Line data Source code
1 : /* Autogenerated: './src/ExtractionOCaml/fiat_crypto' word-by-word-montgomery -o bn254_64.c bn254 64 21888242871839275222246405745257275088696311157297823662689037894645226208583 */
2 : /* curve description: bn254 */
3 : /* machine_wordsize = 64 (from "64") */
4 : /* requested operations: (all) */
5 : /* m = 0x30644e72e131a029b85045b68181585d97816a916871ca8d3c208c16d87cfd47 (from "21888242871839275222246405745257275088696311157297823662689037894645226208583") */
6 : /* */
7 : /* NOTE: In addition to the bounds specified above each function, all */
8 : /* functions synthesized for this Montgomery arithmetic require the */
9 : /* input to be strictly less than the prime modulus (m), and also */
10 : /* require the input to be in the unique saturated representation. */
11 : /* All functions also ensure that these two properties are true of */
12 : /* return values. */
13 : /* */
14 : /* Computed values: */
15 : /* eval z = z[0] + (z[1] << 64) + (z[2] << 128) + (z[3] << 192) */
16 : /* bytes_eval z = z[0] + (z[1] << 8) + (z[2] << 16) + (z[3] << 24) + (z[4] << 32) + (z[5] << 40) + (z[6] << 48) + (z[7] << 56) + (z[8] << 64) + (z[9] << 72) + (z[10] << 80) + (z[11] << 88) + (z[12] << 96) + (z[13] << 104) + (z[14] << 112) + (z[15] << 120) + (z[16] << 128) + (z[17] << 136) + (z[18] << 144) + (z[19] << 152) + (z[20] << 160) + (z[21] << 168) + (z[22] << 176) + (z[23] << 184) + (z[24] << 192) + (z[25] << 200) + (z[26] << 208) + (z[27] << 216) + (z[28] << 224) + (z[29] << 232) + (z[30] << 240) + (z[31] << 248) */
17 : /* twos_complement_eval z = let x1 := z[0] + (z[1] << 64) + (z[2] << 128) + (z[3] << 192) in */
18 : /* if x1 & (2^256-1) < 2^255 then x1 & (2^256-1) else (x1 & (2^256-1)) - 2^256 */
19 :
20 : #include <stdint.h>
21 : typedef unsigned char fiat_bn254_uint1;
22 : typedef signed char fiat_bn254_int1;
23 : #if defined(__GNUC__) || defined(__clang__)
24 : # define FIAT_BN254_FIAT_EXTENSION __extension__
25 : # define FIAT_BN254_FIAT_INLINE __inline__
26 : #else
27 : # define FIAT_BN254_FIAT_EXTENSION
28 : # define FIAT_BN254_FIAT_INLINE
29 : #endif
30 :
31 : FIAT_BN254_FIAT_EXTENSION typedef signed __int128 fiat_bn254_int128;
32 : FIAT_BN254_FIAT_EXTENSION typedef unsigned __int128 fiat_bn254_uint128;
33 :
34 : /* The type fiat_bn254_montgomery_domain_field_element is a field element in the Montgomery domain. */
35 : /* Bounds: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] */
36 : typedef uint64_t fiat_bn254_montgomery_domain_field_element[4];
37 :
38 : /* The type fiat_bn254_non_montgomery_domain_field_element is a field element NOT in the Montgomery domain. */
39 : /* Bounds: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] */
40 : typedef uint64_t fiat_bn254_non_montgomery_domain_field_element[4];
41 :
42 : #if (-1 & 3) != 3
43 : #error "This code only works on a two's complement system"
44 : #endif
45 :
46 :
47 : /*
48 : * The function fiat_bn254_addcarryx_u64 is an addition with carry.
49 : *
50 : * Postconditions:
51 : * out1 = (arg1 + arg2 + arg3) mod 2^64
52 : * out2 = ⌊(arg1 + arg2 + arg3) / 2^64⌋
53 : *
54 : * Input Bounds:
55 : * arg1: [0x0 ~> 0x1]
56 : * arg2: [0x0 ~> 0xffffffffffffffff]
57 : * arg3: [0x0 ~> 0xffffffffffffffff]
58 : * Output Bounds:
59 : * out1: [0x0 ~> 0xffffffffffffffff]
60 : * out2: [0x0 ~> 0x1]
61 : */
62 110966337 : void fiat_bn254_addcarryx_u64(uint64_t* out1, fiat_bn254_uint1* out2, fiat_bn254_uint1 arg1, uint64_t arg2, uint64_t arg3) {
63 110966337 : fiat_bn254_uint128 x1;
64 110966337 : uint64_t x2;
65 110966337 : fiat_bn254_uint1 x3;
66 110966337 : x1 = ((arg1 + (fiat_bn254_uint128)arg2) + arg3);
67 110966337 : x2 = (uint64_t)(x1 & UINT64_C(0xffffffffffffffff));
68 110966337 : x3 = (fiat_bn254_uint1)(x1 >> 64);
69 110966337 : *out1 = x2;
70 110966337 : *out2 = x3;
71 110966337 : }
72 :
73 : /*
74 : * The function fiat_bn254_subborrowx_u64 is a subtraction with borrow.
75 : *
76 : * Postconditions:
77 : * out1 = (-arg1 + arg2 + -arg3) mod 2^64
78 : * out2 = -⌊(-arg1 + arg2 + -arg3) / 2^64⌋
79 : *
80 : * Input Bounds:
81 : * arg1: [0x0 ~> 0x1]
82 : * arg2: [0x0 ~> 0xffffffffffffffff]
83 : * arg3: [0x0 ~> 0xffffffffffffffff]
84 : * Output Bounds:
85 : * out1: [0x0 ~> 0xffffffffffffffff]
86 : * out2: [0x0 ~> 0x1]
87 : */
88 127358115 : void fiat_bn254_subborrowx_u64(uint64_t* out1, fiat_bn254_uint1* out2, fiat_bn254_uint1 arg1, uint64_t arg2, uint64_t arg3) {
89 127358115 : fiat_bn254_int128 x1;
90 127358115 : fiat_bn254_int1 x2;
91 127358115 : uint64_t x3;
92 127358115 : x1 = ((arg2 - (fiat_bn254_int128)arg1) - arg3);
93 127358115 : x2 = (fiat_bn254_int1)(x1 >> 64);
94 127358115 : x3 = (uint64_t)(x1 & UINT64_C(0xffffffffffffffff));
95 127358115 : *out1 = x3;
96 127358115 : *out2 = (fiat_bn254_uint1)(0x0 - x2);
97 127358115 : }
98 :
99 : /*
100 : * The function fiat_bn254_mulx_u64 is a multiplication, returning the full double-width result.
101 : *
102 : * Postconditions:
103 : * out1 = (arg1 * arg2) mod 2^64
104 : * out2 = ⌊arg1 * arg2 / 2^64⌋
105 : *
106 : * Input Bounds:
107 : * arg1: [0x0 ~> 0xffffffffffffffff]
108 : * arg2: [0x0 ~> 0xffffffffffffffff]
109 : * Output Bounds:
110 : * out1: [0x0 ~> 0xffffffffffffffff]
111 : * out2: [0x0 ~> 0xffffffffffffffff]
112 : */
113 290256 : void fiat_bn254_mulx_u64(uint64_t* out1, uint64_t* out2, uint64_t arg1, uint64_t arg2) {
114 290256 : fiat_bn254_uint128 x1;
115 290256 : uint64_t x2;
116 290256 : uint64_t x3;
117 290256 : x1 = ((fiat_bn254_uint128)arg1 * arg2);
118 290256 : x2 = (uint64_t)(x1 & UINT64_C(0xffffffffffffffff));
119 290256 : x3 = (uint64_t)(x1 >> 64);
120 290256 : *out1 = x2;
121 290256 : *out2 = x3;
122 290256 : }
123 :
124 : /*
125 : * The function fiat_bn254_cmovznz_u64 is a single-word conditional move.
126 : *
127 : * Postconditions:
128 : * out1 = (if arg1 = 0 then arg2 else arg3)
129 : *
130 : * Input Bounds:
131 : * arg1: [0x0 ~> 0x1]
132 : * arg2: [0x0 ~> 0xffffffffffffffff]
133 : * arg3: [0x0 ~> 0xffffffffffffffff]
134 : * Output Bounds:
135 : * out1: [0x0 ~> 0xffffffffffffffff]
136 : */
137 78019803 : void fiat_bn254_cmovznz_u64(uint64_t* out1, fiat_bn254_uint1 arg1, uint64_t arg2, uint64_t arg3) {
138 78019803 : fiat_bn254_uint1 x1;
139 78019803 : uint64_t x2;
140 78019803 : uint64_t x3;
141 78019803 : x1 = (!(!arg1));
142 78019803 : x2 = ((uint64_t)(fiat_bn254_int1)(0x0 - x1) & UINT64_C(0xffffffffffffffff));
143 78019803 : x3 = ((x2 & arg3) | ((~x2) & arg2));
144 78019803 : *out1 = x3;
145 78019803 : }
146 :
147 : /*
148 : * The function fiat_bn254_mul multiplies two field elements in the Montgomery domain.
149 : *
150 : * Preconditions:
151 : * 0 ≤ eval arg1 < m
152 : * 0 ≤ eval arg2 < m
153 : * Postconditions:
154 : * eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg2)) mod m
155 : * 0 ≤ eval out1 < m
156 : *
157 : */
158 0 : void fiat_bn254_mul(fiat_bn254_montgomery_domain_field_element out1, const fiat_bn254_montgomery_domain_field_element arg1, const fiat_bn254_montgomery_domain_field_element arg2) {
159 0 : uint64_t x1;
160 0 : uint64_t x2;
161 0 : uint64_t x3;
162 0 : uint64_t x4;
163 0 : uint64_t x5;
164 0 : uint64_t x6;
165 0 : uint64_t x7;
166 0 : uint64_t x8;
167 0 : uint64_t x9;
168 0 : uint64_t x10;
169 0 : uint64_t x11;
170 0 : uint64_t x12;
171 0 : uint64_t x13;
172 0 : fiat_bn254_uint1 x14;
173 0 : uint64_t x15;
174 0 : fiat_bn254_uint1 x16;
175 0 : uint64_t x17;
176 0 : fiat_bn254_uint1 x18;
177 0 : uint64_t x19;
178 0 : uint64_t x20;
179 0 : uint64_t x21;
180 0 : uint64_t x22;
181 0 : uint64_t x23;
182 0 : uint64_t x24;
183 0 : uint64_t x25;
184 0 : uint64_t x26;
185 0 : uint64_t x27;
186 0 : uint64_t x28;
187 0 : uint64_t x29;
188 0 : uint64_t x30;
189 0 : fiat_bn254_uint1 x31;
190 0 : uint64_t x32;
191 0 : fiat_bn254_uint1 x33;
192 0 : uint64_t x34;
193 0 : fiat_bn254_uint1 x35;
194 0 : uint64_t x36;
195 0 : uint64_t x37;
196 0 : fiat_bn254_uint1 x38;
197 0 : uint64_t x39;
198 0 : fiat_bn254_uint1 x40;
199 0 : uint64_t x41;
200 0 : fiat_bn254_uint1 x42;
201 0 : uint64_t x43;
202 0 : fiat_bn254_uint1 x44;
203 0 : uint64_t x45;
204 0 : fiat_bn254_uint1 x46;
205 0 : uint64_t x47;
206 0 : uint64_t x48;
207 0 : uint64_t x49;
208 0 : uint64_t x50;
209 0 : uint64_t x51;
210 0 : uint64_t x52;
211 0 : uint64_t x53;
212 0 : uint64_t x54;
213 0 : uint64_t x55;
214 0 : fiat_bn254_uint1 x56;
215 0 : uint64_t x57;
216 0 : fiat_bn254_uint1 x58;
217 0 : uint64_t x59;
218 0 : fiat_bn254_uint1 x60;
219 0 : uint64_t x61;
220 0 : uint64_t x62;
221 0 : fiat_bn254_uint1 x63;
222 0 : uint64_t x64;
223 0 : fiat_bn254_uint1 x65;
224 0 : uint64_t x66;
225 0 : fiat_bn254_uint1 x67;
226 0 : uint64_t x68;
227 0 : fiat_bn254_uint1 x69;
228 0 : uint64_t x70;
229 0 : fiat_bn254_uint1 x71;
230 0 : uint64_t x72;
231 0 : uint64_t x73;
232 0 : uint64_t x74;
233 0 : uint64_t x75;
234 0 : uint64_t x76;
235 0 : uint64_t x77;
236 0 : uint64_t x78;
237 0 : uint64_t x79;
238 0 : uint64_t x80;
239 0 : uint64_t x81;
240 0 : uint64_t x82;
241 0 : fiat_bn254_uint1 x83;
242 0 : uint64_t x84;
243 0 : fiat_bn254_uint1 x85;
244 0 : uint64_t x86;
245 0 : fiat_bn254_uint1 x87;
246 0 : uint64_t x88;
247 0 : uint64_t x89;
248 0 : fiat_bn254_uint1 x90;
249 0 : uint64_t x91;
250 0 : fiat_bn254_uint1 x92;
251 0 : uint64_t x93;
252 0 : fiat_bn254_uint1 x94;
253 0 : uint64_t x95;
254 0 : fiat_bn254_uint1 x96;
255 0 : uint64_t x97;
256 0 : fiat_bn254_uint1 x98;
257 0 : uint64_t x99;
258 0 : uint64_t x100;
259 0 : uint64_t x101;
260 0 : uint64_t x102;
261 0 : uint64_t x103;
262 0 : uint64_t x104;
263 0 : uint64_t x105;
264 0 : uint64_t x106;
265 0 : uint64_t x107;
266 0 : uint64_t x108;
267 0 : fiat_bn254_uint1 x109;
268 0 : uint64_t x110;
269 0 : fiat_bn254_uint1 x111;
270 0 : uint64_t x112;
271 0 : fiat_bn254_uint1 x113;
272 0 : uint64_t x114;
273 0 : uint64_t x115;
274 0 : fiat_bn254_uint1 x116;
275 0 : uint64_t x117;
276 0 : fiat_bn254_uint1 x118;
277 0 : uint64_t x119;
278 0 : fiat_bn254_uint1 x120;
279 0 : uint64_t x121;
280 0 : fiat_bn254_uint1 x122;
281 0 : uint64_t x123;
282 0 : fiat_bn254_uint1 x124;
283 0 : uint64_t x125;
284 0 : uint64_t x126;
285 0 : uint64_t x127;
286 0 : uint64_t x128;
287 0 : uint64_t x129;
288 0 : uint64_t x130;
289 0 : uint64_t x131;
290 0 : uint64_t x132;
291 0 : uint64_t x133;
292 0 : uint64_t x134;
293 0 : uint64_t x135;
294 0 : fiat_bn254_uint1 x136;
295 0 : uint64_t x137;
296 0 : fiat_bn254_uint1 x138;
297 0 : uint64_t x139;
298 0 : fiat_bn254_uint1 x140;
299 0 : uint64_t x141;
300 0 : uint64_t x142;
301 0 : fiat_bn254_uint1 x143;
302 0 : uint64_t x144;
303 0 : fiat_bn254_uint1 x145;
304 0 : uint64_t x146;
305 0 : fiat_bn254_uint1 x147;
306 0 : uint64_t x148;
307 0 : fiat_bn254_uint1 x149;
308 0 : uint64_t x150;
309 0 : fiat_bn254_uint1 x151;
310 0 : uint64_t x152;
311 0 : uint64_t x153;
312 0 : uint64_t x154;
313 0 : uint64_t x155;
314 0 : uint64_t x156;
315 0 : uint64_t x157;
316 0 : uint64_t x158;
317 0 : uint64_t x159;
318 0 : uint64_t x160;
319 0 : uint64_t x161;
320 0 : fiat_bn254_uint1 x162;
321 0 : uint64_t x163;
322 0 : fiat_bn254_uint1 x164;
323 0 : uint64_t x165;
324 0 : fiat_bn254_uint1 x166;
325 0 : uint64_t x167;
326 0 : uint64_t x168;
327 0 : fiat_bn254_uint1 x169;
328 0 : uint64_t x170;
329 0 : fiat_bn254_uint1 x171;
330 0 : uint64_t x172;
331 0 : fiat_bn254_uint1 x173;
332 0 : uint64_t x174;
333 0 : fiat_bn254_uint1 x175;
334 0 : uint64_t x176;
335 0 : fiat_bn254_uint1 x177;
336 0 : uint64_t x178;
337 0 : uint64_t x179;
338 0 : uint64_t x180;
339 0 : uint64_t x181;
340 0 : uint64_t x182;
341 0 : uint64_t x183;
342 0 : uint64_t x184;
343 0 : uint64_t x185;
344 0 : uint64_t x186;
345 0 : uint64_t x187;
346 0 : uint64_t x188;
347 0 : fiat_bn254_uint1 x189;
348 0 : uint64_t x190;
349 0 : fiat_bn254_uint1 x191;
350 0 : uint64_t x192;
351 0 : fiat_bn254_uint1 x193;
352 0 : uint64_t x194;
353 0 : uint64_t x195;
354 0 : fiat_bn254_uint1 x196;
355 0 : uint64_t x197;
356 0 : fiat_bn254_uint1 x198;
357 0 : uint64_t x199;
358 0 : fiat_bn254_uint1 x200;
359 0 : uint64_t x201;
360 0 : fiat_bn254_uint1 x202;
361 0 : uint64_t x203;
362 0 : fiat_bn254_uint1 x204;
363 0 : uint64_t x205;
364 0 : uint64_t x206;
365 0 : fiat_bn254_uint1 x207;
366 0 : uint64_t x208;
367 0 : fiat_bn254_uint1 x209;
368 0 : uint64_t x210;
369 0 : fiat_bn254_uint1 x211;
370 0 : uint64_t x212;
371 0 : fiat_bn254_uint1 x213;
372 0 : uint64_t x214;
373 0 : fiat_bn254_uint1 x215;
374 0 : uint64_t x216;
375 0 : uint64_t x217;
376 0 : uint64_t x218;
377 0 : uint64_t x219;
378 0 : x1 = (arg1[1]);
379 0 : x2 = (arg1[2]);
380 0 : x3 = (arg1[3]);
381 0 : x4 = (arg1[0]);
382 0 : fiat_bn254_mulx_u64(&x5, &x6, x4, (arg2[3]));
383 0 : fiat_bn254_mulx_u64(&x7, &x8, x4, (arg2[2]));
384 0 : fiat_bn254_mulx_u64(&x9, &x10, x4, (arg2[1]));
385 0 : fiat_bn254_mulx_u64(&x11, &x12, x4, (arg2[0]));
386 0 : fiat_bn254_addcarryx_u64(&x13, &x14, 0x0, x12, x9);
387 0 : fiat_bn254_addcarryx_u64(&x15, &x16, x14, x10, x7);
388 0 : fiat_bn254_addcarryx_u64(&x17, &x18, x16, x8, x5);
389 0 : x19 = (x18 + x6);
390 0 : fiat_bn254_mulx_u64(&x20, &x21, x11, UINT64_C(0x87d20782e4866389));
391 0 : fiat_bn254_mulx_u64(&x22, &x23, x20, UINT64_C(0x30644e72e131a029));
392 0 : fiat_bn254_mulx_u64(&x24, &x25, x20, UINT64_C(0xb85045b68181585d));
393 0 : fiat_bn254_mulx_u64(&x26, &x27, x20, UINT64_C(0x97816a916871ca8d));
394 0 : fiat_bn254_mulx_u64(&x28, &x29, x20, UINT64_C(0x3c208c16d87cfd47));
395 0 : fiat_bn254_addcarryx_u64(&x30, &x31, 0x0, x29, x26);
396 0 : fiat_bn254_addcarryx_u64(&x32, &x33, x31, x27, x24);
397 0 : fiat_bn254_addcarryx_u64(&x34, &x35, x33, x25, x22);
398 0 : x36 = (x35 + x23);
399 0 : fiat_bn254_addcarryx_u64(&x37, &x38, 0x0, x11, x28);
400 0 : fiat_bn254_addcarryx_u64(&x39, &x40, x38, x13, x30);
401 0 : fiat_bn254_addcarryx_u64(&x41, &x42, x40, x15, x32);
402 0 : fiat_bn254_addcarryx_u64(&x43, &x44, x42, x17, x34);
403 0 : fiat_bn254_addcarryx_u64(&x45, &x46, x44, x19, x36);
404 0 : fiat_bn254_mulx_u64(&x47, &x48, x1, (arg2[3]));
405 0 : fiat_bn254_mulx_u64(&x49, &x50, x1, (arg2[2]));
406 0 : fiat_bn254_mulx_u64(&x51, &x52, x1, (arg2[1]));
407 0 : fiat_bn254_mulx_u64(&x53, &x54, x1, (arg2[0]));
408 0 : fiat_bn254_addcarryx_u64(&x55, &x56, 0x0, x54, x51);
409 0 : fiat_bn254_addcarryx_u64(&x57, &x58, x56, x52, x49);
410 0 : fiat_bn254_addcarryx_u64(&x59, &x60, x58, x50, x47);
411 0 : x61 = (x60 + x48);
412 0 : fiat_bn254_addcarryx_u64(&x62, &x63, 0x0, x39, x53);
413 0 : fiat_bn254_addcarryx_u64(&x64, &x65, x63, x41, x55);
414 0 : fiat_bn254_addcarryx_u64(&x66, &x67, x65, x43, x57);
415 0 : fiat_bn254_addcarryx_u64(&x68, &x69, x67, x45, x59);
416 0 : fiat_bn254_addcarryx_u64(&x70, &x71, x69, x46, x61);
417 0 : fiat_bn254_mulx_u64(&x72, &x73, x62, UINT64_C(0x87d20782e4866389));
418 0 : fiat_bn254_mulx_u64(&x74, &x75, x72, UINT64_C(0x30644e72e131a029));
419 0 : fiat_bn254_mulx_u64(&x76, &x77, x72, UINT64_C(0xb85045b68181585d));
420 0 : fiat_bn254_mulx_u64(&x78, &x79, x72, UINT64_C(0x97816a916871ca8d));
421 0 : fiat_bn254_mulx_u64(&x80, &x81, x72, UINT64_C(0x3c208c16d87cfd47));
422 0 : fiat_bn254_addcarryx_u64(&x82, &x83, 0x0, x81, x78);
423 0 : fiat_bn254_addcarryx_u64(&x84, &x85, x83, x79, x76);
424 0 : fiat_bn254_addcarryx_u64(&x86, &x87, x85, x77, x74);
425 0 : x88 = (x87 + x75);
426 0 : fiat_bn254_addcarryx_u64(&x89, &x90, 0x0, x62, x80);
427 0 : fiat_bn254_addcarryx_u64(&x91, &x92, x90, x64, x82);
428 0 : fiat_bn254_addcarryx_u64(&x93, &x94, x92, x66, x84);
429 0 : fiat_bn254_addcarryx_u64(&x95, &x96, x94, x68, x86);
430 0 : fiat_bn254_addcarryx_u64(&x97, &x98, x96, x70, x88);
431 0 : x99 = ((uint64_t)x98 + x71);
432 0 : fiat_bn254_mulx_u64(&x100, &x101, x2, (arg2[3]));
433 0 : fiat_bn254_mulx_u64(&x102, &x103, x2, (arg2[2]));
434 0 : fiat_bn254_mulx_u64(&x104, &x105, x2, (arg2[1]));
435 0 : fiat_bn254_mulx_u64(&x106, &x107, x2, (arg2[0]));
436 0 : fiat_bn254_addcarryx_u64(&x108, &x109, 0x0, x107, x104);
437 0 : fiat_bn254_addcarryx_u64(&x110, &x111, x109, x105, x102);
438 0 : fiat_bn254_addcarryx_u64(&x112, &x113, x111, x103, x100);
439 0 : x114 = (x113 + x101);
440 0 : fiat_bn254_addcarryx_u64(&x115, &x116, 0x0, x91, x106);
441 0 : fiat_bn254_addcarryx_u64(&x117, &x118, x116, x93, x108);
442 0 : fiat_bn254_addcarryx_u64(&x119, &x120, x118, x95, x110);
443 0 : fiat_bn254_addcarryx_u64(&x121, &x122, x120, x97, x112);
444 0 : fiat_bn254_addcarryx_u64(&x123, &x124, x122, x99, x114);
445 0 : fiat_bn254_mulx_u64(&x125, &x126, x115, UINT64_C(0x87d20782e4866389));
446 0 : fiat_bn254_mulx_u64(&x127, &x128, x125, UINT64_C(0x30644e72e131a029));
447 0 : fiat_bn254_mulx_u64(&x129, &x130, x125, UINT64_C(0xb85045b68181585d));
448 0 : fiat_bn254_mulx_u64(&x131, &x132, x125, UINT64_C(0x97816a916871ca8d));
449 0 : fiat_bn254_mulx_u64(&x133, &x134, x125, UINT64_C(0x3c208c16d87cfd47));
450 0 : fiat_bn254_addcarryx_u64(&x135, &x136, 0x0, x134, x131);
451 0 : fiat_bn254_addcarryx_u64(&x137, &x138, x136, x132, x129);
452 0 : fiat_bn254_addcarryx_u64(&x139, &x140, x138, x130, x127);
453 0 : x141 = (x140 + x128);
454 0 : fiat_bn254_addcarryx_u64(&x142, &x143, 0x0, x115, x133);
455 0 : fiat_bn254_addcarryx_u64(&x144, &x145, x143, x117, x135);
456 0 : fiat_bn254_addcarryx_u64(&x146, &x147, x145, x119, x137);
457 0 : fiat_bn254_addcarryx_u64(&x148, &x149, x147, x121, x139);
458 0 : fiat_bn254_addcarryx_u64(&x150, &x151, x149, x123, x141);
459 0 : x152 = ((uint64_t)x151 + x124);
460 0 : fiat_bn254_mulx_u64(&x153, &x154, x3, (arg2[3]));
461 0 : fiat_bn254_mulx_u64(&x155, &x156, x3, (arg2[2]));
462 0 : fiat_bn254_mulx_u64(&x157, &x158, x3, (arg2[1]));
463 0 : fiat_bn254_mulx_u64(&x159, &x160, x3, (arg2[0]));
464 0 : fiat_bn254_addcarryx_u64(&x161, &x162, 0x0, x160, x157);
465 0 : fiat_bn254_addcarryx_u64(&x163, &x164, x162, x158, x155);
466 0 : fiat_bn254_addcarryx_u64(&x165, &x166, x164, x156, x153);
467 0 : x167 = (x166 + x154);
468 0 : fiat_bn254_addcarryx_u64(&x168, &x169, 0x0, x144, x159);
469 0 : fiat_bn254_addcarryx_u64(&x170, &x171, x169, x146, x161);
470 0 : fiat_bn254_addcarryx_u64(&x172, &x173, x171, x148, x163);
471 0 : fiat_bn254_addcarryx_u64(&x174, &x175, x173, x150, x165);
472 0 : fiat_bn254_addcarryx_u64(&x176, &x177, x175, x152, x167);
473 0 : fiat_bn254_mulx_u64(&x178, &x179, x168, UINT64_C(0x87d20782e4866389));
474 0 : fiat_bn254_mulx_u64(&x180, &x181, x178, UINT64_C(0x30644e72e131a029));
475 0 : fiat_bn254_mulx_u64(&x182, &x183, x178, UINT64_C(0xb85045b68181585d));
476 0 : fiat_bn254_mulx_u64(&x184, &x185, x178, UINT64_C(0x97816a916871ca8d));
477 0 : fiat_bn254_mulx_u64(&x186, &x187, x178, UINT64_C(0x3c208c16d87cfd47));
478 0 : fiat_bn254_addcarryx_u64(&x188, &x189, 0x0, x187, x184);
479 0 : fiat_bn254_addcarryx_u64(&x190, &x191, x189, x185, x182);
480 0 : fiat_bn254_addcarryx_u64(&x192, &x193, x191, x183, x180);
481 0 : x194 = (x193 + x181);
482 0 : fiat_bn254_addcarryx_u64(&x195, &x196, 0x0, x168, x186);
483 0 : fiat_bn254_addcarryx_u64(&x197, &x198, x196, x170, x188);
484 0 : fiat_bn254_addcarryx_u64(&x199, &x200, x198, x172, x190);
485 0 : fiat_bn254_addcarryx_u64(&x201, &x202, x200, x174, x192);
486 0 : fiat_bn254_addcarryx_u64(&x203, &x204, x202, x176, x194);
487 0 : x205 = ((uint64_t)x204 + x177);
488 0 : fiat_bn254_subborrowx_u64(&x206, &x207, 0x0, x197, UINT64_C(0x3c208c16d87cfd47));
489 0 : fiat_bn254_subborrowx_u64(&x208, &x209, x207, x199, UINT64_C(0x97816a916871ca8d));
490 0 : fiat_bn254_subborrowx_u64(&x210, &x211, x209, x201, UINT64_C(0xb85045b68181585d));
491 0 : fiat_bn254_subborrowx_u64(&x212, &x213, x211, x203, UINT64_C(0x30644e72e131a029));
492 0 : fiat_bn254_subborrowx_u64(&x214, &x215, x213, x205, 0x0);
493 0 : fiat_bn254_cmovznz_u64(&x216, x215, x206, x197);
494 0 : fiat_bn254_cmovznz_u64(&x217, x215, x208, x199);
495 0 : fiat_bn254_cmovznz_u64(&x218, x215, x210, x201);
496 0 : fiat_bn254_cmovznz_u64(&x219, x215, x212, x203);
497 0 : out1[0] = x216;
498 0 : out1[1] = x217;
499 0 : out1[2] = x218;
500 0 : out1[3] = x219;
501 0 : }
502 :
503 : /*
504 : * The function fiat_bn254_square squares a field element in the Montgomery domain.
505 : *
506 : * Preconditions:
507 : * 0 ≤ eval arg1 < m
508 : * Postconditions:
509 : * eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg1)) mod m
510 : * 0 ≤ eval out1 < m
511 : *
512 : */
513 0 : void fiat_bn254_square(fiat_bn254_montgomery_domain_field_element out1, const fiat_bn254_montgomery_domain_field_element arg1) {
514 0 : uint64_t x1;
515 0 : uint64_t x2;
516 0 : uint64_t x3;
517 0 : uint64_t x4;
518 0 : uint64_t x5;
519 0 : uint64_t x6;
520 0 : uint64_t x7;
521 0 : uint64_t x8;
522 0 : uint64_t x9;
523 0 : uint64_t x10;
524 0 : uint64_t x11;
525 0 : uint64_t x12;
526 0 : uint64_t x13;
527 0 : fiat_bn254_uint1 x14;
528 0 : uint64_t x15;
529 0 : fiat_bn254_uint1 x16;
530 0 : uint64_t x17;
531 0 : fiat_bn254_uint1 x18;
532 0 : uint64_t x19;
533 0 : uint64_t x20;
534 0 : uint64_t x21;
535 0 : uint64_t x22;
536 0 : uint64_t x23;
537 0 : uint64_t x24;
538 0 : uint64_t x25;
539 0 : uint64_t x26;
540 0 : uint64_t x27;
541 0 : uint64_t x28;
542 0 : uint64_t x29;
543 0 : uint64_t x30;
544 0 : fiat_bn254_uint1 x31;
545 0 : uint64_t x32;
546 0 : fiat_bn254_uint1 x33;
547 0 : uint64_t x34;
548 0 : fiat_bn254_uint1 x35;
549 0 : uint64_t x36;
550 0 : uint64_t x37;
551 0 : fiat_bn254_uint1 x38;
552 0 : uint64_t x39;
553 0 : fiat_bn254_uint1 x40;
554 0 : uint64_t x41;
555 0 : fiat_bn254_uint1 x42;
556 0 : uint64_t x43;
557 0 : fiat_bn254_uint1 x44;
558 0 : uint64_t x45;
559 0 : fiat_bn254_uint1 x46;
560 0 : uint64_t x47;
561 0 : uint64_t x48;
562 0 : uint64_t x49;
563 0 : uint64_t x50;
564 0 : uint64_t x51;
565 0 : uint64_t x52;
566 0 : uint64_t x53;
567 0 : uint64_t x54;
568 0 : uint64_t x55;
569 0 : fiat_bn254_uint1 x56;
570 0 : uint64_t x57;
571 0 : fiat_bn254_uint1 x58;
572 0 : uint64_t x59;
573 0 : fiat_bn254_uint1 x60;
574 0 : uint64_t x61;
575 0 : uint64_t x62;
576 0 : fiat_bn254_uint1 x63;
577 0 : uint64_t x64;
578 0 : fiat_bn254_uint1 x65;
579 0 : uint64_t x66;
580 0 : fiat_bn254_uint1 x67;
581 0 : uint64_t x68;
582 0 : fiat_bn254_uint1 x69;
583 0 : uint64_t x70;
584 0 : fiat_bn254_uint1 x71;
585 0 : uint64_t x72;
586 0 : uint64_t x73;
587 0 : uint64_t x74;
588 0 : uint64_t x75;
589 0 : uint64_t x76;
590 0 : uint64_t x77;
591 0 : uint64_t x78;
592 0 : uint64_t x79;
593 0 : uint64_t x80;
594 0 : uint64_t x81;
595 0 : uint64_t x82;
596 0 : fiat_bn254_uint1 x83;
597 0 : uint64_t x84;
598 0 : fiat_bn254_uint1 x85;
599 0 : uint64_t x86;
600 0 : fiat_bn254_uint1 x87;
601 0 : uint64_t x88;
602 0 : uint64_t x89;
603 0 : fiat_bn254_uint1 x90;
604 0 : uint64_t x91;
605 0 : fiat_bn254_uint1 x92;
606 0 : uint64_t x93;
607 0 : fiat_bn254_uint1 x94;
608 0 : uint64_t x95;
609 0 : fiat_bn254_uint1 x96;
610 0 : uint64_t x97;
611 0 : fiat_bn254_uint1 x98;
612 0 : uint64_t x99;
613 0 : uint64_t x100;
614 0 : uint64_t x101;
615 0 : uint64_t x102;
616 0 : uint64_t x103;
617 0 : uint64_t x104;
618 0 : uint64_t x105;
619 0 : uint64_t x106;
620 0 : uint64_t x107;
621 0 : uint64_t x108;
622 0 : fiat_bn254_uint1 x109;
623 0 : uint64_t x110;
624 0 : fiat_bn254_uint1 x111;
625 0 : uint64_t x112;
626 0 : fiat_bn254_uint1 x113;
627 0 : uint64_t x114;
628 0 : uint64_t x115;
629 0 : fiat_bn254_uint1 x116;
630 0 : uint64_t x117;
631 0 : fiat_bn254_uint1 x118;
632 0 : uint64_t x119;
633 0 : fiat_bn254_uint1 x120;
634 0 : uint64_t x121;
635 0 : fiat_bn254_uint1 x122;
636 0 : uint64_t x123;
637 0 : fiat_bn254_uint1 x124;
638 0 : uint64_t x125;
639 0 : uint64_t x126;
640 0 : uint64_t x127;
641 0 : uint64_t x128;
642 0 : uint64_t x129;
643 0 : uint64_t x130;
644 0 : uint64_t x131;
645 0 : uint64_t x132;
646 0 : uint64_t x133;
647 0 : uint64_t x134;
648 0 : uint64_t x135;
649 0 : fiat_bn254_uint1 x136;
650 0 : uint64_t x137;
651 0 : fiat_bn254_uint1 x138;
652 0 : uint64_t x139;
653 0 : fiat_bn254_uint1 x140;
654 0 : uint64_t x141;
655 0 : uint64_t x142;
656 0 : fiat_bn254_uint1 x143;
657 0 : uint64_t x144;
658 0 : fiat_bn254_uint1 x145;
659 0 : uint64_t x146;
660 0 : fiat_bn254_uint1 x147;
661 0 : uint64_t x148;
662 0 : fiat_bn254_uint1 x149;
663 0 : uint64_t x150;
664 0 : fiat_bn254_uint1 x151;
665 0 : uint64_t x152;
666 0 : uint64_t x153;
667 0 : uint64_t x154;
668 0 : uint64_t x155;
669 0 : uint64_t x156;
670 0 : uint64_t x157;
671 0 : uint64_t x158;
672 0 : uint64_t x159;
673 0 : uint64_t x160;
674 0 : uint64_t x161;
675 0 : fiat_bn254_uint1 x162;
676 0 : uint64_t x163;
677 0 : fiat_bn254_uint1 x164;
678 0 : uint64_t x165;
679 0 : fiat_bn254_uint1 x166;
680 0 : uint64_t x167;
681 0 : uint64_t x168;
682 0 : fiat_bn254_uint1 x169;
683 0 : uint64_t x170;
684 0 : fiat_bn254_uint1 x171;
685 0 : uint64_t x172;
686 0 : fiat_bn254_uint1 x173;
687 0 : uint64_t x174;
688 0 : fiat_bn254_uint1 x175;
689 0 : uint64_t x176;
690 0 : fiat_bn254_uint1 x177;
691 0 : uint64_t x178;
692 0 : uint64_t x179;
693 0 : uint64_t x180;
694 0 : uint64_t x181;
695 0 : uint64_t x182;
696 0 : uint64_t x183;
697 0 : uint64_t x184;
698 0 : uint64_t x185;
699 0 : uint64_t x186;
700 0 : uint64_t x187;
701 0 : uint64_t x188;
702 0 : fiat_bn254_uint1 x189;
703 0 : uint64_t x190;
704 0 : fiat_bn254_uint1 x191;
705 0 : uint64_t x192;
706 0 : fiat_bn254_uint1 x193;
707 0 : uint64_t x194;
708 0 : uint64_t x195;
709 0 : fiat_bn254_uint1 x196;
710 0 : uint64_t x197;
711 0 : fiat_bn254_uint1 x198;
712 0 : uint64_t x199;
713 0 : fiat_bn254_uint1 x200;
714 0 : uint64_t x201;
715 0 : fiat_bn254_uint1 x202;
716 0 : uint64_t x203;
717 0 : fiat_bn254_uint1 x204;
718 0 : uint64_t x205;
719 0 : uint64_t x206;
720 0 : fiat_bn254_uint1 x207;
721 0 : uint64_t x208;
722 0 : fiat_bn254_uint1 x209;
723 0 : uint64_t x210;
724 0 : fiat_bn254_uint1 x211;
725 0 : uint64_t x212;
726 0 : fiat_bn254_uint1 x213;
727 0 : uint64_t x214;
728 0 : fiat_bn254_uint1 x215;
729 0 : uint64_t x216;
730 0 : uint64_t x217;
731 0 : uint64_t x218;
732 0 : uint64_t x219;
733 0 : x1 = (arg1[1]);
734 0 : x2 = (arg1[2]);
735 0 : x3 = (arg1[3]);
736 0 : x4 = (arg1[0]);
737 0 : fiat_bn254_mulx_u64(&x5, &x6, x4, (arg1[3]));
738 0 : fiat_bn254_mulx_u64(&x7, &x8, x4, (arg1[2]));
739 0 : fiat_bn254_mulx_u64(&x9, &x10, x4, (arg1[1]));
740 0 : fiat_bn254_mulx_u64(&x11, &x12, x4, (arg1[0]));
741 0 : fiat_bn254_addcarryx_u64(&x13, &x14, 0x0, x12, x9);
742 0 : fiat_bn254_addcarryx_u64(&x15, &x16, x14, x10, x7);
743 0 : fiat_bn254_addcarryx_u64(&x17, &x18, x16, x8, x5);
744 0 : x19 = (x18 + x6);
745 0 : fiat_bn254_mulx_u64(&x20, &x21, x11, UINT64_C(0x87d20782e4866389));
746 0 : fiat_bn254_mulx_u64(&x22, &x23, x20, UINT64_C(0x30644e72e131a029));
747 0 : fiat_bn254_mulx_u64(&x24, &x25, x20, UINT64_C(0xb85045b68181585d));
748 0 : fiat_bn254_mulx_u64(&x26, &x27, x20, UINT64_C(0x97816a916871ca8d));
749 0 : fiat_bn254_mulx_u64(&x28, &x29, x20, UINT64_C(0x3c208c16d87cfd47));
750 0 : fiat_bn254_addcarryx_u64(&x30, &x31, 0x0, x29, x26);
751 0 : fiat_bn254_addcarryx_u64(&x32, &x33, x31, x27, x24);
752 0 : fiat_bn254_addcarryx_u64(&x34, &x35, x33, x25, x22);
753 0 : x36 = (x35 + x23);
754 0 : fiat_bn254_addcarryx_u64(&x37, &x38, 0x0, x11, x28);
755 0 : fiat_bn254_addcarryx_u64(&x39, &x40, x38, x13, x30);
756 0 : fiat_bn254_addcarryx_u64(&x41, &x42, x40, x15, x32);
757 0 : fiat_bn254_addcarryx_u64(&x43, &x44, x42, x17, x34);
758 0 : fiat_bn254_addcarryx_u64(&x45, &x46, x44, x19, x36);
759 0 : fiat_bn254_mulx_u64(&x47, &x48, x1, (arg1[3]));
760 0 : fiat_bn254_mulx_u64(&x49, &x50, x1, (arg1[2]));
761 0 : fiat_bn254_mulx_u64(&x51, &x52, x1, (arg1[1]));
762 0 : fiat_bn254_mulx_u64(&x53, &x54, x1, (arg1[0]));
763 0 : fiat_bn254_addcarryx_u64(&x55, &x56, 0x0, x54, x51);
764 0 : fiat_bn254_addcarryx_u64(&x57, &x58, x56, x52, x49);
765 0 : fiat_bn254_addcarryx_u64(&x59, &x60, x58, x50, x47);
766 0 : x61 = (x60 + x48);
767 0 : fiat_bn254_addcarryx_u64(&x62, &x63, 0x0, x39, x53);
768 0 : fiat_bn254_addcarryx_u64(&x64, &x65, x63, x41, x55);
769 0 : fiat_bn254_addcarryx_u64(&x66, &x67, x65, x43, x57);
770 0 : fiat_bn254_addcarryx_u64(&x68, &x69, x67, x45, x59);
771 0 : fiat_bn254_addcarryx_u64(&x70, &x71, x69, x46, x61);
772 0 : fiat_bn254_mulx_u64(&x72, &x73, x62, UINT64_C(0x87d20782e4866389));
773 0 : fiat_bn254_mulx_u64(&x74, &x75, x72, UINT64_C(0x30644e72e131a029));
774 0 : fiat_bn254_mulx_u64(&x76, &x77, x72, UINT64_C(0xb85045b68181585d));
775 0 : fiat_bn254_mulx_u64(&x78, &x79, x72, UINT64_C(0x97816a916871ca8d));
776 0 : fiat_bn254_mulx_u64(&x80, &x81, x72, UINT64_C(0x3c208c16d87cfd47));
777 0 : fiat_bn254_addcarryx_u64(&x82, &x83, 0x0, x81, x78);
778 0 : fiat_bn254_addcarryx_u64(&x84, &x85, x83, x79, x76);
779 0 : fiat_bn254_addcarryx_u64(&x86, &x87, x85, x77, x74);
780 0 : x88 = (x87 + x75);
781 0 : fiat_bn254_addcarryx_u64(&x89, &x90, 0x0, x62, x80);
782 0 : fiat_bn254_addcarryx_u64(&x91, &x92, x90, x64, x82);
783 0 : fiat_bn254_addcarryx_u64(&x93, &x94, x92, x66, x84);
784 0 : fiat_bn254_addcarryx_u64(&x95, &x96, x94, x68, x86);
785 0 : fiat_bn254_addcarryx_u64(&x97, &x98, x96, x70, x88);
786 0 : x99 = ((uint64_t)x98 + x71);
787 0 : fiat_bn254_mulx_u64(&x100, &x101, x2, (arg1[3]));
788 0 : fiat_bn254_mulx_u64(&x102, &x103, x2, (arg1[2]));
789 0 : fiat_bn254_mulx_u64(&x104, &x105, x2, (arg1[1]));
790 0 : fiat_bn254_mulx_u64(&x106, &x107, x2, (arg1[0]));
791 0 : fiat_bn254_addcarryx_u64(&x108, &x109, 0x0, x107, x104);
792 0 : fiat_bn254_addcarryx_u64(&x110, &x111, x109, x105, x102);
793 0 : fiat_bn254_addcarryx_u64(&x112, &x113, x111, x103, x100);
794 0 : x114 = (x113 + x101);
795 0 : fiat_bn254_addcarryx_u64(&x115, &x116, 0x0, x91, x106);
796 0 : fiat_bn254_addcarryx_u64(&x117, &x118, x116, x93, x108);
797 0 : fiat_bn254_addcarryx_u64(&x119, &x120, x118, x95, x110);
798 0 : fiat_bn254_addcarryx_u64(&x121, &x122, x120, x97, x112);
799 0 : fiat_bn254_addcarryx_u64(&x123, &x124, x122, x99, x114);
800 0 : fiat_bn254_mulx_u64(&x125, &x126, x115, UINT64_C(0x87d20782e4866389));
801 0 : fiat_bn254_mulx_u64(&x127, &x128, x125, UINT64_C(0x30644e72e131a029));
802 0 : fiat_bn254_mulx_u64(&x129, &x130, x125, UINT64_C(0xb85045b68181585d));
803 0 : fiat_bn254_mulx_u64(&x131, &x132, x125, UINT64_C(0x97816a916871ca8d));
804 0 : fiat_bn254_mulx_u64(&x133, &x134, x125, UINT64_C(0x3c208c16d87cfd47));
805 0 : fiat_bn254_addcarryx_u64(&x135, &x136, 0x0, x134, x131);
806 0 : fiat_bn254_addcarryx_u64(&x137, &x138, x136, x132, x129);
807 0 : fiat_bn254_addcarryx_u64(&x139, &x140, x138, x130, x127);
808 0 : x141 = (x140 + x128);
809 0 : fiat_bn254_addcarryx_u64(&x142, &x143, 0x0, x115, x133);
810 0 : fiat_bn254_addcarryx_u64(&x144, &x145, x143, x117, x135);
811 0 : fiat_bn254_addcarryx_u64(&x146, &x147, x145, x119, x137);
812 0 : fiat_bn254_addcarryx_u64(&x148, &x149, x147, x121, x139);
813 0 : fiat_bn254_addcarryx_u64(&x150, &x151, x149, x123, x141);
814 0 : x152 = ((uint64_t)x151 + x124);
815 0 : fiat_bn254_mulx_u64(&x153, &x154, x3, (arg1[3]));
816 0 : fiat_bn254_mulx_u64(&x155, &x156, x3, (arg1[2]));
817 0 : fiat_bn254_mulx_u64(&x157, &x158, x3, (arg1[1]));
818 0 : fiat_bn254_mulx_u64(&x159, &x160, x3, (arg1[0]));
819 0 : fiat_bn254_addcarryx_u64(&x161, &x162, 0x0, x160, x157);
820 0 : fiat_bn254_addcarryx_u64(&x163, &x164, x162, x158, x155);
821 0 : fiat_bn254_addcarryx_u64(&x165, &x166, x164, x156, x153);
822 0 : x167 = (x166 + x154);
823 0 : fiat_bn254_addcarryx_u64(&x168, &x169, 0x0, x144, x159);
824 0 : fiat_bn254_addcarryx_u64(&x170, &x171, x169, x146, x161);
825 0 : fiat_bn254_addcarryx_u64(&x172, &x173, x171, x148, x163);
826 0 : fiat_bn254_addcarryx_u64(&x174, &x175, x173, x150, x165);
827 0 : fiat_bn254_addcarryx_u64(&x176, &x177, x175, x152, x167);
828 0 : fiat_bn254_mulx_u64(&x178, &x179, x168, UINT64_C(0x87d20782e4866389));
829 0 : fiat_bn254_mulx_u64(&x180, &x181, x178, UINT64_C(0x30644e72e131a029));
830 0 : fiat_bn254_mulx_u64(&x182, &x183, x178, UINT64_C(0xb85045b68181585d));
831 0 : fiat_bn254_mulx_u64(&x184, &x185, x178, UINT64_C(0x97816a916871ca8d));
832 0 : fiat_bn254_mulx_u64(&x186, &x187, x178, UINT64_C(0x3c208c16d87cfd47));
833 0 : fiat_bn254_addcarryx_u64(&x188, &x189, 0x0, x187, x184);
834 0 : fiat_bn254_addcarryx_u64(&x190, &x191, x189, x185, x182);
835 0 : fiat_bn254_addcarryx_u64(&x192, &x193, x191, x183, x180);
836 0 : x194 = (x193 + x181);
837 0 : fiat_bn254_addcarryx_u64(&x195, &x196, 0x0, x168, x186);
838 0 : fiat_bn254_addcarryx_u64(&x197, &x198, x196, x170, x188);
839 0 : fiat_bn254_addcarryx_u64(&x199, &x200, x198, x172, x190);
840 0 : fiat_bn254_addcarryx_u64(&x201, &x202, x200, x174, x192);
841 0 : fiat_bn254_addcarryx_u64(&x203, &x204, x202, x176, x194);
842 0 : x205 = ((uint64_t)x204 + x177);
843 0 : fiat_bn254_subborrowx_u64(&x206, &x207, 0x0, x197, UINT64_C(0x3c208c16d87cfd47));
844 0 : fiat_bn254_subborrowx_u64(&x208, &x209, x207, x199, UINT64_C(0x97816a916871ca8d));
845 0 : fiat_bn254_subborrowx_u64(&x210, &x211, x209, x201, UINT64_C(0xb85045b68181585d));
846 0 : fiat_bn254_subborrowx_u64(&x212, &x213, x211, x203, UINT64_C(0x30644e72e131a029));
847 0 : fiat_bn254_subborrowx_u64(&x214, &x215, x213, x205, 0x0);
848 0 : fiat_bn254_cmovznz_u64(&x216, x215, x206, x197);
849 0 : fiat_bn254_cmovznz_u64(&x217, x215, x208, x199);
850 0 : fiat_bn254_cmovznz_u64(&x218, x215, x210, x201);
851 0 : fiat_bn254_cmovznz_u64(&x219, x215, x212, x203);
852 0 : out1[0] = x216;
853 0 : out1[1] = x217;
854 0 : out1[2] = x218;
855 0 : out1[3] = x219;
856 0 : }
857 :
858 : /*
859 : * The function fiat_bn254_add adds two field elements in the Montgomery domain.
860 : *
861 : * Preconditions:
862 : * 0 ≤ eval arg1 < m
863 : * 0 ≤ eval arg2 < m
864 : * Postconditions:
865 : * eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) + eval (from_montgomery arg2)) mod m
866 : * 0 ≤ eval out1 < m
867 : *
868 : */
869 16783779 : void fiat_bn254_add(fiat_bn254_montgomery_domain_field_element out1, const fiat_bn254_montgomery_domain_field_element arg1, const fiat_bn254_montgomery_domain_field_element arg2) {
870 16783779 : uint64_t x1;
871 16783779 : fiat_bn254_uint1 x2;
872 16783779 : uint64_t x3;
873 16783779 : fiat_bn254_uint1 x4;
874 16783779 : uint64_t x5;
875 16783779 : fiat_bn254_uint1 x6;
876 16783779 : uint64_t x7;
877 16783779 : fiat_bn254_uint1 x8;
878 16783779 : uint64_t x9;
879 16783779 : fiat_bn254_uint1 x10;
880 16783779 : uint64_t x11;
881 16783779 : fiat_bn254_uint1 x12;
882 16783779 : uint64_t x13;
883 16783779 : fiat_bn254_uint1 x14;
884 16783779 : uint64_t x15;
885 16783779 : fiat_bn254_uint1 x16;
886 16783779 : uint64_t x17;
887 16783779 : fiat_bn254_uint1 x18;
888 16783779 : uint64_t x19;
889 16783779 : uint64_t x20;
890 16783779 : uint64_t x21;
891 16783779 : uint64_t x22;
892 16783779 : fiat_bn254_addcarryx_u64(&x1, &x2, 0x0, (arg1[0]), (arg2[0]));
893 16783779 : fiat_bn254_addcarryx_u64(&x3, &x4, x2, (arg1[1]), (arg2[1]));
894 16783779 : fiat_bn254_addcarryx_u64(&x5, &x6, x4, (arg1[2]), (arg2[2]));
895 16783779 : fiat_bn254_addcarryx_u64(&x7, &x8, x6, (arg1[3]), (arg2[3]));
896 16783779 : fiat_bn254_subborrowx_u64(&x9, &x10, 0x0, x1, UINT64_C(0x3c208c16d87cfd47));
897 16783779 : fiat_bn254_subborrowx_u64(&x11, &x12, x10, x3, UINT64_C(0x97816a916871ca8d));
898 16783779 : fiat_bn254_subborrowx_u64(&x13, &x14, x12, x5, UINT64_C(0xb85045b68181585d));
899 16783779 : fiat_bn254_subborrowx_u64(&x15, &x16, x14, x7, UINT64_C(0x30644e72e131a029));
900 16783779 : fiat_bn254_subborrowx_u64(&x17, &x18, x16, x8, 0x0);
901 16783779 : fiat_bn254_cmovznz_u64(&x19, x18, x9, x1);
902 16783779 : fiat_bn254_cmovznz_u64(&x20, x18, x11, x3);
903 16783779 : fiat_bn254_cmovznz_u64(&x21, x18, x13, x5);
904 16783779 : fiat_bn254_cmovznz_u64(&x22, x18, x15, x7);
905 16783779 : out1[0] = x19;
906 16783779 : out1[1] = x20;
907 16783779 : out1[2] = x21;
908 16783779 : out1[3] = x22;
909 16783779 : }
910 :
911 : /*
912 : * The function fiat_bn254_sub subtracts two field elements in the Montgomery domain.
913 : *
914 : * Preconditions:
915 : * 0 ≤ eval arg1 < m
916 : * 0 ≤ eval arg2 < m
917 : * Postconditions:
918 : * eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) - eval (from_montgomery arg2)) mod m
919 : * 0 ≤ eval out1 < m
920 : *
921 : */
922 10781037 : void fiat_bn254_sub(fiat_bn254_montgomery_domain_field_element out1, const fiat_bn254_montgomery_domain_field_element arg1, const fiat_bn254_montgomery_domain_field_element arg2) {
923 10781037 : uint64_t x1;
924 10781037 : fiat_bn254_uint1 x2;
925 10781037 : uint64_t x3;
926 10781037 : fiat_bn254_uint1 x4;
927 10781037 : uint64_t x5;
928 10781037 : fiat_bn254_uint1 x6;
929 10781037 : uint64_t x7;
930 10781037 : fiat_bn254_uint1 x8;
931 10781037 : uint64_t x9;
932 10781037 : uint64_t x10;
933 10781037 : fiat_bn254_uint1 x11;
934 10781037 : uint64_t x12;
935 10781037 : fiat_bn254_uint1 x13;
936 10781037 : uint64_t x14;
937 10781037 : fiat_bn254_uint1 x15;
938 10781037 : uint64_t x16;
939 10781037 : fiat_bn254_uint1 x17;
940 10781037 : fiat_bn254_subborrowx_u64(&x1, &x2, 0x0, (arg1[0]), (arg2[0]));
941 10781037 : fiat_bn254_subborrowx_u64(&x3, &x4, x2, (arg1[1]), (arg2[1]));
942 10781037 : fiat_bn254_subborrowx_u64(&x5, &x6, x4, (arg1[2]), (arg2[2]));
943 10781037 : fiat_bn254_subborrowx_u64(&x7, &x8, x6, (arg1[3]), (arg2[3]));
944 10781037 : fiat_bn254_cmovznz_u64(&x9, x8, 0x0, UINT64_C(0xffffffffffffffff));
945 10781037 : fiat_bn254_addcarryx_u64(&x10, &x11, 0x0, x1, (x9 & UINT64_C(0x3c208c16d87cfd47)));
946 10781037 : fiat_bn254_addcarryx_u64(&x12, &x13, x11, x3, (x9 & UINT64_C(0x97816a916871ca8d)));
947 10781037 : fiat_bn254_addcarryx_u64(&x14, &x15, x13, x5, (x9 & UINT64_C(0xb85045b68181585d)));
948 10781037 : fiat_bn254_addcarryx_u64(&x16, &x17, x15, x7, (x9 & UINT64_C(0x30644e72e131a029)));
949 10781037 : out1[0] = x10;
950 10781037 : out1[1] = x12;
951 10781037 : out1[2] = x14;
952 10781037 : out1[3] = x16;
953 10781037 : }
954 :
955 : /*
956 : * The function fiat_bn254_opp negates a field element in the Montgomery domain.
957 : *
958 : * Preconditions:
959 : * 0 ≤ eval arg1 < m
960 : * Postconditions:
961 : * eval (from_montgomery out1) mod m = -eval (from_montgomery arg1) mod m
962 : * 0 ≤ eval out1 < m
963 : *
964 : */
965 67458 : void fiat_bn254_opp(fiat_bn254_montgomery_domain_field_element out1, const fiat_bn254_montgomery_domain_field_element arg1) {
966 67458 : uint64_t x1;
967 67458 : fiat_bn254_uint1 x2;
968 67458 : uint64_t x3;
969 67458 : fiat_bn254_uint1 x4;
970 67458 : uint64_t x5;
971 67458 : fiat_bn254_uint1 x6;
972 67458 : uint64_t x7;
973 67458 : fiat_bn254_uint1 x8;
974 67458 : uint64_t x9;
975 67458 : uint64_t x10;
976 67458 : fiat_bn254_uint1 x11;
977 67458 : uint64_t x12;
978 67458 : fiat_bn254_uint1 x13;
979 67458 : uint64_t x14;
980 67458 : fiat_bn254_uint1 x15;
981 67458 : uint64_t x16;
982 67458 : fiat_bn254_uint1 x17;
983 67458 : fiat_bn254_subborrowx_u64(&x1, &x2, 0x0, 0x0, (arg1[0]));
984 67458 : fiat_bn254_subborrowx_u64(&x3, &x4, x2, 0x0, (arg1[1]));
985 67458 : fiat_bn254_subborrowx_u64(&x5, &x6, x4, 0x0, (arg1[2]));
986 67458 : fiat_bn254_subborrowx_u64(&x7, &x8, x6, 0x0, (arg1[3]));
987 67458 : fiat_bn254_cmovznz_u64(&x9, x8, 0x0, UINT64_C(0xffffffffffffffff));
988 67458 : fiat_bn254_addcarryx_u64(&x10, &x11, 0x0, x1, (x9 & UINT64_C(0x3c208c16d87cfd47)));
989 67458 : fiat_bn254_addcarryx_u64(&x12, &x13, x11, x3, (x9 & UINT64_C(0x97816a916871ca8d)));
990 67458 : fiat_bn254_addcarryx_u64(&x14, &x15, x13, x5, (x9 & UINT64_C(0xb85045b68181585d)));
991 67458 : fiat_bn254_addcarryx_u64(&x16, &x17, x15, x7, (x9 & UINT64_C(0x30644e72e131a029)));
992 67458 : out1[0] = x10;
993 67458 : out1[1] = x12;
994 67458 : out1[2] = x14;
995 67458 : out1[3] = x16;
996 67458 : }
997 :
998 : /*
999 : * The function fiat_bn254_from_montgomery translates a field element out of the Montgomery domain.
1000 : *
1001 : * Preconditions:
1002 : * 0 ≤ eval arg1 < m
1003 : * Postconditions:
1004 : * eval out1 mod m = (eval arg1 * ((2^64)⁻¹ mod m)^4) mod m
1005 : * 0 ≤ eval out1 < m
1006 : *
1007 : */
1008 2217 : void fiat_bn254_from_montgomery(fiat_bn254_non_montgomery_domain_field_element out1, const fiat_bn254_montgomery_domain_field_element arg1) {
1009 2217 : uint64_t x1;
1010 2217 : uint64_t x2;
1011 2217 : uint64_t x3;
1012 2217 : uint64_t x4;
1013 2217 : uint64_t x5;
1014 2217 : uint64_t x6;
1015 2217 : uint64_t x7;
1016 2217 : uint64_t x8;
1017 2217 : uint64_t x9;
1018 2217 : uint64_t x10;
1019 2217 : uint64_t x11;
1020 2217 : uint64_t x12;
1021 2217 : fiat_bn254_uint1 x13;
1022 2217 : uint64_t x14;
1023 2217 : fiat_bn254_uint1 x15;
1024 2217 : uint64_t x16;
1025 2217 : fiat_bn254_uint1 x17;
1026 2217 : uint64_t x18;
1027 2217 : fiat_bn254_uint1 x19;
1028 2217 : uint64_t x20;
1029 2217 : fiat_bn254_uint1 x21;
1030 2217 : uint64_t x22;
1031 2217 : fiat_bn254_uint1 x23;
1032 2217 : uint64_t x24;
1033 2217 : fiat_bn254_uint1 x25;
1034 2217 : uint64_t x26;
1035 2217 : fiat_bn254_uint1 x27;
1036 2217 : uint64_t x28;
1037 2217 : fiat_bn254_uint1 x29;
1038 2217 : uint64_t x30;
1039 2217 : fiat_bn254_uint1 x31;
1040 2217 : uint64_t x32;
1041 2217 : uint64_t x33;
1042 2217 : uint64_t x34;
1043 2217 : uint64_t x35;
1044 2217 : uint64_t x36;
1045 2217 : uint64_t x37;
1046 2217 : uint64_t x38;
1047 2217 : uint64_t x39;
1048 2217 : uint64_t x40;
1049 2217 : uint64_t x41;
1050 2217 : uint64_t x42;
1051 2217 : fiat_bn254_uint1 x43;
1052 2217 : uint64_t x44;
1053 2217 : fiat_bn254_uint1 x45;
1054 2217 : uint64_t x46;
1055 2217 : fiat_bn254_uint1 x47;
1056 2217 : uint64_t x48;
1057 2217 : fiat_bn254_uint1 x49;
1058 2217 : uint64_t x50;
1059 2217 : fiat_bn254_uint1 x51;
1060 2217 : uint64_t x52;
1061 2217 : fiat_bn254_uint1 x53;
1062 2217 : uint64_t x54;
1063 2217 : fiat_bn254_uint1 x55;
1064 2217 : uint64_t x56;
1065 2217 : fiat_bn254_uint1 x57;
1066 2217 : uint64_t x58;
1067 2217 : fiat_bn254_uint1 x59;
1068 2217 : uint64_t x60;
1069 2217 : fiat_bn254_uint1 x61;
1070 2217 : uint64_t x62;
1071 2217 : uint64_t x63;
1072 2217 : uint64_t x64;
1073 2217 : uint64_t x65;
1074 2217 : uint64_t x66;
1075 2217 : uint64_t x67;
1076 2217 : uint64_t x68;
1077 2217 : uint64_t x69;
1078 2217 : uint64_t x70;
1079 2217 : uint64_t x71;
1080 2217 : uint64_t x72;
1081 2217 : fiat_bn254_uint1 x73;
1082 2217 : uint64_t x74;
1083 2217 : fiat_bn254_uint1 x75;
1084 2217 : uint64_t x76;
1085 2217 : fiat_bn254_uint1 x77;
1086 2217 : uint64_t x78;
1087 2217 : fiat_bn254_uint1 x79;
1088 2217 : uint64_t x80;
1089 2217 : fiat_bn254_uint1 x81;
1090 2217 : uint64_t x82;
1091 2217 : fiat_bn254_uint1 x83;
1092 2217 : uint64_t x84;
1093 2217 : fiat_bn254_uint1 x85;
1094 2217 : uint64_t x86;
1095 2217 : fiat_bn254_uint1 x87;
1096 2217 : uint64_t x88;
1097 2217 : fiat_bn254_uint1 x89;
1098 2217 : uint64_t x90;
1099 2217 : fiat_bn254_uint1 x91;
1100 2217 : uint64_t x92;
1101 2217 : uint64_t x93;
1102 2217 : uint64_t x94;
1103 2217 : uint64_t x95;
1104 2217 : uint64_t x96;
1105 2217 : uint64_t x97;
1106 2217 : uint64_t x98;
1107 2217 : uint64_t x99;
1108 2217 : uint64_t x100;
1109 2217 : uint64_t x101;
1110 2217 : uint64_t x102;
1111 2217 : fiat_bn254_uint1 x103;
1112 2217 : uint64_t x104;
1113 2217 : fiat_bn254_uint1 x105;
1114 2217 : uint64_t x106;
1115 2217 : fiat_bn254_uint1 x107;
1116 2217 : uint64_t x108;
1117 2217 : fiat_bn254_uint1 x109;
1118 2217 : uint64_t x110;
1119 2217 : fiat_bn254_uint1 x111;
1120 2217 : uint64_t x112;
1121 2217 : fiat_bn254_uint1 x113;
1122 2217 : uint64_t x114;
1123 2217 : fiat_bn254_uint1 x115;
1124 2217 : uint64_t x116;
1125 2217 : uint64_t x117;
1126 2217 : fiat_bn254_uint1 x118;
1127 2217 : uint64_t x119;
1128 2217 : fiat_bn254_uint1 x120;
1129 2217 : uint64_t x121;
1130 2217 : fiat_bn254_uint1 x122;
1131 2217 : uint64_t x123;
1132 2217 : fiat_bn254_uint1 x124;
1133 2217 : uint64_t x125;
1134 2217 : fiat_bn254_uint1 x126;
1135 2217 : uint64_t x127;
1136 2217 : uint64_t x128;
1137 2217 : uint64_t x129;
1138 2217 : uint64_t x130;
1139 2217 : x1 = (arg1[0]);
1140 2217 : fiat_bn254_mulx_u64(&x2, &x3, x1, UINT64_C(0x87d20782e4866389));
1141 2217 : fiat_bn254_mulx_u64(&x4, &x5, x2, UINT64_C(0x30644e72e131a029));
1142 2217 : fiat_bn254_mulx_u64(&x6, &x7, x2, UINT64_C(0xb85045b68181585d));
1143 2217 : fiat_bn254_mulx_u64(&x8, &x9, x2, UINT64_C(0x97816a916871ca8d));
1144 2217 : fiat_bn254_mulx_u64(&x10, &x11, x2, UINT64_C(0x3c208c16d87cfd47));
1145 2217 : fiat_bn254_addcarryx_u64(&x12, &x13, 0x0, x11, x8);
1146 2217 : fiat_bn254_addcarryx_u64(&x14, &x15, x13, x9, x6);
1147 2217 : fiat_bn254_addcarryx_u64(&x16, &x17, x15, x7, x4);
1148 2217 : fiat_bn254_addcarryx_u64(&x18, &x19, 0x0, x1, x10);
1149 2217 : fiat_bn254_addcarryx_u64(&x20, &x21, x19, 0x0, x12);
1150 2217 : fiat_bn254_addcarryx_u64(&x22, &x23, x21, 0x0, x14);
1151 2217 : fiat_bn254_addcarryx_u64(&x24, &x25, x23, 0x0, x16);
1152 2217 : fiat_bn254_addcarryx_u64(&x26, &x27, 0x0, x20, (arg1[1]));
1153 2217 : fiat_bn254_addcarryx_u64(&x28, &x29, x27, x22, 0x0);
1154 2217 : fiat_bn254_addcarryx_u64(&x30, &x31, x29, x24, 0x0);
1155 2217 : fiat_bn254_mulx_u64(&x32, &x33, x26, UINT64_C(0x87d20782e4866389));
1156 2217 : fiat_bn254_mulx_u64(&x34, &x35, x32, UINT64_C(0x30644e72e131a029));
1157 2217 : fiat_bn254_mulx_u64(&x36, &x37, x32, UINT64_C(0xb85045b68181585d));
1158 2217 : fiat_bn254_mulx_u64(&x38, &x39, x32, UINT64_C(0x97816a916871ca8d));
1159 2217 : fiat_bn254_mulx_u64(&x40, &x41, x32, UINT64_C(0x3c208c16d87cfd47));
1160 2217 : fiat_bn254_addcarryx_u64(&x42, &x43, 0x0, x41, x38);
1161 2217 : fiat_bn254_addcarryx_u64(&x44, &x45, x43, x39, x36);
1162 2217 : fiat_bn254_addcarryx_u64(&x46, &x47, x45, x37, x34);
1163 2217 : fiat_bn254_addcarryx_u64(&x48, &x49, 0x0, x26, x40);
1164 2217 : fiat_bn254_addcarryx_u64(&x50, &x51, x49, x28, x42);
1165 2217 : fiat_bn254_addcarryx_u64(&x52, &x53, x51, x30, x44);
1166 2217 : fiat_bn254_addcarryx_u64(&x54, &x55, x53, (x31 + (x25 + (x17 + x5))), x46);
1167 2217 : fiat_bn254_addcarryx_u64(&x56, &x57, 0x0, x50, (arg1[2]));
1168 2217 : fiat_bn254_addcarryx_u64(&x58, &x59, x57, x52, 0x0);
1169 2217 : fiat_bn254_addcarryx_u64(&x60, &x61, x59, x54, 0x0);
1170 2217 : fiat_bn254_mulx_u64(&x62, &x63, x56, UINT64_C(0x87d20782e4866389));
1171 2217 : fiat_bn254_mulx_u64(&x64, &x65, x62, UINT64_C(0x30644e72e131a029));
1172 2217 : fiat_bn254_mulx_u64(&x66, &x67, x62, UINT64_C(0xb85045b68181585d));
1173 2217 : fiat_bn254_mulx_u64(&x68, &x69, x62, UINT64_C(0x97816a916871ca8d));
1174 2217 : fiat_bn254_mulx_u64(&x70, &x71, x62, UINT64_C(0x3c208c16d87cfd47));
1175 2217 : fiat_bn254_addcarryx_u64(&x72, &x73, 0x0, x71, x68);
1176 2217 : fiat_bn254_addcarryx_u64(&x74, &x75, x73, x69, x66);
1177 2217 : fiat_bn254_addcarryx_u64(&x76, &x77, x75, x67, x64);
1178 2217 : fiat_bn254_addcarryx_u64(&x78, &x79, 0x0, x56, x70);
1179 2217 : fiat_bn254_addcarryx_u64(&x80, &x81, x79, x58, x72);
1180 2217 : fiat_bn254_addcarryx_u64(&x82, &x83, x81, x60, x74);
1181 2217 : fiat_bn254_addcarryx_u64(&x84, &x85, x83, (x61 + (x55 + (x47 + x35))), x76);
1182 2217 : fiat_bn254_addcarryx_u64(&x86, &x87, 0x0, x80, (arg1[3]));
1183 2217 : fiat_bn254_addcarryx_u64(&x88, &x89, x87, x82, 0x0);
1184 2217 : fiat_bn254_addcarryx_u64(&x90, &x91, x89, x84, 0x0);
1185 2217 : fiat_bn254_mulx_u64(&x92, &x93, x86, UINT64_C(0x87d20782e4866389));
1186 2217 : fiat_bn254_mulx_u64(&x94, &x95, x92, UINT64_C(0x30644e72e131a029));
1187 2217 : fiat_bn254_mulx_u64(&x96, &x97, x92, UINT64_C(0xb85045b68181585d));
1188 2217 : fiat_bn254_mulx_u64(&x98, &x99, x92, UINT64_C(0x97816a916871ca8d));
1189 2217 : fiat_bn254_mulx_u64(&x100, &x101, x92, UINT64_C(0x3c208c16d87cfd47));
1190 2217 : fiat_bn254_addcarryx_u64(&x102, &x103, 0x0, x101, x98);
1191 2217 : fiat_bn254_addcarryx_u64(&x104, &x105, x103, x99, x96);
1192 2217 : fiat_bn254_addcarryx_u64(&x106, &x107, x105, x97, x94);
1193 2217 : fiat_bn254_addcarryx_u64(&x108, &x109, 0x0, x86, x100);
1194 2217 : fiat_bn254_addcarryx_u64(&x110, &x111, x109, x88, x102);
1195 2217 : fiat_bn254_addcarryx_u64(&x112, &x113, x111, x90, x104);
1196 2217 : fiat_bn254_addcarryx_u64(&x114, &x115, x113, (x91 + (x85 + (x77 + x65))), x106);
1197 2217 : x116 = (x115 + (x107 + x95));
1198 2217 : fiat_bn254_subborrowx_u64(&x117, &x118, 0x0, x110, UINT64_C(0x3c208c16d87cfd47));
1199 2217 : fiat_bn254_subborrowx_u64(&x119, &x120, x118, x112, UINT64_C(0x97816a916871ca8d));
1200 2217 : fiat_bn254_subborrowx_u64(&x121, &x122, x120, x114, UINT64_C(0xb85045b68181585d));
1201 2217 : fiat_bn254_subborrowx_u64(&x123, &x124, x122, x116, UINT64_C(0x30644e72e131a029));
1202 2217 : fiat_bn254_subborrowx_u64(&x125, &x126, x124, 0x0, 0x0);
1203 2217 : fiat_bn254_cmovznz_u64(&x127, x126, x117, x110);
1204 2217 : fiat_bn254_cmovznz_u64(&x128, x126, x119, x112);
1205 2217 : fiat_bn254_cmovznz_u64(&x129, x126, x121, x114);
1206 2217 : fiat_bn254_cmovznz_u64(&x130, x126, x123, x116);
1207 2217 : out1[0] = x127;
1208 2217 : out1[1] = x128;
1209 2217 : out1[2] = x129;
1210 2217 : out1[3] = x130;
1211 2217 : }
1212 :
1213 : /*
1214 : * The function fiat_bn254_to_montgomery translates a field element into the Montgomery domain.
1215 : *
1216 : * Preconditions:
1217 : * 0 ≤ eval arg1 < m
1218 : * Postconditions:
1219 : * eval (from_montgomery out1) mod m = eval arg1 mod m
1220 : * 0 ≤ eval out1 < m
1221 : *
1222 : */
1223 6831 : void fiat_bn254_to_montgomery(fiat_bn254_montgomery_domain_field_element out1, const fiat_bn254_non_montgomery_domain_field_element arg1) {
1224 6831 : uint64_t x1;
1225 6831 : uint64_t x2;
1226 6831 : uint64_t x3;
1227 6831 : uint64_t x4;
1228 6831 : uint64_t x5;
1229 6831 : uint64_t x6;
1230 6831 : uint64_t x7;
1231 6831 : uint64_t x8;
1232 6831 : uint64_t x9;
1233 6831 : uint64_t x10;
1234 6831 : uint64_t x11;
1235 6831 : uint64_t x12;
1236 6831 : uint64_t x13;
1237 6831 : fiat_bn254_uint1 x14;
1238 6831 : uint64_t x15;
1239 6831 : fiat_bn254_uint1 x16;
1240 6831 : uint64_t x17;
1241 6831 : fiat_bn254_uint1 x18;
1242 6831 : uint64_t x19;
1243 6831 : uint64_t x20;
1244 6831 : uint64_t x21;
1245 6831 : uint64_t x22;
1246 6831 : uint64_t x23;
1247 6831 : uint64_t x24;
1248 6831 : uint64_t x25;
1249 6831 : uint64_t x26;
1250 6831 : uint64_t x27;
1251 6831 : uint64_t x28;
1252 6831 : uint64_t x29;
1253 6831 : fiat_bn254_uint1 x30;
1254 6831 : uint64_t x31;
1255 6831 : fiat_bn254_uint1 x32;
1256 6831 : uint64_t x33;
1257 6831 : fiat_bn254_uint1 x34;
1258 6831 : uint64_t x35;
1259 6831 : fiat_bn254_uint1 x36;
1260 6831 : uint64_t x37;
1261 6831 : fiat_bn254_uint1 x38;
1262 6831 : uint64_t x39;
1263 6831 : fiat_bn254_uint1 x40;
1264 6831 : uint64_t x41;
1265 6831 : fiat_bn254_uint1 x42;
1266 6831 : uint64_t x43;
1267 6831 : uint64_t x44;
1268 6831 : uint64_t x45;
1269 6831 : uint64_t x46;
1270 6831 : uint64_t x47;
1271 6831 : uint64_t x48;
1272 6831 : uint64_t x49;
1273 6831 : uint64_t x50;
1274 6831 : uint64_t x51;
1275 6831 : fiat_bn254_uint1 x52;
1276 6831 : uint64_t x53;
1277 6831 : fiat_bn254_uint1 x54;
1278 6831 : uint64_t x55;
1279 6831 : fiat_bn254_uint1 x56;
1280 6831 : uint64_t x57;
1281 6831 : fiat_bn254_uint1 x58;
1282 6831 : uint64_t x59;
1283 6831 : fiat_bn254_uint1 x60;
1284 6831 : uint64_t x61;
1285 6831 : fiat_bn254_uint1 x62;
1286 6831 : uint64_t x63;
1287 6831 : fiat_bn254_uint1 x64;
1288 6831 : uint64_t x65;
1289 6831 : uint64_t x66;
1290 6831 : uint64_t x67;
1291 6831 : uint64_t x68;
1292 6831 : uint64_t x69;
1293 6831 : uint64_t x70;
1294 6831 : uint64_t x71;
1295 6831 : uint64_t x72;
1296 6831 : uint64_t x73;
1297 6831 : uint64_t x74;
1298 6831 : uint64_t x75;
1299 6831 : fiat_bn254_uint1 x76;
1300 6831 : uint64_t x77;
1301 6831 : fiat_bn254_uint1 x78;
1302 6831 : uint64_t x79;
1303 6831 : fiat_bn254_uint1 x80;
1304 6831 : uint64_t x81;
1305 6831 : fiat_bn254_uint1 x82;
1306 6831 : uint64_t x83;
1307 6831 : fiat_bn254_uint1 x84;
1308 6831 : uint64_t x85;
1309 6831 : fiat_bn254_uint1 x86;
1310 6831 : uint64_t x87;
1311 6831 : fiat_bn254_uint1 x88;
1312 6831 : uint64_t x89;
1313 6831 : uint64_t x90;
1314 6831 : uint64_t x91;
1315 6831 : uint64_t x92;
1316 6831 : uint64_t x93;
1317 6831 : uint64_t x94;
1318 6831 : uint64_t x95;
1319 6831 : uint64_t x96;
1320 6831 : uint64_t x97;
1321 6831 : fiat_bn254_uint1 x98;
1322 6831 : uint64_t x99;
1323 6831 : fiat_bn254_uint1 x100;
1324 6831 : uint64_t x101;
1325 6831 : fiat_bn254_uint1 x102;
1326 6831 : uint64_t x103;
1327 6831 : fiat_bn254_uint1 x104;
1328 6831 : uint64_t x105;
1329 6831 : fiat_bn254_uint1 x106;
1330 6831 : uint64_t x107;
1331 6831 : fiat_bn254_uint1 x108;
1332 6831 : uint64_t x109;
1333 6831 : fiat_bn254_uint1 x110;
1334 6831 : uint64_t x111;
1335 6831 : uint64_t x112;
1336 6831 : uint64_t x113;
1337 6831 : uint64_t x114;
1338 6831 : uint64_t x115;
1339 6831 : uint64_t x116;
1340 6831 : uint64_t x117;
1341 6831 : uint64_t x118;
1342 6831 : uint64_t x119;
1343 6831 : uint64_t x120;
1344 6831 : uint64_t x121;
1345 6831 : fiat_bn254_uint1 x122;
1346 6831 : uint64_t x123;
1347 6831 : fiat_bn254_uint1 x124;
1348 6831 : uint64_t x125;
1349 6831 : fiat_bn254_uint1 x126;
1350 6831 : uint64_t x127;
1351 6831 : fiat_bn254_uint1 x128;
1352 6831 : uint64_t x129;
1353 6831 : fiat_bn254_uint1 x130;
1354 6831 : uint64_t x131;
1355 6831 : fiat_bn254_uint1 x132;
1356 6831 : uint64_t x133;
1357 6831 : fiat_bn254_uint1 x134;
1358 6831 : uint64_t x135;
1359 6831 : uint64_t x136;
1360 6831 : uint64_t x137;
1361 6831 : uint64_t x138;
1362 6831 : uint64_t x139;
1363 6831 : uint64_t x140;
1364 6831 : uint64_t x141;
1365 6831 : uint64_t x142;
1366 6831 : uint64_t x143;
1367 6831 : fiat_bn254_uint1 x144;
1368 6831 : uint64_t x145;
1369 6831 : fiat_bn254_uint1 x146;
1370 6831 : uint64_t x147;
1371 6831 : fiat_bn254_uint1 x148;
1372 6831 : uint64_t x149;
1373 6831 : fiat_bn254_uint1 x150;
1374 6831 : uint64_t x151;
1375 6831 : fiat_bn254_uint1 x152;
1376 6831 : uint64_t x153;
1377 6831 : fiat_bn254_uint1 x154;
1378 6831 : uint64_t x155;
1379 6831 : fiat_bn254_uint1 x156;
1380 6831 : uint64_t x157;
1381 6831 : uint64_t x158;
1382 6831 : uint64_t x159;
1383 6831 : uint64_t x160;
1384 6831 : uint64_t x161;
1385 6831 : uint64_t x162;
1386 6831 : uint64_t x163;
1387 6831 : uint64_t x164;
1388 6831 : uint64_t x165;
1389 6831 : uint64_t x166;
1390 6831 : uint64_t x167;
1391 6831 : fiat_bn254_uint1 x168;
1392 6831 : uint64_t x169;
1393 6831 : fiat_bn254_uint1 x170;
1394 6831 : uint64_t x171;
1395 6831 : fiat_bn254_uint1 x172;
1396 6831 : uint64_t x173;
1397 6831 : fiat_bn254_uint1 x174;
1398 6831 : uint64_t x175;
1399 6831 : fiat_bn254_uint1 x176;
1400 6831 : uint64_t x177;
1401 6831 : fiat_bn254_uint1 x178;
1402 6831 : uint64_t x179;
1403 6831 : fiat_bn254_uint1 x180;
1404 6831 : uint64_t x181;
1405 6831 : uint64_t x182;
1406 6831 : fiat_bn254_uint1 x183;
1407 6831 : uint64_t x184;
1408 6831 : fiat_bn254_uint1 x185;
1409 6831 : uint64_t x186;
1410 6831 : fiat_bn254_uint1 x187;
1411 6831 : uint64_t x188;
1412 6831 : fiat_bn254_uint1 x189;
1413 6831 : uint64_t x190;
1414 6831 : fiat_bn254_uint1 x191;
1415 6831 : uint64_t x192;
1416 6831 : uint64_t x193;
1417 6831 : uint64_t x194;
1418 6831 : uint64_t x195;
1419 6831 : x1 = (arg1[1]);
1420 6831 : x2 = (arg1[2]);
1421 6831 : x3 = (arg1[3]);
1422 6831 : x4 = (arg1[0]);
1423 6831 : fiat_bn254_mulx_u64(&x5, &x6, x4, UINT64_C(0x6d89f71cab8351f));
1424 6831 : fiat_bn254_mulx_u64(&x7, &x8, x4, UINT64_C(0x47ab1eff0a417ff6));
1425 6831 : fiat_bn254_mulx_u64(&x9, &x10, x4, UINT64_C(0xb5e71911d44501fb));
1426 6831 : fiat_bn254_mulx_u64(&x11, &x12, x4, UINT64_C(0xf32cfc5b538afa89));
1427 6831 : fiat_bn254_addcarryx_u64(&x13, &x14, 0x0, x12, x9);
1428 6831 : fiat_bn254_addcarryx_u64(&x15, &x16, x14, x10, x7);
1429 6831 : fiat_bn254_addcarryx_u64(&x17, &x18, x16, x8, x5);
1430 6831 : fiat_bn254_mulx_u64(&x19, &x20, x11, UINT64_C(0x87d20782e4866389));
1431 6831 : fiat_bn254_mulx_u64(&x21, &x22, x19, UINT64_C(0x30644e72e131a029));
1432 6831 : fiat_bn254_mulx_u64(&x23, &x24, x19, UINT64_C(0xb85045b68181585d));
1433 6831 : fiat_bn254_mulx_u64(&x25, &x26, x19, UINT64_C(0x97816a916871ca8d));
1434 6831 : fiat_bn254_mulx_u64(&x27, &x28, x19, UINT64_C(0x3c208c16d87cfd47));
1435 6831 : fiat_bn254_addcarryx_u64(&x29, &x30, 0x0, x28, x25);
1436 6831 : fiat_bn254_addcarryx_u64(&x31, &x32, x30, x26, x23);
1437 6831 : fiat_bn254_addcarryx_u64(&x33, &x34, x32, x24, x21);
1438 6831 : fiat_bn254_addcarryx_u64(&x35, &x36, 0x0, x11, x27);
1439 6831 : fiat_bn254_addcarryx_u64(&x37, &x38, x36, x13, x29);
1440 6831 : fiat_bn254_addcarryx_u64(&x39, &x40, x38, x15, x31);
1441 6831 : fiat_bn254_addcarryx_u64(&x41, &x42, x40, x17, x33);
1442 6831 : fiat_bn254_mulx_u64(&x43, &x44, x1, UINT64_C(0x6d89f71cab8351f));
1443 6831 : fiat_bn254_mulx_u64(&x45, &x46, x1, UINT64_C(0x47ab1eff0a417ff6));
1444 6831 : fiat_bn254_mulx_u64(&x47, &x48, x1, UINT64_C(0xb5e71911d44501fb));
1445 6831 : fiat_bn254_mulx_u64(&x49, &x50, x1, UINT64_C(0xf32cfc5b538afa89));
1446 6831 : fiat_bn254_addcarryx_u64(&x51, &x52, 0x0, x50, x47);
1447 6831 : fiat_bn254_addcarryx_u64(&x53, &x54, x52, x48, x45);
1448 6831 : fiat_bn254_addcarryx_u64(&x55, &x56, x54, x46, x43);
1449 6831 : fiat_bn254_addcarryx_u64(&x57, &x58, 0x0, x37, x49);
1450 6831 : fiat_bn254_addcarryx_u64(&x59, &x60, x58, x39, x51);
1451 6831 : fiat_bn254_addcarryx_u64(&x61, &x62, x60, x41, x53);
1452 6831 : fiat_bn254_addcarryx_u64(&x63, &x64, x62, ((x42 + (x18 + x6)) + (x34 + x22)), x55);
1453 6831 : fiat_bn254_mulx_u64(&x65, &x66, x57, UINT64_C(0x87d20782e4866389));
1454 6831 : fiat_bn254_mulx_u64(&x67, &x68, x65, UINT64_C(0x30644e72e131a029));
1455 6831 : fiat_bn254_mulx_u64(&x69, &x70, x65, UINT64_C(0xb85045b68181585d));
1456 6831 : fiat_bn254_mulx_u64(&x71, &x72, x65, UINT64_C(0x97816a916871ca8d));
1457 6831 : fiat_bn254_mulx_u64(&x73, &x74, x65, UINT64_C(0x3c208c16d87cfd47));
1458 6831 : fiat_bn254_addcarryx_u64(&x75, &x76, 0x0, x74, x71);
1459 6831 : fiat_bn254_addcarryx_u64(&x77, &x78, x76, x72, x69);
1460 6831 : fiat_bn254_addcarryx_u64(&x79, &x80, x78, x70, x67);
1461 6831 : fiat_bn254_addcarryx_u64(&x81, &x82, 0x0, x57, x73);
1462 6831 : fiat_bn254_addcarryx_u64(&x83, &x84, x82, x59, x75);
1463 6831 : fiat_bn254_addcarryx_u64(&x85, &x86, x84, x61, x77);
1464 6831 : fiat_bn254_addcarryx_u64(&x87, &x88, x86, x63, x79);
1465 6831 : fiat_bn254_mulx_u64(&x89, &x90, x2, UINT64_C(0x6d89f71cab8351f));
1466 6831 : fiat_bn254_mulx_u64(&x91, &x92, x2, UINT64_C(0x47ab1eff0a417ff6));
1467 6831 : fiat_bn254_mulx_u64(&x93, &x94, x2, UINT64_C(0xb5e71911d44501fb));
1468 6831 : fiat_bn254_mulx_u64(&x95, &x96, x2, UINT64_C(0xf32cfc5b538afa89));
1469 6831 : fiat_bn254_addcarryx_u64(&x97, &x98, 0x0, x96, x93);
1470 6831 : fiat_bn254_addcarryx_u64(&x99, &x100, x98, x94, x91);
1471 6831 : fiat_bn254_addcarryx_u64(&x101, &x102, x100, x92, x89);
1472 6831 : fiat_bn254_addcarryx_u64(&x103, &x104, 0x0, x83, x95);
1473 6831 : fiat_bn254_addcarryx_u64(&x105, &x106, x104, x85, x97);
1474 6831 : fiat_bn254_addcarryx_u64(&x107, &x108, x106, x87, x99);
1475 6831 : fiat_bn254_addcarryx_u64(&x109, &x110, x108, ((x88 + (x64 + (x56 + x44))) + (x80 + x68)), x101);
1476 6831 : fiat_bn254_mulx_u64(&x111, &x112, x103, UINT64_C(0x87d20782e4866389));
1477 6831 : fiat_bn254_mulx_u64(&x113, &x114, x111, UINT64_C(0x30644e72e131a029));
1478 6831 : fiat_bn254_mulx_u64(&x115, &x116, x111, UINT64_C(0xb85045b68181585d));
1479 6831 : fiat_bn254_mulx_u64(&x117, &x118, x111, UINT64_C(0x97816a916871ca8d));
1480 6831 : fiat_bn254_mulx_u64(&x119, &x120, x111, UINT64_C(0x3c208c16d87cfd47));
1481 6831 : fiat_bn254_addcarryx_u64(&x121, &x122, 0x0, x120, x117);
1482 6831 : fiat_bn254_addcarryx_u64(&x123, &x124, x122, x118, x115);
1483 6831 : fiat_bn254_addcarryx_u64(&x125, &x126, x124, x116, x113);
1484 6831 : fiat_bn254_addcarryx_u64(&x127, &x128, 0x0, x103, x119);
1485 6831 : fiat_bn254_addcarryx_u64(&x129, &x130, x128, x105, x121);
1486 6831 : fiat_bn254_addcarryx_u64(&x131, &x132, x130, x107, x123);
1487 6831 : fiat_bn254_addcarryx_u64(&x133, &x134, x132, x109, x125);
1488 6831 : fiat_bn254_mulx_u64(&x135, &x136, x3, UINT64_C(0x6d89f71cab8351f));
1489 6831 : fiat_bn254_mulx_u64(&x137, &x138, x3, UINT64_C(0x47ab1eff0a417ff6));
1490 6831 : fiat_bn254_mulx_u64(&x139, &x140, x3, UINT64_C(0xb5e71911d44501fb));
1491 6831 : fiat_bn254_mulx_u64(&x141, &x142, x3, UINT64_C(0xf32cfc5b538afa89));
1492 6831 : fiat_bn254_addcarryx_u64(&x143, &x144, 0x0, x142, x139);
1493 6831 : fiat_bn254_addcarryx_u64(&x145, &x146, x144, x140, x137);
1494 6831 : fiat_bn254_addcarryx_u64(&x147, &x148, x146, x138, x135);
1495 6831 : fiat_bn254_addcarryx_u64(&x149, &x150, 0x0, x129, x141);
1496 6831 : fiat_bn254_addcarryx_u64(&x151, &x152, x150, x131, x143);
1497 6831 : fiat_bn254_addcarryx_u64(&x153, &x154, x152, x133, x145);
1498 6831 : fiat_bn254_addcarryx_u64(&x155, &x156, x154, ((x134 + (x110 + (x102 + x90))) + (x126 + x114)), x147);
1499 6831 : fiat_bn254_mulx_u64(&x157, &x158, x149, UINT64_C(0x87d20782e4866389));
1500 6831 : fiat_bn254_mulx_u64(&x159, &x160, x157, UINT64_C(0x30644e72e131a029));
1501 6831 : fiat_bn254_mulx_u64(&x161, &x162, x157, UINT64_C(0xb85045b68181585d));
1502 6831 : fiat_bn254_mulx_u64(&x163, &x164, x157, UINT64_C(0x97816a916871ca8d));
1503 6831 : fiat_bn254_mulx_u64(&x165, &x166, x157, UINT64_C(0x3c208c16d87cfd47));
1504 6831 : fiat_bn254_addcarryx_u64(&x167, &x168, 0x0, x166, x163);
1505 6831 : fiat_bn254_addcarryx_u64(&x169, &x170, x168, x164, x161);
1506 6831 : fiat_bn254_addcarryx_u64(&x171, &x172, x170, x162, x159);
1507 6831 : fiat_bn254_addcarryx_u64(&x173, &x174, 0x0, x149, x165);
1508 6831 : fiat_bn254_addcarryx_u64(&x175, &x176, x174, x151, x167);
1509 6831 : fiat_bn254_addcarryx_u64(&x177, &x178, x176, x153, x169);
1510 6831 : fiat_bn254_addcarryx_u64(&x179, &x180, x178, x155, x171);
1511 6831 : x181 = ((x180 + (x156 + (x148 + x136))) + (x172 + x160));
1512 6831 : fiat_bn254_subborrowx_u64(&x182, &x183, 0x0, x175, UINT64_C(0x3c208c16d87cfd47));
1513 6831 : fiat_bn254_subborrowx_u64(&x184, &x185, x183, x177, UINT64_C(0x97816a916871ca8d));
1514 6831 : fiat_bn254_subborrowx_u64(&x186, &x187, x185, x179, UINT64_C(0xb85045b68181585d));
1515 6831 : fiat_bn254_subborrowx_u64(&x188, &x189, x187, x181, UINT64_C(0x30644e72e131a029));
1516 6831 : fiat_bn254_subborrowx_u64(&x190, &x191, x189, 0x0, 0x0);
1517 6831 : fiat_bn254_cmovznz_u64(&x192, x191, x182, x175);
1518 6831 : fiat_bn254_cmovznz_u64(&x193, x191, x184, x177);
1519 6831 : fiat_bn254_cmovznz_u64(&x194, x191, x186, x179);
1520 6831 : fiat_bn254_cmovznz_u64(&x195, x191, x188, x181);
1521 6831 : out1[0] = x192;
1522 6831 : out1[1] = x193;
1523 6831 : out1[2] = x194;
1524 6831 : out1[3] = x195;
1525 6831 : }
1526 :
1527 : /*
1528 : * The function fiat_bn254_nonzero outputs a single non-zero word if the input is non-zero and zero otherwise.
1529 : *
1530 : * Preconditions:
1531 : * 0 ≤ eval arg1 < m
1532 : * Postconditions:
1533 : * out1 = 0 ↔ eval (from_montgomery arg1) mod m = 0
1534 : *
1535 : * Input Bounds:
1536 : * arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
1537 : * Output Bounds:
1538 : * out1: [0x0 ~> 0xffffffffffffffff]
1539 : */
1540 0 : void fiat_bn254_nonzero(uint64_t* out1, const uint64_t arg1[4]) {
1541 0 : uint64_t x1;
1542 0 : x1 = ((arg1[0]) | ((arg1[1]) | ((arg1[2]) | (arg1[3]))));
1543 0 : *out1 = x1;
1544 0 : }
1545 :
1546 : /*
1547 : * The function fiat_bn254_selectznz is a multi-limb conditional select.
1548 : *
1549 : * Postconditions:
1550 : * out1 = (if arg1 = 0 then arg2 else arg3)
1551 : *
1552 : * Input Bounds:
1553 : * arg1: [0x0 ~> 0x1]
1554 : * arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
1555 : * arg3: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
1556 : * Output Bounds:
1557 : * out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
1558 : */
1559 0 : void fiat_bn254_selectznz(uint64_t out1[4], fiat_bn254_uint1 arg1, const uint64_t arg2[4], const uint64_t arg3[4]) {
1560 0 : uint64_t x1;
1561 0 : uint64_t x2;
1562 0 : uint64_t x3;
1563 0 : uint64_t x4;
1564 0 : fiat_bn254_cmovznz_u64(&x1, arg1, (arg2[0]), (arg3[0]));
1565 0 : fiat_bn254_cmovznz_u64(&x2, arg1, (arg2[1]), (arg3[1]));
1566 0 : fiat_bn254_cmovznz_u64(&x3, arg1, (arg2[2]), (arg3[2]));
1567 0 : fiat_bn254_cmovznz_u64(&x4, arg1, (arg2[3]), (arg3[3]));
1568 0 : out1[0] = x1;
1569 0 : out1[1] = x2;
1570 0 : out1[2] = x3;
1571 0 : out1[3] = x4;
1572 0 : }
1573 :
1574 : /*
1575 : * The function fiat_bn254_to_bytes serializes a field element NOT in the Montgomery domain to bytes in little-endian order.
1576 : *
1577 : * Preconditions:
1578 : * 0 ≤ eval arg1 < m
1579 : * Postconditions:
1580 : * out1 = map (λ x, ⌊((eval arg1 mod m) mod 2^(8 * (x + 1))) / 2^(8 * x)⌋) [0..31]
1581 : *
1582 : * Input Bounds:
1583 : * arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0x3fffffffffffffff]]
1584 : * Output Bounds:
1585 : * out1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0x3f]]
1586 : */
1587 0 : void fiat_bn254_to_bytes(uint8_t out1[32], const uint64_t arg1[4]) {
1588 0 : uint64_t x1;
1589 0 : uint64_t x2;
1590 0 : uint64_t x3;
1591 0 : uint64_t x4;
1592 0 : uint8_t x5;
1593 0 : uint64_t x6;
1594 0 : uint8_t x7;
1595 0 : uint64_t x8;
1596 0 : uint8_t x9;
1597 0 : uint64_t x10;
1598 0 : uint8_t x11;
1599 0 : uint64_t x12;
1600 0 : uint8_t x13;
1601 0 : uint64_t x14;
1602 0 : uint8_t x15;
1603 0 : uint64_t x16;
1604 0 : uint8_t x17;
1605 0 : uint8_t x18;
1606 0 : uint8_t x19;
1607 0 : uint64_t x20;
1608 0 : uint8_t x21;
1609 0 : uint64_t x22;
1610 0 : uint8_t x23;
1611 0 : uint64_t x24;
1612 0 : uint8_t x25;
1613 0 : uint64_t x26;
1614 0 : uint8_t x27;
1615 0 : uint64_t x28;
1616 0 : uint8_t x29;
1617 0 : uint64_t x30;
1618 0 : uint8_t x31;
1619 0 : uint8_t x32;
1620 0 : uint8_t x33;
1621 0 : uint64_t x34;
1622 0 : uint8_t x35;
1623 0 : uint64_t x36;
1624 0 : uint8_t x37;
1625 0 : uint64_t x38;
1626 0 : uint8_t x39;
1627 0 : uint64_t x40;
1628 0 : uint8_t x41;
1629 0 : uint64_t x42;
1630 0 : uint8_t x43;
1631 0 : uint64_t x44;
1632 0 : uint8_t x45;
1633 0 : uint8_t x46;
1634 0 : uint8_t x47;
1635 0 : uint64_t x48;
1636 0 : uint8_t x49;
1637 0 : uint64_t x50;
1638 0 : uint8_t x51;
1639 0 : uint64_t x52;
1640 0 : uint8_t x53;
1641 0 : uint64_t x54;
1642 0 : uint8_t x55;
1643 0 : uint64_t x56;
1644 0 : uint8_t x57;
1645 0 : uint64_t x58;
1646 0 : uint8_t x59;
1647 0 : uint8_t x60;
1648 0 : x1 = (arg1[3]);
1649 0 : x2 = (arg1[2]);
1650 0 : x3 = (arg1[1]);
1651 0 : x4 = (arg1[0]);
1652 0 : x5 = (uint8_t)(x4 & UINT8_C(0xff));
1653 0 : x6 = (x4 >> 8);
1654 0 : x7 = (uint8_t)(x6 & UINT8_C(0xff));
1655 0 : x8 = (x6 >> 8);
1656 0 : x9 = (uint8_t)(x8 & UINT8_C(0xff));
1657 0 : x10 = (x8 >> 8);
1658 0 : x11 = (uint8_t)(x10 & UINT8_C(0xff));
1659 0 : x12 = (x10 >> 8);
1660 0 : x13 = (uint8_t)(x12 & UINT8_C(0xff));
1661 0 : x14 = (x12 >> 8);
1662 0 : x15 = (uint8_t)(x14 & UINT8_C(0xff));
1663 0 : x16 = (x14 >> 8);
1664 0 : x17 = (uint8_t)(x16 & UINT8_C(0xff));
1665 0 : x18 = (uint8_t)(x16 >> 8);
1666 0 : x19 = (uint8_t)(x3 & UINT8_C(0xff));
1667 0 : x20 = (x3 >> 8);
1668 0 : x21 = (uint8_t)(x20 & UINT8_C(0xff));
1669 0 : x22 = (x20 >> 8);
1670 0 : x23 = (uint8_t)(x22 & UINT8_C(0xff));
1671 0 : x24 = (x22 >> 8);
1672 0 : x25 = (uint8_t)(x24 & UINT8_C(0xff));
1673 0 : x26 = (x24 >> 8);
1674 0 : x27 = (uint8_t)(x26 & UINT8_C(0xff));
1675 0 : x28 = (x26 >> 8);
1676 0 : x29 = (uint8_t)(x28 & UINT8_C(0xff));
1677 0 : x30 = (x28 >> 8);
1678 0 : x31 = (uint8_t)(x30 & UINT8_C(0xff));
1679 0 : x32 = (uint8_t)(x30 >> 8);
1680 0 : x33 = (uint8_t)(x2 & UINT8_C(0xff));
1681 0 : x34 = (x2 >> 8);
1682 0 : x35 = (uint8_t)(x34 & UINT8_C(0xff));
1683 0 : x36 = (x34 >> 8);
1684 0 : x37 = (uint8_t)(x36 & UINT8_C(0xff));
1685 0 : x38 = (x36 >> 8);
1686 0 : x39 = (uint8_t)(x38 & UINT8_C(0xff));
1687 0 : x40 = (x38 >> 8);
1688 0 : x41 = (uint8_t)(x40 & UINT8_C(0xff));
1689 0 : x42 = (x40 >> 8);
1690 0 : x43 = (uint8_t)(x42 & UINT8_C(0xff));
1691 0 : x44 = (x42 >> 8);
1692 0 : x45 = (uint8_t)(x44 & UINT8_C(0xff));
1693 0 : x46 = (uint8_t)(x44 >> 8);
1694 0 : x47 = (uint8_t)(x1 & UINT8_C(0xff));
1695 0 : x48 = (x1 >> 8);
1696 0 : x49 = (uint8_t)(x48 & UINT8_C(0xff));
1697 0 : x50 = (x48 >> 8);
1698 0 : x51 = (uint8_t)(x50 & UINT8_C(0xff));
1699 0 : x52 = (x50 >> 8);
1700 0 : x53 = (uint8_t)(x52 & UINT8_C(0xff));
1701 0 : x54 = (x52 >> 8);
1702 0 : x55 = (uint8_t)(x54 & UINT8_C(0xff));
1703 0 : x56 = (x54 >> 8);
1704 0 : x57 = (uint8_t)(x56 & UINT8_C(0xff));
1705 0 : x58 = (x56 >> 8);
1706 0 : x59 = (uint8_t)(x58 & UINT8_C(0xff));
1707 0 : x60 = (uint8_t)(x58 >> 8);
1708 0 : out1[0] = x5;
1709 0 : out1[1] = x7;
1710 0 : out1[2] = x9;
1711 0 : out1[3] = x11;
1712 0 : out1[4] = x13;
1713 0 : out1[5] = x15;
1714 0 : out1[6] = x17;
1715 0 : out1[7] = x18;
1716 0 : out1[8] = x19;
1717 0 : out1[9] = x21;
1718 0 : out1[10] = x23;
1719 0 : out1[11] = x25;
1720 0 : out1[12] = x27;
1721 0 : out1[13] = x29;
1722 0 : out1[14] = x31;
1723 0 : out1[15] = x32;
1724 0 : out1[16] = x33;
1725 0 : out1[17] = x35;
1726 0 : out1[18] = x37;
1727 0 : out1[19] = x39;
1728 0 : out1[20] = x41;
1729 0 : out1[21] = x43;
1730 0 : out1[22] = x45;
1731 0 : out1[23] = x46;
1732 0 : out1[24] = x47;
1733 0 : out1[25] = x49;
1734 0 : out1[26] = x51;
1735 0 : out1[27] = x53;
1736 0 : out1[28] = x55;
1737 0 : out1[29] = x57;
1738 0 : out1[30] = x59;
1739 0 : out1[31] = x60;
1740 0 : }
1741 :
1742 : /*
1743 : * The function fiat_bn254_from_bytes deserializes a field element NOT in the Montgomery domain from bytes in little-endian order.
1744 : *
1745 : * Preconditions:
1746 : * 0 ≤ bytes_eval arg1 < m
1747 : * Postconditions:
1748 : * eval out1 mod m = bytes_eval arg1 mod m
1749 : * 0 ≤ eval out1 < m
1750 : *
1751 : * Input Bounds:
1752 : * arg1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0x3f]]
1753 : * Output Bounds:
1754 : * out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0x3fffffffffffffff]]
1755 : */
1756 0 : void fiat_bn254_from_bytes(uint64_t out1[4], const uint8_t arg1[32]) {
1757 0 : uint64_t x1;
1758 0 : uint64_t x2;
1759 0 : uint64_t x3;
1760 0 : uint64_t x4;
1761 0 : uint64_t x5;
1762 0 : uint64_t x6;
1763 0 : uint64_t x7;
1764 0 : uint8_t x8;
1765 0 : uint64_t x9;
1766 0 : uint64_t x10;
1767 0 : uint64_t x11;
1768 0 : uint64_t x12;
1769 0 : uint64_t x13;
1770 0 : uint64_t x14;
1771 0 : uint64_t x15;
1772 0 : uint8_t x16;
1773 0 : uint64_t x17;
1774 0 : uint64_t x18;
1775 0 : uint64_t x19;
1776 0 : uint64_t x20;
1777 0 : uint64_t x21;
1778 0 : uint64_t x22;
1779 0 : uint64_t x23;
1780 0 : uint8_t x24;
1781 0 : uint64_t x25;
1782 0 : uint64_t x26;
1783 0 : uint64_t x27;
1784 0 : uint64_t x28;
1785 0 : uint64_t x29;
1786 0 : uint64_t x30;
1787 0 : uint64_t x31;
1788 0 : uint8_t x32;
1789 0 : uint64_t x33;
1790 0 : uint64_t x34;
1791 0 : uint64_t x35;
1792 0 : uint64_t x36;
1793 0 : uint64_t x37;
1794 0 : uint64_t x38;
1795 0 : uint64_t x39;
1796 0 : uint64_t x40;
1797 0 : uint64_t x41;
1798 0 : uint64_t x42;
1799 0 : uint64_t x43;
1800 0 : uint64_t x44;
1801 0 : uint64_t x45;
1802 0 : uint64_t x46;
1803 0 : uint64_t x47;
1804 0 : uint64_t x48;
1805 0 : uint64_t x49;
1806 0 : uint64_t x50;
1807 0 : uint64_t x51;
1808 0 : uint64_t x52;
1809 0 : uint64_t x53;
1810 0 : uint64_t x54;
1811 0 : uint64_t x55;
1812 0 : uint64_t x56;
1813 0 : uint64_t x57;
1814 0 : uint64_t x58;
1815 0 : uint64_t x59;
1816 0 : uint64_t x60;
1817 0 : x1 = ((uint64_t)(arg1[31]) << 56);
1818 0 : x2 = ((uint64_t)(arg1[30]) << 48);
1819 0 : x3 = ((uint64_t)(arg1[29]) << 40);
1820 0 : x4 = ((uint64_t)(arg1[28]) << 32);
1821 0 : x5 = ((uint64_t)(arg1[27]) << 24);
1822 0 : x6 = ((uint64_t)(arg1[26]) << 16);
1823 0 : x7 = ((uint64_t)(arg1[25]) << 8);
1824 0 : x8 = (arg1[24]);
1825 0 : x9 = ((uint64_t)(arg1[23]) << 56);
1826 0 : x10 = ((uint64_t)(arg1[22]) << 48);
1827 0 : x11 = ((uint64_t)(arg1[21]) << 40);
1828 0 : x12 = ((uint64_t)(arg1[20]) << 32);
1829 0 : x13 = ((uint64_t)(arg1[19]) << 24);
1830 0 : x14 = ((uint64_t)(arg1[18]) << 16);
1831 0 : x15 = ((uint64_t)(arg1[17]) << 8);
1832 0 : x16 = (arg1[16]);
1833 0 : x17 = ((uint64_t)(arg1[15]) << 56);
1834 0 : x18 = ((uint64_t)(arg1[14]) << 48);
1835 0 : x19 = ((uint64_t)(arg1[13]) << 40);
1836 0 : x20 = ((uint64_t)(arg1[12]) << 32);
1837 0 : x21 = ((uint64_t)(arg1[11]) << 24);
1838 0 : x22 = ((uint64_t)(arg1[10]) << 16);
1839 0 : x23 = ((uint64_t)(arg1[9]) << 8);
1840 0 : x24 = (arg1[8]);
1841 0 : x25 = ((uint64_t)(arg1[7]) << 56);
1842 0 : x26 = ((uint64_t)(arg1[6]) << 48);
1843 0 : x27 = ((uint64_t)(arg1[5]) << 40);
1844 0 : x28 = ((uint64_t)(arg1[4]) << 32);
1845 0 : x29 = ((uint64_t)(arg1[3]) << 24);
1846 0 : x30 = ((uint64_t)(arg1[2]) << 16);
1847 0 : x31 = ((uint64_t)(arg1[1]) << 8);
1848 0 : x32 = (arg1[0]);
1849 0 : x33 = (x31 + (uint64_t)x32);
1850 0 : x34 = (x30 + x33);
1851 0 : x35 = (x29 + x34);
1852 0 : x36 = (x28 + x35);
1853 0 : x37 = (x27 + x36);
1854 0 : x38 = (x26 + x37);
1855 0 : x39 = (x25 + x38);
1856 0 : x40 = (x23 + (uint64_t)x24);
1857 0 : x41 = (x22 + x40);
1858 0 : x42 = (x21 + x41);
1859 0 : x43 = (x20 + x42);
1860 0 : x44 = (x19 + x43);
1861 0 : x45 = (x18 + x44);
1862 0 : x46 = (x17 + x45);
1863 0 : x47 = (x15 + (uint64_t)x16);
1864 0 : x48 = (x14 + x47);
1865 0 : x49 = (x13 + x48);
1866 0 : x50 = (x12 + x49);
1867 0 : x51 = (x11 + x50);
1868 0 : x52 = (x10 + x51);
1869 0 : x53 = (x9 + x52);
1870 0 : x54 = (x7 + (uint64_t)x8);
1871 0 : x55 = (x6 + x54);
1872 0 : x56 = (x5 + x55);
1873 0 : x57 = (x4 + x56);
1874 0 : x58 = (x3 + x57);
1875 0 : x59 = (x2 + x58);
1876 0 : x60 = (x1 + x59);
1877 0 : out1[0] = x39;
1878 0 : out1[1] = x46;
1879 0 : out1[2] = x53;
1880 0 : out1[3] = x60;
1881 0 : }
1882 :
1883 : /*
1884 : * The function fiat_bn254_set_one returns the field element one in the Montgomery domain.
1885 : *
1886 : * Postconditions:
1887 : * eval (from_montgomery out1) mod m = 1 mod m
1888 : * 0 ≤ eval out1 < m
1889 : *
1890 : */
1891 0 : void fiat_bn254_set_one(fiat_bn254_montgomery_domain_field_element out1) {
1892 0 : out1[0] = UINT64_C(0xd35d438dc58f0d9d);
1893 0 : out1[1] = UINT64_C(0xa78eb28f5c70b3d);
1894 0 : out1[2] = UINT64_C(0x666ea36f7879462c);
1895 0 : out1[3] = UINT64_C(0xe0a77c19a07df2f);
1896 0 : }
1897 :
1898 : /*
1899 : * The function fiat_bn254_msat returns the saturated representation of the prime modulus.
1900 : *
1901 : * Postconditions:
1902 : * twos_complement_eval out1 = m
1903 : * 0 ≤ eval out1 < m
1904 : *
1905 : * Output Bounds:
1906 : * out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
1907 : */
1908 0 : void fiat_bn254_msat(uint64_t out1[5]) {
1909 0 : out1[0] = UINT64_C(0x3c208c16d87cfd47);
1910 0 : out1[1] = UINT64_C(0x97816a916871ca8d);
1911 0 : out1[2] = UINT64_C(0xb85045b68181585d);
1912 0 : out1[3] = UINT64_C(0x30644e72e131a029);
1913 0 : out1[4] = 0x0;
1914 0 : }
1915 :
1916 : /*
1917 : * The function fiat_bn254_divstep_precomp returns the precomputed value for Bernstein-Yang-inversion (in montgomery form).
1918 : *
1919 : * Postconditions:
1920 : * eval (from_montgomery out1) = ⌊(m - 1) / 2⌋^(if ⌊log2 m⌋ + 1 < 46 then ⌊(49 * (⌊log2 m⌋ + 1) + 80) / 17⌋ else ⌊(49 * (⌊log2 m⌋ + 1) + 57) / 17⌋)
1921 : * 0 ≤ eval out1 < m
1922 : *
1923 : * Output Bounds:
1924 : * out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
1925 : */
1926 0 : void fiat_bn254_divstep_precomp(uint64_t out1[4]) {
1927 0 : out1[0] = UINT64_C(0xd69e6dbc5a194eaa);
1928 0 : out1[1] = UINT64_C(0xe6d42dfd2028cab6);
1929 0 : out1[2] = UINT64_C(0xc95f7098b0c0869a);
1930 0 : out1[3] = UINT64_C(0x4945d89b45c32d8);
1931 0 : }
1932 :
1933 : /*
1934 : * The function fiat_bn254_divstep computes a divstep.
1935 : *
1936 : * Preconditions:
1937 : * 0 ≤ eval arg4 < m
1938 : * 0 ≤ eval arg5 < m
1939 : * Postconditions:
1940 : * out1 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then 1 - arg1 else 1 + arg1)
1941 : * twos_complement_eval out2 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then twos_complement_eval arg3 else twos_complement_eval arg2)
1942 : * twos_complement_eval out3 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then ⌊(twos_complement_eval arg3 - twos_complement_eval arg2) / 2⌋ else ⌊(twos_complement_eval arg3 + (twos_complement_eval arg3 mod 2) * twos_complement_eval arg2) / 2⌋)
1943 : * eval (from_montgomery out4) mod m = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then (2 * eval (from_montgomery arg5)) mod m else (2 * eval (from_montgomery arg4)) mod m)
1944 : * eval (from_montgomery out5) mod m = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then (eval (from_montgomery arg4) - eval (from_montgomery arg4)) mod m else (eval (from_montgomery arg5) + (twos_complement_eval arg3 mod 2) * eval (from_montgomery arg4)) mod m)
1945 : * 0 ≤ eval out5 < m
1946 : * 0 ≤ eval out5 < m
1947 : * 0 ≤ eval out2 < m
1948 : * 0 ≤ eval out3 < m
1949 : *
1950 : * Input Bounds:
1951 : * arg1: [0x0 ~> 0xffffffffffffffff]
1952 : * arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
1953 : * arg3: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
1954 : * arg4: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
1955 : * arg5: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
1956 : * Output Bounds:
1957 : * out1: [0x0 ~> 0xffffffffffffffff]
1958 : * out2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
1959 : * out3: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
1960 : * out4: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
1961 : * out5: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]]
1962 : */
1963 0 : void fiat_bn254_divstep(uint64_t* out1, uint64_t out2[5], uint64_t out3[5], uint64_t out4[4], uint64_t out5[4], uint64_t arg1, const uint64_t arg2[5], const uint64_t arg3[5], const uint64_t arg4[4], const uint64_t arg5[4]) {
1964 0 : uint64_t x1;
1965 0 : fiat_bn254_uint1 x2;
1966 0 : fiat_bn254_uint1 x3;
1967 0 : uint64_t x4;
1968 0 : fiat_bn254_uint1 x5;
1969 0 : uint64_t x6;
1970 0 : uint64_t x7;
1971 0 : uint64_t x8;
1972 0 : uint64_t x9;
1973 0 : uint64_t x10;
1974 0 : uint64_t x11;
1975 0 : uint64_t x12;
1976 0 : fiat_bn254_uint1 x13;
1977 0 : uint64_t x14;
1978 0 : fiat_bn254_uint1 x15;
1979 0 : uint64_t x16;
1980 0 : fiat_bn254_uint1 x17;
1981 0 : uint64_t x18;
1982 0 : fiat_bn254_uint1 x19;
1983 0 : uint64_t x20;
1984 0 : fiat_bn254_uint1 x21;
1985 0 : uint64_t x22;
1986 0 : uint64_t x23;
1987 0 : uint64_t x24;
1988 0 : uint64_t x25;
1989 0 : uint64_t x26;
1990 0 : uint64_t x27;
1991 0 : uint64_t x28;
1992 0 : uint64_t x29;
1993 0 : uint64_t x30;
1994 0 : uint64_t x31;
1995 0 : fiat_bn254_uint1 x32;
1996 0 : uint64_t x33;
1997 0 : fiat_bn254_uint1 x34;
1998 0 : uint64_t x35;
1999 0 : fiat_bn254_uint1 x36;
2000 0 : uint64_t x37;
2001 0 : fiat_bn254_uint1 x38;
2002 0 : uint64_t x39;
2003 0 : fiat_bn254_uint1 x40;
2004 0 : uint64_t x41;
2005 0 : fiat_bn254_uint1 x42;
2006 0 : uint64_t x43;
2007 0 : fiat_bn254_uint1 x44;
2008 0 : uint64_t x45;
2009 0 : fiat_bn254_uint1 x46;
2010 0 : uint64_t x47;
2011 0 : fiat_bn254_uint1 x48;
2012 0 : uint64_t x49;
2013 0 : uint64_t x50;
2014 0 : uint64_t x51;
2015 0 : uint64_t x52;
2016 0 : uint64_t x53;
2017 0 : fiat_bn254_uint1 x54;
2018 0 : uint64_t x55;
2019 0 : fiat_bn254_uint1 x56;
2020 0 : uint64_t x57;
2021 0 : fiat_bn254_uint1 x58;
2022 0 : uint64_t x59;
2023 0 : fiat_bn254_uint1 x60;
2024 0 : uint64_t x61;
2025 0 : uint64_t x62;
2026 0 : fiat_bn254_uint1 x63;
2027 0 : uint64_t x64;
2028 0 : fiat_bn254_uint1 x65;
2029 0 : uint64_t x66;
2030 0 : fiat_bn254_uint1 x67;
2031 0 : uint64_t x68;
2032 0 : fiat_bn254_uint1 x69;
2033 0 : uint64_t x70;
2034 0 : uint64_t x71;
2035 0 : uint64_t x72;
2036 0 : uint64_t x73;
2037 0 : fiat_bn254_uint1 x74;
2038 0 : uint64_t x75;
2039 0 : uint64_t x76;
2040 0 : uint64_t x77;
2041 0 : uint64_t x78;
2042 0 : uint64_t x79;
2043 0 : uint64_t x80;
2044 0 : fiat_bn254_uint1 x81;
2045 0 : uint64_t x82;
2046 0 : fiat_bn254_uint1 x83;
2047 0 : uint64_t x84;
2048 0 : fiat_bn254_uint1 x85;
2049 0 : uint64_t x86;
2050 0 : fiat_bn254_uint1 x87;
2051 0 : uint64_t x88;
2052 0 : fiat_bn254_uint1 x89;
2053 0 : uint64_t x90;
2054 0 : uint64_t x91;
2055 0 : uint64_t x92;
2056 0 : uint64_t x93;
2057 0 : uint64_t x94;
2058 0 : fiat_bn254_uint1 x95;
2059 0 : uint64_t x96;
2060 0 : fiat_bn254_uint1 x97;
2061 0 : uint64_t x98;
2062 0 : fiat_bn254_uint1 x99;
2063 0 : uint64_t x100;
2064 0 : fiat_bn254_uint1 x101;
2065 0 : uint64_t x102;
2066 0 : fiat_bn254_uint1 x103;
2067 0 : uint64_t x104;
2068 0 : fiat_bn254_uint1 x105;
2069 0 : uint64_t x106;
2070 0 : fiat_bn254_uint1 x107;
2071 0 : uint64_t x108;
2072 0 : fiat_bn254_uint1 x109;
2073 0 : uint64_t x110;
2074 0 : fiat_bn254_uint1 x111;
2075 0 : uint64_t x112;
2076 0 : fiat_bn254_uint1 x113;
2077 0 : uint64_t x114;
2078 0 : uint64_t x115;
2079 0 : uint64_t x116;
2080 0 : uint64_t x117;
2081 0 : uint64_t x118;
2082 0 : uint64_t x119;
2083 0 : uint64_t x120;
2084 0 : uint64_t x121;
2085 0 : uint64_t x122;
2086 0 : uint64_t x123;
2087 0 : uint64_t x124;
2088 0 : uint64_t x125;
2089 0 : uint64_t x126;
2090 0 : fiat_bn254_addcarryx_u64(&x1, &x2, 0x0, (~arg1), 0x1);
2091 0 : x3 = (fiat_bn254_uint1)((fiat_bn254_uint1)(x1 >> 63) & (fiat_bn254_uint1)((arg3[0]) & 0x1));
2092 0 : fiat_bn254_addcarryx_u64(&x4, &x5, 0x0, (~arg1), 0x1);
2093 0 : fiat_bn254_cmovznz_u64(&x6, x3, arg1, x4);
2094 0 : fiat_bn254_cmovznz_u64(&x7, x3, (arg2[0]), (arg3[0]));
2095 0 : fiat_bn254_cmovznz_u64(&x8, x3, (arg2[1]), (arg3[1]));
2096 0 : fiat_bn254_cmovznz_u64(&x9, x3, (arg2[2]), (arg3[2]));
2097 0 : fiat_bn254_cmovznz_u64(&x10, x3, (arg2[3]), (arg3[3]));
2098 0 : fiat_bn254_cmovznz_u64(&x11, x3, (arg2[4]), (arg3[4]));
2099 0 : fiat_bn254_addcarryx_u64(&x12, &x13, 0x0, 0x1, (~(arg2[0])));
2100 0 : fiat_bn254_addcarryx_u64(&x14, &x15, x13, 0x0, (~(arg2[1])));
2101 0 : fiat_bn254_addcarryx_u64(&x16, &x17, x15, 0x0, (~(arg2[2])));
2102 0 : fiat_bn254_addcarryx_u64(&x18, &x19, x17, 0x0, (~(arg2[3])));
2103 0 : fiat_bn254_addcarryx_u64(&x20, &x21, x19, 0x0, (~(arg2[4])));
2104 0 : fiat_bn254_cmovznz_u64(&x22, x3, (arg3[0]), x12);
2105 0 : fiat_bn254_cmovznz_u64(&x23, x3, (arg3[1]), x14);
2106 0 : fiat_bn254_cmovznz_u64(&x24, x3, (arg3[2]), x16);
2107 0 : fiat_bn254_cmovznz_u64(&x25, x3, (arg3[3]), x18);
2108 0 : fiat_bn254_cmovznz_u64(&x26, x3, (arg3[4]), x20);
2109 0 : fiat_bn254_cmovznz_u64(&x27, x3, (arg4[0]), (arg5[0]));
2110 0 : fiat_bn254_cmovznz_u64(&x28, x3, (arg4[1]), (arg5[1]));
2111 0 : fiat_bn254_cmovznz_u64(&x29, x3, (arg4[2]), (arg5[2]));
2112 0 : fiat_bn254_cmovznz_u64(&x30, x3, (arg4[3]), (arg5[3]));
2113 0 : fiat_bn254_addcarryx_u64(&x31, &x32, 0x0, x27, x27);
2114 0 : fiat_bn254_addcarryx_u64(&x33, &x34, x32, x28, x28);
2115 0 : fiat_bn254_addcarryx_u64(&x35, &x36, x34, x29, x29);
2116 0 : fiat_bn254_addcarryx_u64(&x37, &x38, x36, x30, x30);
2117 0 : fiat_bn254_subborrowx_u64(&x39, &x40, 0x0, x31, UINT64_C(0x3c208c16d87cfd47));
2118 0 : fiat_bn254_subborrowx_u64(&x41, &x42, x40, x33, UINT64_C(0x97816a916871ca8d));
2119 0 : fiat_bn254_subborrowx_u64(&x43, &x44, x42, x35, UINT64_C(0xb85045b68181585d));
2120 0 : fiat_bn254_subborrowx_u64(&x45, &x46, x44, x37, UINT64_C(0x30644e72e131a029));
2121 0 : fiat_bn254_subborrowx_u64(&x47, &x48, x46, x38, 0x0);
2122 0 : x49 = (arg4[3]);
2123 0 : x50 = (arg4[2]);
2124 0 : x51 = (arg4[1]);
2125 0 : x52 = (arg4[0]);
2126 0 : fiat_bn254_subborrowx_u64(&x53, &x54, 0x0, 0x0, x52);
2127 0 : fiat_bn254_subborrowx_u64(&x55, &x56, x54, 0x0, x51);
2128 0 : fiat_bn254_subborrowx_u64(&x57, &x58, x56, 0x0, x50);
2129 0 : fiat_bn254_subborrowx_u64(&x59, &x60, x58, 0x0, x49);
2130 0 : fiat_bn254_cmovznz_u64(&x61, x60, 0x0, UINT64_C(0xffffffffffffffff));
2131 0 : fiat_bn254_addcarryx_u64(&x62, &x63, 0x0, x53, (x61 & UINT64_C(0x3c208c16d87cfd47)));
2132 0 : fiat_bn254_addcarryx_u64(&x64, &x65, x63, x55, (x61 & UINT64_C(0x97816a916871ca8d)));
2133 0 : fiat_bn254_addcarryx_u64(&x66, &x67, x65, x57, (x61 & UINT64_C(0xb85045b68181585d)));
2134 0 : fiat_bn254_addcarryx_u64(&x68, &x69, x67, x59, (x61 & UINT64_C(0x30644e72e131a029)));
2135 0 : fiat_bn254_cmovznz_u64(&x70, x3, (arg5[0]), x62);
2136 0 : fiat_bn254_cmovznz_u64(&x71, x3, (arg5[1]), x64);
2137 0 : fiat_bn254_cmovznz_u64(&x72, x3, (arg5[2]), x66);
2138 0 : fiat_bn254_cmovznz_u64(&x73, x3, (arg5[3]), x68);
2139 0 : x74 = (fiat_bn254_uint1)(x22 & 0x1);
2140 0 : fiat_bn254_cmovznz_u64(&x75, x74, 0x0, x7);
2141 0 : fiat_bn254_cmovznz_u64(&x76, x74, 0x0, x8);
2142 0 : fiat_bn254_cmovznz_u64(&x77, x74, 0x0, x9);
2143 0 : fiat_bn254_cmovznz_u64(&x78, x74, 0x0, x10);
2144 0 : fiat_bn254_cmovznz_u64(&x79, x74, 0x0, x11);
2145 0 : fiat_bn254_addcarryx_u64(&x80, &x81, 0x0, x22, x75);
2146 0 : fiat_bn254_addcarryx_u64(&x82, &x83, x81, x23, x76);
2147 0 : fiat_bn254_addcarryx_u64(&x84, &x85, x83, x24, x77);
2148 0 : fiat_bn254_addcarryx_u64(&x86, &x87, x85, x25, x78);
2149 0 : fiat_bn254_addcarryx_u64(&x88, &x89, x87, x26, x79);
2150 0 : fiat_bn254_cmovznz_u64(&x90, x74, 0x0, x27);
2151 0 : fiat_bn254_cmovznz_u64(&x91, x74, 0x0, x28);
2152 0 : fiat_bn254_cmovznz_u64(&x92, x74, 0x0, x29);
2153 0 : fiat_bn254_cmovznz_u64(&x93, x74, 0x0, x30);
2154 0 : fiat_bn254_addcarryx_u64(&x94, &x95, 0x0, x70, x90);
2155 0 : fiat_bn254_addcarryx_u64(&x96, &x97, x95, x71, x91);
2156 0 : fiat_bn254_addcarryx_u64(&x98, &x99, x97, x72, x92);
2157 0 : fiat_bn254_addcarryx_u64(&x100, &x101, x99, x73, x93);
2158 0 : fiat_bn254_subborrowx_u64(&x102, &x103, 0x0, x94, UINT64_C(0x3c208c16d87cfd47));
2159 0 : fiat_bn254_subborrowx_u64(&x104, &x105, x103, x96, UINT64_C(0x97816a916871ca8d));
2160 0 : fiat_bn254_subborrowx_u64(&x106, &x107, x105, x98, UINT64_C(0xb85045b68181585d));
2161 0 : fiat_bn254_subborrowx_u64(&x108, &x109, x107, x100, UINT64_C(0x30644e72e131a029));
2162 0 : fiat_bn254_subborrowx_u64(&x110, &x111, x109, x101, 0x0);
2163 0 : fiat_bn254_addcarryx_u64(&x112, &x113, 0x0, x6, 0x1);
2164 0 : x114 = ((x80 >> 1) | ((x82 << 63) & UINT64_C(0xffffffffffffffff)));
2165 0 : x115 = ((x82 >> 1) | ((x84 << 63) & UINT64_C(0xffffffffffffffff)));
2166 0 : x116 = ((x84 >> 1) | ((x86 << 63) & UINT64_C(0xffffffffffffffff)));
2167 0 : x117 = ((x86 >> 1) | ((x88 << 63) & UINT64_C(0xffffffffffffffff)));
2168 0 : x118 = ((x88 & UINT64_C(0x8000000000000000)) | (x88 >> 1));
2169 0 : fiat_bn254_cmovznz_u64(&x119, x48, x39, x31);
2170 0 : fiat_bn254_cmovznz_u64(&x120, x48, x41, x33);
2171 0 : fiat_bn254_cmovznz_u64(&x121, x48, x43, x35);
2172 0 : fiat_bn254_cmovznz_u64(&x122, x48, x45, x37);
2173 0 : fiat_bn254_cmovznz_u64(&x123, x111, x102, x94);
2174 0 : fiat_bn254_cmovznz_u64(&x124, x111, x104, x96);
2175 0 : fiat_bn254_cmovznz_u64(&x125, x111, x106, x98);
2176 0 : fiat_bn254_cmovznz_u64(&x126, x111, x108, x100);
2177 0 : *out1 = x112;
2178 0 : out2[0] = x7;
2179 0 : out2[1] = x8;
2180 0 : out2[2] = x9;
2181 0 : out2[3] = x10;
2182 0 : out2[4] = x11;
2183 0 : out3[0] = x114;
2184 0 : out3[1] = x115;
2185 0 : out3[2] = x116;
2186 0 : out3[3] = x117;
2187 0 : out3[4] = x118;
2188 0 : out4[0] = x119;
2189 0 : out4[1] = x120;
2190 0 : out4[2] = x121;
2191 0 : out4[3] = x122;
2192 0 : out5[0] = x123;
2193 0 : out5[1] = x124;
2194 0 : out5[2] = x125;
2195 0 : out5[3] = x126;
2196 0 : }
|
