/src/botan/src/lib/math/mp/mp_comba.cpp

Line	Count	Source
1		/*
2		* Comba Multiplication and Squaring
3		*
4		* This file was automatically generated by ./src/scripts/dev_tools/gen_mp_comba.py on 2024-06-27
5		*
6		* Botan is released under the Simplified BSD License (see license.txt)
7		*/
8
9		#include <botan/internal/mp_core.h>
10
11		namespace Botan {
12
13		/*
14		* Comba 4x4 Squaring
15		*/
16	24.6M	void bigint_comba_sqr4(word z[8], const word x[4]) {
17	24.6M	word3<word> accum;
18
19	24.6M	accum.mul(x[0], x[0]);
20	24.6M	z[0] = accum.extract();
21	24.6M	accum.mul_x2(x[0], x[1]);
22	24.6M	z[1] = accum.extract();
23	24.6M	accum.mul_x2(x[0], x[2]);
24	24.6M	accum.mul(x[1], x[1]);
25	24.6M	z[2] = accum.extract();
26	24.6M	accum.mul_x2(x[0], x[3]);
27	24.6M	accum.mul_x2(x[1], x[2]);
28	24.6M	z[3] = accum.extract();
29	24.6M	accum.mul_x2(x[1], x[3]);
30	24.6M	accum.mul(x[2], x[2]);
31	24.6M	z[4] = accum.extract();
32	24.6M	accum.mul_x2(x[2], x[3]);
33	24.6M	z[5] = accum.extract();
34	24.6M	accum.mul(x[3], x[3]);
35	24.6M	z[6] = accum.extract();
36	24.6M	z[7] = accum.extract();
37	24.6M	}
38
39		/*
40		* Comba 4x4 Multiplication
41		*/
42	32.6M	void bigint_comba_mul4(word z[8], const word x[4], const word y[4]) {
43	32.6M	word3<word> accum;
44
45	32.6M	accum.mul(x[0], y[0]);
46	32.6M	z[0] = accum.extract();
47	32.6M	accum.mul(x[0], y[1]);
48	32.6M	accum.mul(x[1], y[0]);
49	32.6M	z[1] = accum.extract();
50	32.6M	accum.mul(x[0], y[2]);
51	32.6M	accum.mul(x[1], y[1]);
52	32.6M	accum.mul(x[2], y[0]);
53	32.6M	z[2] = accum.extract();
54	32.6M	accum.mul(x[0], y[3]);
55	32.6M	accum.mul(x[1], y[2]);
56	32.6M	accum.mul(x[2], y[1]);
57	32.6M	accum.mul(x[3], y[0]);
58	32.6M	z[3] = accum.extract();
59	32.6M	accum.mul(x[1], y[3]);
60	32.6M	accum.mul(x[2], y[2]);
61	32.6M	accum.mul(x[3], y[1]);
62	32.6M	z[4] = accum.extract();
63	32.6M	accum.mul(x[2], y[3]);
64	32.6M	accum.mul(x[3], y[2]);
65	32.6M	z[5] = accum.extract();
66	32.6M	accum.mul(x[3], y[3]);
67	32.6M	z[6] = accum.extract();
68	32.6M	z[7] = accum.extract();
69	32.6M	}
70
71		/*
72		* Comba 6x6 Squaring
73		*/
74	18.2M	void bigint_comba_sqr6(word z[12], const word x[6]) {
75	18.2M	word3<word> accum;
76
77	18.2M	accum.mul(x[0], x[0]);
78	18.2M	z[0] = accum.extract();
79	18.2M	accum.mul_x2(x[0], x[1]);
80	18.2M	z[1] = accum.extract();
81	18.2M	accum.mul_x2(x[0], x[2]);
82	18.2M	accum.mul(x[1], x[1]);
83	18.2M	z[2] = accum.extract();
84	18.2M	accum.mul_x2(x[0], x[3]);
85	18.2M	accum.mul_x2(x[1], x[2]);
86	18.2M	z[3] = accum.extract();
87	18.2M	accum.mul_x2(x[0], x[4]);
88	18.2M	accum.mul_x2(x[1], x[3]);
89	18.2M	accum.mul(x[2], x[2]);
90	18.2M	z[4] = accum.extract();
91	18.2M	accum.mul_x2(x[0], x[5]);
92	18.2M	accum.mul_x2(x[1], x[4]);
93	18.2M	accum.mul_x2(x[2], x[3]);
94	18.2M	z[5] = accum.extract();
95	18.2M	accum.mul_x2(x[1], x[5]);
96	18.2M	accum.mul_x2(x[2], x[4]);
97	18.2M	accum.mul(x[3], x[3]);
98	18.2M	z[6] = accum.extract();
99	18.2M	accum.mul_x2(x[2], x[5]);
100	18.2M	accum.mul_x2(x[3], x[4]);
101	18.2M	z[7] = accum.extract();
102	18.2M	accum.mul_x2(x[3], x[5]);
103	18.2M	accum.mul(x[4], x[4]);
104	18.2M	z[8] = accum.extract();
105	18.2M	accum.mul_x2(x[4], x[5]);
106	18.2M	z[9] = accum.extract();
107	18.2M	accum.mul(x[5], x[5]);
108	18.2M	z[10] = accum.extract();
109	18.2M	z[11] = accum.extract();
110	18.2M	}
111
112		/*
113		* Comba 6x6 Multiplication
114		*/
115	18.6M	void bigint_comba_mul6(word z[12], const word x[6], const word y[6]) {
116	18.6M	word3<word> accum;
117
118	18.6M	accum.mul(x[0], y[0]);
119	18.6M	z[0] = accum.extract();
120	18.6M	accum.mul(x[0], y[1]);
121	18.6M	accum.mul(x[1], y[0]);
122	18.6M	z[1] = accum.extract();
123	18.6M	accum.mul(x[0], y[2]);
124	18.6M	accum.mul(x[1], y[1]);
125	18.6M	accum.mul(x[2], y[0]);
126	18.6M	z[2] = accum.extract();
127	18.6M	accum.mul(x[0], y[3]);
128	18.6M	accum.mul(x[1], y[2]);
129	18.6M	accum.mul(x[2], y[1]);
130	18.6M	accum.mul(x[3], y[0]);
131	18.6M	z[3] = accum.extract();
132	18.6M	accum.mul(x[0], y[4]);
133	18.6M	accum.mul(x[1], y[3]);
134	18.6M	accum.mul(x[2], y[2]);
135	18.6M	accum.mul(x[3], y[1]);
136	18.6M	accum.mul(x[4], y[0]);
137	18.6M	z[4] = accum.extract();
138	18.6M	accum.mul(x[0], y[5]);
139	18.6M	accum.mul(x[1], y[4]);
140	18.6M	accum.mul(x[2], y[3]);
141	18.6M	accum.mul(x[3], y[2]);
142	18.6M	accum.mul(x[4], y[1]);
143	18.6M	accum.mul(x[5], y[0]);
144	18.6M	z[5] = accum.extract();
145	18.6M	accum.mul(x[1], y[5]);
146	18.6M	accum.mul(x[2], y[4]);
147	18.6M	accum.mul(x[3], y[3]);
148	18.6M	accum.mul(x[4], y[2]);
149	18.6M	accum.mul(x[5], y[1]);
150	18.6M	z[6] = accum.extract();
151	18.6M	accum.mul(x[2], y[5]);
152	18.6M	accum.mul(x[3], y[4]);
153	18.6M	accum.mul(x[4], y[3]);
154	18.6M	accum.mul(x[5], y[2]);
155	18.6M	z[7] = accum.extract();
156	18.6M	accum.mul(x[3], y[5]);
157	18.6M	accum.mul(x[4], y[4]);
158	18.6M	accum.mul(x[5], y[3]);
159	18.6M	z[8] = accum.extract();
160	18.6M	accum.mul(x[4], y[5]);
161	18.6M	accum.mul(x[5], y[4]);
162	18.6M	z[9] = accum.extract();
163	18.6M	accum.mul(x[5], y[5]);
164	18.6M	z[10] = accum.extract();
165	18.6M	z[11] = accum.extract();
166	18.6M	}
167
168		/*
169		* Comba 7x7 Squaring
170		*/
171	5.74M	void bigint_comba_sqr7(word z[14], const word x[7]) {
172	5.74M	word3<word> accum;
173
174	5.74M	accum.mul(x[0], x[0]);
175	5.74M	z[0] = accum.extract();
176	5.74M	accum.mul_x2(x[0], x[1]);
177	5.74M	z[1] = accum.extract();
178	5.74M	accum.mul_x2(x[0], x[2]);
179	5.74M	accum.mul(x[1], x[1]);
180	5.74M	z[2] = accum.extract();
181	5.74M	accum.mul_x2(x[0], x[3]);
182	5.74M	accum.mul_x2(x[1], x[2]);
183	5.74M	z[3] = accum.extract();
184	5.74M	accum.mul_x2(x[0], x[4]);
185	5.74M	accum.mul_x2(x[1], x[3]);
186	5.74M	accum.mul(x[2], x[2]);
187	5.74M	z[4] = accum.extract();
188	5.74M	accum.mul_x2(x[0], x[5]);
189	5.74M	accum.mul_x2(x[1], x[4]);
190	5.74M	accum.mul_x2(x[2], x[3]);
191	5.74M	z[5] = accum.extract();
192	5.74M	accum.mul_x2(x[0], x[6]);
193	5.74M	accum.mul_x2(x[1], x[5]);
194	5.74M	accum.mul_x2(x[2], x[4]);
195	5.74M	accum.mul(x[3], x[3]);
196	5.74M	z[6] = accum.extract();
197	5.74M	accum.mul_x2(x[1], x[6]);
198	5.74M	accum.mul_x2(x[2], x[5]);
199	5.74M	accum.mul_x2(x[3], x[4]);
200	5.74M	z[7] = accum.extract();
201	5.74M	accum.mul_x2(x[2], x[6]);
202	5.74M	accum.mul_x2(x[3], x[5]);
203	5.74M	accum.mul(x[4], x[4]);
204	5.74M	z[8] = accum.extract();
205	5.74M	accum.mul_x2(x[3], x[6]);
206	5.74M	accum.mul_x2(x[4], x[5]);
207	5.74M	z[9] = accum.extract();
208	5.74M	accum.mul_x2(x[4], x[6]);
209	5.74M	accum.mul(x[5], x[5]);
210	5.74M	z[10] = accum.extract();
211	5.74M	accum.mul_x2(x[5], x[6]);
212	5.74M	z[11] = accum.extract();
213	5.74M	accum.mul(x[6], x[6]);
214	5.74M	z[12] = accum.extract();
215	5.74M	z[13] = accum.extract();
216	5.74M	}
217
218		/*
219		* Comba 7x7 Multiplication
220		*/
221	8.48M	void bigint_comba_mul7(word z[14], const word x[7], const word y[7]) {
222	8.48M	word3<word> accum;
223
224	8.48M	accum.mul(x[0], y[0]);
225	8.48M	z[0] = accum.extract();
226	8.48M	accum.mul(x[0], y[1]);
227	8.48M	accum.mul(x[1], y[0]);
228	8.48M	z[1] = accum.extract();
229	8.48M	accum.mul(x[0], y[2]);
230	8.48M	accum.mul(x[1], y[1]);
231	8.48M	accum.mul(x[2], y[0]);
232	8.48M	z[2] = accum.extract();
233	8.48M	accum.mul(x[0], y[3]);
234	8.48M	accum.mul(x[1], y[2]);
235	8.48M	accum.mul(x[2], y[1]);
236	8.48M	accum.mul(x[3], y[0]);
237	8.48M	z[3] = accum.extract();
238	8.48M	accum.mul(x[0], y[4]);
239	8.48M	accum.mul(x[1], y[3]);
240	8.48M	accum.mul(x[2], y[2]);
241	8.48M	accum.mul(x[3], y[1]);
242	8.48M	accum.mul(x[4], y[0]);
243	8.48M	z[4] = accum.extract();
244	8.48M	accum.mul(x[0], y[5]);
245	8.48M	accum.mul(x[1], y[4]);
246	8.48M	accum.mul(x[2], y[3]);
247	8.48M	accum.mul(x[3], y[2]);
248	8.48M	accum.mul(x[4], y[1]);
249	8.48M	accum.mul(x[5], y[0]);
250	8.48M	z[5] = accum.extract();
251	8.48M	accum.mul(x[0], y[6]);
252	8.48M	accum.mul(x[1], y[5]);
253	8.48M	accum.mul(x[2], y[4]);
254	8.48M	accum.mul(x[3], y[3]);
255	8.48M	accum.mul(x[4], y[2]);
256	8.48M	accum.mul(x[5], y[1]);
257	8.48M	accum.mul(x[6], y[0]);
258	8.48M	z[6] = accum.extract();
259	8.48M	accum.mul(x[1], y[6]);
260	8.48M	accum.mul(x[2], y[5]);
261	8.48M	accum.mul(x[3], y[4]);
262	8.48M	accum.mul(x[4], y[3]);
263	8.48M	accum.mul(x[5], y[2]);
264	8.48M	accum.mul(x[6], y[1]);
265	8.48M	z[7] = accum.extract();
266	8.48M	accum.mul(x[2], y[6]);
267	8.48M	accum.mul(x[3], y[5]);
268	8.48M	accum.mul(x[4], y[4]);
269	8.48M	accum.mul(x[5], y[3]);
270	8.48M	accum.mul(x[6], y[2]);
271	8.48M	z[8] = accum.extract();
272	8.48M	accum.mul(x[3], y[6]);
273	8.48M	accum.mul(x[4], y[5]);
274	8.48M	accum.mul(x[5], y[4]);
275	8.48M	accum.mul(x[6], y[3]);
276	8.48M	z[9] = accum.extract();
277	8.48M	accum.mul(x[4], y[6]);
278	8.48M	accum.mul(x[5], y[5]);
279	8.48M	accum.mul(x[6], y[4]);
280	8.48M	z[10] = accum.extract();
281	8.48M	accum.mul(x[5], y[6]);
282	8.48M	accum.mul(x[6], y[5]);
283	8.48M	z[11] = accum.extract();
284	8.48M	accum.mul(x[6], y[6]);
285	8.48M	z[12] = accum.extract();
286	8.48M	z[13] = accum.extract();
287	8.48M	}
288
289		/*
290		* Comba 8x8 Squaring
291		*/
292	2.41M	void bigint_comba_sqr8(word z[16], const word x[8]) {
293	2.41M	word3<word> accum;
294
295	2.41M	accum.mul(x[0], x[0]);
296	2.41M	z[0] = accum.extract();
297	2.41M	accum.mul_x2(x[0], x[1]);
298	2.41M	z[1] = accum.extract();
299	2.41M	accum.mul_x2(x[0], x[2]);
300	2.41M	accum.mul(x[1], x[1]);
301	2.41M	z[2] = accum.extract();
302	2.41M	accum.mul_x2(x[0], x[3]);
303	2.41M	accum.mul_x2(x[1], x[2]);
304	2.41M	z[3] = accum.extract();
305	2.41M	accum.mul_x2(x[0], x[4]);
306	2.41M	accum.mul_x2(x[1], x[3]);
307	2.41M	accum.mul(x[2], x[2]);
308	2.41M	z[4] = accum.extract();
309	2.41M	accum.mul_x2(x[0], x[5]);
310	2.41M	accum.mul_x2(x[1], x[4]);
311	2.41M	accum.mul_x2(x[2], x[3]);
312	2.41M	z[5] = accum.extract();
313	2.41M	accum.mul_x2(x[0], x[6]);
314	2.41M	accum.mul_x2(x[1], x[5]);
315	2.41M	accum.mul_x2(x[2], x[4]);
316	2.41M	accum.mul(x[3], x[3]);
317	2.41M	z[6] = accum.extract();
318	2.41M	accum.mul_x2(x[0], x[7]);
319	2.41M	accum.mul_x2(x[1], x[6]);
320	2.41M	accum.mul_x2(x[2], x[5]);
321	2.41M	accum.mul_x2(x[3], x[4]);
322	2.41M	z[7] = accum.extract();
323	2.41M	accum.mul_x2(x[1], x[7]);
324	2.41M	accum.mul_x2(x[2], x[6]);
325	2.41M	accum.mul_x2(x[3], x[5]);
326	2.41M	accum.mul(x[4], x[4]);
327	2.41M	z[8] = accum.extract();
328	2.41M	accum.mul_x2(x[2], x[7]);
329	2.41M	accum.mul_x2(x[3], x[6]);
330	2.41M	accum.mul_x2(x[4], x[5]);
331	2.41M	z[9] = accum.extract();
332	2.41M	accum.mul_x2(x[3], x[7]);
333	2.41M	accum.mul_x2(x[4], x[6]);
334	2.41M	accum.mul(x[5], x[5]);
335	2.41M	z[10] = accum.extract();
336	2.41M	accum.mul_x2(x[4], x[7]);
337	2.41M	accum.mul_x2(x[5], x[6]);
338	2.41M	z[11] = accum.extract();
339	2.41M	accum.mul_x2(x[5], x[7]);
340	2.41M	accum.mul(x[6], x[6]);
341	2.41M	z[12] = accum.extract();
342	2.41M	accum.mul_x2(x[6], x[7]);
343	2.41M	z[13] = accum.extract();
344	2.41M	accum.mul(x[7], x[7]);
345	2.41M	z[14] = accum.extract();
346	2.41M	z[15] = accum.extract();
347	2.41M	}
348
349		/*
350		* Comba 8x8 Multiplication
351		*/
352	3.09M	void bigint_comba_mul8(word z[16], const word x[8], const word y[8]) {
353	3.09M	word3<word> accum;
354
355	3.09M	accum.mul(x[0], y[0]);
356	3.09M	z[0] = accum.extract();
357	3.09M	accum.mul(x[0], y[1]);
358	3.09M	accum.mul(x[1], y[0]);
359	3.09M	z[1] = accum.extract();
360	3.09M	accum.mul(x[0], y[2]);
361	3.09M	accum.mul(x[1], y[1]);
362	3.09M	accum.mul(x[2], y[0]);
363	3.09M	z[2] = accum.extract();
364	3.09M	accum.mul(x[0], y[3]);
365	3.09M	accum.mul(x[1], y[2]);
366	3.09M	accum.mul(x[2], y[1]);
367	3.09M	accum.mul(x[3], y[0]);
368	3.09M	z[3] = accum.extract();
369	3.09M	accum.mul(x[0], y[4]);
370	3.09M	accum.mul(x[1], y[3]);
371	3.09M	accum.mul(x[2], y[2]);
372	3.09M	accum.mul(x[3], y[1]);
373	3.09M	accum.mul(x[4], y[0]);
374	3.09M	z[4] = accum.extract();
375	3.09M	accum.mul(x[0], y[5]);
376	3.09M	accum.mul(x[1], y[4]);
377	3.09M	accum.mul(x[2], y[3]);
378	3.09M	accum.mul(x[3], y[2]);
379	3.09M	accum.mul(x[4], y[1]);
380	3.09M	accum.mul(x[5], y[0]);
381	3.09M	z[5] = accum.extract();
382	3.09M	accum.mul(x[0], y[6]);
383	3.09M	accum.mul(x[1], y[5]);
384	3.09M	accum.mul(x[2], y[4]);
385	3.09M	accum.mul(x[3], y[3]);
386	3.09M	accum.mul(x[4], y[2]);
387	3.09M	accum.mul(x[5], y[1]);
388	3.09M	accum.mul(x[6], y[0]);
389	3.09M	z[6] = accum.extract();
390	3.09M	accum.mul(x[0], y[7]);
391	3.09M	accum.mul(x[1], y[6]);
392	3.09M	accum.mul(x[2], y[5]);
393	3.09M	accum.mul(x[3], y[4]);
394	3.09M	accum.mul(x[4], y[3]);
395	3.09M	accum.mul(x[5], y[2]);
396	3.09M	accum.mul(x[6], y[1]);
397	3.09M	accum.mul(x[7], y[0]);
398	3.09M	z[7] = accum.extract();
399	3.09M	accum.mul(x[1], y[7]);
400	3.09M	accum.mul(x[2], y[6]);
401	3.09M	accum.mul(x[3], y[5]);
402	3.09M	accum.mul(x[4], y[4]);
403	3.09M	accum.mul(x[5], y[3]);
404	3.09M	accum.mul(x[6], y[2]);
405	3.09M	accum.mul(x[7], y[1]);
406	3.09M	z[8] = accum.extract();
407	3.09M	accum.mul(x[2], y[7]);
408	3.09M	accum.mul(x[3], y[6]);
409	3.09M	accum.mul(x[4], y[5]);
410	3.09M	accum.mul(x[5], y[4]);
411	3.09M	accum.mul(x[6], y[3]);
412	3.09M	accum.mul(x[7], y[2]);
413	3.09M	z[9] = accum.extract();
414	3.09M	accum.mul(x[3], y[7]);
415	3.09M	accum.mul(x[4], y[6]);
416	3.09M	accum.mul(x[5], y[5]);
417	3.09M	accum.mul(x[6], y[4]);
418	3.09M	accum.mul(x[7], y[3]);
419	3.09M	z[10] = accum.extract();
420	3.09M	accum.mul(x[4], y[7]);
421	3.09M	accum.mul(x[5], y[6]);
422	3.09M	accum.mul(x[6], y[5]);
423	3.09M	accum.mul(x[7], y[4]);
424	3.09M	z[11] = accum.extract();
425	3.09M	accum.mul(x[5], y[7]);
426	3.09M	accum.mul(x[6], y[6]);
427	3.09M	accum.mul(x[7], y[5]);
428	3.09M	z[12] = accum.extract();
429	3.09M	accum.mul(x[6], y[7]);
430	3.09M	accum.mul(x[7], y[6]);
431	3.09M	z[13] = accum.extract();
432	3.09M	accum.mul(x[7], y[7]);
433	3.09M	z[14] = accum.extract();
434	3.09M	z[15] = accum.extract();
435	3.09M	}
436
437		/*
438		* Comba 9x9 Squaring
439		*/
440	23.5M	void bigint_comba_sqr9(word z[18], const word x[9]) {
441	23.5M	word3<word> accum;
442
443	23.5M	accum.mul(x[0], x[0]);
444	23.5M	z[0] = accum.extract();
445	23.5M	accum.mul_x2(x[0], x[1]);
446	23.5M	z[1] = accum.extract();
447	23.5M	accum.mul_x2(x[0], x[2]);
448	23.5M	accum.mul(x[1], x[1]);
449	23.5M	z[2] = accum.extract();
450	23.5M	accum.mul_x2(x[0], x[3]);
451	23.5M	accum.mul_x2(x[1], x[2]);
452	23.5M	z[3] = accum.extract();
453	23.5M	accum.mul_x2(x[0], x[4]);
454	23.5M	accum.mul_x2(x[1], x[3]);
455	23.5M	accum.mul(x[2], x[2]);
456	23.5M	z[4] = accum.extract();
457	23.5M	accum.mul_x2(x[0], x[5]);
458	23.5M	accum.mul_x2(x[1], x[4]);
459	23.5M	accum.mul_x2(x[2], x[3]);
460	23.5M	z[5] = accum.extract();
461	23.5M	accum.mul_x2(x[0], x[6]);
462	23.5M	accum.mul_x2(x[1], x[5]);
463	23.5M	accum.mul_x2(x[2], x[4]);
464	23.5M	accum.mul(x[3], x[3]);
465	23.5M	z[6] = accum.extract();
466	23.5M	accum.mul_x2(x[0], x[7]);
467	23.5M	accum.mul_x2(x[1], x[6]);
468	23.5M	accum.mul_x2(x[2], x[5]);
469	23.5M	accum.mul_x2(x[3], x[4]);
470	23.5M	z[7] = accum.extract();
471	23.5M	accum.mul_x2(x[0], x[8]);
472	23.5M	accum.mul_x2(x[1], x[7]);
473	23.5M	accum.mul_x2(x[2], x[6]);
474	23.5M	accum.mul_x2(x[3], x[5]);
475	23.5M	accum.mul(x[4], x[4]);
476	23.5M	z[8] = accum.extract();
477	23.5M	accum.mul_x2(x[1], x[8]);
478	23.5M	accum.mul_x2(x[2], x[7]);
479	23.5M	accum.mul_x2(x[3], x[6]);
480	23.5M	accum.mul_x2(x[4], x[5]);
481	23.5M	z[9] = accum.extract();
482	23.5M	accum.mul_x2(x[2], x[8]);
483	23.5M	accum.mul_x2(x[3], x[7]);
484	23.5M	accum.mul_x2(x[4], x[6]);
485	23.5M	accum.mul(x[5], x[5]);
486	23.5M	z[10] = accum.extract();
487	23.5M	accum.mul_x2(x[3], x[8]);
488	23.5M	accum.mul_x2(x[4], x[7]);
489	23.5M	accum.mul_x2(x[5], x[6]);
490	23.5M	z[11] = accum.extract();
491	23.5M	accum.mul_x2(x[4], x[8]);
492	23.5M	accum.mul_x2(x[5], x[7]);
493	23.5M	accum.mul(x[6], x[6]);
494	23.5M	z[12] = accum.extract();
495	23.5M	accum.mul_x2(x[5], x[8]);
496	23.5M	accum.mul_x2(x[6], x[7]);
497	23.5M	z[13] = accum.extract();
498	23.5M	accum.mul_x2(x[6], x[8]);
499	23.5M	accum.mul(x[7], x[7]);
500	23.5M	z[14] = accum.extract();
501	23.5M	accum.mul_x2(x[7], x[8]);
502	23.5M	z[15] = accum.extract();
503	23.5M	accum.mul(x[8], x[8]);
504	23.5M	z[16] = accum.extract();
505	23.5M	z[17] = accum.extract();
506	23.5M	}
507
508		/*
509		* Comba 9x9 Multiplication
510		*/
511	23.8M	void bigint_comba_mul9(word z[18], const word x[9], const word y[9]) {
512	23.8M	word3<word> accum;
513
514	23.8M	accum.mul(x[0], y[0]);
515	23.8M	z[0] = accum.extract();
516	23.8M	accum.mul(x[0], y[1]);
517	23.8M	accum.mul(x[1], y[0]);
518	23.8M	z[1] = accum.extract();
519	23.8M	accum.mul(x[0], y[2]);
520	23.8M	accum.mul(x[1], y[1]);
521	23.8M	accum.mul(x[2], y[0]);
522	23.8M	z[2] = accum.extract();
523	23.8M	accum.mul(x[0], y[3]);
524	23.8M	accum.mul(x[1], y[2]);
525	23.8M	accum.mul(x[2], y[1]);
526	23.8M	accum.mul(x[3], y[0]);
527	23.8M	z[3] = accum.extract();
528	23.8M	accum.mul(x[0], y[4]);
529	23.8M	accum.mul(x[1], y[3]);
530	23.8M	accum.mul(x[2], y[2]);
531	23.8M	accum.mul(x[3], y[1]);
532	23.8M	accum.mul(x[4], y[0]);
533	23.8M	z[4] = accum.extract();
534	23.8M	accum.mul(x[0], y[5]);
535	23.8M	accum.mul(x[1], y[4]);
536	23.8M	accum.mul(x[2], y[3]);
537	23.8M	accum.mul(x[3], y[2]);
538	23.8M	accum.mul(x[4], y[1]);
539	23.8M	accum.mul(x[5], y[0]);
540	23.8M	z[5] = accum.extract();
541	23.8M	accum.mul(x[0], y[6]);
542	23.8M	accum.mul(x[1], y[5]);
543	23.8M	accum.mul(x[2], y[4]);
544	23.8M	accum.mul(x[3], y[3]);
545	23.8M	accum.mul(x[4], y[2]);
546	23.8M	accum.mul(x[5], y[1]);
547	23.8M	accum.mul(x[6], y[0]);
548	23.8M	z[6] = accum.extract();
549	23.8M	accum.mul(x[0], y[7]);
550	23.8M	accum.mul(x[1], y[6]);
551	23.8M	accum.mul(x[2], y[5]);
552	23.8M	accum.mul(x[3], y[4]);
553	23.8M	accum.mul(x[4], y[3]);
554	23.8M	accum.mul(x[5], y[2]);
555	23.8M	accum.mul(x[6], y[1]);
556	23.8M	accum.mul(x[7], y[0]);
557	23.8M	z[7] = accum.extract();
558	23.8M	accum.mul(x[0], y[8]);
559	23.8M	accum.mul(x[1], y[7]);
560	23.8M	accum.mul(x[2], y[6]);
561	23.8M	accum.mul(x[3], y[5]);
562	23.8M	accum.mul(x[4], y[4]);
563	23.8M	accum.mul(x[5], y[3]);
564	23.8M	accum.mul(x[6], y[2]);
565	23.8M	accum.mul(x[7], y[1]);
566	23.8M	accum.mul(x[8], y[0]);
567	23.8M	z[8] = accum.extract();
568	23.8M	accum.mul(x[1], y[8]);
569	23.8M	accum.mul(x[2], y[7]);
570	23.8M	accum.mul(x[3], y[6]);
571	23.8M	accum.mul(x[4], y[5]);
572	23.8M	accum.mul(x[5], y[4]);
573	23.8M	accum.mul(x[6], y[3]);
574	23.8M	accum.mul(x[7], y[2]);
575	23.8M	accum.mul(x[8], y[1]);
576	23.8M	z[9] = accum.extract();
577	23.8M	accum.mul(x[2], y[8]);
578	23.8M	accum.mul(x[3], y[7]);
579	23.8M	accum.mul(x[4], y[6]);
580	23.8M	accum.mul(x[5], y[5]);
581	23.8M	accum.mul(x[6], y[4]);
582	23.8M	accum.mul(x[7], y[3]);
583	23.8M	accum.mul(x[8], y[2]);
584	23.8M	z[10] = accum.extract();
585	23.8M	accum.mul(x[3], y[8]);
586	23.8M	accum.mul(x[4], y[7]);
587	23.8M	accum.mul(x[5], y[6]);
588	23.8M	accum.mul(x[6], y[5]);
589	23.8M	accum.mul(x[7], y[4]);
590	23.8M	accum.mul(x[8], y[3]);
591	23.8M	z[11] = accum.extract();
592	23.8M	accum.mul(x[4], y[8]);
593	23.8M	accum.mul(x[5], y[7]);
594	23.8M	accum.mul(x[6], y[6]);
595	23.8M	accum.mul(x[7], y[5]);
596	23.8M	accum.mul(x[8], y[4]);
597	23.8M	z[12] = accum.extract();
598	23.8M	accum.mul(x[5], y[8]);
599	23.8M	accum.mul(x[6], y[7]);
600	23.8M	accum.mul(x[7], y[6]);
601	23.8M	accum.mul(x[8], y[5]);
602	23.8M	z[13] = accum.extract();
603	23.8M	accum.mul(x[6], y[8]);
604	23.8M	accum.mul(x[7], y[7]);
605	23.8M	accum.mul(x[8], y[6]);
606	23.8M	z[14] = accum.extract();
607	23.8M	accum.mul(x[7], y[8]);
608	23.8M	accum.mul(x[8], y[7]);
609	23.8M	z[15] = accum.extract();
610	23.8M	accum.mul(x[8], y[8]);
611	23.8M	z[16] = accum.extract();
612	23.8M	z[17] = accum.extract();
613	23.8M	}
614
615		/*
616		* Comba 16x16 Squaring
617		*/
618	829k	void bigint_comba_sqr16(word z[32], const word x[16]) {
619	829k	word3<word> accum;
620
621	829k	accum.mul(x[0], x[0]);
622	829k	z[0] = accum.extract();
623	829k	accum.mul_x2(x[0], x[1]);
624	829k	z[1] = accum.extract();
625	829k	accum.mul_x2(x[0], x[2]);
626	829k	accum.mul(x[1], x[1]);
627	829k	z[2] = accum.extract();
628	829k	accum.mul_x2(x[0], x[3]);
629	829k	accum.mul_x2(x[1], x[2]);
630	829k	z[3] = accum.extract();
631	829k	accum.mul_x2(x[0], x[4]);
632	829k	accum.mul_x2(x[1], x[3]);
633	829k	accum.mul(x[2], x[2]);
634	829k	z[4] = accum.extract();
635	829k	accum.mul_x2(x[0], x[5]);
636	829k	accum.mul_x2(x[1], x[4]);
637	829k	accum.mul_x2(x[2], x[3]);
638	829k	z[5] = accum.extract();
639	829k	accum.mul_x2(x[0], x[6]);
640	829k	accum.mul_x2(x[1], x[5]);
641	829k	accum.mul_x2(x[2], x[4]);
642	829k	accum.mul(x[3], x[3]);
643	829k	z[6] = accum.extract();
644	829k	accum.mul_x2(x[0], x[7]);
645	829k	accum.mul_x2(x[1], x[6]);
646	829k	accum.mul_x2(x[2], x[5]);
647	829k	accum.mul_x2(x[3], x[4]);
648	829k	z[7] = accum.extract();
649	829k	accum.mul_x2(x[0], x[8]);
650	829k	accum.mul_x2(x[1], x[7]);
651	829k	accum.mul_x2(x[2], x[6]);
652	829k	accum.mul_x2(x[3], x[5]);
653	829k	accum.mul(x[4], x[4]);
654	829k	z[8] = accum.extract();
655	829k	accum.mul_x2(x[0], x[9]);
656	829k	accum.mul_x2(x[1], x[8]);
657	829k	accum.mul_x2(x[2], x[7]);
658	829k	accum.mul_x2(x[3], x[6]);
659	829k	accum.mul_x2(x[4], x[5]);
660	829k	z[9] = accum.extract();
661	829k	accum.mul_x2(x[0], x[10]);
662	829k	accum.mul_x2(x[1], x[9]);
663	829k	accum.mul_x2(x[2], x[8]);
664	829k	accum.mul_x2(x[3], x[7]);
665	829k	accum.mul_x2(x[4], x[6]);
666	829k	accum.mul(x[5], x[5]);
667	829k	z[10] = accum.extract();
668	829k	accum.mul_x2(x[0], x[11]);
669	829k	accum.mul_x2(x[1], x[10]);
670	829k	accum.mul_x2(x[2], x[9]);
671	829k	accum.mul_x2(x[3], x[8]);
672	829k	accum.mul_x2(x[4], x[7]);
673	829k	accum.mul_x2(x[5], x[6]);
674	829k	z[11] = accum.extract();
675	829k	accum.mul_x2(x[0], x[12]);
676	829k	accum.mul_x2(x[1], x[11]);
677	829k	accum.mul_x2(x[2], x[10]);
678	829k	accum.mul_x2(x[3], x[9]);
679	829k	accum.mul_x2(x[4], x[8]);
680	829k	accum.mul_x2(x[5], x[7]);
681	829k	accum.mul(x[6], x[6]);
682	829k	z[12] = accum.extract();
683	829k	accum.mul_x2(x[0], x[13]);
684	829k	accum.mul_x2(x[1], x[12]);
685	829k	accum.mul_x2(x[2], x[11]);
686	829k	accum.mul_x2(x[3], x[10]);
687	829k	accum.mul_x2(x[4], x[9]);
688	829k	accum.mul_x2(x[5], x[8]);
689	829k	accum.mul_x2(x[6], x[7]);
690	829k	z[13] = accum.extract();
691	829k	accum.mul_x2(x[0], x[14]);
692	829k	accum.mul_x2(x[1], x[13]);
693	829k	accum.mul_x2(x[2], x[12]);
694	829k	accum.mul_x2(x[3], x[11]);
695	829k	accum.mul_x2(x[4], x[10]);
696	829k	accum.mul_x2(x[5], x[9]);
697	829k	accum.mul_x2(x[6], x[8]);
698	829k	accum.mul(x[7], x[7]);
699	829k	z[14] = accum.extract();
700	829k	accum.mul_x2(x[0], x[15]);
701	829k	accum.mul_x2(x[1], x[14]);
702	829k	accum.mul_x2(x[2], x[13]);
703	829k	accum.mul_x2(x[3], x[12]);
704	829k	accum.mul_x2(x[4], x[11]);
705	829k	accum.mul_x2(x[5], x[10]);
706	829k	accum.mul_x2(x[6], x[9]);
707	829k	accum.mul_x2(x[7], x[8]);
708	829k	z[15] = accum.extract();
709	829k	accum.mul_x2(x[1], x[15]);
710	829k	accum.mul_x2(x[2], x[14]);
711	829k	accum.mul_x2(x[3], x[13]);
712	829k	accum.mul_x2(x[4], x[12]);
713	829k	accum.mul_x2(x[5], x[11]);
714	829k	accum.mul_x2(x[6], x[10]);
715	829k	accum.mul_x2(x[7], x[9]);
716	829k	accum.mul(x[8], x[8]);
717	829k	z[16] = accum.extract();
718	829k	accum.mul_x2(x[2], x[15]);
719	829k	accum.mul_x2(x[3], x[14]);
720	829k	accum.mul_x2(x[4], x[13]);
721	829k	accum.mul_x2(x[5], x[12]);
722	829k	accum.mul_x2(x[6], x[11]);
723	829k	accum.mul_x2(x[7], x[10]);
724	829k	accum.mul_x2(x[8], x[9]);
725	829k	z[17] = accum.extract();
726	829k	accum.mul_x2(x[3], x[15]);
727	829k	accum.mul_x2(x[4], x[14]);
728	829k	accum.mul_x2(x[5], x[13]);
729	829k	accum.mul_x2(x[6], x[12]);
730	829k	accum.mul_x2(x[7], x[11]);
731	829k	accum.mul_x2(x[8], x[10]);
732	829k	accum.mul(x[9], x[9]);
733	829k	z[18] = accum.extract();
734	829k	accum.mul_x2(x[4], x[15]);
735	829k	accum.mul_x2(x[5], x[14]);
736	829k	accum.mul_x2(x[6], x[13]);
737	829k	accum.mul_x2(x[7], x[12]);
738	829k	accum.mul_x2(x[8], x[11]);
739	829k	accum.mul_x2(x[9], x[10]);
740	829k	z[19] = accum.extract();
741	829k	accum.mul_x2(x[5], x[15]);
742	829k	accum.mul_x2(x[6], x[14]);
743	829k	accum.mul_x2(x[7], x[13]);
744	829k	accum.mul_x2(x[8], x[12]);
745	829k	accum.mul_x2(x[9], x[11]);
746	829k	accum.mul(x[10], x[10]);
747	829k	z[20] = accum.extract();
748	829k	accum.mul_x2(x[6], x[15]);
749	829k	accum.mul_x2(x[7], x[14]);
750	829k	accum.mul_x2(x[8], x[13]);
751	829k	accum.mul_x2(x[9], x[12]);
752	829k	accum.mul_x2(x[10], x[11]);
753	829k	z[21] = accum.extract();
754	829k	accum.mul_x2(x[7], x[15]);
755	829k	accum.mul_x2(x[8], x[14]);
756	829k	accum.mul_x2(x[9], x[13]);
757	829k	accum.mul_x2(x[10], x[12]);
758	829k	accum.mul(x[11], x[11]);
759	829k	z[22] = accum.extract();
760	829k	accum.mul_x2(x[8], x[15]);
761	829k	accum.mul_x2(x[9], x[14]);
762	829k	accum.mul_x2(x[10], x[13]);
763	829k	accum.mul_x2(x[11], x[12]);
764	829k	z[23] = accum.extract();
765	829k	accum.mul_x2(x[9], x[15]);
766	829k	accum.mul_x2(x[10], x[14]);
767	829k	accum.mul_x2(x[11], x[13]);
768	829k	accum.mul(x[12], x[12]);
769	829k	z[24] = accum.extract();
770	829k	accum.mul_x2(x[10], x[15]);
771	829k	accum.mul_x2(x[11], x[14]);
772	829k	accum.mul_x2(x[12], x[13]);
773	829k	z[25] = accum.extract();
774	829k	accum.mul_x2(x[11], x[15]);
775	829k	accum.mul_x2(x[12], x[14]);
776	829k	accum.mul(x[13], x[13]);
777	829k	z[26] = accum.extract();
778	829k	accum.mul_x2(x[12], x[15]);
779	829k	accum.mul_x2(x[13], x[14]);
780	829k	z[27] = accum.extract();
781	829k	accum.mul_x2(x[13], x[15]);
782	829k	accum.mul(x[14], x[14]);
783	829k	z[28] = accum.extract();
784	829k	accum.mul_x2(x[14], x[15]);
785	829k	z[29] = accum.extract();
786	829k	accum.mul(x[15], x[15]);
787	829k	z[30] = accum.extract();
788	829k	z[31] = accum.extract();
789	829k	}
790
791		/*
792		* Comba 16x16 Multiplication
793		*/
794	1.13M	void bigint_comba_mul16(word z[32], const word x[16], const word y[16]) {
795	1.13M	word3<word> accum;
796
797	1.13M	accum.mul(x[0], y[0]);
798	1.13M	z[0] = accum.extract();
799	1.13M	accum.mul(x[0], y[1]);
800	1.13M	accum.mul(x[1], y[0]);
801	1.13M	z[1] = accum.extract();
802	1.13M	accum.mul(x[0], y[2]);
803	1.13M	accum.mul(x[1], y[1]);
804	1.13M	accum.mul(x[2], y[0]);
805	1.13M	z[2] = accum.extract();
806	1.13M	accum.mul(x[0], y[3]);
807	1.13M	accum.mul(x[1], y[2]);
808	1.13M	accum.mul(x[2], y[1]);
809	1.13M	accum.mul(x[3], y[0]);
810	1.13M	z[3] = accum.extract();
811	1.13M	accum.mul(x[0], y[4]);
812	1.13M	accum.mul(x[1], y[3]);
813	1.13M	accum.mul(x[2], y[2]);
814	1.13M	accum.mul(x[3], y[1]);
815	1.13M	accum.mul(x[4], y[0]);
816	1.13M	z[4] = accum.extract();
817	1.13M	accum.mul(x[0], y[5]);
818	1.13M	accum.mul(x[1], y[4]);
819	1.13M	accum.mul(x[2], y[3]);
820	1.13M	accum.mul(x[3], y[2]);
821	1.13M	accum.mul(x[4], y[1]);
822	1.13M	accum.mul(x[5], y[0]);
823	1.13M	z[5] = accum.extract();
824	1.13M	accum.mul(x[0], y[6]);
825	1.13M	accum.mul(x[1], y[5]);
826	1.13M	accum.mul(x[2], y[4]);
827	1.13M	accum.mul(x[3], y[3]);
828	1.13M	accum.mul(x[4], y[2]);
829	1.13M	accum.mul(x[5], y[1]);
830	1.13M	accum.mul(x[6], y[0]);
831	1.13M	z[6] = accum.extract();
832	1.13M	accum.mul(x[0], y[7]);
833	1.13M	accum.mul(x[1], y[6]);
834	1.13M	accum.mul(x[2], y[5]);
835	1.13M	accum.mul(x[3], y[4]);
836	1.13M	accum.mul(x[4], y[3]);
837	1.13M	accum.mul(x[5], y[2]);
838	1.13M	accum.mul(x[6], y[1]);
839	1.13M	accum.mul(x[7], y[0]);
840	1.13M	z[7] = accum.extract();
841	1.13M	accum.mul(x[0], y[8]);
842	1.13M	accum.mul(x[1], y[7]);
843	1.13M	accum.mul(x[2], y[6]);
844	1.13M	accum.mul(x[3], y[5]);
845	1.13M	accum.mul(x[4], y[4]);
846	1.13M	accum.mul(x[5], y[3]);
847	1.13M	accum.mul(x[6], y[2]);
848	1.13M	accum.mul(x[7], y[1]);
849	1.13M	accum.mul(x[8], y[0]);
850	1.13M	z[8] = accum.extract();
851	1.13M	accum.mul(x[0], y[9]);
852	1.13M	accum.mul(x[1], y[8]);
853	1.13M	accum.mul(x[2], y[7]);
854	1.13M	accum.mul(x[3], y[6]);
855	1.13M	accum.mul(x[4], y[5]);
856	1.13M	accum.mul(x[5], y[4]);
857	1.13M	accum.mul(x[6], y[3]);
858	1.13M	accum.mul(x[7], y[2]);
859	1.13M	accum.mul(x[8], y[1]);
860	1.13M	accum.mul(x[9], y[0]);
861	1.13M	z[9] = accum.extract();
862	1.13M	accum.mul(x[0], y[10]);
863	1.13M	accum.mul(x[1], y[9]);
864	1.13M	accum.mul(x[2], y[8]);
865	1.13M	accum.mul(x[3], y[7]);
866	1.13M	accum.mul(x[4], y[6]);
867	1.13M	accum.mul(x[5], y[5]);
868	1.13M	accum.mul(x[6], y[4]);
869	1.13M	accum.mul(x[7], y[3]);
870	1.13M	accum.mul(x[8], y[2]);
871	1.13M	accum.mul(x[9], y[1]);
872	1.13M	accum.mul(x[10], y[0]);
873	1.13M	z[10] = accum.extract();
874	1.13M	accum.mul(x[0], y[11]);
875	1.13M	accum.mul(x[1], y[10]);
876	1.13M	accum.mul(x[2], y[9]);
877	1.13M	accum.mul(x[3], y[8]);
878	1.13M	accum.mul(x[4], y[7]);
879	1.13M	accum.mul(x[5], y[6]);
880	1.13M	accum.mul(x[6], y[5]);
881	1.13M	accum.mul(x[7], y[4]);
882	1.13M	accum.mul(x[8], y[3]);
883	1.13M	accum.mul(x[9], y[2]);
884	1.13M	accum.mul(x[10], y[1]);
885	1.13M	accum.mul(x[11], y[0]);
886	1.13M	z[11] = accum.extract();
887	1.13M	accum.mul(x[0], y[12]);
888	1.13M	accum.mul(x[1], y[11]);
889	1.13M	accum.mul(x[2], y[10]);
890	1.13M	accum.mul(x[3], y[9]);
891	1.13M	accum.mul(x[4], y[8]);
892	1.13M	accum.mul(x[5], y[7]);
893	1.13M	accum.mul(x[6], y[6]);
894	1.13M	accum.mul(x[7], y[5]);
895	1.13M	accum.mul(x[8], y[4]);
896	1.13M	accum.mul(x[9], y[3]);
897	1.13M	accum.mul(x[10], y[2]);
898	1.13M	accum.mul(x[11], y[1]);
899	1.13M	accum.mul(x[12], y[0]);
900	1.13M	z[12] = accum.extract();
901	1.13M	accum.mul(x[0], y[13]);
902	1.13M	accum.mul(x[1], y[12]);
903	1.13M	accum.mul(x[2], y[11]);
904	1.13M	accum.mul(x[3], y[10]);
905	1.13M	accum.mul(x[4], y[9]);
906	1.13M	accum.mul(x[5], y[8]);
907	1.13M	accum.mul(x[6], y[7]);
908	1.13M	accum.mul(x[7], y[6]);
909	1.13M	accum.mul(x[8], y[5]);
910	1.13M	accum.mul(x[9], y[4]);
911	1.13M	accum.mul(x[10], y[3]);
912	1.13M	accum.mul(x[11], y[2]);
913	1.13M	accum.mul(x[12], y[1]);
914	1.13M	accum.mul(x[13], y[0]);
915	1.13M	z[13] = accum.extract();
916	1.13M	accum.mul(x[0], y[14]);
917	1.13M	accum.mul(x[1], y[13]);
918	1.13M	accum.mul(x[2], y[12]);
919	1.13M	accum.mul(x[3], y[11]);
920	1.13M	accum.mul(x[4], y[10]);
921	1.13M	accum.mul(x[5], y[9]);
922	1.13M	accum.mul(x[6], y[8]);
923	1.13M	accum.mul(x[7], y[7]);
924	1.13M	accum.mul(x[8], y[6]);
925	1.13M	accum.mul(x[9], y[5]);
926	1.13M	accum.mul(x[10], y[4]);
927	1.13M	accum.mul(x[11], y[3]);
928	1.13M	accum.mul(x[12], y[2]);
929	1.13M	accum.mul(x[13], y[1]);
930	1.13M	accum.mul(x[14], y[0]);
931	1.13M	z[14] = accum.extract();
932	1.13M	accum.mul(x[0], y[15]);
933	1.13M	accum.mul(x[1], y[14]);
934	1.13M	accum.mul(x[2], y[13]);
935	1.13M	accum.mul(x[3], y[12]);
936	1.13M	accum.mul(x[4], y[11]);
937	1.13M	accum.mul(x[5], y[10]);
938	1.13M	accum.mul(x[6], y[9]);
939	1.13M	accum.mul(x[7], y[8]);
940	1.13M	accum.mul(x[8], y[7]);
941	1.13M	accum.mul(x[9], y[6]);
942	1.13M	accum.mul(x[10], y[5]);
943	1.13M	accum.mul(x[11], y[4]);
944	1.13M	accum.mul(x[12], y[3]);
945	1.13M	accum.mul(x[13], y[2]);
946	1.13M	accum.mul(x[14], y[1]);
947	1.13M	accum.mul(x[15], y[0]);
948	1.13M	z[15] = accum.extract();
949	1.13M	accum.mul(x[1], y[15]);
950	1.13M	accum.mul(x[2], y[14]);
951	1.13M	accum.mul(x[3], y[13]);
952	1.13M	accum.mul(x[4], y[12]);
953	1.13M	accum.mul(x[5], y[11]);
954	1.13M	accum.mul(x[6], y[10]);
955	1.13M	accum.mul(x[7], y[9]);
956	1.13M	accum.mul(x[8], y[8]);
957	1.13M	accum.mul(x[9], y[7]);
958	1.13M	accum.mul(x[10], y[6]);
959	1.13M	accum.mul(x[11], y[5]);
960	1.13M	accum.mul(x[12], y[4]);
961	1.13M	accum.mul(x[13], y[3]);
962	1.13M	accum.mul(x[14], y[2]);
963	1.13M	accum.mul(x[15], y[1]);
964	1.13M	z[16] = accum.extract();
965	1.13M	accum.mul(x[2], y[15]);
966	1.13M	accum.mul(x[3], y[14]);
967	1.13M	accum.mul(x[4], y[13]);
968	1.13M	accum.mul(x[5], y[12]);
969	1.13M	accum.mul(x[6], y[11]);
970	1.13M	accum.mul(x[7], y[10]);
971	1.13M	accum.mul(x[8], y[9]);
972	1.13M	accum.mul(x[9], y[8]);
973	1.13M	accum.mul(x[10], y[7]);
974	1.13M	accum.mul(x[11], y[6]);
975	1.13M	accum.mul(x[12], y[5]);
976	1.13M	accum.mul(x[13], y[4]);
977	1.13M	accum.mul(x[14], y[3]);
978	1.13M	accum.mul(x[15], y[2]);
979	1.13M	z[17] = accum.extract();
980	1.13M	accum.mul(x[3], y[15]);
981	1.13M	accum.mul(x[4], y[14]);
982	1.13M	accum.mul(x[5], y[13]);
983	1.13M	accum.mul(x[6], y[12]);
984	1.13M	accum.mul(x[7], y[11]);
985	1.13M	accum.mul(x[8], y[10]);
986	1.13M	accum.mul(x[9], y[9]);
987	1.13M	accum.mul(x[10], y[8]);
988	1.13M	accum.mul(x[11], y[7]);
989	1.13M	accum.mul(x[12], y[6]);
990	1.13M	accum.mul(x[13], y[5]);
991	1.13M	accum.mul(x[14], y[4]);
992	1.13M	accum.mul(x[15], y[3]);
993	1.13M	z[18] = accum.extract();
994	1.13M	accum.mul(x[4], y[15]);
995	1.13M	accum.mul(x[5], y[14]);
996	1.13M	accum.mul(x[6], y[13]);
997	1.13M	accum.mul(x[7], y[12]);
998	1.13M	accum.mul(x[8], y[11]);
999	1.13M	accum.mul(x[9], y[10]);
1000	1.13M	accum.mul(x[10], y[9]);
1001	1.13M	accum.mul(x[11], y[8]);
1002	1.13M	accum.mul(x[12], y[7]);
1003	1.13M	accum.mul(x[13], y[6]);
1004	1.13M	accum.mul(x[14], y[5]);
1005	1.13M	accum.mul(x[15], y[4]);
1006	1.13M	z[19] = accum.extract();
1007	1.13M	accum.mul(x[5], y[15]);
1008	1.13M	accum.mul(x[6], y[14]);
1009	1.13M	accum.mul(x[7], y[13]);
1010	1.13M	accum.mul(x[8], y[12]);
1011	1.13M	accum.mul(x[9], y[11]);
1012	1.13M	accum.mul(x[10], y[10]);
1013	1.13M	accum.mul(x[11], y[9]);
1014	1.13M	accum.mul(x[12], y[8]);
1015	1.13M	accum.mul(x[13], y[7]);
1016	1.13M	accum.mul(x[14], y[6]);
1017	1.13M	accum.mul(x[15], y[5]);
1018	1.13M	z[20] = accum.extract();
1019	1.13M	accum.mul(x[6], y[15]);
1020	1.13M	accum.mul(x[7], y[14]);
1021	1.13M	accum.mul(x[8], y[13]);
1022	1.13M	accum.mul(x[9], y[12]);
1023	1.13M	accum.mul(x[10], y[11]);
1024	1.13M	accum.mul(x[11], y[10]);
1025	1.13M	accum.mul(x[12], y[9]);
1026	1.13M	accum.mul(x[13], y[8]);
1027	1.13M	accum.mul(x[14], y[7]);
1028	1.13M	accum.mul(x[15], y[6]);
1029	1.13M	z[21] = accum.extract();
1030	1.13M	accum.mul(x[7], y[15]);
1031	1.13M	accum.mul(x[8], y[14]);
1032	1.13M	accum.mul(x[9], y[13]);
1033	1.13M	accum.mul(x[10], y[12]);
1034	1.13M	accum.mul(x[11], y[11]);
1035	1.13M	accum.mul(x[12], y[10]);
1036	1.13M	accum.mul(x[13], y[9]);
1037	1.13M	accum.mul(x[14], y[8]);
1038	1.13M	accum.mul(x[15], y[7]);
1039	1.13M	z[22] = accum.extract();
1040	1.13M	accum.mul(x[8], y[15]);
1041	1.13M	accum.mul(x[9], y[14]);
1042	1.13M	accum.mul(x[10], y[13]);
1043	1.13M	accum.mul(x[11], y[12]);
1044	1.13M	accum.mul(x[12], y[11]);
1045	1.13M	accum.mul(x[13], y[10]);
1046	1.13M	accum.mul(x[14], y[9]);
1047	1.13M	accum.mul(x[15], y[8]);
1048	1.13M	z[23] = accum.extract();
1049	1.13M	accum.mul(x[9], y[15]);
1050	1.13M	accum.mul(x[10], y[14]);
1051	1.13M	accum.mul(x[11], y[13]);
1052	1.13M	accum.mul(x[12], y[12]);
1053	1.13M	accum.mul(x[13], y[11]);
1054	1.13M	accum.mul(x[14], y[10]);
1055	1.13M	accum.mul(x[15], y[9]);
1056	1.13M	z[24] = accum.extract();
1057	1.13M	accum.mul(x[10], y[15]);
1058	1.13M	accum.mul(x[11], y[14]);
1059	1.13M	accum.mul(x[12], y[13]);
1060	1.13M	accum.mul(x[13], y[12]);
1061	1.13M	accum.mul(x[14], y[11]);
1062	1.13M	accum.mul(x[15], y[10]);
1063	1.13M	z[25] = accum.extract();
1064	1.13M	accum.mul(x[11], y[15]);
1065	1.13M	accum.mul(x[12], y[14]);
1066	1.13M	accum.mul(x[13], y[13]);
1067	1.13M	accum.mul(x[14], y[12]);
1068	1.13M	accum.mul(x[15], y[11]);
1069	1.13M	z[26] = accum.extract();
1070	1.13M	accum.mul(x[12], y[15]);
1071	1.13M	accum.mul(x[13], y[14]);
1072	1.13M	accum.mul(x[14], y[13]);
1073	1.13M	accum.mul(x[15], y[12]);
1074	1.13M	z[27] = accum.extract();
1075	1.13M	accum.mul(x[13], y[15]);
1076	1.13M	accum.mul(x[14], y[14]);
1077	1.13M	accum.mul(x[15], y[13]);
1078	1.13M	z[28] = accum.extract();
1079	1.13M	accum.mul(x[14], y[15]);
1080	1.13M	accum.mul(x[15], y[14]);
1081	1.13M	z[29] = accum.extract();
1082	1.13M	accum.mul(x[15], y[15]);
1083	1.13M	z[30] = accum.extract();
1084	1.13M	z[31] = accum.extract();
1085	1.13M	}
1086
1087		/*
1088		* Comba 24x24 Squaring
1089		*/
1090	97.4k	void bigint_comba_sqr24(word z[48], const word x[24]) {
1091	97.4k	word3<word> accum;
1092
1093	97.4k	accum.mul(x[0], x[0]);
1094	97.4k	z[0] = accum.extract();
1095	97.4k	accum.mul_x2(x[0], x[1]);
1096	97.4k	z[1] = accum.extract();
1097	97.4k	accum.mul_x2(x[0], x[2]);
1098	97.4k	accum.mul(x[1], x[1]);
1099	97.4k	z[2] = accum.extract();
1100	97.4k	accum.mul_x2(x[0], x[3]);
1101	97.4k	accum.mul_x2(x[1], x[2]);
1102	97.4k	z[3] = accum.extract();
1103	97.4k	accum.mul_x2(x[0], x[4]);
1104	97.4k	accum.mul_x2(x[1], x[3]);
1105	97.4k	accum.mul(x[2], x[2]);
1106	97.4k	z[4] = accum.extract();
1107	97.4k	accum.mul_x2(x[0], x[5]);
1108	97.4k	accum.mul_x2(x[1], x[4]);
1109	97.4k	accum.mul_x2(x[2], x[3]);
1110	97.4k	z[5] = accum.extract();
1111	97.4k	accum.mul_x2(x[0], x[6]);
1112	97.4k	accum.mul_x2(x[1], x[5]);
1113	97.4k	accum.mul_x2(x[2], x[4]);
1114	97.4k	accum.mul(x[3], x[3]);
1115	97.4k	z[6] = accum.extract();
1116	97.4k	accum.mul_x2(x[0], x[7]);
1117	97.4k	accum.mul_x2(x[1], x[6]);
1118	97.4k	accum.mul_x2(x[2], x[5]);
1119	97.4k	accum.mul_x2(x[3], x[4]);
1120	97.4k	z[7] = accum.extract();
1121	97.4k	accum.mul_x2(x[0], x[8]);
1122	97.4k	accum.mul_x2(x[1], x[7]);
1123	97.4k	accum.mul_x2(x[2], x[6]);
1124	97.4k	accum.mul_x2(x[3], x[5]);
1125	97.4k	accum.mul(x[4], x[4]);
1126	97.4k	z[8] = accum.extract();
1127	97.4k	accum.mul_x2(x[0], x[9]);
1128	97.4k	accum.mul_x2(x[1], x[8]);
1129	97.4k	accum.mul_x2(x[2], x[7]);
1130	97.4k	accum.mul_x2(x[3], x[6]);
1131	97.4k	accum.mul_x2(x[4], x[5]);
1132	97.4k	z[9] = accum.extract();
1133	97.4k	accum.mul_x2(x[0], x[10]);
1134	97.4k	accum.mul_x2(x[1], x[9]);
1135	97.4k	accum.mul_x2(x[2], x[8]);
1136	97.4k	accum.mul_x2(x[3], x[7]);
1137	97.4k	accum.mul_x2(x[4], x[6]);
1138	97.4k	accum.mul(x[5], x[5]);
1139	97.4k	z[10] = accum.extract();
1140	97.4k	accum.mul_x2(x[0], x[11]);
1141	97.4k	accum.mul_x2(x[1], x[10]);
1142	97.4k	accum.mul_x2(x[2], x[9]);
1143	97.4k	accum.mul_x2(x[3], x[8]);
1144	97.4k	accum.mul_x2(x[4], x[7]);
1145	97.4k	accum.mul_x2(x[5], x[6]);
1146	97.4k	z[11] = accum.extract();
1147	97.4k	accum.mul_x2(x[0], x[12]);
1148	97.4k	accum.mul_x2(x[1], x[11]);
1149	97.4k	accum.mul_x2(x[2], x[10]);
1150	97.4k	accum.mul_x2(x[3], x[9]);
1151	97.4k	accum.mul_x2(x[4], x[8]);
1152	97.4k	accum.mul_x2(x[5], x[7]);
1153	97.4k	accum.mul(x[6], x[6]);
1154	97.4k	z[12] = accum.extract();
1155	97.4k	accum.mul_x2(x[0], x[13]);
1156	97.4k	accum.mul_x2(x[1], x[12]);
1157	97.4k	accum.mul_x2(x[2], x[11]);
1158	97.4k	accum.mul_x2(x[3], x[10]);
1159	97.4k	accum.mul_x2(x[4], x[9]);
1160	97.4k	accum.mul_x2(x[5], x[8]);
1161	97.4k	accum.mul_x2(x[6], x[7]);
1162	97.4k	z[13] = accum.extract();
1163	97.4k	accum.mul_x2(x[0], x[14]);
1164	97.4k	accum.mul_x2(x[1], x[13]);
1165	97.4k	accum.mul_x2(x[2], x[12]);
1166	97.4k	accum.mul_x2(x[3], x[11]);
1167	97.4k	accum.mul_x2(x[4], x[10]);
1168	97.4k	accum.mul_x2(x[5], x[9]);
1169	97.4k	accum.mul_x2(x[6], x[8]);
1170	97.4k	accum.mul(x[7], x[7]);
1171	97.4k	z[14] = accum.extract();
1172	97.4k	accum.mul_x2(x[0], x[15]);
1173	97.4k	accum.mul_x2(x[1], x[14]);
1174	97.4k	accum.mul_x2(x[2], x[13]);
1175	97.4k	accum.mul_x2(x[3], x[12]);
1176	97.4k	accum.mul_x2(x[4], x[11]);
1177	97.4k	accum.mul_x2(x[5], x[10]);
1178	97.4k	accum.mul_x2(x[6], x[9]);
1179	97.4k	accum.mul_x2(x[7], x[8]);
1180	97.4k	z[15] = accum.extract();
1181	97.4k	accum.mul_x2(x[0], x[16]);
1182	97.4k	accum.mul_x2(x[1], x[15]);
1183	97.4k	accum.mul_x2(x[2], x[14]);
1184	97.4k	accum.mul_x2(x[3], x[13]);
1185	97.4k	accum.mul_x2(x[4], x[12]);
1186	97.4k	accum.mul_x2(x[5], x[11]);
1187	97.4k	accum.mul_x2(x[6], x[10]);
1188	97.4k	accum.mul_x2(x[7], x[9]);
1189	97.4k	accum.mul(x[8], x[8]);
1190	97.4k	z[16] = accum.extract();
1191	97.4k	accum.mul_x2(x[0], x[17]);
1192	97.4k	accum.mul_x2(x[1], x[16]);
1193	97.4k	accum.mul_x2(x[2], x[15]);
1194	97.4k	accum.mul_x2(x[3], x[14]);
1195	97.4k	accum.mul_x2(x[4], x[13]);
1196	97.4k	accum.mul_x2(x[5], x[12]);
1197	97.4k	accum.mul_x2(x[6], x[11]);
1198	97.4k	accum.mul_x2(x[7], x[10]);
1199	97.4k	accum.mul_x2(x[8], x[9]);
1200	97.4k	z[17] = accum.extract();
1201	97.4k	accum.mul_x2(x[0], x[18]);
1202	97.4k	accum.mul_x2(x[1], x[17]);
1203	97.4k	accum.mul_x2(x[2], x[16]);
1204	97.4k	accum.mul_x2(x[3], x[15]);
1205	97.4k	accum.mul_x2(x[4], x[14]);
1206	97.4k	accum.mul_x2(x[5], x[13]);
1207	97.4k	accum.mul_x2(x[6], x[12]);
1208	97.4k	accum.mul_x2(x[7], x[11]);
1209	97.4k	accum.mul_x2(x[8], x[10]);
1210	97.4k	accum.mul(x[9], x[9]);
1211	97.4k	z[18] = accum.extract();
1212	97.4k	accum.mul_x2(x[0], x[19]);
1213	97.4k	accum.mul_x2(x[1], x[18]);
1214	97.4k	accum.mul_x2(x[2], x[17]);
1215	97.4k	accum.mul_x2(x[3], x[16]);
1216	97.4k	accum.mul_x2(x[4], x[15]);
1217	97.4k	accum.mul_x2(x[5], x[14]);
1218	97.4k	accum.mul_x2(x[6], x[13]);
1219	97.4k	accum.mul_x2(x[7], x[12]);
1220	97.4k	accum.mul_x2(x[8], x[11]);
1221	97.4k	accum.mul_x2(x[9], x[10]);
1222	97.4k	z[19] = accum.extract();
1223	97.4k	accum.mul_x2(x[0], x[20]);
1224	97.4k	accum.mul_x2(x[1], x[19]);
1225	97.4k	accum.mul_x2(x[2], x[18]);
1226	97.4k	accum.mul_x2(x[3], x[17]);
1227	97.4k	accum.mul_x2(x[4], x[16]);
1228	97.4k	accum.mul_x2(x[5], x[15]);
1229	97.4k	accum.mul_x2(x[6], x[14]);
1230	97.4k	accum.mul_x2(x[7], x[13]);
1231	97.4k	accum.mul_x2(x[8], x[12]);
1232	97.4k	accum.mul_x2(x[9], x[11]);
1233	97.4k	accum.mul(x[10], x[10]);
1234	97.4k	z[20] = accum.extract();
1235	97.4k	accum.mul_x2(x[0], x[21]);
1236	97.4k	accum.mul_x2(x[1], x[20]);
1237	97.4k	accum.mul_x2(x[2], x[19]);
1238	97.4k	accum.mul_x2(x[3], x[18]);
1239	97.4k	accum.mul_x2(x[4], x[17]);
1240	97.4k	accum.mul_x2(x[5], x[16]);
1241	97.4k	accum.mul_x2(x[6], x[15]);
1242	97.4k	accum.mul_x2(x[7], x[14]);
1243	97.4k	accum.mul_x2(x[8], x[13]);
1244	97.4k	accum.mul_x2(x[9], x[12]);
1245	97.4k	accum.mul_x2(x[10], x[11]);
1246	97.4k	z[21] = accum.extract();
1247	97.4k	accum.mul_x2(x[0], x[22]);
1248	97.4k	accum.mul_x2(x[1], x[21]);
1249	97.4k	accum.mul_x2(x[2], x[20]);
1250	97.4k	accum.mul_x2(x[3], x[19]);
1251	97.4k	accum.mul_x2(x[4], x[18]);
1252	97.4k	accum.mul_x2(x[5], x[17]);
1253	97.4k	accum.mul_x2(x[6], x[16]);
1254	97.4k	accum.mul_x2(x[7], x[15]);
1255	97.4k	accum.mul_x2(x[8], x[14]);
1256	97.4k	accum.mul_x2(x[9], x[13]);
1257	97.4k	accum.mul_x2(x[10], x[12]);
1258	97.4k	accum.mul(x[11], x[11]);
1259	97.4k	z[22] = accum.extract();
1260	97.4k	accum.mul_x2(x[0], x[23]);
1261	97.4k	accum.mul_x2(x[1], x[22]);
1262	97.4k	accum.mul_x2(x[2], x[21]);
1263	97.4k	accum.mul_x2(x[3], x[20]);
1264	97.4k	accum.mul_x2(x[4], x[19]);
1265	97.4k	accum.mul_x2(x[5], x[18]);
1266	97.4k	accum.mul_x2(x[6], x[17]);
1267	97.4k	accum.mul_x2(x[7], x[16]);
1268	97.4k	accum.mul_x2(x[8], x[15]);
1269	97.4k	accum.mul_x2(x[9], x[14]);
1270	97.4k	accum.mul_x2(x[10], x[13]);
1271	97.4k	accum.mul_x2(x[11], x[12]);
1272	97.4k	z[23] = accum.extract();
1273	97.4k	accum.mul_x2(x[1], x[23]);
1274	97.4k	accum.mul_x2(x[2], x[22]);
1275	97.4k	accum.mul_x2(x[3], x[21]);
1276	97.4k	accum.mul_x2(x[4], x[20]);
1277	97.4k	accum.mul_x2(x[5], x[19]);
1278	97.4k	accum.mul_x2(x[6], x[18]);
1279	97.4k	accum.mul_x2(x[7], x[17]);
1280	97.4k	accum.mul_x2(x[8], x[16]);
1281	97.4k	accum.mul_x2(x[9], x[15]);
1282	97.4k	accum.mul_x2(x[10], x[14]);
1283	97.4k	accum.mul_x2(x[11], x[13]);
1284	97.4k	accum.mul(x[12], x[12]);
1285	97.4k	z[24] = accum.extract();
1286	97.4k	accum.mul_x2(x[2], x[23]);
1287	97.4k	accum.mul_x2(x[3], x[22]);
1288	97.4k	accum.mul_x2(x[4], x[21]);
1289	97.4k	accum.mul_x2(x[5], x[20]);
1290	97.4k	accum.mul_x2(x[6], x[19]);
1291	97.4k	accum.mul_x2(x[7], x[18]);
1292	97.4k	accum.mul_x2(x[8], x[17]);
1293	97.4k	accum.mul_x2(x[9], x[16]);
1294	97.4k	accum.mul_x2(x[10], x[15]);
1295	97.4k	accum.mul_x2(x[11], x[14]);
1296	97.4k	accum.mul_x2(x[12], x[13]);
1297	97.4k	z[25] = accum.extract();
1298	97.4k	accum.mul_x2(x[3], x[23]);
1299	97.4k	accum.mul_x2(x[4], x[22]);
1300	97.4k	accum.mul_x2(x[5], x[21]);
1301	97.4k	accum.mul_x2(x[6], x[20]);
1302	97.4k	accum.mul_x2(x[7], x[19]);
1303	97.4k	accum.mul_x2(x[8], x[18]);
1304	97.4k	accum.mul_x2(x[9], x[17]);
1305	97.4k	accum.mul_x2(x[10], x[16]);
1306	97.4k	accum.mul_x2(x[11], x[15]);
1307	97.4k	accum.mul_x2(x[12], x[14]);
1308	97.4k	accum.mul(x[13], x[13]);
1309	97.4k	z[26] = accum.extract();
1310	97.4k	accum.mul_x2(x[4], x[23]);
1311	97.4k	accum.mul_x2(x[5], x[22]);
1312	97.4k	accum.mul_x2(x[6], x[21]);
1313	97.4k	accum.mul_x2(x[7], x[20]);
1314	97.4k	accum.mul_x2(x[8], x[19]);
1315	97.4k	accum.mul_x2(x[9], x[18]);
1316	97.4k	accum.mul_x2(x[10], x[17]);
1317	97.4k	accum.mul_x2(x[11], x[16]);
1318	97.4k	accum.mul_x2(x[12], x[15]);
1319	97.4k	accum.mul_x2(x[13], x[14]);
1320	97.4k	z[27] = accum.extract();
1321	97.4k	accum.mul_x2(x[5], x[23]);
1322	97.4k	accum.mul_x2(x[6], x[22]);
1323	97.4k	accum.mul_x2(x[7], x[21]);
1324	97.4k	accum.mul_x2(x[8], x[20]);
1325	97.4k	accum.mul_x2(x[9], x[19]);
1326	97.4k	accum.mul_x2(x[10], x[18]);
1327	97.4k	accum.mul_x2(x[11], x[17]);
1328	97.4k	accum.mul_x2(x[12], x[16]);
1329	97.4k	accum.mul_x2(x[13], x[15]);
1330	97.4k	accum.mul(x[14], x[14]);
1331	97.4k	z[28] = accum.extract();
1332	97.4k	accum.mul_x2(x[6], x[23]);
1333	97.4k	accum.mul_x2(x[7], x[22]);
1334	97.4k	accum.mul_x2(x[8], x[21]);
1335	97.4k	accum.mul_x2(x[9], x[20]);
1336	97.4k	accum.mul_x2(x[10], x[19]);
1337	97.4k	accum.mul_x2(x[11], x[18]);
1338	97.4k	accum.mul_x2(x[12], x[17]);
1339	97.4k	accum.mul_x2(x[13], x[16]);
1340	97.4k	accum.mul_x2(x[14], x[15]);
1341	97.4k	z[29] = accum.extract();
1342	97.4k	accum.mul_x2(x[7], x[23]);
1343	97.4k	accum.mul_x2(x[8], x[22]);
1344	97.4k	accum.mul_x2(x[9], x[21]);
1345	97.4k	accum.mul_x2(x[10], x[20]);
1346	97.4k	accum.mul_x2(x[11], x[19]);
1347	97.4k	accum.mul_x2(x[12], x[18]);
1348	97.4k	accum.mul_x2(x[13], x[17]);
1349	97.4k	accum.mul_x2(x[14], x[16]);
1350	97.4k	accum.mul(x[15], x[15]);
1351	97.4k	z[30] = accum.extract();
1352	97.4k	accum.mul_x2(x[8], x[23]);
1353	97.4k	accum.mul_x2(x[9], x[22]);
1354	97.4k	accum.mul_x2(x[10], x[21]);
1355	97.4k	accum.mul_x2(x[11], x[20]);
1356	97.4k	accum.mul_x2(x[12], x[19]);
1357	97.4k	accum.mul_x2(x[13], x[18]);
1358	97.4k	accum.mul_x2(x[14], x[17]);
1359	97.4k	accum.mul_x2(x[15], x[16]);
1360	97.4k	z[31] = accum.extract();
1361	97.4k	accum.mul_x2(x[9], x[23]);
1362	97.4k	accum.mul_x2(x[10], x[22]);
1363	97.4k	accum.mul_x2(x[11], x[21]);
1364	97.4k	accum.mul_x2(x[12], x[20]);
1365	97.4k	accum.mul_x2(x[13], x[19]);
1366	97.4k	accum.mul_x2(x[14], x[18]);
1367	97.4k	accum.mul_x2(x[15], x[17]);
1368	97.4k	accum.mul(x[16], x[16]);
1369	97.4k	z[32] = accum.extract();
1370	97.4k	accum.mul_x2(x[10], x[23]);
1371	97.4k	accum.mul_x2(x[11], x[22]);
1372	97.4k	accum.mul_x2(x[12], x[21]);
1373	97.4k	accum.mul_x2(x[13], x[20]);
1374	97.4k	accum.mul_x2(x[14], x[19]);
1375	97.4k	accum.mul_x2(x[15], x[18]);
1376	97.4k	accum.mul_x2(x[16], x[17]);
1377	97.4k	z[33] = accum.extract();
1378	97.4k	accum.mul_x2(x[11], x[23]);
1379	97.4k	accum.mul_x2(x[12], x[22]);
1380	97.4k	accum.mul_x2(x[13], x[21]);
1381	97.4k	accum.mul_x2(x[14], x[20]);
1382	97.4k	accum.mul_x2(x[15], x[19]);
1383	97.4k	accum.mul_x2(x[16], x[18]);
1384	97.4k	accum.mul(x[17], x[17]);
1385	97.4k	z[34] = accum.extract();
1386	97.4k	accum.mul_x2(x[12], x[23]);
1387	97.4k	accum.mul_x2(x[13], x[22]);
1388	97.4k	accum.mul_x2(x[14], x[21]);
1389	97.4k	accum.mul_x2(x[15], x[20]);
1390	97.4k	accum.mul_x2(x[16], x[19]);
1391	97.4k	accum.mul_x2(x[17], x[18]);
1392	97.4k	z[35] = accum.extract();
1393	97.4k	accum.mul_x2(x[13], x[23]);
1394	97.4k	accum.mul_x2(x[14], x[22]);
1395	97.4k	accum.mul_x2(x[15], x[21]);
1396	97.4k	accum.mul_x2(x[16], x[20]);
1397	97.4k	accum.mul_x2(x[17], x[19]);
1398	97.4k	accum.mul(x[18], x[18]);
1399	97.4k	z[36] = accum.extract();
1400	97.4k	accum.mul_x2(x[14], x[23]);
1401	97.4k	accum.mul_x2(x[15], x[22]);
1402	97.4k	accum.mul_x2(x[16], x[21]);
1403	97.4k	accum.mul_x2(x[17], x[20]);
1404	97.4k	accum.mul_x2(x[18], x[19]);
1405	97.4k	z[37] = accum.extract();
1406	97.4k	accum.mul_x2(x[15], x[23]);
1407	97.4k	accum.mul_x2(x[16], x[22]);
1408	97.4k	accum.mul_x2(x[17], x[21]);
1409	97.4k	accum.mul_x2(x[18], x[20]);
1410	97.4k	accum.mul(x[19], x[19]);
1411	97.4k	z[38] = accum.extract();
1412	97.4k	accum.mul_x2(x[16], x[23]);
1413	97.4k	accum.mul_x2(x[17], x[22]);
1414	97.4k	accum.mul_x2(x[18], x[21]);
1415	97.4k	accum.mul_x2(x[19], x[20]);
1416	97.4k	z[39] = accum.extract();
1417	97.4k	accum.mul_x2(x[17], x[23]);
1418	97.4k	accum.mul_x2(x[18], x[22]);
1419	97.4k	accum.mul_x2(x[19], x[21]);
1420	97.4k	accum.mul(x[20], x[20]);
1421	97.4k	z[40] = accum.extract();
1422	97.4k	accum.mul_x2(x[18], x[23]);
1423	97.4k	accum.mul_x2(x[19], x[22]);
1424	97.4k	accum.mul_x2(x[20], x[21]);
1425	97.4k	z[41] = accum.extract();
1426	97.4k	accum.mul_x2(x[19], x[23]);
1427	97.4k	accum.mul_x2(x[20], x[22]);
1428	97.4k	accum.mul(x[21], x[21]);
1429	97.4k	z[42] = accum.extract();
1430	97.4k	accum.mul_x2(x[20], x[23]);
1431	97.4k	accum.mul_x2(x[21], x[22]);
1432	97.4k	z[43] = accum.extract();
1433	97.4k	accum.mul_x2(x[21], x[23]);
1434	97.4k	accum.mul(x[22], x[22]);
1435	97.4k	z[44] = accum.extract();
1436	97.4k	accum.mul_x2(x[22], x[23]);
1437	97.4k	z[45] = accum.extract();
1438	97.4k	accum.mul(x[23], x[23]);
1439	97.4k	z[46] = accum.extract();
1440	97.4k	z[47] = accum.extract();
1441	97.4k	}
1442
1443		/*
1444		* Comba 24x24 Multiplication
1445		*/
1446	196k	void bigint_comba_mul24(word z[48], const word x[24], const word y[24]) {
1447	196k	word3<word> accum;
1448
1449	196k	accum.mul(x[0], y[0]);
1450	196k	z[0] = accum.extract();
1451	196k	accum.mul(x[0], y[1]);
1452	196k	accum.mul(x[1], y[0]);
1453	196k	z[1] = accum.extract();
1454	196k	accum.mul(x[0], y[2]);
1455	196k	accum.mul(x[1], y[1]);
1456	196k	accum.mul(x[2], y[0]);
1457	196k	z[2] = accum.extract();
1458	196k	accum.mul(x[0], y[3]);
1459	196k	accum.mul(x[1], y[2]);
1460	196k	accum.mul(x[2], y[1]);
1461	196k	accum.mul(x[3], y[0]);
1462	196k	z[3] = accum.extract();
1463	196k	accum.mul(x[0], y[4]);
1464	196k	accum.mul(x[1], y[3]);
1465	196k	accum.mul(x[2], y[2]);
1466	196k	accum.mul(x[3], y[1]);
1467	196k	accum.mul(x[4], y[0]);
1468	196k	z[4] = accum.extract();
1469	196k	accum.mul(x[0], y[5]);
1470	196k	accum.mul(x[1], y[4]);
1471	196k	accum.mul(x[2], y[3]);
1472	196k	accum.mul(x[3], y[2]);
1473	196k	accum.mul(x[4], y[1]);
1474	196k	accum.mul(x[5], y[0]);
1475	196k	z[5] = accum.extract();
1476	196k	accum.mul(x[0], y[6]);
1477	196k	accum.mul(x[1], y[5]);
1478	196k	accum.mul(x[2], y[4]);
1479	196k	accum.mul(x[3], y[3]);
1480	196k	accum.mul(x[4], y[2]);
1481	196k	accum.mul(x[5], y[1]);
1482	196k	accum.mul(x[6], y[0]);
1483	196k	z[6] = accum.extract();
1484	196k	accum.mul(x[0], y[7]);
1485	196k	accum.mul(x[1], y[6]);
1486	196k	accum.mul(x[2], y[5]);
1487	196k	accum.mul(x[3], y[4]);
1488	196k	accum.mul(x[4], y[3]);
1489	196k	accum.mul(x[5], y[2]);
1490	196k	accum.mul(x[6], y[1]);
1491	196k	accum.mul(x[7], y[0]);
1492	196k	z[7] = accum.extract();
1493	196k	accum.mul(x[0], y[8]);
1494	196k	accum.mul(x[1], y[7]);
1495	196k	accum.mul(x[2], y[6]);
1496	196k	accum.mul(x[3], y[5]);
1497	196k	accum.mul(x[4], y[4]);
1498	196k	accum.mul(x[5], y[3]);
1499	196k	accum.mul(x[6], y[2]);
1500	196k	accum.mul(x[7], y[1]);
1501	196k	accum.mul(x[8], y[0]);
1502	196k	z[8] = accum.extract();
1503	196k	accum.mul(x[0], y[9]);
1504	196k	accum.mul(x[1], y[8]);
1505	196k	accum.mul(x[2], y[7]);
1506	196k	accum.mul(x[3], y[6]);
1507	196k	accum.mul(x[4], y[5]);
1508	196k	accum.mul(x[5], y[4]);
1509	196k	accum.mul(x[6], y[3]);
1510	196k	accum.mul(x[7], y[2]);
1511	196k	accum.mul(x[8], y[1]);
1512	196k	accum.mul(x[9], y[0]);
1513	196k	z[9] = accum.extract();
1514	196k	accum.mul(x[0], y[10]);
1515	196k	accum.mul(x[1], y[9]);
1516	196k	accum.mul(x[2], y[8]);
1517	196k	accum.mul(x[3], y[7]);
1518	196k	accum.mul(x[4], y[6]);
1519	196k	accum.mul(x[5], y[5]);
1520	196k	accum.mul(x[6], y[4]);
1521	196k	accum.mul(x[7], y[3]);
1522	196k	accum.mul(x[8], y[2]);
1523	196k	accum.mul(x[9], y[1]);
1524	196k	accum.mul(x[10], y[0]);
1525	196k	z[10] = accum.extract();
1526	196k	accum.mul(x[0], y[11]);
1527	196k	accum.mul(x[1], y[10]);
1528	196k	accum.mul(x[2], y[9]);
1529	196k	accum.mul(x[3], y[8]);
1530	196k	accum.mul(x[4], y[7]);
1531	196k	accum.mul(x[5], y[6]);
1532	196k	accum.mul(x[6], y[5]);
1533	196k	accum.mul(x[7], y[4]);
1534	196k	accum.mul(x[8], y[3]);
1535	196k	accum.mul(x[9], y[2]);
1536	196k	accum.mul(x[10], y[1]);
1537	196k	accum.mul(x[11], y[0]);
1538	196k	z[11] = accum.extract();
1539	196k	accum.mul(x[0], y[12]);
1540	196k	accum.mul(x[1], y[11]);
1541	196k	accum.mul(x[2], y[10]);
1542	196k	accum.mul(x[3], y[9]);
1543	196k	accum.mul(x[4], y[8]);
1544	196k	accum.mul(x[5], y[7]);
1545	196k	accum.mul(x[6], y[6]);
1546	196k	accum.mul(x[7], y[5]);
1547	196k	accum.mul(x[8], y[4]);
1548	196k	accum.mul(x[9], y[3]);
1549	196k	accum.mul(x[10], y[2]);
1550	196k	accum.mul(x[11], y[1]);
1551	196k	accum.mul(x[12], y[0]);
1552	196k	z[12] = accum.extract();
1553	196k	accum.mul(x[0], y[13]);
1554	196k	accum.mul(x[1], y[12]);
1555	196k	accum.mul(x[2], y[11]);
1556	196k	accum.mul(x[3], y[10]);
1557	196k	accum.mul(x[4], y[9]);
1558	196k	accum.mul(x[5], y[8]);
1559	196k	accum.mul(x[6], y[7]);
1560	196k	accum.mul(x[7], y[6]);
1561	196k	accum.mul(x[8], y[5]);
1562	196k	accum.mul(x[9], y[4]);
1563	196k	accum.mul(x[10], y[3]);
1564	196k	accum.mul(x[11], y[2]);
1565	196k	accum.mul(x[12], y[1]);
1566	196k	accum.mul(x[13], y[0]);
1567	196k	z[13] = accum.extract();
1568	196k	accum.mul(x[0], y[14]);
1569	196k	accum.mul(x[1], y[13]);
1570	196k	accum.mul(x[2], y[12]);
1571	196k	accum.mul(x[3], y[11]);
1572	196k	accum.mul(x[4], y[10]);
1573	196k	accum.mul(x[5], y[9]);
1574	196k	accum.mul(x[6], y[8]);
1575	196k	accum.mul(x[7], y[7]);
1576	196k	accum.mul(x[8], y[6]);
1577	196k	accum.mul(x[9], y[5]);
1578	196k	accum.mul(x[10], y[4]);
1579	196k	accum.mul(x[11], y[3]);
1580	196k	accum.mul(x[12], y[2]);
1581	196k	accum.mul(x[13], y[1]);
1582	196k	accum.mul(x[14], y[0]);
1583	196k	z[14] = accum.extract();
1584	196k	accum.mul(x[0], y[15]);
1585	196k	accum.mul(x[1], y[14]);
1586	196k	accum.mul(x[2], y[13]);
1587	196k	accum.mul(x[3], y[12]);
1588	196k	accum.mul(x[4], y[11]);
1589	196k	accum.mul(x[5], y[10]);
1590	196k	accum.mul(x[6], y[9]);
1591	196k	accum.mul(x[7], y[8]);
1592	196k	accum.mul(x[8], y[7]);
1593	196k	accum.mul(x[9], y[6]);
1594	196k	accum.mul(x[10], y[5]);
1595	196k	accum.mul(x[11], y[4]);
1596	196k	accum.mul(x[12], y[3]);
1597	196k	accum.mul(x[13], y[2]);
1598	196k	accum.mul(x[14], y[1]);
1599	196k	accum.mul(x[15], y[0]);
1600	196k	z[15] = accum.extract();
1601	196k	accum.mul(x[0], y[16]);
1602	196k	accum.mul(x[1], y[15]);
1603	196k	accum.mul(x[2], y[14]);
1604	196k	accum.mul(x[3], y[13]);
1605	196k	accum.mul(x[4], y[12]);
1606	196k	accum.mul(x[5], y[11]);
1607	196k	accum.mul(x[6], y[10]);
1608	196k	accum.mul(x[7], y[9]);
1609	196k	accum.mul(x[8], y[8]);
1610	196k	accum.mul(x[9], y[7]);
1611	196k	accum.mul(x[10], y[6]);
1612	196k	accum.mul(x[11], y[5]);
1613	196k	accum.mul(x[12], y[4]);
1614	196k	accum.mul(x[13], y[3]);
1615	196k	accum.mul(x[14], y[2]);
1616	196k	accum.mul(x[15], y[1]);
1617	196k	accum.mul(x[16], y[0]);
1618	196k	z[16] = accum.extract();
1619	196k	accum.mul(x[0], y[17]);
1620	196k	accum.mul(x[1], y[16]);
1621	196k	accum.mul(x[2], y[15]);
1622	196k	accum.mul(x[3], y[14]);
1623	196k	accum.mul(x[4], y[13]);
1624	196k	accum.mul(x[5], y[12]);
1625	196k	accum.mul(x[6], y[11]);
1626	196k	accum.mul(x[7], y[10]);
1627	196k	accum.mul(x[8], y[9]);
1628	196k	accum.mul(x[9], y[8]);
1629	196k	accum.mul(x[10], y[7]);
1630	196k	accum.mul(x[11], y[6]);
1631	196k	accum.mul(x[12], y[5]);
1632	196k	accum.mul(x[13], y[4]);
1633	196k	accum.mul(x[14], y[3]);
1634	196k	accum.mul(x[15], y[2]);
1635	196k	accum.mul(x[16], y[1]);
1636	196k	accum.mul(x[17], y[0]);
1637	196k	z[17] = accum.extract();
1638	196k	accum.mul(x[0], y[18]);
1639	196k	accum.mul(x[1], y[17]);
1640	196k	accum.mul(x[2], y[16]);
1641	196k	accum.mul(x[3], y[15]);
1642	196k	accum.mul(x[4], y[14]);
1643	196k	accum.mul(x[5], y[13]);
1644	196k	accum.mul(x[6], y[12]);
1645	196k	accum.mul(x[7], y[11]);
1646	196k	accum.mul(x[8], y[10]);
1647	196k	accum.mul(x[9], y[9]);
1648	196k	accum.mul(x[10], y[8]);
1649	196k	accum.mul(x[11], y[7]);
1650	196k	accum.mul(x[12], y[6]);
1651	196k	accum.mul(x[13], y[5]);
1652	196k	accum.mul(x[14], y[4]);
1653	196k	accum.mul(x[15], y[3]);
1654	196k	accum.mul(x[16], y[2]);
1655	196k	accum.mul(x[17], y[1]);
1656	196k	accum.mul(x[18], y[0]);
1657	196k	z[18] = accum.extract();
1658	196k	accum.mul(x[0], y[19]);
1659	196k	accum.mul(x[1], y[18]);
1660	196k	accum.mul(x[2], y[17]);
1661	196k	accum.mul(x[3], y[16]);
1662	196k	accum.mul(x[4], y[15]);
1663	196k	accum.mul(x[5], y[14]);
1664	196k	accum.mul(x[6], y[13]);
1665	196k	accum.mul(x[7], y[12]);
1666	196k	accum.mul(x[8], y[11]);
1667	196k	accum.mul(x[9], y[10]);
1668	196k	accum.mul(x[10], y[9]);
1669	196k	accum.mul(x[11], y[8]);
1670	196k	accum.mul(x[12], y[7]);
1671	196k	accum.mul(x[13], y[6]);
1672	196k	accum.mul(x[14], y[5]);
1673	196k	accum.mul(x[15], y[4]);
1674	196k	accum.mul(x[16], y[3]);
1675	196k	accum.mul(x[17], y[2]);
1676	196k	accum.mul(x[18], y[1]);
1677	196k	accum.mul(x[19], y[0]);
1678	196k	z[19] = accum.extract();
1679	196k	accum.mul(x[0], y[20]);
1680	196k	accum.mul(x[1], y[19]);
1681	196k	accum.mul(x[2], y[18]);
1682	196k	accum.mul(x[3], y[17]);
1683	196k	accum.mul(x[4], y[16]);
1684	196k	accum.mul(x[5], y[15]);
1685	196k	accum.mul(x[6], y[14]);
1686	196k	accum.mul(x[7], y[13]);
1687	196k	accum.mul(x[8], y[12]);
1688	196k	accum.mul(x[9], y[11]);
1689	196k	accum.mul(x[10], y[10]);
1690	196k	accum.mul(x[11], y[9]);
1691	196k	accum.mul(x[12], y[8]);
1692	196k	accum.mul(x[13], y[7]);
1693	196k	accum.mul(x[14], y[6]);
1694	196k	accum.mul(x[15], y[5]);
1695	196k	accum.mul(x[16], y[4]);
1696	196k	accum.mul(x[17], y[3]);
1697	196k	accum.mul(x[18], y[2]);
1698	196k	accum.mul(x[19], y[1]);
1699	196k	accum.mul(x[20], y[0]);
1700	196k	z[20] = accum.extract();
1701	196k	accum.mul(x[0], y[21]);
1702	196k	accum.mul(x[1], y[20]);
1703	196k	accum.mul(x[2], y[19]);
1704	196k	accum.mul(x[3], y[18]);
1705	196k	accum.mul(x[4], y[17]);
1706	196k	accum.mul(x[5], y[16]);
1707	196k	accum.mul(x[6], y[15]);
1708	196k	accum.mul(x[7], y[14]);
1709	196k	accum.mul(x[8], y[13]);
1710	196k	accum.mul(x[9], y[12]);
1711	196k	accum.mul(x[10], y[11]);
1712	196k	accum.mul(x[11], y[10]);
1713	196k	accum.mul(x[12], y[9]);
1714	196k	accum.mul(x[13], y[8]);
1715	196k	accum.mul(x[14], y[7]);
1716	196k	accum.mul(x[15], y[6]);
1717	196k	accum.mul(x[16], y[5]);
1718	196k	accum.mul(x[17], y[4]);
1719	196k	accum.mul(x[18], y[3]);
1720	196k	accum.mul(x[19], y[2]);
1721	196k	accum.mul(x[20], y[1]);
1722	196k	accum.mul(x[21], y[0]);
1723	196k	z[21] = accum.extract();
1724	196k	accum.mul(x[0], y[22]);
1725	196k	accum.mul(x[1], y[21]);
1726	196k	accum.mul(x[2], y[20]);
1727	196k	accum.mul(x[3], y[19]);
1728	196k	accum.mul(x[4], y[18]);
1729	196k	accum.mul(x[5], y[17]);
1730	196k	accum.mul(x[6], y[16]);
1731	196k	accum.mul(x[7], y[15]);
1732	196k	accum.mul(x[8], y[14]);
1733	196k	accum.mul(x[9], y[13]);
1734	196k	accum.mul(x[10], y[12]);
1735	196k	accum.mul(x[11], y[11]);
1736	196k	accum.mul(x[12], y[10]);
1737	196k	accum.mul(x[13], y[9]);
1738	196k	accum.mul(x[14], y[8]);
1739	196k	accum.mul(x[15], y[7]);
1740	196k	accum.mul(x[16], y[6]);
1741	196k	accum.mul(x[17], y[5]);
1742	196k	accum.mul(x[18], y[4]);
1743	196k	accum.mul(x[19], y[3]);
1744	196k	accum.mul(x[20], y[2]);
1745	196k	accum.mul(x[21], y[1]);
1746	196k	accum.mul(x[22], y[0]);
1747	196k	z[22] = accum.extract();
1748	196k	accum.mul(x[0], y[23]);
1749	196k	accum.mul(x[1], y[22]);
1750	196k	accum.mul(x[2], y[21]);
1751	196k	accum.mul(x[3], y[20]);
1752	196k	accum.mul(x[4], y[19]);
1753	196k	accum.mul(x[5], y[18]);
1754	196k	accum.mul(x[6], y[17]);
1755	196k	accum.mul(x[7], y[16]);
1756	196k	accum.mul(x[8], y[15]);
1757	196k	accum.mul(x[9], y[14]);
1758	196k	accum.mul(x[10], y[13]);
1759	196k	accum.mul(x[11], y[12]);
1760	196k	accum.mul(x[12], y[11]);
1761	196k	accum.mul(x[13], y[10]);
1762	196k	accum.mul(x[14], y[9]);
1763	196k	accum.mul(x[15], y[8]);
1764	196k	accum.mul(x[16], y[7]);
1765	196k	accum.mul(x[17], y[6]);
1766	196k	accum.mul(x[18], y[5]);
1767	196k	accum.mul(x[19], y[4]);
1768	196k	accum.mul(x[20], y[3]);
1769	196k	accum.mul(x[21], y[2]);
1770	196k	accum.mul(x[22], y[1]);
1771	196k	accum.mul(x[23], y[0]);
1772	196k	z[23] = accum.extract();
1773	196k	accum.mul(x[1], y[23]);
1774	196k	accum.mul(x[2], y[22]);
1775	196k	accum.mul(x[3], y[21]);
1776	196k	accum.mul(x[4], y[20]);
1777	196k	accum.mul(x[5], y[19]);
1778	196k	accum.mul(x[6], y[18]);
1779	196k	accum.mul(x[7], y[17]);
1780	196k	accum.mul(x[8], y[16]);
1781	196k	accum.mul(x[9], y[15]);
1782	196k	accum.mul(x[10], y[14]);
1783	196k	accum.mul(x[11], y[13]);
1784	196k	accum.mul(x[12], y[12]);
1785	196k	accum.mul(x[13], y[11]);
1786	196k	accum.mul(x[14], y[10]);
1787	196k	accum.mul(x[15], y[9]);
1788	196k	accum.mul(x[16], y[8]);
1789	196k	accum.mul(x[17], y[7]);
1790	196k	accum.mul(x[18], y[6]);
1791	196k	accum.mul(x[19], y[5]);
1792	196k	accum.mul(x[20], y[4]);
1793	196k	accum.mul(x[21], y[3]);
1794	196k	accum.mul(x[22], y[2]);
1795	196k	accum.mul(x[23], y[1]);
1796	196k	z[24] = accum.extract();
1797	196k	accum.mul(x[2], y[23]);
1798	196k	accum.mul(x[3], y[22]);
1799	196k	accum.mul(x[4], y[21]);
1800	196k	accum.mul(x[5], y[20]);
1801	196k	accum.mul(x[6], y[19]);
1802	196k	accum.mul(x[7], y[18]);
1803	196k	accum.mul(x[8], y[17]);
1804	196k	accum.mul(x[9], y[16]);
1805	196k	accum.mul(x[10], y[15]);
1806	196k	accum.mul(x[11], y[14]);
1807	196k	accum.mul(x[12], y[13]);
1808	196k	accum.mul(x[13], y[12]);
1809	196k	accum.mul(x[14], y[11]);
1810	196k	accum.mul(x[15], y[10]);
1811	196k	accum.mul(x[16], y[9]);
1812	196k	accum.mul(x[17], y[8]);
1813	196k	accum.mul(x[18], y[7]);
1814	196k	accum.mul(x[19], y[6]);
1815	196k	accum.mul(x[20], y[5]);
1816	196k	accum.mul(x[21], y[4]);
1817	196k	accum.mul(x[22], y[3]);
1818	196k	accum.mul(x[23], y[2]);
1819	196k	z[25] = accum.extract();
1820	196k	accum.mul(x[3], y[23]);
1821	196k	accum.mul(x[4], y[22]);
1822	196k	accum.mul(x[5], y[21]);
1823	196k	accum.mul(x[6], y[20]);
1824	196k	accum.mul(x[7], y[19]);
1825	196k	accum.mul(x[8], y[18]);
1826	196k	accum.mul(x[9], y[17]);
1827	196k	accum.mul(x[10], y[16]);
1828	196k	accum.mul(x[11], y[15]);
1829	196k	accum.mul(x[12], y[14]);
1830	196k	accum.mul(x[13], y[13]);
1831	196k	accum.mul(x[14], y[12]);
1832	196k	accum.mul(x[15], y[11]);
1833	196k	accum.mul(x[16], y[10]);
1834	196k	accum.mul(x[17], y[9]);
1835	196k	accum.mul(x[18], y[8]);
1836	196k	accum.mul(x[19], y[7]);
1837	196k	accum.mul(x[20], y[6]);
1838	196k	accum.mul(x[21], y[5]);
1839	196k	accum.mul(x[22], y[4]);
1840	196k	accum.mul(x[23], y[3]);
1841	196k	z[26] = accum.extract();
1842	196k	accum.mul(x[4], y[23]);
1843	196k	accum.mul(x[5], y[22]);
1844	196k	accum.mul(x[6], y[21]);
1845	196k	accum.mul(x[7], y[20]);
1846	196k	accum.mul(x[8], y[19]);
1847	196k	accum.mul(x[9], y[18]);
1848	196k	accum.mul(x[10], y[17]);
1849	196k	accum.mul(x[11], y[16]);
1850	196k	accum.mul(x[12], y[15]);
1851	196k	accum.mul(x[13], y[14]);
1852	196k	accum.mul(x[14], y[13]);
1853	196k	accum.mul(x[15], y[12]);
1854	196k	accum.mul(x[16], y[11]);
1855	196k	accum.mul(x[17], y[10]);
1856	196k	accum.mul(x[18], y[9]);
1857	196k	accum.mul(x[19], y[8]);
1858	196k	accum.mul(x[20], y[7]);
1859	196k	accum.mul(x[21], y[6]);
1860	196k	accum.mul(x[22], y[5]);
1861	196k	accum.mul(x[23], y[4]);
1862	196k	z[27] = accum.extract();
1863	196k	accum.mul(x[5], y[23]);
1864	196k	accum.mul(x[6], y[22]);
1865	196k	accum.mul(x[7], y[21]);
1866	196k	accum.mul(x[8], y[20]);
1867	196k	accum.mul(x[9], y[19]);
1868	196k	accum.mul(x[10], y[18]);
1869	196k	accum.mul(x[11], y[17]);
1870	196k	accum.mul(x[12], y[16]);
1871	196k	accum.mul(x[13], y[15]);
1872	196k	accum.mul(x[14], y[14]);
1873	196k	accum.mul(x[15], y[13]);
1874	196k	accum.mul(x[16], y[12]);
1875	196k	accum.mul(x[17], y[11]);
1876	196k	accum.mul(x[18], y[10]);
1877	196k	accum.mul(x[19], y[9]);
1878	196k	accum.mul(x[20], y[8]);
1879	196k	accum.mul(x[21], y[7]);
1880	196k	accum.mul(x[22], y[6]);
1881	196k	accum.mul(x[23], y[5]);
1882	196k	z[28] = accum.extract();
1883	196k	accum.mul(x[6], y[23]);
1884	196k	accum.mul(x[7], y[22]);
1885	196k	accum.mul(x[8], y[21]);
1886	196k	accum.mul(x[9], y[20]);
1887	196k	accum.mul(x[10], y[19]);
1888	196k	accum.mul(x[11], y[18]);
1889	196k	accum.mul(x[12], y[17]);
1890	196k	accum.mul(x[13], y[16]);
1891	196k	accum.mul(x[14], y[15]);
1892	196k	accum.mul(x[15], y[14]);
1893	196k	accum.mul(x[16], y[13]);
1894	196k	accum.mul(x[17], y[12]);
1895	196k	accum.mul(x[18], y[11]);
1896	196k	accum.mul(x[19], y[10]);
1897	196k	accum.mul(x[20], y[9]);
1898	196k	accum.mul(x[21], y[8]);
1899	196k	accum.mul(x[22], y[7]);
1900	196k	accum.mul(x[23], y[6]);
1901	196k	z[29] = accum.extract();
1902	196k	accum.mul(x[7], y[23]);
1903	196k	accum.mul(x[8], y[22]);
1904	196k	accum.mul(x[9], y[21]);
1905	196k	accum.mul(x[10], y[20]);
1906	196k	accum.mul(x[11], y[19]);
1907	196k	accum.mul(x[12], y[18]);
1908	196k	accum.mul(x[13], y[17]);
1909	196k	accum.mul(x[14], y[16]);
1910	196k	accum.mul(x[15], y[15]);
1911	196k	accum.mul(x[16], y[14]);
1912	196k	accum.mul(x[17], y[13]);
1913	196k	accum.mul(x[18], y[12]);
1914	196k	accum.mul(x[19], y[11]);
1915	196k	accum.mul(x[20], y[10]);
1916	196k	accum.mul(x[21], y[9]);
1917	196k	accum.mul(x[22], y[8]);
1918	196k	accum.mul(x[23], y[7]);
1919	196k	z[30] = accum.extract();
1920	196k	accum.mul(x[8], y[23]);
1921	196k	accum.mul(x[9], y[22]);
1922	196k	accum.mul(x[10], y[21]);
1923	196k	accum.mul(x[11], y[20]);
1924	196k	accum.mul(x[12], y[19]);
1925	196k	accum.mul(x[13], y[18]);
1926	196k	accum.mul(x[14], y[17]);
1927	196k	accum.mul(x[15], y[16]);
1928	196k	accum.mul(x[16], y[15]);
1929	196k	accum.mul(x[17], y[14]);
1930	196k	accum.mul(x[18], y[13]);
1931	196k	accum.mul(x[19], y[12]);
1932	196k	accum.mul(x[20], y[11]);
1933	196k	accum.mul(x[21], y[10]);
1934	196k	accum.mul(x[22], y[9]);
1935	196k	accum.mul(x[23], y[8]);
1936	196k	z[31] = accum.extract();
1937	196k	accum.mul(x[9], y[23]);
1938	196k	accum.mul(x[10], y[22]);
1939	196k	accum.mul(x[11], y[21]);
1940	196k	accum.mul(x[12], y[20]);
1941	196k	accum.mul(x[13], y[19]);
1942	196k	accum.mul(x[14], y[18]);
1943	196k	accum.mul(x[15], y[17]);
1944	196k	accum.mul(x[16], y[16]);
1945	196k	accum.mul(x[17], y[15]);
1946	196k	accum.mul(x[18], y[14]);
1947	196k	accum.mul(x[19], y[13]);
1948	196k	accum.mul(x[20], y[12]);
1949	196k	accum.mul(x[21], y[11]);
1950	196k	accum.mul(x[22], y[10]);
1951	196k	accum.mul(x[23], y[9]);
1952	196k	z[32] = accum.extract();
1953	196k	accum.mul(x[10], y[23]);
1954	196k	accum.mul(x[11], y[22]);
1955	196k	accum.mul(x[12], y[21]);
1956	196k	accum.mul(x[13], y[20]);
1957	196k	accum.mul(x[14], y[19]);
1958	196k	accum.mul(x[15], y[18]);
1959	196k	accum.mul(x[16], y[17]);
1960	196k	accum.mul(x[17], y[16]);
1961	196k	accum.mul(x[18], y[15]);
1962	196k	accum.mul(x[19], y[14]);
1963	196k	accum.mul(x[20], y[13]);
1964	196k	accum.mul(x[21], y[12]);
1965	196k	accum.mul(x[22], y[11]);
1966	196k	accum.mul(x[23], y[10]);
1967	196k	z[33] = accum.extract();
1968	196k	accum.mul(x[11], y[23]);
1969	196k	accum.mul(x[12], y[22]);
1970	196k	accum.mul(x[13], y[21]);
1971	196k	accum.mul(x[14], y[20]);
1972	196k	accum.mul(x[15], y[19]);
1973	196k	accum.mul(x[16], y[18]);
1974	196k	accum.mul(x[17], y[17]);
1975	196k	accum.mul(x[18], y[16]);
1976	196k	accum.mul(x[19], y[15]);
1977	196k	accum.mul(x[20], y[14]);
1978	196k	accum.mul(x[21], y[13]);
1979	196k	accum.mul(x[22], y[12]);
1980	196k	accum.mul(x[23], y[11]);
1981	196k	z[34] = accum.extract();
1982	196k	accum.mul(x[12], y[23]);
1983	196k	accum.mul(x[13], y[22]);
1984	196k	accum.mul(x[14], y[21]);
1985	196k	accum.mul(x[15], y[20]);
1986	196k	accum.mul(x[16], y[19]);
1987	196k	accum.mul(x[17], y[18]);
1988	196k	accum.mul(x[18], y[17]);
1989	196k	accum.mul(x[19], y[16]);
1990	196k	accum.mul(x[20], y[15]);
1991	196k	accum.mul(x[21], y[14]);
1992	196k	accum.mul(x[22], y[13]);
1993	196k	accum.mul(x[23], y[12]);
1994	196k	z[35] = accum.extract();
1995	196k	accum.mul(x[13], y[23]);
1996	196k	accum.mul(x[14], y[22]);
1997	196k	accum.mul(x[15], y[21]);
1998	196k	accum.mul(x[16], y[20]);
1999	196k	accum.mul(x[17], y[19]);
2000	196k	accum.mul(x[18], y[18]);
2001	196k	accum.mul(x[19], y[17]);
2002	196k	accum.mul(x[20], y[16]);
2003	196k	accum.mul(x[21], y[15]);
2004	196k	accum.mul(x[22], y[14]);
2005	196k	accum.mul(x[23], y[13]);
2006	196k	z[36] = accum.extract();
2007	196k	accum.mul(x[14], y[23]);
2008	196k	accum.mul(x[15], y[22]);
2009	196k	accum.mul(x[16], y[21]);
2010	196k	accum.mul(x[17], y[20]);
2011	196k	accum.mul(x[18], y[19]);
2012	196k	accum.mul(x[19], y[18]);
2013	196k	accum.mul(x[20], y[17]);
2014	196k	accum.mul(x[21], y[16]);
2015	196k	accum.mul(x[22], y[15]);
2016	196k	accum.mul(x[23], y[14]);
2017	196k	z[37] = accum.extract();
2018	196k	accum.mul(x[15], y[23]);
2019	196k	accum.mul(x[16], y[22]);
2020	196k	accum.mul(x[17], y[21]);
2021	196k	accum.mul(x[18], y[20]);
2022	196k	accum.mul(x[19], y[19]);
2023	196k	accum.mul(x[20], y[18]);
2024	196k	accum.mul(x[21], y[17]);
2025	196k	accum.mul(x[22], y[16]);
2026	196k	accum.mul(x[23], y[15]);
2027	196k	z[38] = accum.extract();
2028	196k	accum.mul(x[16], y[23]);
2029	196k	accum.mul(x[17], y[22]);
2030	196k	accum.mul(x[18], y[21]);
2031	196k	accum.mul(x[19], y[20]);
2032	196k	accum.mul(x[20], y[19]);
2033	196k	accum.mul(x[21], y[18]);
2034	196k	accum.mul(x[22], y[17]);
2035	196k	accum.mul(x[23], y[16]);
2036	196k	z[39] = accum.extract();
2037	196k	accum.mul(x[17], y[23]);
2038	196k	accum.mul(x[18], y[22]);
2039	196k	accum.mul(x[19], y[21]);
2040	196k	accum.mul(x[20], y[20]);
2041	196k	accum.mul(x[21], y[19]);
2042	196k	accum.mul(x[22], y[18]);
2043	196k	accum.mul(x[23], y[17]);
2044	196k	z[40] = accum.extract();
2045	196k	accum.mul(x[18], y[23]);
2046	196k	accum.mul(x[19], y[22]);
2047	196k	accum.mul(x[20], y[21]);
2048	196k	accum.mul(x[21], y[20]);
2049	196k	accum.mul(x[22], y[19]);
2050	196k	accum.mul(x[23], y[18]);
2051	196k	z[41] = accum.extract();
2052	196k	accum.mul(x[19], y[23]);
2053	196k	accum.mul(x[20], y[22]);
2054	196k	accum.mul(x[21], y[21]);
2055	196k	accum.mul(x[22], y[20]);
2056	196k	accum.mul(x[23], y[19]);
2057	196k	z[42] = accum.extract();
2058	196k	accum.mul(x[20], y[23]);
2059	196k	accum.mul(x[21], y[22]);
2060	196k	accum.mul(x[22], y[21]);
2061	196k	accum.mul(x[23], y[20]);
2062	196k	z[43] = accum.extract();
2063	196k	accum.mul(x[21], y[23]);
2064	196k	accum.mul(x[22], y[22]);
2065	196k	accum.mul(x[23], y[21]);
2066	196k	z[44] = accum.extract();
2067	196k	accum.mul(x[22], y[23]);
2068	196k	accum.mul(x[23], y[22]);
2069	196k	z[45] = accum.extract();
2070	196k	accum.mul(x[23], y[23]);
2071	196k	z[46] = accum.extract();
2072	196k	z[47] = accum.extract();
2073	196k	}
2074
2075		} // namespace Botan

Coverage Report

Created: 2024-11-29 06:10