x1, (x13 & 0xecec196accc52973));
1654 var x16: u64 = undefined;
1655 var x17: u1 = undefined;
1656 addcarryxU64(&x16, &x17, x15, x3, (x13 & 0x581a0db248b0a77a));
1657 var x18: u64 = undefined;
1658 var x19: u1 = undefined;
1659 addcarryxU64(&x18, &x19, x17, x5, (x13 & 0xc7634d81f4372ddf));
1660 var x20: u64 = undefined;
1661 var x21: u1 = undefined;
1662 addcarryxU64(&x20, &x21, x19, x7, x13);
1663 var x22: u64 = undefined;
1664 var x23: u1 = undefined;
1665 addcarryxU64(&x22, &x23, x21, x9, x13);
1666 var x24: u64 = undefined;
1667 var x25: u1 = undefined;
1668 addcarryxU64(&x24, &x25, x23, x11, x13);
1669 out1[0] = x14;
1670 out1[1] = x16;
1671 out1[2] = x18;
1672 out1[3] = x20;
1673 out1[4] = x22;
1674 out1[5] = x24;
1675}
1676
1677/// The function opp negates a field element in the Montgomery domain.
1678///
1679/// Preconditions:
1680/// 0 ≤ eval arg1 < m
1681/// Postconditions:
1682/// eval (from_montgomery out1) mod m = -eval (from_montgomery arg1) mod m
1683/// 0 ≤ eval out1 < m
1684///
1685pub fn opp(out1: *MontgomeryDomainFieldElement, arg1: MontgomeryDomainFieldElement) void {
1686 @setRuntimeSafety(mode == .Debug);
1687
1688 var x1: u64 = undefined;
1689 var x2: u1 = undefined;
1690 subborrowxU64(&x1, &x2, 0x0, 0x0, (arg1[0]));
1691 var x3: u64 = undefined;
1692 var x4: u1 = undefined;
1693 subborrowxU64(&x3, &x4, x2, 0x0, (arg1[1]));
1694 var x5: u64 = undefined;
1695 var x6: u1 = undefined;
1696 subborrowxU64(&x5, &x6, x4, 0x0, (arg1[2]));
1697 var x7: u64 = undefined;
1698 var x8: u1 = undefined;
1699 subborrowxU64(&x7, &x8, x6, 0x0, (arg1[3]));
1700 var x9: u64 = undefined;
1701 var x10: u1 = undefined;
1702 subborrowxU64(&x9, &x10, x8, 0x0, (arg1[4]));
1703 var x11: u64 = undefined;
1704 var x12: u1 = undefined;
1705 subborrowxU64(&x11, &x12, x10, 0x0, (arg1[5]));
1706 var x13: u64 = undefined;
1707 cmovznzU64(&x13, x12, 0x0, 0xffffffffffffffff);
1708 var x14: u64 = undefined;
1709 var x15: u1 = undefined;
1710 addcarryxU64(&x14, &x15, 0x0, x1, (x13 & 0xecec196accc52973));
1711 var x16: u64 = undefined;
1712 var x17: u1 = undefined;
1713 addcarryxU64(&x16, &x17, x15, x3, (x13 & 0x581a0db248b0a77a));
1714 var x18: u64 = undefined;
1715 var x19: u1 = undefined;
1716 addcarryxU64(&x18, &x19, x17, x5, (x13 & 0xc7634d81f4372ddf));
1717 var x20: u64 = undefined;
1718 var x21: u1 = undefined;
1719 addcarryxU64(&x20, &x21, x19, x7, x13);
1720 var x22: u64 = undefined;
1721 var x23: u1 = undefined;
1722 addcarryxU64(&x22, &x23, x21, x9, x13);
1723 var x24: u64 = undefined;
1724 var x25: u1 = undefined;
1725 addcarryxU64(&x24, &x25, x23, x11, x13);
1726 out1[0] = x14;
1727 out1[1] = x16;
1728 out1[2] = x18;
1729 out1[3] = x20;
1730 out1[4] = x22;
1731 out1[5] = x24;
1732}
1733
1734/// The function fromMontgomery translates a field element out of the Montgomery domain.
1735///
1736/// Preconditions:
1737/// 0 ≤ eval arg1 < m
1738/// Postconditions:
1739/// eval out1 mod m = (eval arg1 * ((2^64)⁻¹ mod m)^6) mod m
1740/// 0 ≤ eval out1 < m
1741///
1742pub fn fromMontgomery(out1: *NonMontgomeryDomainFieldElement, arg1: MontgomeryDomainFieldElement) void {
1743 @setRuntimeSafety(mode == .Debug);
1744
1745 const x1 = (arg1[0]);
1746 var x2: u64 = undefined;
1747 var x3: u64 = undefined;
1748 mulxU64(&x2, &x3, x1, 0x6ed46089e88fdc45);
1749 var x4: u64 = undefined;
1750 var x5: u64 = undefined;
1751 mulxU64(&x4, &x5, x2, 0xffffffffffffffff);
1752 var x6: u64 = undefined;
1753 var x7: u64 = undefined;
1754 mulxU64(&x6, &x7, x2, 0xffffffffffffffff);
1755 var x8: u64 = undefined;
1756 var x9: u64 = undefined;
1757 mulxU64(&x8, &x9, x2, 0xffffffffffffffff);
1758 var x10: u64 = undefined;
1759 var x11: u64 = undefined;
1760 mulxU64(&x10, &x11, x2, 0xc7634d81f4372ddf);
1761 var x12: u64 = undefined;
1762 var x13: u64 = undefined;
1763 mulxU64(&x12, &x13, x2, 0x581a0db248b0a77a);
1764 var x14: u64 = undefined;
1765 var x15: u64 = undefined;
1766 mulxU64(&x14, &x15, x2, 0xecec196accc52973);
1767 var x16: u64 = undefined;
1768 var x17: u1 = undefined;
1769 addcarryxU64(&x16, &x17, 0x0, x15, x12);
1770 var x18: u64 = undefined;
1771 var x19: u1 = undefined;
1772 addcarryxU64(&x18, &x19, x17, x13, x10);
1773 var x20: u64 = undefined;
1774 var x21: u1 = undefined;
1775 addcarryxU64(&x20, &x21, x19, x11, x8);
1776 var x22: u64 = undefined;
1777 var x23: u1 = undefined;
1778 addcarryxU64(&x22, &x23, x21, x9, x6);
1779 var x24: u64 = undefined;
1780 var x25: u1 = undefined;
1781 addcarryxU64(&x24, &x25, x23, x7, x4);
1782 var x26: u64 = undefined;
1783 var x27: u1 = undefined;
1784 addcarryxU64(&x26, &x27, 0x0, x1, x14);
1785 var x28: u64 = undefined;
1786 var x29: u1 = undefined;
1787 addcarryxU64(&x28, &x29, x27, 0x0, x16);
1788 var x30: u64 = undefined;
1789 var x31: u1 = undefined;
1790 addcarryxU64(&x30, &x31, x29, 0x0, x18);
1791 var x32: u64 = undefined;
1792 var x33: u1 = undefined;
1793 addcarryxU64(&x32, &x33, x31, 0x0, x20);
1794 var x34: u64 = undefined;
1795 var x35: u1 = undefined;
1796 addcarryxU64(&x34, &x35, x33, 0x0, x22);
1797 var x36: u64 = undefined;
1798 var x37: u1 = undefined;
1799 addcarryxU64(&x36, &x37, x35, 0x0, x24);
1800 var x38: u64 = undefined;
1801 var x39: u1 = undefined;
1802 addcarryxU64(&x38, &x39, x37, 0x0, (@as(u64, x25) + x5));
1803 var x40: u64 = undefined;
1804 var x41: u1 = undefined;
1805 addcarryxU64(&x40, &x41, 0x0, x28, (arg1[1]));
1806 var x42: u64 = undefined;
1807 var x43: u1 = undefined;
1808 addcarryxU64(&x42, &x43, x41, x30, 0x0);
1809 var x44: u64 = undefined;
1810 var x45: u1 = undefined;
1811 addcarryxU64(&x44, &x45, x43, x32, 0x0);
1812 var x46: u64 = undefined;
1813 var x47: u1 = undefined;
1814 addcarryxU64(&x46, &x47, x45, x34, 0x0);
1815 var x48: u64 = undefined;
1816 var x49: u1 = undefined;
1817 addcarryxU64(&x48, &x49, x47, x36, 0x0);
1818 var x50: u64 = undefined;
1819 var x51: u1 = undefined;
1820 addcarryxU64(&x50, &x51, x49, x38, 0x0);
1821 var x52: u64 = undefined;
1822 var x53: u64 = undefined;
1823 mulxU64(&x52, &x53, x40, 0x6ed46089e88fdc45);
1824 var x54: u64 = undefined;
1825 var x55: u64 = undefined;
1826 mulxU64(&x54, &x55, x52, 0xffffffffffffffff);
1827 var x56: u64 = undefined;
1828 var x57: u64 = undefined;
1829 mulxU64(&x56, &x57, x52, 0xffffffffffffffff);
1830 var x58: u64 = undefined;
1831 var x59: u64 = undefined;
1832 mulxU64(&x58, &x59, x52, 0xffffffffffffffff);
1833 var x60: u64 = undefined;
1834 var x61: u64 = undefined;
1835 mulxU64(&x60, &x61, x52, 0xc7634d81f4372ddf);
1836 var x62: u64 = undefined;
1837 var x63: u64 = undefined;
1838 mulxU64(&x62, &x63, x52, 0x581a0db248b0a77a);
1839 var x64: u64 = undefined;
1840 var x65: u64 = undefined;
1841 mulxU64(&x64, &x65, x52, 0xecec196accc52973);
1842 var x66: u64 = undefined;
1843 var x67: u1 = undefined;
1844 addcarryxU64(&x66, &x67, 0x0, x65, x62);
1845 var x68: u64 = undefined;
1846 var x69: u1 = undefined;
1847 addcarryxU64(&x68, &x69, x67, x63, x60);
1848 var x70: u64 = undefined;
1849 var x71: u1 = undefined;
1850 addcarryxU64(&x70, &x71, x69, x61, x58);
1851 var x72: u64 = undefined;
1852 var x73: u1 = undefined;
1853 addcarryxU64(&x72, &x73, x71, x59, x56);
1854 var x74: u64 = undefined;
1855 var x75: u1 = undefined;
1856 addcarryxU64(&x74, &x75, x73, x57, x54);
1857 var x76: u64 = undefined;
1858 var x77: u1 = undefined;
1859 addcarryxU64(&x76, &x77, 0x0, x40, x64);
1860 var x78: u64 = undefined;
1861 var x79: u1 = undefined;
1862 addcarryxU64(&x78, &x79, x77, x42, x66);
1863 var x80: u64 = undefined;
1864 var x81: u1 = undefined;
1865 addcarryxU64(&x80, &x81, x79, x44, x68);
1866 var x82: u64 = undefined;
1867 var x83: u1 = undefined;
1868 addcarryxU64(&x82, &x83, x81, x46, x70);
1869 var x84: u64 = undefined;
1870 var x85: u1 = undefined;
1871 addcarryxU64(&x84, &x85, x83, x48, x72);
1872 var x86: u64 = undefined;
1873 var x87: u1 = undefined;
1874 addcarryxU64(&x86, &x87, x85, x50, x74);
1875 var x88: u64 = undefined;
1876 var x89: u1 = undefined;
1877 addcarryxU64(&x88, &x89, x87, (@as(u64, x51) + @as(u64, x39)), (@as(u64, x75) + x55));
1878 var x90: u64 = undefined;
1879 var x91: u1 = undefined;
1880 addcarryxU64(&x90, &x91, 0x0, x78, (arg1[2]));
1881 var x92: u64 = undefined;
1882 var x93: u1 = undefined;
1883 addcarryxU64(&x92, &x93, x91, x80, 0x0);
1884 var x94: u64 = undefined;
1885 var x95: u1 = undefined;
1886 addcarryxU64(&x94, &x95, x93, x82, 0x0);
1887 var x96: u64 = undefined;
1888 var x97: u1 = undefined;
1889 addcarryxU64(&x96, &x97, x95, x84, 0x0);
1890 var x98: u64 = undefined;
1891 var x99: u1 = undefined;
1892 addcarryxU64(&x98, &x99, x97, x86, 0x0);
1893 var x100: u64 = undefined;
1894 var x101: u1 = undefined;
1895 addcarryxU64(&x100, &x101, x99, x88, 0x0);
1896 var x102: u64 = undefined;
1897 var x103: u64 = undefined;
1898 mulxU64(&x102, &x103, x90, 0x6ed46089e88fdc45);
1899 var x104: u64 = undefined;
1900 var x105: u64 = undefined;
1901 mulxU64(&x104, &x105, x102, 0xffffffffffffffff);
1902 var x106: u64 = undefined;
1903 var x107: u64 = undefined;
1904 mulxU64(&x106, &x107, x102, 0xffffffffffffffff);
1905 var x108: u64 = undefined;
1906 var x109: u64 = undefined;
1907 mulxU64(&x108, &x109, x102, 0xffffffffffffffff);
1908 var x110: u64 = undefined;
1909 var x111: u64 = undefined;
1910 mulxU64(&x110, &x111, x102, 0xc7634d81f4372ddf);
1911 var x112: u64 = undefined;
1912 var x113: u64 = undefined;
1913 mulxU64(&x112, &x113, x102, 0x581a0db248b0a77a);
1914 var x114: u64 = undefined;
1915 var x115: u64 = undefined;
1916 mulxU64(&x114, &x115, x102, 0xecec196accc52973);
1917 var x116: u64 = undefined;
1918 var x117: u1 = undefined;
1919 addcarryxU64(&x116, &x117, 0x0, x115, x112);
1920 var x118: u64 = undefined;
1921 var x119: u1 = undefined;
1922 addcarryxU64(&x118, &x119, x117, x113, x110);
1923 var x120: u64 = undefined;
1924 var x121: u1 = undefined;
1925 addcarryxU64(&x120, &x121, x119, x111, x108);
1926 var x122: u64 = undefined;
1927 var x123: u1 = undefined;
1928 addcarryxU64(&x122, &x123, x121, x109, x106);
1929 var x124: u64 = undefined;
1930 var x125: u1 = undefined;
1931 addcarryxU64(&x124, &x125, x123, x107, x104);
1932 var x126: u64 = undefined;
1933 var x127: u1 = undefined;
1934 addcarryxU64(&x126, &x127, 0x0, x90, x114);
1935 var x128: u64 = undefined;
1936 var x129: u1 = undefined;
1937 addcarryxU64(&x128, &x129, x127, x92, x116);
1938 var x130: u64 = undefined;
1939 var x131: u1 = undefined;
1940 addcarryxU64(&x130, &x131, x129, x94, x118);
1941 var x132: u64 = undefined;
1942 var x133: u1 = undefined;
1943 addcarryxU64(&x132, &x133, x131, x96, x120);
1944 var x134: u64 = undefined;
1945 var x135: u1 = undefined;
1946 addcarryxU64(&x134, &x135, x133, x98, x122);
1947 var x136: u64 = undefined;
1948 var x137: u1 = undefined;
1949 addcarryxU64(&x136, &x137, x135, x100, x124);
1950 var x138: u64 = undefined;
1951 var x139: u1 = undefined;
1952 addcarryxU64(&x138, &x139, x137, (@as(u64, x101) + @as(u64, x89)), (@as(u64, x125) + x105));
1953 var x140: u64 = undefined;
1954 var x141: u1 = undefined;
1955 addcarryxU64(&x140, &x141, 0x0, x128, (arg1[3]));
1956 var x142: u64 = undefined;
1957 var x143: u1 = undefined;
1958 addcarryxU64(&x142, &x143, x141, x130, 0x0);
1959 var x144: u64 = undefined;
1960 var x145: u1 = undefined;
1961 addcarryxU64(&x144, &x145, x143, x132, 0x0);
1962 var x146: u64 = undefined;
1963 var x147: u1 = undefined;
1964 addcarryxU64(&x146, &x147, x145, x134, 0x0);
1965 var x148: u64 = undefined;
1966 var x149: u1 = undefined;
1967 addcarryxU64(&x148, &x149, x147, x136, 0x0);
1968 var x150: u64 = undefined;
1969 var x151: u1 = undefined;
1970 addcarryxU64(&x150, &x151, x149, x138, 0x0);
1971 var x152: u64 = undefined;
1972 var x153: u64 = undefined;
1973 mulxU64(&x152, &x153, x140, 0x6ed46089e88fdc45);
1974 var x154: u64 = undefined;
1975 var x155: u64 = undefined;
1976 mulxU64(&x154, &x155, x152, 0xffffffffffffffff);
1977 var x156: u64 = undefined;
1978 var x157: u64 = undefined;
1979 mulxU64(&x156, &x157, x152, 0xffffffffffffffff);
1980 var x158: u64 = undefined;
1981 var x159: u64 = undefined;
1982 mulxU64(&x158, &x159, x152, 0xffffffffffffffff);
1983 var x160: u64 = undefined;
1984 var x161: u64 = undefined;
1985 mulxU64(&x160, &x161, x152, 0xc7634d81f4372ddf);
1986 var x162: u64 = undefined;
1987 var x163: u64 = undefined;
1988 mulxU64(&x162, &x163, x152, 0x581a0db248b0a77a);
1989 var x164: u64 = undefined;
1990 var x165: u64 = undefined;
1991 mulxU64(&x164, &x165, x152, 0xecec196accc52973);
1992 var x166: u64 = undefined;
1993 var x167: u1 = undefined;
1994 addcarryxU64(&x166, &x167, 0x0, x165, x162);
1995 var x168: u64 = undefined;
1996 var x169: u1 = undefined;
1997 addcarryxU64(&x168, &x169, x167, x163, x160);
1998 var x170: u64 = undefined;
1999 var x171: u1 = undefined;
2000 addcarryxU64(&x170, &x171, x169, x161, x158);
2001 var x172: u64 = undefined;
2002 var x173: u1 = undefined;
2003 addcarryxU64(&x172, &x173, x171, x159, x156);
2004 var x174: u64 = undefined;
2005 var x175: u1 = undefined;
2006 addcarryxU64(&x174, &x175, x173, x157, x154);
2007 var x176: u64 = undefined;
2008 var x177: u1 = undefined;
2009 addcarryxU64(&x176, &x177, 0x0, x140, x164);
2010 var x178: u64 = undefined;
2011 var x179: u1 = undefined;
2012 addcarryxU64(&x178, &x179, x177, x142, x166);
2013 var x180: u64 = undefined;
2014 var x181: u1 = undefined;
2015 addcarryxU64(&x180, &x181, x179, x144, x168);
2016 var x182: u64 = undefined;
2017 var x183: u1 = undefined;
2018 addcarryxU64(&x182, &x183, x181, x146, x170);
2019 var x184: u64 = undefined;
2020 var x185: u1 = undefined;
2021 addcarryxU64(&x184, &x185, x183, x148, x172);
2022 var x186: u64 = undefined;
2023 var x187: u1 = undefined;
2024 addcarryxU64(&x186, &x187, x185, x150, x174);
2025 var x188: u64 = undefined;
2026 var x189: u1 = undefined;
2027 addcarryxU64(&x188, &x189, x187, (@as(u64, x151) + @as(u64, x139)), (@as(u64, x175) + x155));
2028 var x190: u64 = undefined;
2029 var x191: u1 = undefined;
2030 addcarryxU64(&x190, &x191, 0x0, x178, (arg1[4]));
2031 var x192: u64 = undefined;
2032 var x193: u1 = undefined;
2033 addcarryxU64(&x192, &x193, x191, x180, 0x0);
2034 var x194: u64 = undefined;
2035 var x195: u1 = undefined;
2036 addcarryxU64(&x194, &x195, x193, x182, 0x0);
2037 var x196: u64 = undefined;
2038 var x197: u1 = undefined;
2039 addcarryxU64(&x196, &x197, x195, x184, 0x0);
2040 var x198: u64 = undefined;
2041 var x199: u1 = undefined;
2042 addcarryxU64(&x198, &x199, x197, x186, 0x0);
2043 var x200: u64 = undefined;
2044 var x201: u1 = undefined;
2045 addcarryxU64(&x200, &x201, x199, x188, 0x0);
2046 var x202: u64 = undefined;
2047 var x203: u64 = undefined;
2048 mulxU64(&x202, &x203, x190, 0x6ed46089e88fdc45);
2049 var x204: u64 = undefined;
2050 var x205: u64 = undefined;
2051 mulxU64(&x204, &x205, x202, 0xffffffffffffffff);
2052 var x206: u64 = undefined;
2053 var x207: u64 = undefined;
2054 mulxU64(&x206, &x207, x202, 0xffffffffffffffff);
2055 var x208: u64 = undefined;
2056 var x209: u64 = undefined;
2057 mulxU64(&x208, &x209, x202, 0xffffffffffffffff);
2058 var x210: u64 = undefined;
2059 var x211: u64 = undefined;
2060 mulxU64(&x210, &x211, x202, 0xc7634d81f4372ddf);
2061 var x212: u64 = undefined;
2062 var x213: u64 = undefined;
2063 mulxU64(&x212, &x213, x202, 0x581a0db248b0a77a);
2064 var x214: u64 = undefined;
2065 var x215: u64 = undefined;
2066 mulxU64(&x214, &x215, x202, 0xecec196accc52973);
2067 var x216: u64 = undefined;
2068 var x217: u1 = undefined;
2069 addcarryxU64(&x216, &x217, 0x0, x215, x212);
2070 var x218: u64 = undefined;
2071 var x219: u1 = undefined;
2072 addcarryxU64(&x218, &x219, x217, x213, x210);
2073 var x220: u64 = undefined;
2074 var x221: u1 = undefined;
2075 addcarryxU64(&x220, &x221, x219, x211, x208);
2076 var x222: u64 = undefined;
2077 var x223: u1 = undefined;
2078 addcarryxU64(&x222, &x223, x221, x209, x206);
2079 var x224: u64 = undefined;
2080 var x225: u1 = undefined;
2081 addcarryxU64(&x224, &x225, x223, x207, x204);
2082 var x226: u64 = undefined;
2083 var x227: u1 = undefined;
2084 addcarryxU64(&x226, &x227, 0x0, x190, x214);
2085 var x228: u64 = undefined;
2086 var x229: u1 = undefined;
2087 addcarryxU64(&x228, &x229, x227, x192, x216);
2088 var x230: u64 = undefined;
2089 var x231: u1 = undefined;
2090 addcarryxU64(&x230, &x231, x229, x194, x218);
2091 var x232: u64 = undefined;
2092 var x233: u1 = undefined;
2093 addcarryxU64(&x232, &x233, x231, x196, x220);
2094 var x234: u64 = undefined;
2095 var x235: u1 = undefined;
2096 addcarryxU64(&x234, &x235, x233, x198, x222);
2097 var x236: u64 = undefined;
2098 var x237: u1 = undefined;
2099 addcarryxU64(&x236, &x237, x235, x200, x224);
2100 var x238: u64 = undefined;
2101 var x239: u1 = undefined;
2102 addcarryxU64(&x238, &x239, x237, (@as(u64, x201) + @as(u64, x189)), (@as(u64, x225) + x205));
2103 var x240: u64 = undefined;
2104 var x241: u1 = undefined;
2105 addcarryxU64(&x240, &x241, 0x0, x228, (arg1[5]));
2106 var x242: u64 = undefined;
2107 var x243: u1 = undefined;
2108 addcarryxU64(&x242, &x243, x241, x230, 0x0);
2109 var x244: u64 = undefined;
2110 var x245: u1 = undefined;
2111 addcarryxU64(&x244, &x245, x243, x232, 0x0);
2112 var x246: u64 = undefined;
2113 var x247: u1 = undefined;
2114 addcarryxU64(&x246, &x247, x245, x234, 0x0);
2115 var x248: u64 = undefined;
2116 var x249: u1 = undefined;
2117 addcarryxU64(&x248, &x249, x247, x236, 0x0);
2118 var x250: u64 = undefined;
2119 var x251: u1 = undefined;
2120 addcarryxU64(&x250, &x251, x249, x238, 0x0);
2121 var x252: u64 = undefined;
2122 var x253: u64 = undefined;
2123 mulxU64(&x252, &x253, x240, 0x6ed46089e88fdc45);
2124 var x254: u64 = undefined;
2125 var x255: u64 = undefined;
2126 mulxU64(&x254, &x255, x252, 0xffffffffffffffff);
2127 var x256: u64 = undefined;
2128 var x257: u64 = undefined;
2129 mulxU64(&x256, &x257, x252, 0xffffffffffffffff);
2130 var x258: u64 = undefined;
2131 var x259: u64 = undefined;
2132 mulxU64(&x258, &x259, x252, 0xffffffffffffffff);
2133 var x260: u64 = undefined;
2134 var x261: u64 = undefined;
2135 mulxU64(&x260, &x261, x252, 0xc7634d81f4372ddf);
2136 var x262: u64 = undefined;
2137 var x263: u64 = undefined;
2138 mulxU64(&x262, &x263, x252, 0x581a0db248b0a77a);
2139 var x264: u64 = undefined;
2140 var x265: u64 = undefined;
2141 mulxU64(&x264, &x265, x252, 0xecec196accc52973);
2142 var x266: u64 = undefined;
2143 var x267: u1 = undefined;
2144 addcarryxU64(&x266, &x267, 0x0, x265, x262);
2145 var x268: u64 = undefined;
2146 var x269: u1 = undefined;
2147 addcarryxU64(&x268, &x269, x267, x263, x260);
2148 var x270: u64 = undefined;
2149 var x271: u1 = undefined;
2150 addcarryxU64(&x270, &x271, x269, x261, x258);
2151 var x272: u64 = undefined;
2152 var x273: u1 = undefined;
2153 addcarryxU64(&x272, &x273, x271, x259, x256);
2154 var x274: u64 = undefined;
2155 var x275: u1 = undefined;
2156 addcarryxU64(&x274, &x275, x273, x257, x254);
2157 var x276: u64 = undefined;
2158 var x277: u1 = undefined;
2159 addcarryxU64(&x276, &x277, 0x0, x240, x264);
2160 var x278: u64 = undefined;
2161 var x279: u1 = undefined;
2162 addcarryxU64(&x278, &x279, x277, x242, x266);
2163 var x280: u64 = undefined;
2164 var x281: u1 = undefined;
2165 addcarryxU64(&x280, &x281, x279, x244, x268);
2166 var x282: u64 = undefined;
2167 var x283: u1 = undefined;
2168 addcarryxU64(&x282, &x283, x281, x246, x270);
2169 var x284: u64 = undefined;
2170 var x285: u1 = undefined;
2171 addcarryxU64(&x284, &x285, x283, x248, x272);
2172 var x286: u64 = undefined;
2173 var x287: u1 = undefined;
2174 addcarryxU64(&x286, &x287, x285, x250, x274);
2175 var x288: u64 = undefined;
2176 var x289: u1 = undefined;
2177 addcarryxU64(&x288, &x289, x287, (@as(u64, x251) + @as(u64, x239)), (@as(u64, x275) + x255));
2178 var x290: u64 = undefined;
2179 var x291: u1 = undefined;
2180 subborrowxU64(&x290, &x291, 0x0, x278, 0xecec196accc52973);
2181 var x292: u64 = undefined;
2182 var x293: u1 = undefined;
2183 subborrowxU64(&x292, &x293, x291, x280, 0x581a0db248b0a77a);
2184 var x294: u64 = undefined;
2185 var x295: u1 = undefined;
2186 subborrowxU64(&x294, &x295, x293, x282, 0xc7634d81f4372ddf);
2187 var x296: u64 = undefined;
2188 var x297: u1 = undefined;
2189 subborrowxU64(&x296, &x297, x295, x284, 0xffffffffffffffff);
2190 var x298: u64 = undefined;
2191 var x299: u1 = undefined;
2192 subborrowxU64(&x298, &x299, x297, x286, 0xffffffffffffffff);
2193 var x300: u64 = undefined;
2194 var x301: u1 = undefined;
2195 subborrowxU64(&x300, &x301, x299, x288, 0xffffffffffffffff);
2196 var x302: u64 = undefined;
2197 var x303: u1 = undefined;
2198 subborrowxU64(&x302, &x303, x301, @as(u64, x289), 0x0);
2199 var x304: u64 = undefined;
2200 cmovznzU64(&x304, x303, x290, x278);
2201 var x305: u64 = undefined;
2202 cmovznzU64(&x305, x303, x292, x280);
2203 var x306: u64 = undefined;
2204 cmovznzU64(&x306, x303, x294, x282);
2205 var x307: u64 = undefined;
2206 cmovznzU64(&x307, x303, x296, x284);
2207 var x308: u64 = undefined;
2208 cmovznzU64(&x308, x303, x298, x286);
2209 var x309: u64 = undefined;
2210 cmovznzU64(&x309, x303, x300, x288);
2211 out1[0] = x304;
2212 out1[1] = x305;
2213 out1[2] = x306;
2214 out1[3] = x307;
2215 out1[4] = x308;
2216 out1[5] = x309;
2217}
2218
2219/// The function toMontgomery translates a field element into the Montgomery domain.
2220///
2221/// Preconditions:
2222/// 0 ≤ eval arg1 < m
2223/// Postconditions:
2224/// eval (from_montgomery out1) mod m = eval arg1 mod m
2225/// 0 ≤ eval out1 < m
2226///
2227pub fn toMontgomery(out1: *MontgomeryDomainFieldElement, arg1: NonMontgomeryDomainFieldElement) void {
2228 @setRuntimeSafety(mode == .Debug);
2229
2230 const x1 = (arg1[1]);
2231 const x2 = (arg1[2]);
2232 const x3 = (arg1[3]);
2233 const x4 = (arg1[4]);
2234 const x5 = (arg1[5]);
2235 const x6 = (arg1[0]);
2236 var x7: u64 = undefined;
2237 var x8: u64 = undefined;
2238 mulxU64(&x7, &x8, x6, 0xc84ee012b39bf21);
2239 var x9: u64 = undefined;
2240 var x10: u64 = undefined;
2241 mulxU64(&x9, &x10, x6, 0x3fb05b7a28266895);
2242 var x11: u64 = undefined;
2243 var x12: u64 = undefined;
2244 mulxU64(&x11, &x12, x6, 0xd40d49174aab1cc5);
2245 var x13: u64 = undefined;
2246 var x14: u64 = undefined;
2247 mulxU64(&x13, &x14, x6, 0xbc3e483afcb82947);
2248 var x15: u64 = undefined;
2249 var x16: u64 = undefined;
2250 mulxU64(&x15, &x16, x6, 0xff3d81e5df1aa419);
2251 var x17: u64 = undefined;
2252 var x18: u64 = undefined;
2253 mulxU64(&x17, &x18, x6, 0x2d319b2419b409a9);
2254 var x19: u64 = undefined;
2255 var x20: u1 = undefined;
2256 addcarryxU64(&x19, &x20, 0x0, x18, x15);
2257 var x21: u64 = undefined;
2258 var x22: u1 = undefined;
2259 addcarryxU64(&x21, &x22, x20, x16, x13);
2260 var x23: u64 = undefined;
2261 var x24: u1 = undefined;
2262 addcarryxU64(&x23, &x24, x22, x14, x11);
2263 var x25: u64 = undefined;
2264 var x26: u1 = undefined;
2265 addcarryxU64(&x25, &x26, x24, x12, x9);
2266 var x27: u64 = undefined;
2267 var x28: u1 = undefined;
2268 addcarryxU64(&x27, &x28, x26, x10, x7);
2269 var x29: u64 = undefined;
2270 var x30: u64 = undefined;
2271 mulxU64(&x29, &x30, x17, 0x6ed46089e88fdc45);
2272 var x31: u64 = undefined;
2273 var x32: u64 = undefined;
2274 mulxU64(&x31, &x32, x29, 0xffffffffffffffff);
2275 var x33: u64 = undefined;
2276 var x34: u64 = undefined;
2277 mulxU64(&x33, &x34, x29, 0xffffffffffffffff);
2278 var x35: u64 = undefined;
2279 var x36: u64 = undefined;
2280 mulxU64(&x35, &x36, x29, 0xffffffffffffffff);
2281 var x37: u64 = undefined;
2282 var x38: u64 = undefined;
2283 mulxU64(&x37, &x38, x29, 0xc7634d81f4372ddf);
2284 var x39: u64 = undefined;
2285 var x40: u64 = undefined;
2286 mulxU64(&x39, &x40, x29, 0x581a0db248b0a77a);
2287 var x41: u64 = undefined;
2288 var x42: u64 = undefined;
2289 mulxU64(&x41, &x42, x29, 0xecec196accc52973);
2290 var x43: u64 = undefined;
2291 var x44: u1 = undefined;
2292 addcarryxU64(&x43, &x44, 0x0, x42, x39);
2293 var x45: u64 = undefined;
2294 var x46: u1 = undefined;
2295 addcarryxU64(&x45, &x46, x44, x40, x37);
2296 var x47: u64 = undefined;
2297 var x48: u1 = undefined;
2298 addcarryxU64(&x47, &x48, x46, x38, x35);
2299 var x49: u64 = undefined;
2300 var x50: u1 = undefined;
2301 addcarryxU64(&x49, &x50, x48, x36, x33);
2302 var x51: u64 = undefined;
2303 var x52: u1 = undefined;
2304 addcarryxU64(&x51, &x52, x50, x34, x31);
2305 var x53: u64 = undefined;
2306 var x54: u1 = undefined;
2307 addcarryxU64(&x53, &x54, 0x0, x17, x41);
2308 var x55: u64 = undefined;
2309 var x56: u1 = undefined;
2310 addcarryxU64(&x55, &x56, x54, x19, x43);
2311 var x57: u64 = undefined;
2312 var x58: u1 = undefined;
2313 addcarryxU64(&x57, &x58, x56, x21, x45);
2314 var x59: u64 = undefined;
2315 var x60: u1 = undefined;
2316 addcarryxU64(&x59, &x60, x58, x23, x47);
2317 var x61: u64 = undefined;
2318 var x62: u1 = undefined;
2319 addcarryxU64(&x61, &x62, x60, x25, x49);
2320 var x63: u64 = undefined;
2321 var x64: u1 = undefined;
2322 addcarryxU64(&x63, &x64, x62, x27, x51);
2323 var x65: u64 = undefined;
2324 var x66: u1 = undefined;
2325 addcarryxU64(&x65, &x66, x64, (@as(u64, x28) + x8), (@as(u64, x52) + x32));
2326 var x67: u64 = undefined;
2327 var x68: u64 = undefined;
2328 mulxU64(&x67, &x68, x1, 0xc84ee012b39bf21);
2329 var x69: u64 = undefined;
2330 var x70: u64 = undefined;
2331 mulxU64(&x69, &x70, x1, 0x3fb05b7a28266895);
2332 var x71: u64 = undefined;
2333 var x72: u64 = undefined;
2334 mulxU64(&x71, &x72, x1, 0xd40d49174aab1cc5);
2335 var x73: u64 = undefined;
2336 var x74: u64 = undefined;
2337 mulxU64(&x73, &x74, x1, 0xbc3e483afcb82947);
2338 var x75: u64 = undefined;
2339 var x76: u64 = undefined;
2340 mulxU64(&x75, &x76, x1, 0xff3d81e5df1aa419);
2341 var x77: u64 = undefined;
2342 var x78: u64 = undefined;
2343 mulxU64(&x77, &x78, x1, 0x2d319b2419b409a9);
2344 var x79: u64 = undefined;
2345 var x80: u1 = undefined;
2346 addcarryxU64(&x79, &x80, 0x0, x78, x75);
2347 var x81: u64 = undefined;
2348 var x82: u1 = undefined;
2349 addcarryxU64(&x81, &x82, x80, x76, x73);
2350 var x83: u64 = undefined;
2351 var x84: u1 = undefined;
2352 addcarryxU64(&x83, &x84, x82, x74, x71);
2353 var x85: u64 = undefined;
2354 var x86: u1 = undefined;
2355 addcarryxU64(&x85, &x86, x84, x72, x69);
2356 var x87: u64 = undefined;
2357 var x88: u1 = undefined;
2358 addcarryxU64(&x87, &x88, x86, x70, x67);
2359 var x89: u64 = undefined;
2360 var x90: u1 = undefined;
2361 addcarryxU64(&x89, &x90, 0x0, x55, x77);
2362 var x91: u64 = undefined;
2363 var x92: u1 = undefined;
2364 addcarryxU64(&x91, &x92, x90, x57, x79);
2365 var x93: u64 = undefined;
2366 var x94: u1 = undefined;
2367 addcarryxU64(&x93, &x94, x92, x59, x81);
2368 var x95: u64 = undefined;
2369 var x96: u1 = undefined;
2370 addcarryxU64(&x95, &x96, x94, x61, x83);
2371 var x97: u64 = undefined;
2372 var x98: u1 = undefined;
2373 addcarryxU64(&x97, &x98, x96, x63, x85);
2374 var x99: u64 = undefined;
2375 var x100: u1 = undefined;
2376 addcarryxU64(&x99, &x100, x98, x65, x87);
2377 var x101: u64 = undefined;
2378 var x102: u64 = undefined;
2379 mulxU64(&x101, &x102, x89, 0x6ed46089e88fdc45);
2380 var x103: u64 = undefined;
2381 var x104: u64 = undefined;
2382 mulxU64(&x103, &x104, x101, 0xffffffffffffffff);
2383 var x105: u64 = undefined;
2384 var x106: u64 = undefined;
2385 mulxU64(&x105, &x106, x101, 0xffffffffffffffff);
2386 var x107: u64 = undefined;
2387 var x108: u64 = undefined;
2388 mulxU64(&x107, &x108, x101, 0xffffffffffffffff);
2389 var x109: u64 = undefined;
2390 var x110: u64 = undefined;
2391 mulxU64(&x109, &x110, x101, 0xc7634d81f4372ddf);
2392 var x111: u64 = undefined;
2393 var x112: u64 = undefined;
2394 mulxU64(&x111, &x112, x101, 0x581a0db248b0a77a);
2395 var x113: u64 = undefined;
2396 var x114: u64 = undefined;
2397 mulxU64(&x113, &x114, x101, 0xecec196accc52973);
2398 var x115: u64 = undefined;
2399 var x116: u1 = undefined;
2400 addcarryxU64(&x115, &x116, 0x0, x114, x111);
2401 var x117: u64 = undefined;
2402 var x118: u1 = undefined;
2403 addcarryxU64(&x117, &x118, x116, x112, x109);
2404 var x119: u64 = undefined;
2405 var x120: u1 = undefined;
2406 addcarryxU64(&x119, &x120, x118, x110, x107);
2407 var x121: u64 = undefined;
2408 var x122: u1 = undefined;
2409 addcarryxU64(&x121, &x122, x120, x108, x105);
2410 var x123: u64 = undefined;
2411 var x124: u1 = undefined;
2412 addcarryxU64(&x123, &x124, x122, x106, x103);
2413 var x125: u64 = undefined;
2414 var x126: u1 = undefined;
2415 addcarryxU64(&x125, &x126, 0x0, x89, x113);
2416 var x127: u64 = undefined;
2417 var x128: u1 = undefined;
2418 addcarryxU64(&x127, &x128, x126, x91, x115);
2419 var x129: u64 = undefined;
2420 var x130: u1 = undefined;
2421 addcarryxU64(&x129, &x130, x128, x93, x117);
2422 var x131: u64 = undefined;
2423 var x132: u1 = undefined;
2424 addcarryxU64(&x131, &x132, x130, x95, x119);
2425 var x133: u64 = undefined;
2426 var x134: u1 = undefined;
2427 addcarryxU64(&x133, &x134, x132, x97, x121);
2428 var x135: u64 = undefined;
2429 var x136: u1 = undefined;
2430 addcarryxU64(&x135, &x136, x134, x99, x123);
2431 var x137: u64 = undefined;
2432 var x138: u1 = undefined;
2433 addcarryxU64(&x137, &x138, x136, ((@as(u64, x100) + @as(u64, x66)) + (@as(u64, x88) + x68)), (@as(u64, x124) + x104));
2434 var x139: u64 = undefined;
2435 var x140: u64 = undefined;
2436 mulxU64(&x139, &x140, x2, 0xc84ee012b39bf21);
2437 var x141: u64 = undefined;
2438 var x142: u64 = undefined;
2439 mulxU64(&x141, &x142, x2, 0x3fb05b7a28266895);
2440 var x143: u64 = undefined;
2441 var x144: u64 = undefined;
2442 mulxU64(&x143, &x144, x2, 0xd40d49174aab1cc5);
2443 var x145: u64 = undefined;
2444 var x146: u64 = undefined;
2445 mulxU64(&x145, &x146, x2, 0xbc3e483afcb82947);
2446 var x147: u64 = undefined;
2447 var x148: u64 = undefined;
2448 mulxU64(&x147, &x148, x2, 0xff3d81e5df1aa419);
2449 var x149: u64 = undefined;
2450 var x150: u64 = undefined;
2451 mulxU64(&x149, &x150, x2, 0x2d319b2419b409a9);
2452 var x151: u64 = undefined;
2453 var x152: u1 = undefined;
2454 addcarryxU64(&x151, &x152, 0x0, x150, x147);
2455 var x153: u64 = undefined;
2456 var x154: u1 = undefined;
2457 addcarryxU64(&x153, &x154, x152, x148, x145);
2458 var x155: u64 = undefined;
2459 var x156: u1 = undefined;
2460 addcarryxU64(&x155, &x156, x154, x146, x143);
2461 var x157: u64 = undefined;
2462 var x158: u1 = undefined;
2463 addcarryxU64(&x157, &x158, x156, x144, x141);
2464 var x159: u64 = undefined;
2465 var x160: u1 = undefined;
2466 addcarryxU64(&x159, &x160, x158, x142, x139);
2467 var x161: u64 = undefined;
2468 var x162: u1 = undefined;
2469 addcarryxU64(&x161, &x162, 0x0, x127, x149);
2470 var x163: u64 = undefined;
2471 var x164: u1 = undefined;
2472 addcarryxU64(&x163, &x164, x162, x129, x151);
2473 var x165: u64 = undefined;
2474 var x166: u1 = undefined;
2475 addcarryxU64(&x165, &x166, x164, x131, x153);
2476 var x167: u64 = undefined;
2477 var x168: u1 = undefined;
2478 addcarryxU64(&x167, &x168, x166, x133, x155);
2479 var x169: u64 = undefined;
2480 var x170: u1 = undefined;
2481 addcarryxU64(&x169, &x170, x168, x135, x157);
2482 var x171: u64 = undefined;
2483 var x172: u1 = undefined;
2484 addcarryxU64(&x171, &x172, x170, x137, x159);
2485 var x173: u64 = undefined;
2486 var x174: u64 = undefined;
2487 mulxU64(&x173, &x174, x161, 0x6ed46089e88fdc45);
2488 var x175: u64 = undefined;
2489 var x176: u64 = undefined;
2490 mulxU64(&x175, &x176, x173, 0xffffffffffffffff);
2491 var x177: u64 = undefined;
2492 var x178: u64 = undefined;
2493 mulxU64(&x177, &x178, x173, 0xffffffffffffffff);
2494 var x179: u64 = undefined;
2495 var x180: u64 = undefined;
2496 mulxU64(&x179, &x180, x173, 0xffffffffffffffff);
2497 var x181: u64 = undefined;
2498 var x182: u64 = undefined;
2499 mulxU64(&x181, &x182, x173, 0xc7634d81f4372ddf);
2500 var x183: u64 = undefined;
2501 var x184: u64 = undefined;
2502 mulxU64(&x183, &x184, x173, 0x581a0db248b0a77a);
2503 var x185: u64 = undefined;
2504 var x186: u64 = undefined;
2505 mulxU64(&x185, &x186, x173, 0xecec196accc52973);
2506 var x187: u64 = undefined;
2507 var x188: u1 = undefined;
2508 addcarryxU64(&x187, &x188, 0x0, x186, x183);
2509 var x189: u64 = undefined;
2510 var x190: u1 = undefined;
2511 addcarryxU64(&x189, &x190, x188, x184, x181);
2512 var x191: u64 = undefined;
2513 var x192: u1 = undefined;
2514 addcarryxU64(&x191, &x192, x190, x182, x179);
2515 var x193: u64 = undefined;
2516 var x194: u1 = undefined;
2517 addcarryxU64(&x193, &x194, x192, x180, x177);
2518 var x195: u64 = undefined;
2519 var x196: u1 = undefined;
2520 addcarryxU64(&x195, &x196, x194, x178, x175);
2521 var x197: u64 = undefined;
2522 var x198: u1 = undefined;
2523 addcarryxU64(&x197, &x198, 0x0, x161, x185);
2524 var x199: u64 = undefined;
2525 var x200: u1 = undefined;
2526 addcarryxU64(&x199, &x200, x198, x163, x187);
2527 var x201: u64 = undefined;
2528 var x202: u1 = undefined;
2529 addcarryxU64(&x201, &x202, x200, x165, x189);
2530 var x203: u64 = undefined;
2531 var x204: u1 = undefined;
2532 addcarryxU64(&x203, &x204, x202, x167, x191);
2533 var x205: u64 = undefined;
2534 var x206: u1 = undefined;
2535 addcarryxU64(&x205, &x206, x204, x169, x193);
2536 var x207: u64 = undefined;
2537 var x208: u1 = undefined;
2538 addcarryxU64(&x207, &x208, x206, x171, x195);
2539 var x209: u64 = undefined;
2540 var x210: u1 = undefined;
2541 addcarryxU64(&x209, &x210, x208, ((@as(u64, x172) + @as(u64, x138)) + (@as(u64, x160) + x140)), (@as(u64, x196) + x176));
2542 var x211: u64 = undefined;
2543 var x212: u64 = undefined;
2544 mulxU64(&x211, &x212, x3, 0xc84ee012b39bf21);
2545 var x213: u64 = undefined;
2546 var x214: u64 = undefined;
2547 mulxU64(&x213, &x214, x3, 0x3fb05b7a28266895);
2548 var x215: u64 = undefined;
2549 var x216: u64 = undefined;
2550 mulxU64(&x215, &x216, x3, 0xd40d49174aab1cc5);
2551 var x217: u64 = undefined;
2552 var x218: u64 = undefined;
2553 mulxU64(&x217, &x218, x3, 0xbc3e483afcb82947);
2554 var x219: u64 = undefined;
2555 var x220: u64 = undefined;
2556 mulxU64(&x219, &x220, x3, 0xff3d81e5df1aa419);
2557 var x221: u64 = undefined;
2558 var x222: u64 = undefined;
2559 mulxU64(&x221, &x222, x3, 0x2d319b2419b409a9);
2560 var x223: u64 = undefined;
2561 var x224: u1 = undefined;
2562 addcarryxU64(&x223, &x224, 0x0, x222, x219);
2563 var x225: u64 = undefined;
2564 var x226: u1 = undefined;
2565 addcarryxU64(&x225, &x226, x224, x220, x217);
2566 var x227: u64 = undefined;
2567 var x228: u1 = undefined;
2568 addcarryxU64(&x227, &x228, x226, x218, x215);
2569 var x229: u64 = undefined;
2570 var x230: u1 = undefined;
2571 addcarryxU64(&x229, &x230, x228, x216, x213);
2572 var x231: u64 = undefined;
2573 var x232: u1 = undefined;
2574 addcarryxU64(&x231, &x232, x230, x214, x211);
2575 var x233: u64 = undefined;
2576 var x234: u1 = undefined;
2577 addcarryxU64(&x233, &x234, 0x0, x199, x221);
2578 var x235: u64 = undefined;
2579 var x236: u1 = undefined;
2580 addcarryxU64(&x235, &x236, x234, x201, x223);
2581 var x237: u64 = undefined;
2582 var x238: u1 = undefined;
2583 addcarryxU64(&x237, &x238, x236, x203, x225);
2584 var x239: u64 = undefined;
2585 var x240: u1 = undefined;
2586 addcarryxU64(&x239, &x240, x238, x205, x227);
2587 var x241: u64 = undefined;
2588 var x242: u1 = undefined;
2589 addcarryxU64(&x241, &x242, x240, x207, x229);
2590 var x243: u64 = undefined;
2591 var x244: u1 = undefined;
2592 addcarryxU64(&x243, &x244, x242, x209, x231);
2593 var x245: u64 = undefined;
2594 var x246: u64 = undefined;
2595 mulxU64(&x245, &x246, x233, 0x6ed46089e88fdc45);
2596 var x247: u64 = undefined;
2597 var x248: u64 = undefined;
2598 mulxU64(&x247, &x248, x245, 0xffffffffffffffff);
2599 var x249: u64 = undefined;
2600 var x250: u64 = undefined;
2601 mulxU64(&x249, &x250, x245, 0xffffffffffffffff);
2602 var x251: u64 = undefined;
2603 var x252: u64 = undefined;
2604 mulxU64(&x251, &x252, x245, 0xffffffffffffffff);
2605 var x253: u64 = undefined;
2606 var x254: u64 = undefined;
2607 mulxU64(&x253, &x254, x245, 0xc7634d81f4372ddf);
2608 var x255: u64 = undefined;
2609 var x256: u64 = undefined;
2610 mulxU64(&x255, &x256, x245, 0x581a0db248b0a77a);
2611 var x257: u64 = undefined;
2612 var x258: u64 = undefined;
2613 mulxU64(&x257, &x258, x245, 0xecec196accc52973);
2614 var x259: u64 = undefined;
2615 var x260: u1 = undefined;
2616 addcarryxU64(&x259, &x260, 0x0, x258, x255);
2617 var x261: u64 = undefined;
2618 var x262: u1 = undefined;
2619 addcarryxU64(&x261, &x262, x260, x256, x253);
2620 var x263: u64 = undefined;
2621 var x264: u1 = undefined;
2622 addcarryxU64(&x263, &x264, x262, x254, x251);
2623 var x265: u64 = undefined;
2624 var x266: u1 = undefined;
2625 addcarryxU64(&x265, &x266, x264, x252, x249);
2626 var x267: u64 = undefined;
2627 var x268: u1 = undefined;
2628 addcarryxU64(&x267, &x268, x266, x250, x247);
2629 var x269: u64 = undefined;
2630 var x270: u1 = undefined;
2631 addcarryxU64(&x269, &x270, 0x0, x233, x257);
2632 var x271: u64 = undefined;
2633 var x272: u1 = undefined;
2634 addcarryxU64(&x271, &x272, x270, x235, x259);
2635 var x273: u64 = undefined;
2636 var x274: u1 = undefined;
2637 addcarryxU64(&x273, &x274, x272, x237, x261);
2638 var x275: u64 = undefined;
2639 var x276: u1 = undefined;
2640 addcarryxU64(&x275, &x276, x274, x239, x263);
2641 var x277: u64 = undefined;
2642 var x278: u1 = undefined;
2643 addcarryxU64(&x277, &x278, x276, x241, x265);
2644 var x279: u64 = undefined;
2645 var x280: u1 = undefined;
2646 addcarryxU64(&x279, &x280, x278, x243, x267);
2647 var x281: u64 = undefined;
2648 var x282: u1 = undefined;
2649 addcarryxU64(&x281, &x282, x280, ((@as(u64, x244) + @as(u64, x210)) + (@as(u64, x232) + x212)), (@as(u64, x268) + x248));
2650 var x283: u64 = undefined;
2651 var x284: u64 = undefined;
2652 mulxU64(&x283, &x284, x4, 0xc84ee012b39bf21);
2653 var x285: u64 = undefined;
2654 var x286: u64 = undefined;
2655 mulxU64(&x285, &x286, x4, 0x3fb05b7a28266895);
2656 var x287: u64 = undefined;
2657 var x288: u64 = undefined;
2658 mulxU64(&x287, &x288, x4, 0xd40d49174aab1cc5);
2659 var x289: u64 = undefined;
2660 var x290: u64 = undefined;
2661 mulxU64(&x289, &x290, x4, 0xbc3e483afcb82947);
2662 var x291: u64 = undefined;
2663 var x292: u64 = undefined;
2664 mulxU64(&x291, &x292, x4, 0xff3d81e5df1aa419);
2665 var x293: u64 = undefined;
2666 var x294: u64 = undefined;
2667 mulxU64(&x293, &x294, x4, 0x2d319b2419b409a9);
2668 var x295: u64 = undefined;
2669 var x296: u1 = undefined;
2670 addcarryxU64(&x295, &x296, 0x0, x294, x291);
2671 var x297: u64 = undefined;
2672 var x298: u1 = undefined;
2673 addcarryxU64(&x297, &x298, x296, x292, x289);
2674 var x299: u64 = undefined;
2675 var x300: u1 = undefined;
2676 addcarryxU64(&x299, &x300, x298, x290, x287);
2677 var x301: u64 = undefined;
2678 var x302: u1 = undefined;
2679 addcarryxU64(&x301, &x302, x300, x288, x285);
2680 var x303: u64 = undefined;
2681 var x304: u1 = undefined;
2682 addcarryxU64(&x303, &x304, x302, x286, x283);
2683 var x305: u64 = undefined;
2684 var x306: u1 = undefined;
2685 addcarryxU64(&x305, &x306, 0x0, x271, x293);
2686 var x307: u64 = undefined;
2687 var x308: u1 = undefined;
2688 addcarryxU64(&x307, &x308, x306, x273, x295);
2689 var x309: u64 = undefined;
2690 var x310: u1 = undefined;
2691 addcarryxU64(&x309, &x310, x308, x275, x297);
2692 var x311: u64 = undefined;
2693 var x312: u1 = undefined;
2694 addcarryxU64(&x311, &x312, x310, x277, x299);
2695 var x313: u64 = undefined;
2696 var x314: u1 = undefined;
2697 addcarryxU64(&x313, &x314, x312, x279, x301);
2698 var x315: u64 = undefined;
2699 var x316: u1 = undefined;
2700 addcarryxU64(&x315, &x316, x314, x281, x303);
2701 var x317: u64 = undefined;
2702 var x318: u64 = undefined;
2703 mulxU64(&x317, &x318, x305, 0x6ed46089e88fdc45);
2704 var x319: u64 = undefined;
2705 var x320: u64 = undefined;
2706 mulxU64(&x319, &x320, x317, 0xffffffffffffffff);
2707 var x321: u64 = undefined;
2708 var x322: u64 = undefined;
2709 mulxU64(&x321, &x322, x317, 0xffffffffffffffff);
2710 var x323: u64 = undefined;
2711 var x324: u64 = undefined;
2712 mulxU64(&x323, &x324, x317, 0xffffffffffffffff);
2713 var x325: u64 = undefined;
2714 var x326: u64 = undefined;
2715 mulxU64(&x325, &x326, x317, 0xc7634d81f4372ddf);
2716 var x327: u64 = undefined;
2717 var x328: u64 = undefined;
2718 mulxU64(&x327, &x328, x317, 0x581a0db248b0a77a);
2719 var x329: u64 = undefined;
2720 var x330: u64 = undefined;
2721 mulxU64(&x329, &x330, x317, 0xecec196accc52973);
2722 var x331: u64 = undefined;
2723 var x332: u1 = undefined;
2724 addcarryxU64(&x331, &x332, 0x0, x330, x327);
2725 var x333: u64 = undefined;
2726 var x334: u1 = undefined;
2727 addcarryxU64(&x333, &x334, x332, x328, x325);
2728 var x335: u64 = undefined;
2729 var x336: u1 = undefined;
2730 addcarryxU64(&x335, &x336, x334, x326, x323);
2731 var x337: u64 = undefined;
2732 var x338: u1 = undefined;
2733 addcarryxU64(&x337, &x338, x336, x324, x321);
2734 var x339: u64 = undefined;
2735 var x340: u1 = undefined;
2736 addcarryxU64(&x339, &x340, x338, x322, x319);
2737 var x341: u64 = undefined;
2738 var x342: u1 = undefined;
2739 addcarryxU64(&x341, &x342, 0x0, x305, x329);
2740 var x343: u64 = undefined;
2741 var x344: u1 = undefined;
2742 addcarryxU64(&x343, &x344, x342, x307, x331);
2743 var x345: u64 = undefined;
2744 var x346: u1 = undefined;
2745 addcarryxU64(&x345, &x346, x344, x309, x333);
2746 var x347: u64 = undefined;
2747 var x348: u1 = undefined;
2748 addcarryxU64(&x347, &x348, x346, x311, x335);
2749 var x349: u64 = undefined;
2750 var x350: u1 = undefined;
2751 addcarryxU64(&x349, &x350, x348, x313, x337);
2752 var x351: u64 = undefined;
2753 var x352: u1 = undefined;
2754 addcarryxU64(&x351, &x352, x350, x315, x339);
2755 var x353: u64 = undefined;
2756 var x354: u1 = undefined;
2757 addcarryxU64(&x353, &x354, x352, ((@as(u64, x316) + @as(u64, x282)) + (@as(u64, x304) + x284)), (@as(u64, x340) + x320));
2758 var x355: u64 = undefined;
2759 var x356: u64 = undefined;
2760 mulxU64(&x355, &x356, x5, 0xc84ee012b39bf21);
2761 var x357: u64 = undefined;
2762 var x358: u64 = undefined;
2763 mulxU64(&x357, &x358, x5, 0x3fb05b7a28266895);
2764 var x359: u64 = undefined;
2765 var x360: u64 = undefined;
2766 mulxU64(&x359, &x360, x5, 0xd40d49174aab1cc5);
2767 var x361: u64 = undefined;
2768 var x362: u64 = undefined;
2769 mulxU64(&x361, &x362, x5, 0xbc3e483afcb82947);
2770 var x363: u64 = undefined;
2771 var x364: u64 = undefined;
2772 mulxU64(&x363, &x364, x5, 0xff3d81e5df1aa419);
2773 var x365: u64 = undefined;
2774 var x366: u64 = undefined;
2775 mulxU64(&x365, &x366, x5, 0x2d319b2419b409a9);
2776 var x367: u64 = undefined;
2777 var x368: u1 = undefined;
2778 addcarryxU64(&x367, &x368, 0x0, x366, x363);
2779 var x369: u64 = undefined;
2780 var x370: u1 = undefined;
2781 addcarryxU64(&x369, &x370, x368, x364, x361);
2782 var x371: u64 = undefined;
2783 var x372: u1 = undefined;
2784 addcarryxU64(&x371, &x372, x370, x362, x359);
2785 var x373: u64 = undefined;
2786 var x374: u1 = undefined;
2787 addcarryxU64(&x373, &x374, x372, x360, x357);
2788 var x375: u64 = undefined;
2789 var x376: u1 = undefined;
2790 addcarryxU64(&x375, &x376, x374, x358, x355);
2791 var x377: u64 = undefined;
2792 var x378: u1 = undefined;
2793 addcarryxU64(&x377, &x378, 0x0, x343, x365);
2794 var x379: u64 = undefined;
2795 var x380: u1 = undefined;
2796 addcarryxU64(&x379, &x380, x378, x345, x367);
2797 var x381: u64 = undefined;
2798 var x382: u1 = undefined;
2799 addcarryxU64(&x381, &x382, x380, x347, x369);
2800 var x383: u64 = undefined;
2801 var x384: u1 = undefined;
2802 addcarryxU64(&x383, &x384, x382, x349, x371);
2803 var x385: u64 = undefined;
2804 var x386: u1 = undefined;
2805 addcarryxU64(&x385, &x386, x384, x351, x373);
2806 var x387: u64 = undefined;
2807 var x388: u1 = undefined;
2808 addcarryxU64(&x387, &x388, x386, x353, x375);
2809 var x389: u64 = undefined;
2810 var x390: u64 = undefined;
2811 mulxU64(&x389, &x390, x377, 0x6ed46089e88fdc45);
2812 var x391: u64 = undefined;
2813 var x392: u64 = undefined;
2814 mulxU64(&x391, &x392, x389, 0xffffffffffffffff);
2815 var x393: u64 = undefined;
2816 var x394: u64 = undefined;
2817 mulxU64(&x393, &x394, x389, 0xffffffffffffffff);
2818 var x395: u64 = undefined;
2819 var x396: u64 = undefined;
2820 mulxU64(&x395, &x396, x389, 0xffffffffffffffff);
2821 var x397: u64 = undefined;
2822 var x398: u64 = undefined;
2823 mulxU64(&x397, &x398, x389, 0xc7634d81f4372ddf);
2824 var x399: u64 = undefined;
2825 var x400: u64 = undefined;
2826 mulxU64(&x399, &x400, x389, 0x581a0db248b0a77a);
2827 var x401: u64 = undefined;
2828 var x402: u64 = undefined;
2829 mulxU64(&x401, &x402, x389, 0xecec196accc52973);
2830 var x403: u64 = undefined;
2831 var x404: u1 = undefined;
2832 addcarryxU64(&x403, &x404, 0x0, x402, x399);
2833 var x405: u64 = undefined;
2834 var x406: u1 = undefined;
2835 addcarryxU64(&x405, &x406, x404, x400, x397);
2836 var x407: u64 = undefined;
2837 var x408: u1 = undefined;
2838 addcarryxU64(&x407, &x408, x406, x398, x395);
2839 var x409: u64 = undefined;
2840 var x410: u1 = undefined;
2841 addcarryxU64(&x409, &x410, x408, x396, x393);
2842 var x411: u64 = undefined;
2843 var x412: u1 = undefined;
2844 addcarryxU64(&x411, &x412, x410, x394, x391);
2845 var x413: u64 = undefined;
2846 var x414: u1 = undefined;
2847 addcarryxU64(&x413, &x414, 0x0, x377, x401);
2848 var x415: u64 = undefined;
2849 var x416: u1 = undefined;
2850 addcarryxU64(&x415, &x416, x414, x379, x403);
2851 var x417: u64 = undefined;
2852 var x418: u1 = undefined;
2853 addcarryxU64(&x417, &x418, x416, x381, x405);
2854 var x419: u64 = undefined;
2855 var x420: u1 = undefined;
2856 addcarryxU64(&x419, &x420, x418, x383, x407);
2857 var x421: u64 = undefined;
2858 var x422: u1 = undefined;
2859 addcarryxU64(&x421, &x422, x420, x385, x409);
2860 var x423: u64 = undefined;
2861 var x424: u1 = undefined;
2862 addcarryxU64(&x423, &x424, x422, x387, x411);
2863 var x425: u64 = undefined;
2864 var x426: u1 = undefined;
2865 addcarryxU64(&x425, &x426, x424, ((@as(u64, x388) + @as(u64, x354)) + (@as(u64, x376) + x356)), (@as(u64, x412) + x392));
2866 var x427: u64 = undefined;
2867 var x428: u1 = undefined;
2868 subborrowxU64(&x427, &x428, 0x0, x415, 0xecec196accc52973);
2869 var x429: u64 = undefined;
2870 var x430: u1 = undefined;
2871 subborrowxU64(&x429, &x430, x428, x417, 0x581a0db248b0a77a);
2872 var x431: u64 = undefined;
2873 var x432: u1 = undefined;
2874 subborrowxU64(&x431, &x432, x430, x419, 0xc7634d81f4372ddf);
2875 var x433: u64 = undefined;
2876 var x434: u1 = undefined;
2877 subborrowxU64(&x433, &x434, x432, x421, 0xffffffffffffffff);
2878 var x435: u64 = undefined;
2879 var x436: u1 = undefined;
2880 subborrowxU64(&x435, &x436, x434, x423, 0xffffffffffffffff);
2881 var x437: u64 = undefined;
2882 var x438: u1 = undefined;
2883 subborrowxU64(&x437, &x438, x436, x425, 0xffffffffffffffff);
2884 var x439: u64 = undefined;
2885 var x440: u1 = undefined;
2886 subborrowxU64(&x439, &x440, x438, @as(u64, x426), 0x0);
2887 var x441: u64 = undefined;
2888 cmovznzU64(&x441, x440, x427, x415);
2889 var x442: u64 = undefined;
2890 cmovznzU64(&x442, x440, x429, x417);
2891 var x443: u64 = undefined;
2892 cmovznzU64(&x443, x440, x431, x419);
2893 var x444: u64 = undefined;
2894 cmovznzU64(&x444, x440, x433, x421);
2895 var x445: u64 = undefined;
2896 cmovznzU64(&x445, x440, x435, x423);
2897 var x446: u64 = undefined;
2898 cmovznzU64(&x446, x440, x437, x425);
2899 out1[0] = x441;
2900 out1[1] = x442;
2901 out1[2] = x443;
2902 out1[3] = x444;
2903 out1[4] = x445;
2904 out1[5] = x446;
2905}
2906
2907/// The function nonzero outputs a single non-zero word if the input is non-zero and zero otherwise.
2908///
2909/// Preconditions:
2910/// 0 ≤ eval arg1 < m
2911/// Postconditions:
2912/// out1 = 0 ↔ eval (from_montgomery arg1) mod m = 0
2913///
2914/// Input Bounds:
2915/// arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
2916/// Output Bounds:
2917/// out1: [0x0 ~> 0xffffffffffffffff]
2918pub fn nonzero(out1: *u64, arg1: [6]u64) void {
2919 @setRuntimeSafety(mode == .Debug);
2920
2921 const x1 = ((arg1[0]) | ((arg1[1]) | ((arg1[2]) | ((arg1[3]) | ((arg1[4]) | (arg1[5]))))));
2922 out1.* = x1;
2923}
2924
2925/// The function selectznz is a multi-limb conditional select.
2926///
2927/// Postconditions:
2928/// out1 = (if arg1 = 0 then arg2 else arg3)
2929///
2930/// Input Bounds:
2931/// arg1: [0x0 ~> 0x1]
2932/// arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
2933/// arg3: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
2934/// Output Bounds:
2935/// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
2936pub fn selectznz(out1: *[6]u64, arg1: u1, arg2: [6]u64, arg3: [6]u64) void {
2937 @setRuntimeSafety(mode == .Debug);
2938
2939 var x1: u64 = undefined;
2940 cmovznzU64(&x1, arg1, (arg2[0]), (arg3[0]));
2941 var x2: u64 = undefined;
2942 cmovznzU64(&x2, arg1, (arg2[1]), (arg3[1]));
2943 var x3: u64 = undefined;
2944 cmovznzU64(&x3, arg1, (arg2[2]), (arg3[2]));
2945 var x4: u64 = undefined;
2946 cmovznzU64(&x4, arg1, (arg2[3]), (arg3[3]));
2947 var x5: u64 = undefined;
2948 cmovznzU64(&x5, arg1, (arg2[4]), (arg3[4]));
2949 var x6: u64 = undefined;
2950 cmovznzU64(&x6, arg1, (arg2[5]), (arg3[5]));
2951 out1[0] = x1;
2952 out1[1] = x2;
2953 out1[2] = x3;
2954 out1[3] = x4;
2955 out1[4] = x5;
2956 out1[5] = x6;
2957}
2958
2959/// The function toBytes serializes a field element NOT in the Montgomery domain to bytes in little-endian order.
2960///
2961/// Preconditions:
2962/// 0 ≤ eval arg1 < m
2963/// Postconditions:
2964/// out1 = map (λ x, ⌊((eval arg1 mod m) mod 2^(8 * (x + 1))) / 2^(8 * x)⌋) [0..47]
2965///
2966/// Input Bounds:
2967/// arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
2968/// Output Bounds:
2969/// out1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff]]
2970pub fn toBytes(out1: *[48]u8, arg1: [6]u64) void {
2971 @setRuntimeSafety(mode == .Debug);
2972
2973 const x1 = (arg1[5]);
2974 const x2 = (arg1[4]);
2975 const x3 = (arg1[3]);
2976 const x4 = (arg1[2]);
2977 const x5 = (arg1[1]);
2978 const x6 = (arg1[0]);
2979 const x7 = @as(u8, @truncate((x6 & 0xff)));
2980 const x8 = (x6 >> 8);
2981 const x9 = @as(u8, @truncate((x8 & 0xff)));
2982 const x10 = (x8 >> 8);
2983 const x11 = @as(u8, @truncate((x10 & 0xff)));
2984 const x12 = (x10 >> 8);
2985 const x13 = @as(u8, @truncate((x12 & 0xff)));
2986 const x14 = (x12 >> 8);
2987 const x15 = @as(u8, @truncate((x14 & 0xff)));
2988 const x16 = (x14 >> 8);
2989 const x17 = @as(u8, @truncate((x16 & 0xff)));
2990 const x18 = (x16 >> 8);
2991 const x19 = @as(u8, @truncate((x18 & 0xff)));
2992 const x20 = @as(u8, @truncate((x18 >> 8)));
2993 const x21 = @as(u8, @truncate((x5 & 0xff)));
2994 const x22 = (x5 >> 8);
2995 const x23 = @as(u8, @truncate((x22 & 0xff)));
2996 const x24 = (x22 >> 8);
2997 const x25 = @as(u8, @truncate((x24 & 0xff)));
2998 const x26 = (x24 >> 8);
2999 const x27 = @as(u8, @truncate((x26 & 0xff)));
3000 const x28 = (x26 >> 8);
3001 const x29 = @as(u8, @truncate((x28 & 0xff)));
3002 const x30 = (x28 >> 8);
3003 const x31 = @as(u8, @truncate((x30 & 0xff)));
3004 const x32 = (x30 >> 8);
3005 const x33 = @as(u8, @truncate((x32 & 0xff)));
3006 const x34 = @as(u8, @truncate((x32 >> 8)));
3007 const x35 = @as(u8, @truncate((x4 & 0xff)));
3008 const x36 = (x4 >> 8);
3009 const x37 = @as(u8, @truncate((x36 & 0xff)));
3010 const x38 = (x36 >> 8);
3011 const x39 = @as(u8, @truncate((x38 & 0xff)));
3012 const x40 = (x38 >> 8);
3013 const x41 = @as(u8, @truncate((x40 & 0xff)));
3014 const x42 = (x40 >> 8);
3015 const x43 = @as(u8, @truncate((x42 & 0xff)));
3016 const x44 = (x42 >> 8);
3017 const x45 = @as(u8, @truncate((x44 & 0xff)));
3018 const x46 = (x44 >> 8);
3019 const x47 = @as(u8, @truncate((x46 & 0xff)));
3020 const x48 = @as(u8, @truncate((x46 >> 8)));
3021 const x49 = @as(u8, @truncate((x3 & 0xff)));
3022 const x50 = (x3 >> 8);
3023 const x51 = @as(u8, @truncate((x50 & 0xff)));
3024 const x52 = (x50 >> 8);
3025 const x53 = @as(u8, @truncate((x52 & 0xff)));
3026 const x54 = (x52 >> 8);
3027 const x55 = @as(u8, @truncate((x54 & 0xff)));
3028 const x56 = (x54 >> 8);
3029 const x57 = @as(u8, @truncate((x56 & 0xff)));
3030 const x58 = (x56 >> 8);
3031 const x59 = @as(u8, @truncate((x58 & 0xff)));
3032 const x60 = (x58 >> 8);
3033 const x61 = @as(u8, @truncate((x60 & 0xff)));
3034 const x62 = @as(u8, @truncate((x60 >> 8)));
3035 const x63 = @as(u8, @truncate((x2 & 0xff)));
3036 const x64 = (x2 >> 8);
3037 const x65 = @as(u8, @truncate((x64 & 0xff)));
3038 const x66 = (x64 >> 8);
3039 const x67 = @as(u8, @truncate((x66 & 0xff)));
3040 const x68 = (x66 >> 8);
3041 const x69 = @as(u8, @truncate((x68 & 0xff)));
3042 const x70 = (x68 >> 8);
3043 const x71 = @as(u8, @truncate((x70 & 0xff)));
3044 const x72 = (x70 >> 8);
3045 const x73 = @as(u8, @truncate((x72 & 0xff)));
3046 const x74 = (x72 >> 8);
3047 const x75 = @as(u8, @truncate((x74 & 0xff)));
3048 const x76 = @as(u8, @truncate((x74 >> 8)));
3049 const x77 = @as(u8, @truncate((x1 & 0xff)));
3050 const x78 = (x1 >> 8);
3051 const x79 = @as(u8, @truncate((x78 & 0xff)));
3052 const x80 = (x78 >> 8);
3053 const x81 = @as(u8, @truncate((x80 & 0xff)));
3054 const x82 = (x80 >> 8);
3055 const x83 = @as(u8, @truncate((x82 & 0xff)));
3056 const x84 = (x82 >> 8);
3057 const x85 = @as(u8, @truncate((x84 & 0xff)));
3058 const x86 = (x84 >> 8);
3059 const x87 = @as(u8, @truncate((x86 & 0xff)));
3060 const x88 = (x86 >> 8);
3061 const x89 = @as(u8, @truncate((x88 & 0xff)));
3062 const x90 = @as(u8, @truncate((x88 >> 8)));
3063 out1[0] = x7;
3064 out1[1] = x9;
3065 out1[2] = x11;
3066 out1[3] = x13;
3067 out1[4] = x15;
3068 out1[5] = x17;
3069 out1[6] = x19;
3070 out1[7] = x20;
3071 out1[8] = x21;
3072 out1[9] = x23;
3073 out1[10] = x25;
3074 out1[11] = x27;
3075 out1[12] = x29;
3076 out1[13] = x31;
3077 out1[14] = x33;
3078 out1[15] = x34;
3079 out1[16] = x35;
3080 out1[17] = x37;
3081 out1[18] = x39;
3082 out1[19] = x41;
3083 out1[20] = x43;
3084 out1[21] = x45;
3085 out1[22] = x47;
3086 out1[23] = x48;
3087 out1[24] = x49;
3088 out1[25] = x51;
3089 out1[26] = x53;
3090 out1[27] = x55;
3091 out1[28] = x57;
3092 out1[29] = x59;
3093 out1[30] = x61;
3094 out1[31] = x62;
3095 out1[32] = x63;
3096 out1[33] = x65;
3097 out1[34] = x67;
3098 out1[35] = x69;
3099 out1[36] = x71;
3100 out1[37] = x73;
3101 out1[38] = x75;
3102 out1[39] = x76;
3103 out1[40] = x77;
3104 out1[41] = x79;
3105 out1[42] = x81;
3106 out1[43] = x83;
3107 out1[44] = x85;
3108 out1[45] = x87;
3109 out1[46] = x89;
3110 out1[47] = x90;
3111}
3112
3113/// The function fromBytes deserializes a field element NOT in the Montgomery domain from bytes in little-endian order.
3114///
3115/// Preconditions:
3116/// 0 ≤ bytes_eval arg1 < m
3117/// Postconditions:
3118/// eval out1 mod m = bytes_eval arg1 mod m
3119/// 0 ≤ eval out1 < m
3120///
3121/// Input Bounds:
3122/// arg1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff]]
3123/// Output Bounds:
3124/// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
3125pub fn fromBytes(out1: *[6]u64, arg1: [48]u8) void {
3126 @setRuntimeSafety(mode == .Debug);
3127
3128 const x1 = (@as(u64, (arg1[47])) << 56);
3129 const x2 = (@as(u64, (arg1[46])) << 48);
3130 const x3 = (@as(u64, (arg1[45])) << 40);
3131 const x4 = (@as(u64, (arg1[44])) << 32);
3132 const x5 = (@as(u64, (arg1[43])) << 24);
3133 const x6 = (@as(u64, (arg1[42])) << 16);
3134 const x7 = (@as(u64, (arg1[41])) << 8);
3135 const x8 = (arg1[40]);
3136 const x9 = (@as(u64, (arg1[39])) << 56);
3137 const x10 = (@as(u64, (arg1[38])) << 48);
3138 const x11 = (@as(u64, (arg1[37])) << 40);
3139 const x12 = (@as(u64, (arg1[36])) << 32);
3140 const x13 = (@as(u64, (arg1[35])) << 24);
3141 const x14 = (@as(u64, (arg1[34])) << 16);
3142 const x15 = (@as(u64, (arg1[33])) << 8);
3143 const x16 = (arg1[32]);
3144 const x17 = (@as(u64, (arg1[31])) << 56);
3145 const x18 = (@as(u64, (arg1[30])) << 48);
3146 const x19 = (@as(u64, (arg1[29])) << 40);
3147 const x20 = (@as(u64, (arg1[28])) << 32);
3148 const x21 = (@as(u64, (arg1[27])) << 24);
3149 const x22 = (@as(u64, (arg1[26])) << 16);
3150 const x23 = (@as(u64, (arg1[25])) << 8);
3151 const x24 = (arg1[24]);
3152 const x25 = (@as(u64, (arg1[23])) << 56);
3153 const x26 = (@as(u64, (arg1[22])) << 48);
3154 const x27 = (@as(u64, (arg1[21])) << 40);
3155 const x28 = (@as(u64, (arg1[20])) << 32);
3156 const x29 = (@as(u64, (arg1[19])) << 24);
3157 const x30 = (@as(u64, (arg1[18])) << 16);
3158 const x31 = (@as(u64, (arg1[17])) << 8);
3159 const x32 = (arg1[16]);
3160 const x33 = (@as(u64, (arg1[15])) << 56);
3161 const x34 = (@as(u64, (arg1[14])) << 48);
3162 const x35 = (@as(u64, (arg1[13])) << 40);
3163 const x36 = (@as(u64, (arg1[12])) << 32);
3164 const x37 = (@as(u64, (arg1[11])) << 24);
3165 const x38 = (@as(u64, (arg1[10])) << 16);
3166 const x39 = (@as(u64, (arg1[9])) << 8);
3167 const x40 = (arg1[8]);
3168 const x41 = (@as(u64, (arg1[7])) << 56);
3169 const x42 = (@as(u64, (arg1[6])) << 48);
3170 const x43 = (@as(u64, (arg1[5])) << 40);
3171 const x44 = (@as(u64, (arg1[4])) << 32);
3172 const x45 = (@as(u64, (arg1[3])) << 24);
3173 const x46 = (@as(u64, (arg1[2])) << 16);
3174 const x47 = (@as(u64, (arg1[1])) << 8);
3175 const x48 = (arg1[0]);
3176 const x49 = (x47 + @as(u64, x48));
3177 const x50 = (x46 + x49);
3178 const x51 = (x45 + x50);
3179 const x52 = (x44 + x51);
3180 const x53 = (x43 + x52);
3181 const x54 = (x42 + x53);
3182 const x55 = (x41 + x54);
3183 const x56 = (x39 + @as(u64, x40));
3184 const x57 = (x38 + x56);
3185 const x58 = (x37 + x57);
3186 const x59 = (x36 + x58);
3187 const x60 = (x35 + x59);
3188 const x61 = (x34 + x60);
3189 const x62 = (x33 + x61);
3190 const x63 = (x31 + @as(u64, x32));
3191 const x64 = (x30 + x63);
3192 const x65 = (x29 + x64);
3193 const x66 = (x28 + x65);
3194 const x67 = (x27 + x66);
3195 const x68 = (x26 + x67);
3196 const x69 = (x25 + x68);
3197 const x70 = (x23 + @as(u64, x24));
3198 const x71 = (x22 + x70);
3199 const x72 = (x21 + x71);
3200 const x73 = (x20 + x72);
3201 const x74 = (x19 + x73);
3202 const x75 = (x18 + x74);
3203 const x76 = (x17 + x75);
3204 const x77 = (x15 + @as(u64, x16));
3205 const x78 = (x14 + x77);
3206 const x79 = (x13 + x78);
3207 const x80 = (x12 + x79);
3208 const x81 = (x11 + x80);
3209 const x82 = (x10 + x81);
3210 const x83 = (x9 + x82);
3211 const x84 = (x7 + @as(u64, x8));
3212 const x85 = (x6 + x84);
3213 const x86 = (x5 + x85);
3214 const x87 = (x4 + x86);
3215 const x88 = (x3 + x87);
3216 const x89 = (x2 + x88);
3217 const x90 = (x1 + x89);
3218 out1[0] = x55;
3219 out1[1] = x62;
3220 out1[2] = x69;
3221 out1[3] = x76;
3222 out1[4] = x83;
3223 out1[5] = x90;
3224}
3225
3226/// The function setOne returns the field element one in the Montgomery domain.
3227///
3228/// Postconditions:
3229/// eval (from_montgomery out1) mod m = 1 mod m
3230/// 0 ≤ eval out1 < m
3231///
3232pub fn setOne(out1: *MontgomeryDomainFieldElement) void {
3233 @setRuntimeSafety(mode == .Debug);
3234
3235 out1[0] = 0x1313e695333ad68d;
3236 out1[1] = 0xa7e5f24db74f5885;
3237 out1[2] = 0x389cb27e0bc8d220;
3238 out1[3] = 0x0;
3239 out1[4] = 0x0;
3240 out1[5] = 0x0;
3241}
3242
3243/// The function msat returns the saturated representation of the prime modulus.
3244///
3245/// Postconditions:
3246/// twos_complement_eval out1 = m
3247/// 0 ≤ eval out1 < m
3248///
3249/// Output Bounds:
3250/// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
3251pub fn msat(out1: *[7]u64) void {
3252 @setRuntimeSafety(mode == .Debug);
3253
3254 out1[0] = 0xecec196accc52973;
3255 out1[1] = 0x581a0db248b0a77a;
3256 out1[2] = 0xc7634d81f4372ddf;
3257 out1[3] = 0xffffffffffffffff;
3258 out1[4] = 0xffffffffffffffff;
3259 out1[5] = 0xffffffffffffffff;
3260 out1[6] = 0x0;
3261}
3262
3263/// The function divstep computes a divstep.
3264///
3265/// Preconditions:
3266/// 0 ≤ eval arg4 < m
3267/// 0 ≤ eval arg5 < m
3268/// Postconditions:
3269/// out1 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then 1 - arg1 else 1 + arg1)
3270/// twos_complement_eval out2 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then twos_complement_eval arg3 else twos_complement_eval arg2)
3271/// twos_complement_eval out3 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then ⌊(twos_complement_eval arg3 - twos_complement_eval arg2) / 2⌋ else ⌊(twos_complement_eval arg3 + (twos_complement_eval arg3 mod 2) * twos_complement_eval arg2) / 2⌋)
3272/// eval (from_montgomery out4) mod m = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then (2 * eval (from_montgomery arg5)) mod m else (2 * eval (from_montgomery arg4)) mod m)
3273/// eval (from_montgomery out5) mod m = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then (eval (from_montgomery arg4) - eval (from_montgomery arg4)) mod m else (eval (from_montgomery arg5) + (twos_complement_eval arg3 mod 2) * eval (from_montgomery arg4)) mod m)
3274/// 0 ≤ eval out5 < m
3275/// 0 ≤ eval out5 < m
3276/// 0 ≤ eval out2 < m
3277/// 0 ≤ eval out3 < m
3278///
3279/// Input Bounds:
3280/// arg1: [0x0 ~> 0xffffffffffffffff]
3281/// arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
3282/// arg3: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
3283/// arg4: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
3284/// arg5: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
3285/// Output Bounds:
3286/// out1: [0x0 ~> 0xffffffffffffffff]
3287/// out2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
3288/// out3: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
3289/// out4: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
3290/// out5: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
3291pub fn divstep(out1: *u64, out2: *[7]u64, out3: *[7]u64, out4: *[6]u64, out5: *[6]u64, arg1: u64, arg2: [7]u64, arg3: [7]u64, arg4: [6]u64, arg5: [6]u64) void {
3292 @setRuntimeSafety(mode == .Debug);
3293
3294 var x1: u64 = undefined;
3295 var x2: u1 = undefined;
3296 addcarryxU64(&x1, &x2, 0x0, (~arg1), 0x1);
3297 const x3 = (@as(u1, @truncate((x1 >> 63))) & @as(u1, @truncate(((arg3[0]) & 0x1))));
3298 var x4: u64 = undefined;
3299 var x5: u1 = undefined;
3300 addcarryxU64(&x4, &x5, 0x0, (~arg1), 0x1);
3301 var x6: u64 = undefined;
3302 cmovznzU64(&x6, x3, arg1, x4);
3303 var x7: u64 = undefined;
3304 cmovznzU64(&x7, x3, (arg2[0]), (arg3[0]));
3305 var x8: u64 = undefined;
3306 cmovznzU64(&x8, x3, (arg2[1]), (arg3[1]));
3307 var x9: u64 = undefined;
3308 cmovznzU64(&x9, x3, (arg2[2]), (arg3[2]));
3309 var x10: u64 = undefined;
3310 cmovznzU64(&x10, x3, (arg2[3]), (arg3[3]));
3311 var x11: u64 = undefined;
3312 cmovznzU64(&x11, x3, (arg2[4]), (arg3[4]));
3313 var x12: u64 = undefined;
3314 cmovznzU64(&x12, x3, (arg2[5]), (arg3[5]));
3315 var x13: u64 = undefined;
3316 cmovznzU64(&x13, x3, (arg2[6]), (arg3[6]));
3317 var x14: u64 = undefined;
3318 var x15: u1 = undefined;
3319 addcarryxU64(&x14, &x15, 0x0, 0x1, (~(arg2[0])));
3320 var x16: u64 = undefined;
3321 var x17: u1 = undefined;
3322 addcarryxU64(&x16, &x17, x15, 0x0, (~(arg2[1])));
3323 var x18: u64 = undefined;
3324 var x19: u1 = undefined;
3325 addcarryxU64(&x18, &x19, x17, 0x0, (~(arg2[2])));
3326 var x20: u64 = undefined;
3327 var x21: u1 = undefined;
3328 addcarryxU64(&x20, &x21, x19, 0x0, (~(arg2[3])));
3329 var x22: u64 = undefined;
3330 var x23: u1 = undefined;
3331 addcarryxU64(&x22, &x23, x21, 0x0, (~(arg2[4])));
3332 var x24: u64 = undefined;
3333 var x25: u1 = undefined;
3334 addcarryxU64(&x24, &x25, x23, 0x0, (~(arg2[5])));
3335 var x26: u64 = undefined;
3336 var x27: u1 = undefined;
3337 addcarryxU64(&x26, &x27, x25, 0x0, (~(arg2[6])));
3338 var x28: u64 = undefined;
3339 cmovznzU64(&x28, x3, (arg3[0]), x14);
3340 var x29: u64 = undefined;
3341 cmovznzU64(&x29, x3, (arg3[1]), x16);
3342 var x30: u64 = undefined;
3343 cmovznzU64(&x30, x3, (arg3[2]), x18);
3344 var x31: u64 = undefined;
3345 cmovznzU64(&x31, x3, (arg3[3]), x20);
3346 var x32: u64 = undefined;
3347 cmovznzU64(&x32, x3, (arg3[4]), x22);
3348 var x33: u64 = undefined;
3349 cmovznzU64(&x33, x3, (arg3[5]), x24);
3350 var x34: u64 = undefined;
3351 cmovznzU64(&x34, x3, (arg3[6]), x26);
3352 var x35: u64 = undefined;
3353 cmovznzU64(&x35, x3, (arg4[0]), (arg5[0]));
3354 var x36: u64 = undefined;
3355 cmovznzU64(&x36, x3, (arg4[1]), (arg5[1]));
3356 var x37: u64 = undefined;
3357 cmovznzU64(&x37, x3, (arg4[2]), (arg5[2]));
3358 var x38: u64 = undefined;
3359 cmovznzU64(&x38, x3, (arg4[3]), (arg5[3]));
3360 var x39: u64 = undefined;
3361 cmovznzU64(&x39, x3, (arg4[4]), (arg5[4]));
3362 var x40: u64 = undefined;
3363 cmovznzU64(&x40, x3, (arg4[5]), (arg5[5]));
3364 var x41: u64 = undefined;
3365 var x42: u1 = undefined;
3366 addcarryxU64(&x41, &x42, 0x0, x35, x35);
3367 var x43: u64 = undefined;
3368 var x44: u1 = undefined;
3369 addcarryxU64(&x43, &x44, x42, x36, x36);
3370 var x45: u64 = undefined;
3371 var x46: u1 = undefined;
3372 addcarryxU64(&x45, &x46, x44, x37, x37);
3373 var x47: u64 = undefined;
3374 var x48: u1 = undefined;
3375 addcarryxU64(&x47, &x48, x46, x38, x38);
3376 var x49: u64 = undefined;
3377 var x50: u1 = undefined;
3378 addcarryxU64(&x49, &x50, x48, x39, x39);
3379 var x51: u64 = undefined;
3380 var x52: u1 = undefined;
3381 addcarryxU64(&x51, &x52, x50, x40, x40);
3382 var x53: u64 = undefined;
3383 var x54: u1 = undefined;
3384 subborrowxU64(&x53, &x54, 0x0, x41, 0xecec196accc52973);
3385 var x55: u64 = undefined;
3386 var x56: u1 = undefined;
3387 subborrowxU64(&x55, &x56, x54, x43, 0x581a0db248b0a77a);
3388 var x57: u64 = undefined;
3389 var x58: u1 = undefined;
3390 subborrowxU64(&x57, &x58, x56, x45, 0xc7634d81f4372ddf);
3391 var x59: u64 = undefined;
3392 var x60: u1 = undefined;
3393 subborrowxU64(&x59, &x60, x58, x47, 0xffffffffffffffff);
3394 var x61: u64 = undefined;
3395 var x62: u1 = undefined;
3396 subborrowxU64(&x61, &x62, x60, x49, 0xffffffffffffffff);
3397 var x63: u64 = undefined;
3398 var x64: u1 = undefined;
3399 subborrowxU64(&x63, &x64, x62, x51, 0xffffffffffffffff);
3400 var x65: u64 = undefined;
3401 var x66: u1 = undefined;
3402 subborrowxU64(&x65, &x66, x64, @as(u64, x52), 0x0);
3403 const x67 = (arg4[5]);
3404 const x68 = (arg4[4]);
3405 const x69 = (arg4[3]);
3406 const x70 = (arg4[2]);
3407 const x71 = (arg4[1]);
3408 const x72 = (arg4[0]);
3409 var x73: u64 = undefined;
3410 var x74: u1 = undefined;
3411 subborrowxU64(&x73, &x74, 0x0, 0x0, x72);
3412 var x75: u64 = undefined;
3413 var x76: u1 = undefined;
3414 subborrowxU64(&x75, &x76, x74, 0x0, x71);
3415 var x77: u64 = undefined;
3416 var x78: u1 = undefined;
3417 subborrowxU64(&x77, &x78, x76, 0x0, x70);
3418 var x79: u64 = undefined;
3419 var x80: u1 = undefined;
3420 subborrowxU64(&x79, &x80, x78, 0x0, x69);
3421 var x81: u64 = undefined;
3422 var x82: u1 = undefined;
3423 subborrowxU64(&x81, &x82, x80, 0x0, x68);
3424 var x83: u64 = undefined;
3425 var x84: u1 = undefined;
3426 subborrowxU64(&x83, &x84, x82, 0x0, x67);
3427 var x85: u64 = undefined;
3428 cmovznzU64(&x85, x84, 0x0, 0xffffffffffffffff);
3429 var x86: u64 = undefined;
3430 var x87: u1 = undefined;
3431 addcarryxU64(&x86, &x87, 0x0, x73, (x85 & 0xecec196accc52973));
3432 var x88: u64 = undefined;
3433 var x89: u1 = undefined;
3434 addcarryxU64(&x88, &x89, x87, x75, (x85 & 0x581a0db248b0a77a));
3435 var x90: u64 = undefined;
3436 var x91: u1 = undefined;
3437 addcarryxU64(&x90, &x91, x89, x77, (x85 & 0xc7634d81f4372ddf));
3438 var x92: u64 = undefined;
3439 var x93: u1 = undefined;
3440 addcarryxU64(&x92, &x93, x91, x79, x85);
3441 var x94: u64 = undefined;
3442 var x95: u1 = undefined;
3443 addcarryxU64(&x94, &x95, x93, x81, x85);
3444 var x96: u64 = undefined;
3445 var x97: u1 = undefined;
3446 addcarryxU64(&x96, &x97, x95, x83, x85);
3447 var x98: u64 = undefined;
3448 cmovznzU64(&x98, x3, (arg5[0]), x86);
3449 var x99: u64 = undefined;
3450 cmovznzU64(&x99, x3, (arg5[1]), x88);
3451 var x100: u64 = undefined;
3452 cmovznzU64(&x100, x3, (arg5[2]), x90);
3453 var x101: u64 = undefined;
3454 cmovznzU64(&x101, x3, (arg5[3]), x92);
3455 var x102: u64 = undefined;
3456 cmovznzU64(&x102, x3, (arg5[4]), x94);
3457 var x103: u64 = undefined;
3458 cmovznzU64(&x103, x3, (arg5[5]), x96);
3459 const x104 = @as(u1, @truncate((x28 & 0x1)));
3460 var x105: u64 = undefined;
3461 cmovznzU64(&x105, x104, 0x0, x7);
3462 var x106: u64 = undefined;
3463 cmovznzU64(&x106, x104, 0x0, x8);
3464 var x107: u64 = undefined;
3465 cmovznzU64(&x107, x104, 0x0, x9);
3466 var x108: u64 = undefined;
3467 cmovznzU64(&x108, x104, 0x0, x10);
3468 var x109: u64 = undefined;
3469 cmovznzU64(&x109, x104, 0x0, x11);
3470 var x110: u64 = undefined;
3471 cmovznzU64(&x110, x104, 0x0, x12);
3472 var x111: u64 = undefined;
3473 cmovznzU64(&x111, x104, 0x0, x13);
3474 var x112: u64 = undefined;
3475 var x113: u1 = undefined;
3476 addcarryxU64(&x112, &x113, 0x0, x28, x105);
3477 var x114: u64 = undefined;
3478 var x115: u1 = undefined;
3479 addcarryxU64(&x114, &x115, x113, x29, x106);
3480 var x116: u64 = undefined;
3481 var x117: u1 = undefined;
3482 addcarryxU64(&x116, &x117, x115, x30, x107);
3483 var x118: u64 = undefined;
3484 var x119: u1 = undefined;
3485 addcarryxU64(&x118, &x119, x117, x31, x108);
3486 var x120: u64 = undefined;
3487 var x121: u1 = undefined;
3488 addcarryxU64(&x120, &x121, x119, x32, x109);
3489 var x122: u64 = undefined;
3490 var x123: u1 = undefined;
3491 addcarryxU64(&x122, &x123, x121, x33, x110);
3492 var x124: u64 = undefined;
3493 var x125: u1 = undefined;
3494 addcarryxU64(&x124, &x125, x123, x34, x111);
3495 var x126: u64 = undefined;
3496 cmovznzU64(&x126, x104, 0x0, x35);
3497 var x127: u64 = undefined;
3498 cmovznzU64(&x127, x104, 0x0, x36);
3499 var x128: u64 = undefined;
3500 cmovznzU64(&x128, x104, 0x0, x37);
3501 var x129: u64 = undefined;
3502 cmovznzU64(&x129, x104, 0x0, x38);
3503 var x130: u64 = undefined;
3504 cmovznzU64(&x130, x104, 0x0, x39);
3505 var x131: u64 = undefined;
3506 cmovznzU64(&x131, x104, 0x0, x40);
3507 var x132: u64 = undefined;
3508 var x133: u1 = undefined;
3509 addcarryxU64(&x132, &x133, 0x0, x98, x126);
3510 var x134: u64 = undefined;
3511 var x135: u1 = undefined;
3512 addcarryxU64(&x134, &x135, x133, x99, x127);
3513 var x136: u64 = undefined;
3514 var x137: u1 = undefined;
3515 addcarryxU64(&x136, &x137, x135, x100, x128);
3516 var x138: u64 = undefined;
3517 var x139: u1 = undefined;
3518 addcarryxU64(&x138, &x139, x137, x101, x129);
3519 var x140: u64 = undefined;
3520 var x141: u1 = undefined;
3521 addcarryxU64(&x140, &x141, x139, x102, x130);
3522 var x142: u64 = undefined;
3523 var x143: u1 = undefined;
3524 addcarryxU64(&x142, &x143, x141, x103, x131);
3525 var x144: u64 = undefined;
3526 var x145: u1 = undefined;
3527 subborrowxU64(&x144, &x145, 0x0, x132, 0xecec196accc52973);
3528 var x146: u64 = undefined;
3529 var x147: u1 = undefined;
3530 subborrowxU64(&x146, &x147, x145, x134, 0x581a0db248b0a77a);
3531 var x148: u64 = undefined;
3532 var x149: u1 = undefined;
3533 subborrowxU64(&x148, &x149, x147, x136, 0xc7634d81f4372ddf);
3534 var x150: u64 = undefined;
3535 var x151: u1 = undefined;
3536 subborrowxU64(&x150, &x151, x149, x138, 0xffffffffffffffff);
3537 var x152: u64 = undefined;
3538 var x153: u1 = undefined;
3539 subborrowxU64(&x152, &x153, x151, x140, 0xffffffffffffffff);
3540 var x154: u64 = undefined;
3541 var x155: u1 = undefined;
3542 subborrowxU64(&x154, &x155, x153, x142, 0xffffffffffffffff);
3543 var x156: u64 = undefined;
3544 var x157: u1 = undefined;
3545 subborrowxU64(&x156, &x157, x155, @as(u64, x143), 0x0);
3546 var x158: u64 = undefined;
3547 var x159: u1 = undefined;
3548 addcarryxU64(&x158, &x159, 0x0, x6, 0x1);
3549 const x160 = ((x112 >> 1) | ((x114 << 63) & 0xffffffffffffffff));
3550 const x161 = ((x114 >> 1) | ((x116 << 63) & 0xffffffffffffffff));
3551 const x162 = ((x116 >> 1) | ((x118 << 63) & 0xffffffffffffffff));
3552 const x163 = ((x118 >> 1) | ((x120 << 63) & 0xffffffffffffffff));
3553 const x164 = ((x120 >> 1) | ((x122 << 63) & 0xffffffffffffffff));
3554 const x165 = ((x122 >> 1) | ((x124 << 63) & 0xffffffffffffffff));
3555 const x166 = ((x124 & 0x8000000000000000) | (x124 >> 1));
3556 var x167: u64 = undefined;
3557 cmovznzU64(&x167, x66, x53, x41);
3558 var x168: u64 = undefined;
3559 cmovznzU64(&x168, x66, x55, x43);
3560 var x169: u64 = undefined;
3561 cmovznzU64(&x169, x66, x57, x45);
3562 var x170: u64 = undefined;
3563 cmovznzU64(&x170, x66, x59, x47);
3564 var x171: u64 = undefined;
3565 cmovznzU64(&x171, x66, x61, x49);
3566 var x172: u64 = undefined;
3567 cmovznzU64(&x172, x66, x63, x51);
3568 var x173: u64 = undefined;
3569 cmovznzU64(&x173, x157, x144, x132);
3570 var x174: u64 = undefined;
3571 cmovznzU64(&x174, x157, x146, x134);
3572 var x175: u64 = undefined;
3573 cmovznzU64(&x175, x157, x148, x136);
3574 var x176: u64 = undefined;
3575 cmovznzU64(&x176, x157, x150, x138);
3576 var x177: u64 = undefined;
3577 cmovznzU64(&x177, x157, x152, x140);
3578 var x178: u64 = undefined;
3579 cmovznzU64(&x178, x157, x154, x142);
3580 out1.* = x158;
3581 out2[0] = x7;
3582 out2[1] = x8;
3583 out2[2] = x9;
3584 out2[3] = x10;
3585 out2[4] = x11;
3586 out2[5] = x12;
3587 out2[6] = x13;
3588 out3[0] = x160;
3589 out3[1] = x161;
3590 out3[2] = x162;
3591 out3[3] = x163;
3592 out3[4] = x164;
3593 out3[5] = x165;
3594 out3[6] = x166;
3595 out4[0] = x167;
3596 out4[1] = x168;
3597 out4[2] = x169;
3598 out4[3] = x170;
3599 out4[4] = x171;
3600 out4[5] = x172;
3601 out5[0] = x173;
3602 out5[1] = x174;
3603 out5[2] = x175;
3604 out5[3] = x176;
3605 out5[4] = x177;
3606 out5[5] = x178;
3607}
3608
3609/// The function divstepPrecomp returns the precomputed value for Bernstein-Yang-inversion (in montgomery form).
3610///
3611/// Postconditions:
3612/// eval (from_montgomery out1) = ⌊(m - 1) / 2⌋^(if ⌊log2 m⌋ + 1 < 46 then ⌊(49 * (⌊log2 m⌋ + 1) + 80) / 17⌋ else ⌊(49 * (⌊log2 m⌋ + 1) + 57) / 17⌋)
3613/// 0 ≤ eval out1 < m
3614///
3615/// Output Bounds:
3616/// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
3617pub fn divstepPrecomp(out1: *[6]u64) void {
3618 @setRuntimeSafety(mode == .Debug);
3619
3620 out1[0] = 0x49589ae0e6045b6a;
3621 out1[1] = 0x3c9a5352870040ed;
3622 out1[2] = 0xdacb097e977dc242;
3623 out1[3] = 0xb5ab30a6d1ecbe36;
3624 out1[4] = 0x97d7a1081f959973;
3625 out1[5] = 0x2ba012f8d27192bc;
3626}