From 66ae9af321658ca24c035da2b00c8ef53a816c6d Mon Sep 17 00:00:00 2001 From: Frank Denis Date: Sun, 18 Apr 2021 00:11:55 +0200 Subject: [PATCH] Add code generation for Zig --- .gitattributes | 2 + .github/workflows/zig.yml | 20 + .gitignore | 1 + Makefile | 29 +- _CoqProject | 1 + etc/coq-scripts | 2 +- fiat-zig/build.zig | 15 + fiat-zig/src/curve25519_32.zig | 951 +++ fiat-zig/src/curve25519_64.zig | 603 ++ fiat-zig/src/main.zig | 18 + fiat-zig/src/p224_32.zig | 3733 ++++++++++++ fiat-zig/src/p224_64.zig | 1851 ++++++ fiat-zig/src/p256_32.zig | 4493 ++++++++++++++ fiat-zig/src/p256_64.zig | 1774 ++++++ fiat-zig/src/p384_32.zig | 9774 ++++++++++++++++++++++++++++++ fiat-zig/src/p384_64.zig | 3552 +++++++++++ fiat-zig/src/p434_64.zig | 4461 ++++++++++++++ fiat-zig/src/p448_solinas_32.zig | 1629 +++++ fiat-zig/src/p448_solinas_64.zig | 875 +++ fiat-zig/src/p521_64.zig | 980 +++ fiat-zig/src/poly1305_32.zig | 478 ++ fiat-zig/src/poly1305_64.zig | 430 ++ fiat-zig/src/secp256k1_32.zig | 5318 ++++++++++++++++ fiat-zig/src/secp256k1_64.zig | 1938 ++++++ src/CLI.v | 4 +- src/Stringification/Zig.v | 291 + 26 files changed, 43215 insertions(+), 8 deletions(-) create mode 100644 .github/workflows/zig.yml create mode 100644 fiat-zig/build.zig create mode 100644 fiat-zig/src/curve25519_32.zig create mode 100644 fiat-zig/src/curve25519_64.zig create mode 100644 fiat-zig/src/main.zig create mode 100644 fiat-zig/src/p224_32.zig create mode 100644 fiat-zig/src/p224_64.zig create mode 100644 fiat-zig/src/p256_32.zig create mode 100644 fiat-zig/src/p256_64.zig create mode 100644 fiat-zig/src/p384_32.zig create mode 100644 fiat-zig/src/p384_64.zig create mode 100644 fiat-zig/src/p434_64.zig create mode 100644 fiat-zig/src/p448_solinas_32.zig create mode 100644 fiat-zig/src/p448_solinas_64.zig create mode 100644 fiat-zig/src/p521_64.zig create mode 100644 fiat-zig/src/poly1305_32.zig create mode 100644 fiat-zig/src/poly1305_64.zig create mode 100644 fiat-zig/src/secp256k1_32.zig create mode 100644 fiat-zig/src/secp256k1_64.zig create mode 100644 src/Stringification/Zig.v diff --git a/.gitattributes b/.gitattributes index c1cf5fbd29..fab4aab6ff 100644 --- a/.gitattributes +++ b/.gitattributes @@ -5,6 +5,7 @@ *.h text *.rs text *.go text +*.zig text fiat-bedrock2/**/*.c linguist-generated fiat-c/**/*.c linguist-generated @@ -12,3 +13,4 @@ fiat-go/**/*.go linguist-generated fiat-java/**/*.java linguist-generated fiat-json/**/*.json linguist-generated fiat-rust/**/*.rs linguist-generated +fiat-zig/**/*.zig linguist-generated diff --git a/.github/workflows/zig.yml b/.github/workflows/zig.yml new file mode 100644 index 0000000000..b533fb6641 --- /dev/null +++ b/.github/workflows/zig.yml @@ -0,0 +1,20 @@ +name: Test Generated Zig + +on: + push: + pull_request: + schedule: + - cron: "0 0 1 * *" + +jobs: + test-zig: + runs-on: ubuntu-latest + + steps: + - name: Install Zig + uses: goto-bus-stop/setup-zig@v1 + with: + version: master + - uses: actions/checkout@v2 + - name: Test Zig files + run: (cd fiat-zig && zig build && zig build test) diff --git a/.gitignore b/.gitignore index 69bf50cf36..5a8d619b82 100644 --- a/.gitignore +++ b/.gitignore @@ -16,6 +16,7 @@ tramp # misc *.pyc +zig-cache # java *.class diff --git a/Makefile b/Makefile index 068f8110c5..1a26a4ce36 100644 --- a/Makefile +++ b/Makefile @@ -12,6 +12,7 @@ GHCFLAGS?= # -XStrict CFLAGS?= CARGO_BUILD := cargo build +ZIG_BUILD := zig build SKIP_BEDROCK2?= @@ -30,8 +31,8 @@ INSTALLDEFAULTROOT := Crypto install-standalone install-standalone-ocaml install-standalone-haskell \ uninstall-standalone uninstall-standalone-ocaml uninstall-standalone-haskell \ util all-except-generated \ - c-files bedrock2-files rust-files go-files json-files java-files generated-files \ - lite-c-files lite-bedrock2-files lite-rust-files lite-go-files lite-json-files lite-java-files lite-generated-files \ + c-files bedrock2-files rust-files go-files json-files java-files zig-files generated-files \ + lite-c-files lite-bedrock2-files lite-rust-files lite-go-files lite-json-files lite-java-files lite-zig-files lite-generated-files \ bedrock2-backend \ update-go-pkg-cache \ deps \ @@ -39,8 +40,8 @@ INSTALLDEFAULTROOT := Crypto lite only-heavy printlite \ all-except-compiled \ some-early pre-standalone pre-standalone-extracted standalone standalone-haskell standalone-ocaml \ - test-c-files test-bedrock2-files test-rust-files test-go-files test-json-files test-java-files \ - only-test-c-files only-test-bedrock2-files only-test-rust-files only-test-go-files only-test-json-files only-test-java-files \ + test-c-files test-bedrock2-files test-rust-files test-go-files test-json-files test-java-files test-zig-files \ + only-test-c-files only-test-bedrock2-files only-test-rust-files only-test-go-files only-test-json-files only-test-java-files only-test-zig-files \ test-go-module only-test-go-module \ javadoc only-javadoc \ check-output accept-output @@ -140,6 +141,7 @@ GO_DIR := fiat-go/ JSON_DIR := fiat-json/src/ JAVA_DIR := fiat-java/src/ JAVADOC_DIR := fiat-java/doc/ +ZIG_DIR := fiat-zig/src/ # Java only really supports 32-bit builds, because we have neither 64x64->64x64 multiplication, nor uint128 # Java also requires that class names match file names @@ -218,6 +220,7 @@ ALL_RUST_FILES := $(patsubst %,$(RUST_DIR)%.rs,$(ALL_BASE_FILES)) ALL_GO_FILES := $(patsubst %,$(GO_DIR)%.go,$(call GO_RENAME_TO_FILE,$(filter-out $(BASE_FILES_NEEDING_INT128),$(ALL_BASE_FILES)))) ALL_JSON_FILES := $(patsubst %,$(JSON_DIR)%.json,$(ALL_BASE_FILES)) ALL_JAVA_FILES := $(patsubst %,$(JAVA_DIR)%.java,$(call JAVA_RENAME,$(filter-out $(BASE_FILES_NEEDING_INT128),$(ALL_BASE_FILES)))) +ALL_ZIG_FILES := $(patsubst %,$(ZIG_DIR)%.zig,$(ALL_BASE_FILES)) LITE_C_FILES := $(patsubst %,$(C_DIR)%.c,$(LITE_BASE_FILES)) LITE_BEDROCK2_FILES := $(patsubst %,$(BEDROCK2_DIR)%.c,$(filter-out $(BASE_FILES_NEEDING_INT128),$(LITE_BASE_FILES))) @@ -225,6 +228,7 @@ LITE_RUST_FILES := $(patsubst %,$(RUST_DIR)%.rs,$(LITE_BASE_FILES)) LITE_GO_FILES := $(patsubst %,$(GO_DIR)%.go,$(call GO_RENAME_TO_FILE,$(filter-out $(BASE_FILES_NEEDING_INT128),$(LITE_BASE_FILES)))) LITE_JSON_FILES := $(patsubst %,$(JSON_DIR)%.json,$(LITE_BASE_FILES)) LITE_JAVA_FILES := $(patsubst %,$(JAVA_DIR)%.java,$(call JAVA_RENAME,$(filter-out $(BASE_FILES_NEEDING_INT128),$(LITE_BASE_FILES)))) +LITE_ZIG_FILES := $(patsubst %,$(ZIG_DIR)%.zig,$(LITE_BASE_FILES)) BEDROCK2_UNSATURATED_SOLINAS := src/ExtractionOCaml/bedrock2_unsaturated_solinas BEDROCK2_WORD_BY_WORD_MONTGOMERY := src/ExtractionOCaml/bedrock2_word_by_word_montgomery @@ -273,8 +277,8 @@ endif CHECK_OUTPUTS := $(addprefix check-,$(OUTPUT_PREOUTS)) ACCEPT_OUTPUTS := $(addprefix accept-,$(OUTPUT_PREOUTS)) -generated-files: c-files rust-files go-files json-files java-files -lite-generated-files: lite-c-files lite-rust-files lite-go-files lite-json-files lite-java-files +generated-files: c-files rust-files go-files json-files java-files zig-files +lite-generated-files: lite-c-files lite-rust-files lite-go-files lite-json-files lite-java-files lite-zig-files all-except-compiled: coq pre-standalone-extracted check-output all-except-generated: standalone-ocaml perf-standalone all-except-compiled all: all-except-generated generated-files @@ -291,6 +295,7 @@ rust-files: $(ALL_RUST_FILES) go-files: $(ALL_GO_FILES) json-files: $(ALL_JSON_FILES) java-files: $(ALL_JAVA_FILES) +zig-files: $(ALL_ZIG_FILES) lite-c-files: $(LITE_C_FILES) lite-bedrock2-files: $(LITE_BEDROCK2_FILES) @@ -298,6 +303,7 @@ lite-rust-files: $(LITE_RUST_FILES) lite-go-files: $(LITE_GO_FILES) lite-json-files: $(LITE_JSON_FILES) lite-java-files: $(LITE_JAVA_FILES) +lite-zig-files: $(LITE_ZIG_FILES) lite: $(LITE_VOFILES) nobigmem: $(NOBIGMEM_VOFILES) @@ -537,6 +543,17 @@ test-rust-files: $(ALL_RUST_FILES) test-rust-files only-test-rust-files: cd fiat-rust; $(CARGO_BUILD) +$(ALL_ZIG_FILES) : $(ZIG_DIR)%.zig : $$($$($$*_BINARY_NAME)) + $(SHOW)'SYNTHESIZE > $@' + $(HIDE)rm -f $@.ok + $(HIDE)($(TIMER) $($($*_BINARY_NAME)) --lang Zig --internal-static --public-function-case camelCase --private-function-case camelCase $($*_DESCRIPTION) $($*_ARGS) $($*_FUNCTIONS) && touch $@.ok) > $@.tmp + $(HIDE)(rm $@.ok && mv $@.tmp $@) || ( RV=$$?; cat $@.tmp; exit $$RV ) + +test-zig-files: $(ALL_ZIG_FILES) + +test-zig-files only-test-zig-files: + cd fiat-zig; $(ZIG_BUILD) + all: $(addprefix fiat-rust/,$(COPY_TO_FIAT_RUST)) all: $(addprefix fiat-go/,$(COPY_TO_FIAT_GO)) diff --git a/_CoqProject b/_CoqProject index b4a716db0c..04b27a4575 100644 --- a/_CoqProject +++ b/_CoqProject @@ -214,6 +214,7 @@ src/Stringification/JSON.v src/Stringification/Java.v src/Stringification/Language.v src/Stringification/Rust.v +src/Stringification/Zig.v src/UnsaturatedSolinasHeuristics/Tests.v src/Util/AdditionChainExponentiation.v src/Util/Arg.v diff --git a/etc/coq-scripts b/etc/coq-scripts index 2610bf6444..d0b8e808e0 160000 --- a/etc/coq-scripts +++ b/etc/coq-scripts @@ -1 +1 @@ -Subproject commit 2610bf64448305c258daa9f0e2ca50ca63853bb3 +Subproject commit d0b8e808e0382d791eb6c0a2d9d751300a2d2057 diff --git a/fiat-zig/build.zig b/fiat-zig/build.zig new file mode 100644 index 0000000000..237143c537 --- /dev/null +++ b/fiat-zig/build.zig @@ -0,0 +1,15 @@ +const std = @import("std"); + +pub fn build(b: *std.build.Builder) void { + const mode = b.standardReleaseOptions(); + + const lib = b.addStaticLibrary("fiat-zig", "src/main.zig"); + lib.setBuildMode(mode); + lib.install(); + + var main_tests = b.addTest("src/main.zig"); + main_tests.setBuildMode(mode); + + const test_step = b.step("test", "Run library tests"); + test_step.dependOn(&main_tests.step); +} diff --git a/fiat-zig/src/curve25519_32.zig b/fiat-zig/src/curve25519_32.zig new file mode 100644 index 0000000000..dd7d1618a7 --- /dev/null +++ b/fiat-zig/src/curve25519_32.zig @@ -0,0 +1,951 @@ +/// Autogenerated: 'src/ExtractionOCaml/unsaturated_solinas' --lang Zig --internal-static --public-function-case camelCase --private-function-case camelCase 25519 32 '(auto)' '2^255 - 19' carry_mul carry_square carry add sub opp selectznz to_bytes from_bytes carry_scmul121666 +/// curve description: 25519 +/// machine_wordsize = 32 (from "32") +/// requested operations: carry_mul, carry_square, carry, add, sub, opp, selectznz, to_bytes, from_bytes, carry_scmul121666 +/// n = 10 (from "(auto)") +/// s-c = 2^255 - [(1, 19)] (from "2^255 - 19") +/// tight_bounds_multiplier = 1 (from "") +/// +/// Computed values: +/// carry_chain = [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 0, 1] +/// eval z = z[0] + (z[1] << 26) + (z[2] << 51) + (z[3] << 77) + (z[4] << 102) + (z[5] << 128) + (z[6] << 153) + (z[7] << 179) + (z[8] << 204) + (z[9] << 230) +/// bytes_eval z = z[0] + (z[1] << 8) + (z[2] << 16) + (z[3] << 24) + (z[4] << 32) + (z[5] << 40) + (z[6] << 48) + (z[7] << 56) + (z[8] << 64) + (z[9] << 72) + (z[10] << 80) + (z[11] << 88) + (z[12] << 96) + (z[13] << 104) + (z[14] << 112) + (z[15] << 120) + (z[16] << 128) + (z[17] << 136) + (z[18] << 144) + (z[19] << 152) + (z[20] << 160) + (z[21] << 168) + (z[22] << 176) + (z[23] << 184) + (z[24] << 192) + (z[25] << 200) + (z[26] << 208) + (z[27] << 216) + (z[28] << 224) + (z[29] << 232) + (z[30] << 240) + (z[31] << 248) +/// balance = [0x7ffffda, 0x3fffffe, 0x7fffffe, 0x3fffffe, 0x7fffffe, 0x3fffffe, 0x7fffffe, 0x3fffffe, 0x7fffffe, 0x3fffffe] + + +/// The function fiat25519AddcarryxU26 is an addition with carry. +/// Postconditions: +/// out1 = (arg1 + arg2 + arg3) mod 2^26 +/// out2 = ⌊(arg1 + arg2 + arg3) / 2^26⌋ +/// +/// Input Bounds: +/// arg1: [0x0 ~> 0x1] +/// arg2: [0x0 ~> 0x3ffffff] +/// arg3: [0x0 ~> 0x3ffffff] +/// Output Bounds: +/// out1: [0x0 ~> 0x3ffffff] +/// out2: [0x0 ~> 0x1] +fn fiat25519AddcarryxU26(out1: *u32, out2: *u1, arg1: u1, arg2: u32, arg3: u32) callconv(.Inline) void { + const x1: u32 = ((@intCast(u32, arg1) + arg2) + arg3); + const x2: u32 = (x1 & 0x3ffffff); + const x3: u1 = @intCast(u1, (x1 >> 26)); + out1.* = x2; + out2.* = x3; +} + +/// The function fiat25519SubborrowxU26 is a subtraction with borrow. +/// Postconditions: +/// out1 = (-arg1 + arg2 + -arg3) mod 2^26 +/// out2 = -⌊(-arg1 + arg2 + -arg3) / 2^26⌋ +/// +/// Input Bounds: +/// arg1: [0x0 ~> 0x1] +/// arg2: [0x0 ~> 0x3ffffff] +/// arg3: [0x0 ~> 0x3ffffff] +/// Output Bounds: +/// out1: [0x0 ~> 0x3ffffff] +/// out2: [0x0 ~> 0x1] +fn fiat25519SubborrowxU26(out1: *u32, out2: *u1, arg1: u1, arg2: u32, arg3: u32) callconv(.Inline) void { + const x1: i32 = @intCast(i32, (@intCast(i64, @intCast(i32, (@intCast(i64, arg2) - @intCast(i64, arg1)))) - @intCast(i64, arg3))); + const x2: i1 = @intCast(i1, (x1 >> 26)); + const x3: u32 = @intCast(u32, (@intCast(i64, x1) & @intCast(i64, 0x3ffffff))); + out1.* = x3; + out2.* = @intCast(u1, (@intCast(i2, 0x0) - @intCast(i2, x2))); +} + +/// The function fiat25519AddcarryxU25 is an addition with carry. +/// Postconditions: +/// out1 = (arg1 + arg2 + arg3) mod 2^25 +/// out2 = ⌊(arg1 + arg2 + arg3) / 2^25⌋ +/// +/// Input Bounds: +/// arg1: [0x0 ~> 0x1] +/// arg2: [0x0 ~> 0x1ffffff] +/// arg3: [0x0 ~> 0x1ffffff] +/// Output Bounds: +/// out1: [0x0 ~> 0x1ffffff] +/// out2: [0x0 ~> 0x1] +fn fiat25519AddcarryxU25(out1: *u32, out2: *u1, arg1: u1, arg2: u32, arg3: u32) callconv(.Inline) void { + const x1: u32 = ((@intCast(u32, arg1) + arg2) + arg3); + const x2: u32 = (x1 & 0x1ffffff); + const x3: u1 = @intCast(u1, (x1 >> 25)); + out1.* = x2; + out2.* = x3; +} + +/// The function fiat25519SubborrowxU25 is a subtraction with borrow. +/// Postconditions: +/// out1 = (-arg1 + arg2 + -arg3) mod 2^25 +/// out2 = -⌊(-arg1 + arg2 + -arg3) / 2^25⌋ +/// +/// Input Bounds: +/// arg1: [0x0 ~> 0x1] +/// arg2: [0x0 ~> 0x1ffffff] +/// arg3: [0x0 ~> 0x1ffffff] +/// Output Bounds: +/// out1: [0x0 ~> 0x1ffffff] +/// out2: [0x0 ~> 0x1] +fn fiat25519SubborrowxU25(out1: *u32, out2: *u1, arg1: u1, arg2: u32, arg3: u32) callconv(.Inline) void { + const x1: i32 = @intCast(i32, (@intCast(i64, @intCast(i32, (@intCast(i64, arg2) - @intCast(i64, arg1)))) - @intCast(i64, arg3))); + const x2: i1 = @intCast(i1, (x1 >> 25)); + const x3: u32 = @intCast(u32, (@intCast(i64, x1) & @intCast(i64, 0x1ffffff))); + out1.* = x3; + out2.* = @intCast(u1, (@intCast(i2, 0x0) - @intCast(i2, x2))); +} + +/// The function fiat25519CmovznzU32 is a single-word conditional move. +/// Postconditions: +/// out1 = (if arg1 = 0 then arg2 else arg3) +/// +/// Input Bounds: +/// arg1: [0x0 ~> 0x1] +/// arg2: [0x0 ~> 0xffffffff] +/// arg3: [0x0 ~> 0xffffffff] +/// Output Bounds: +/// out1: [0x0 ~> 0xffffffff] +fn fiat25519CmovznzU32(out1: *u32, arg1: u1, arg2: u32, arg3: u32) callconv(.Inline) void { + const x1: u1 = (~(~arg1)); + const x2: u32 = @intCast(u32, (@intCast(i64, @intCast(i1, (@intCast(i2, 0x0) - @intCast(i2, x1)))) & @intCast(i64, 0xffffffff))); + const x3: u32 = ((x2 & arg3) | ((~x2) & arg2)); + out1.* = x3; +} + +/// The function fiat25519CarryMul multiplies two field elements and reduces the result. +/// Postconditions: +/// eval out1 mod m = (eval arg1 * eval arg2) mod m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xc000000], [0x0 ~> 0x6000000], [0x0 ~> 0xc000000], [0x0 ~> 0x6000000], [0x0 ~> 0xc000000], [0x0 ~> 0x6000000], [0x0 ~> 0xc000000], [0x0 ~> 0x6000000], [0x0 ~> 0xc000000], [0x0 ~> 0x6000000]] +/// arg2: [[0x0 ~> 0xc000000], [0x0 ~> 0x6000000], [0x0 ~> 0xc000000], [0x0 ~> 0x6000000], [0x0 ~> 0xc000000], [0x0 ~> 0x6000000], [0x0 ~> 0xc000000], [0x0 ~> 0x6000000], [0x0 ~> 0xc000000], [0x0 ~> 0x6000000]] +/// Output Bounds: +/// out1: [[0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000]] +pub fn fiat25519CarryMul(out1: *[10]u32, arg1: [10]u32, arg2: [10]u32) void { + const x1: u64 = (@intCast(u64, (arg1[9])) * @intCast(u64, ((arg2[9]) * 0x26))); + const x2: u64 = (@intCast(u64, (arg1[9])) * @intCast(u64, ((arg2[8]) * 0x13))); + const x3: u64 = (@intCast(u64, (arg1[9])) * @intCast(u64, ((arg2[7]) * 0x26))); + const x4: u64 = (@intCast(u64, (arg1[9])) * @intCast(u64, ((arg2[6]) * 0x13))); + const x5: u64 = (@intCast(u64, (arg1[9])) * @intCast(u64, ((arg2[5]) * 0x26))); + const x6: u64 = (@intCast(u64, (arg1[9])) * @intCast(u64, ((arg2[4]) * 0x13))); + const x7: u64 = (@intCast(u64, (arg1[9])) * @intCast(u64, ((arg2[3]) * 0x26))); + const x8: u64 = (@intCast(u64, (arg1[9])) * @intCast(u64, ((arg2[2]) * 0x13))); + const x9: u64 = (@intCast(u64, (arg1[9])) * @intCast(u64, ((arg2[1]) * 0x26))); + const x10: u64 = (@intCast(u64, (arg1[8])) * @intCast(u64, ((arg2[9]) * 0x13))); + const x11: u64 = (@intCast(u64, (arg1[8])) * @intCast(u64, ((arg2[8]) * 0x13))); + const x12: u64 = (@intCast(u64, (arg1[8])) * @intCast(u64, ((arg2[7]) * 0x13))); + const x13: u64 = (@intCast(u64, (arg1[8])) * @intCast(u64, ((arg2[6]) * 0x13))); + const x14: u64 = (@intCast(u64, (arg1[8])) * @intCast(u64, ((arg2[5]) * 0x13))); + const x15: u64 = (@intCast(u64, (arg1[8])) * @intCast(u64, ((arg2[4]) * 0x13))); + const x16: u64 = (@intCast(u64, (arg1[8])) * @intCast(u64, ((arg2[3]) * 0x13))); + const x17: u64 = (@intCast(u64, (arg1[8])) * @intCast(u64, ((arg2[2]) * 0x13))); + const x18: u64 = (@intCast(u64, (arg1[7])) * @intCast(u64, ((arg2[9]) * 0x26))); + const x19: u64 = (@intCast(u64, (arg1[7])) * @intCast(u64, ((arg2[8]) * 0x13))); + const x20: u64 = (@intCast(u64, (arg1[7])) * @intCast(u64, ((arg2[7]) * 0x26))); + const x21: u64 = (@intCast(u64, (arg1[7])) * @intCast(u64, ((arg2[6]) * 0x13))); + const x22: u64 = (@intCast(u64, (arg1[7])) * @intCast(u64, ((arg2[5]) * 0x26))); + const x23: u64 = (@intCast(u64, (arg1[7])) * @intCast(u64, ((arg2[4]) * 0x13))); + const x24: u64 = (@intCast(u64, (arg1[7])) * @intCast(u64, ((arg2[3]) * 0x26))); + const x25: u64 = (@intCast(u64, (arg1[6])) * @intCast(u64, ((arg2[9]) * 0x13))); + const x26: u64 = (@intCast(u64, (arg1[6])) * @intCast(u64, ((arg2[8]) * 0x13))); + const x27: u64 = (@intCast(u64, (arg1[6])) * @intCast(u64, ((arg2[7]) * 0x13))); + const x28: u64 = (@intCast(u64, (arg1[6])) * @intCast(u64, ((arg2[6]) * 0x13))); + const x29: u64 = (@intCast(u64, (arg1[6])) * @intCast(u64, ((arg2[5]) * 0x13))); + const x30: u64 = (@intCast(u64, (arg1[6])) * @intCast(u64, ((arg2[4]) * 0x13))); + const x31: u64 = (@intCast(u64, (arg1[5])) * @intCast(u64, ((arg2[9]) * 0x26))); + const x32: u64 = (@intCast(u64, (arg1[5])) * @intCast(u64, ((arg2[8]) * 0x13))); + const x33: u64 = (@intCast(u64, (arg1[5])) * @intCast(u64, ((arg2[7]) * 0x26))); + const x34: u64 = (@intCast(u64, (arg1[5])) * @intCast(u64, ((arg2[6]) * 0x13))); + const x35: u64 = (@intCast(u64, (arg1[5])) * @intCast(u64, ((arg2[5]) * 0x26))); + const x36: u64 = (@intCast(u64, (arg1[4])) * @intCast(u64, ((arg2[9]) * 0x13))); + const x37: u64 = (@intCast(u64, (arg1[4])) * @intCast(u64, ((arg2[8]) * 0x13))); + const x38: u64 = (@intCast(u64, (arg1[4])) * @intCast(u64, ((arg2[7]) * 0x13))); + const x39: u64 = (@intCast(u64, (arg1[4])) * @intCast(u64, ((arg2[6]) * 0x13))); + const x40: u64 = (@intCast(u64, (arg1[3])) * @intCast(u64, ((arg2[9]) * 0x26))); + const x41: u64 = (@intCast(u64, (arg1[3])) * @intCast(u64, ((arg2[8]) * 0x13))); + const x42: u64 = (@intCast(u64, (arg1[3])) * @intCast(u64, ((arg2[7]) * 0x26))); + const x43: u64 = (@intCast(u64, (arg1[2])) * @intCast(u64, ((arg2[9]) * 0x13))); + const x44: u64 = (@intCast(u64, (arg1[2])) * @intCast(u64, ((arg2[8]) * 0x13))); + const x45: u64 = (@intCast(u64, (arg1[1])) * @intCast(u64, ((arg2[9]) * 0x26))); + const x46: u64 = (@intCast(u64, (arg1[9])) * @intCast(u64, (arg2[0]))); + const x47: u64 = (@intCast(u64, (arg1[8])) * @intCast(u64, (arg2[1]))); + const x48: u64 = (@intCast(u64, (arg1[8])) * @intCast(u64, (arg2[0]))); + const x49: u64 = (@intCast(u64, (arg1[7])) * @intCast(u64, (arg2[2]))); + const x50: u64 = (@intCast(u64, (arg1[7])) * @intCast(u64, ((arg2[1]) * 0x2))); + const x51: u64 = (@intCast(u64, (arg1[7])) * @intCast(u64, (arg2[0]))); + const x52: u64 = (@intCast(u64, (arg1[6])) * @intCast(u64, (arg2[3]))); + const x53: u64 = (@intCast(u64, (arg1[6])) * @intCast(u64, (arg2[2]))); + const x54: u64 = (@intCast(u64, (arg1[6])) * @intCast(u64, (arg2[1]))); + const x55: u64 = (@intCast(u64, (arg1[6])) * @intCast(u64, (arg2[0]))); + const x56: u64 = (@intCast(u64, (arg1[5])) * @intCast(u64, (arg2[4]))); + const x57: u64 = (@intCast(u64, (arg1[5])) * @intCast(u64, ((arg2[3]) * 0x2))); + const x58: u64 = (@intCast(u64, (arg1[5])) * @intCast(u64, (arg2[2]))); + const x59: u64 = (@intCast(u64, (arg1[5])) * @intCast(u64, ((arg2[1]) * 0x2))); + const x60: u64 = (@intCast(u64, (arg1[5])) * @intCast(u64, (arg2[0]))); + const x61: u64 = (@intCast(u64, (arg1[4])) * @intCast(u64, (arg2[5]))); + const x62: u64 = (@intCast(u64, (arg1[4])) * @intCast(u64, (arg2[4]))); + const x63: u64 = (@intCast(u64, (arg1[4])) * @intCast(u64, (arg2[3]))); + const x64: u64 = (@intCast(u64, (arg1[4])) * @intCast(u64, (arg2[2]))); + const x65: u64 = (@intCast(u64, (arg1[4])) * @intCast(u64, (arg2[1]))); + const x66: u64 = (@intCast(u64, (arg1[4])) * @intCast(u64, (arg2[0]))); + const x67: u64 = (@intCast(u64, (arg1[3])) * @intCast(u64, (arg2[6]))); + const x68: u64 = (@intCast(u64, (arg1[3])) * @intCast(u64, ((arg2[5]) * 0x2))); + const x69: u64 = (@intCast(u64, (arg1[3])) * @intCast(u64, (arg2[4]))); + const x70: u64 = (@intCast(u64, (arg1[3])) * @intCast(u64, ((arg2[3]) * 0x2))); + const x71: u64 = (@intCast(u64, (arg1[3])) * @intCast(u64, (arg2[2]))); + const x72: u64 = (@intCast(u64, (arg1[3])) * @intCast(u64, ((arg2[1]) * 0x2))); + const x73: u64 = (@intCast(u64, (arg1[3])) * @intCast(u64, (arg2[0]))); + const x74: u64 = (@intCast(u64, (arg1[2])) * @intCast(u64, (arg2[7]))); + const x75: u64 = (@intCast(u64, (arg1[2])) * @intCast(u64, (arg2[6]))); + const x76: u64 = (@intCast(u64, (arg1[2])) * @intCast(u64, (arg2[5]))); + const x77: u64 = (@intCast(u64, (arg1[2])) * @intCast(u64, (arg2[4]))); + const x78: u64 = (@intCast(u64, (arg1[2])) * @intCast(u64, (arg2[3]))); + const x79: u64 = (@intCast(u64, (arg1[2])) * @intCast(u64, (arg2[2]))); + const x80: u64 = (@intCast(u64, (arg1[2])) * @intCast(u64, (arg2[1]))); + const x81: u64 = (@intCast(u64, (arg1[2])) * @intCast(u64, (arg2[0]))); + const x82: u64 = (@intCast(u64, (arg1[1])) * @intCast(u64, (arg2[8]))); + const x83: u64 = (@intCast(u64, (arg1[1])) * @intCast(u64, ((arg2[7]) * 0x2))); + const x84: u64 = (@intCast(u64, (arg1[1])) * @intCast(u64, (arg2[6]))); + const x85: u64 = (@intCast(u64, (arg1[1])) * @intCast(u64, ((arg2[5]) * 0x2))); + const x86: u64 = (@intCast(u64, (arg1[1])) * @intCast(u64, (arg2[4]))); + const x87: u64 = (@intCast(u64, (arg1[1])) * @intCast(u64, ((arg2[3]) * 0x2))); + const x88: u64 = (@intCast(u64, (arg1[1])) * @intCast(u64, (arg2[2]))); + const x89: u64 = (@intCast(u64, (arg1[1])) * @intCast(u64, ((arg2[1]) * 0x2))); + const x90: u64 = (@intCast(u64, (arg1[1])) * @intCast(u64, (arg2[0]))); + const x91: u64 = (@intCast(u64, (arg1[0])) * @intCast(u64, (arg2[9]))); + const x92: u64 = (@intCast(u64, (arg1[0])) * @intCast(u64, (arg2[8]))); + const x93: u64 = (@intCast(u64, (arg1[0])) * @intCast(u64, (arg2[7]))); + const x94: u64 = (@intCast(u64, (arg1[0])) * @intCast(u64, (arg2[6]))); + const x95: u64 = (@intCast(u64, (arg1[0])) * @intCast(u64, (arg2[5]))); + const x96: u64 = (@intCast(u64, (arg1[0])) * @intCast(u64, (arg2[4]))); + const x97: u64 = (@intCast(u64, (arg1[0])) * @intCast(u64, (arg2[3]))); + const x98: u64 = (@intCast(u64, (arg1[0])) * @intCast(u64, (arg2[2]))); + const x99: u64 = (@intCast(u64, (arg1[0])) * @intCast(u64, (arg2[1]))); + const x100: u64 = (@intCast(u64, (arg1[0])) * @intCast(u64, (arg2[0]))); + const x101: u64 = (x100 + (x45 + (x44 + (x42 + (x39 + (x35 + (x30 + (x24 + (x17 + x9))))))))); + const x102: u64 = (x101 >> 26); + const x103: u32 = @intCast(u32, (x101 & @intCast(u64, 0x3ffffff))); + const x104: u64 = (x91 + (x82 + (x74 + (x67 + (x61 + (x56 + (x52 + (x49 + (x47 + x46))))))))); + const x105: u64 = (x92 + (x83 + (x75 + (x68 + (x62 + (x57 + (x53 + (x50 + (x48 + x1))))))))); + const x106: u64 = (x93 + (x84 + (x76 + (x69 + (x63 + (x58 + (x54 + (x51 + (x10 + x2))))))))); + const x107: u64 = (x94 + (x85 + (x77 + (x70 + (x64 + (x59 + (x55 + (x18 + (x11 + x3))))))))); + const x108: u64 = (x95 + (x86 + (x78 + (x71 + (x65 + (x60 + (x25 + (x19 + (x12 + x4))))))))); + const x109: u64 = (x96 + (x87 + (x79 + (x72 + (x66 + (x31 + (x26 + (x20 + (x13 + x5))))))))); + const x110: u64 = (x97 + (x88 + (x80 + (x73 + (x36 + (x32 + (x27 + (x21 + (x14 + x6))))))))); + const x111: u64 = (x98 + (x89 + (x81 + (x40 + (x37 + (x33 + (x28 + (x22 + (x15 + x7))))))))); + const x112: u64 = (x99 + (x90 + (x43 + (x41 + (x38 + (x34 + (x29 + (x23 + (x16 + x8))))))))); + const x113: u64 = (x102 + x112); + const x114: u64 = (x113 >> 25); + const x115: u32 = @intCast(u32, (x113 & @intCast(u64, 0x1ffffff))); + const x116: u64 = (x114 + x111); + const x117: u64 = (x116 >> 26); + const x118: u32 = @intCast(u32, (x116 & @intCast(u64, 0x3ffffff))); + const x119: u64 = (x117 + x110); + const x120: u64 = (x119 >> 25); + const x121: u32 = @intCast(u32, (x119 & @intCast(u64, 0x1ffffff))); + const x122: u64 = (x120 + x109); + const x123: u64 = (x122 >> 26); + const x124: u32 = @intCast(u32, (x122 & @intCast(u64, 0x3ffffff))); + const x125: u64 = (x123 + x108); + const x126: u64 = (x125 >> 25); + const x127: u32 = @intCast(u32, (x125 & @intCast(u64, 0x1ffffff))); + const x128: u64 = (x126 + x107); + const x129: u64 = (x128 >> 26); + const x130: u32 = @intCast(u32, (x128 & @intCast(u64, 0x3ffffff))); + const x131: u64 = (x129 + x106); + const x132: u64 = (x131 >> 25); + const x133: u32 = @intCast(u32, (x131 & @intCast(u64, 0x1ffffff))); + const x134: u64 = (x132 + x105); + const x135: u64 = (x134 >> 26); + const x136: u32 = @intCast(u32, (x134 & @intCast(u64, 0x3ffffff))); + const x137: u64 = (x135 + x104); + const x138: u64 = (x137 >> 25); + const x139: u32 = @intCast(u32, (x137 & @intCast(u64, 0x1ffffff))); + const x140: u64 = (x138 * @intCast(u64, 0x13)); + const x141: u64 = (@intCast(u64, x103) + x140); + const x142: u32 = @intCast(u32, (x141 >> 26)); + const x143: u32 = @intCast(u32, (x141 & @intCast(u64, 0x3ffffff))); + const x144: u32 = (x142 + x115); + const x145: u1 = @intCast(u1, (x144 >> 25)); + const x146: u32 = (x144 & 0x1ffffff); + const x147: u32 = (@intCast(u32, x145) + x118); + out1[0] = x143; + out1[1] = x146; + out1[2] = x147; + out1[3] = x121; + out1[4] = x124; + out1[5] = x127; + out1[6] = x130; + out1[7] = x133; + out1[8] = x136; + out1[9] = x139; +} + +/// The function fiat25519CarrySquare squares a field element and reduces the result. +/// Postconditions: +/// eval out1 mod m = (eval arg1 * eval arg1) mod m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xc000000], [0x0 ~> 0x6000000], [0x0 ~> 0xc000000], [0x0 ~> 0x6000000], [0x0 ~> 0xc000000], [0x0 ~> 0x6000000], [0x0 ~> 0xc000000], [0x0 ~> 0x6000000], [0x0 ~> 0xc000000], [0x0 ~> 0x6000000]] +/// Output Bounds: +/// out1: [[0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000]] +pub fn fiat25519CarrySquare(out1: *[10]u32, arg1: [10]u32) void { + const x1: u32 = ((arg1[9]) * 0x13); + const x2: u32 = (x1 * 0x2); + const x3: u32 = ((arg1[9]) * 0x2); + const x4: u32 = ((arg1[8]) * 0x13); + const x5: u64 = (@intCast(u64, x4) * @intCast(u64, 0x2)); + const x6: u32 = ((arg1[8]) * 0x2); + const x7: u32 = ((arg1[7]) * 0x13); + const x8: u32 = (x7 * 0x2); + const x9: u32 = ((arg1[7]) * 0x2); + const x10: u32 = ((arg1[6]) * 0x13); + const x11: u64 = (@intCast(u64, x10) * @intCast(u64, 0x2)); + const x12: u32 = ((arg1[6]) * 0x2); + const x13: u32 = ((arg1[5]) * 0x13); + const x14: u32 = ((arg1[5]) * 0x2); + const x15: u32 = ((arg1[4]) * 0x2); + const x16: u32 = ((arg1[3]) * 0x2); + const x17: u32 = ((arg1[2]) * 0x2); + const x18: u32 = ((arg1[1]) * 0x2); + const x19: u64 = (@intCast(u64, (arg1[9])) * @intCast(u64, (x1 * 0x2))); + const x20: u64 = (@intCast(u64, (arg1[8])) * @intCast(u64, x2)); + const x21: u64 = (@intCast(u64, (arg1[8])) * @intCast(u64, x4)); + const x22: u64 = (@intCast(u64, (arg1[7])) * (@intCast(u64, x2) * @intCast(u64, 0x2))); + const x23: u64 = (@intCast(u64, (arg1[7])) * x5); + const x24: u64 = (@intCast(u64, (arg1[7])) * @intCast(u64, (x7 * 0x2))); + const x25: u64 = (@intCast(u64, (arg1[6])) * @intCast(u64, x2)); + const x26: u64 = (@intCast(u64, (arg1[6])) * x5); + const x27: u64 = (@intCast(u64, (arg1[6])) * @intCast(u64, x8)); + const x28: u64 = (@intCast(u64, (arg1[6])) * @intCast(u64, x10)); + const x29: u64 = (@intCast(u64, (arg1[5])) * (@intCast(u64, x2) * @intCast(u64, 0x2))); + const x30: u64 = (@intCast(u64, (arg1[5])) * x5); + const x31: u64 = (@intCast(u64, (arg1[5])) * (@intCast(u64, x8) * @intCast(u64, 0x2))); + const x32: u64 = (@intCast(u64, (arg1[5])) * x11); + const x33: u64 = (@intCast(u64, (arg1[5])) * @intCast(u64, (x13 * 0x2))); + const x34: u64 = (@intCast(u64, (arg1[4])) * @intCast(u64, x2)); + const x35: u64 = (@intCast(u64, (arg1[4])) * x5); + const x36: u64 = (@intCast(u64, (arg1[4])) * @intCast(u64, x8)); + const x37: u64 = (@intCast(u64, (arg1[4])) * x11); + const x38: u64 = (@intCast(u64, (arg1[4])) * @intCast(u64, x14)); + const x39: u64 = (@intCast(u64, (arg1[4])) * @intCast(u64, (arg1[4]))); + const x40: u64 = (@intCast(u64, (arg1[3])) * (@intCast(u64, x2) * @intCast(u64, 0x2))); + const x41: u64 = (@intCast(u64, (arg1[3])) * x5); + const x42: u64 = (@intCast(u64, (arg1[3])) * (@intCast(u64, x8) * @intCast(u64, 0x2))); + const x43: u64 = (@intCast(u64, (arg1[3])) * @intCast(u64, x12)); + const x44: u64 = (@intCast(u64, (arg1[3])) * @intCast(u64, (x14 * 0x2))); + const x45: u64 = (@intCast(u64, (arg1[3])) * @intCast(u64, x15)); + const x46: u64 = (@intCast(u64, (arg1[3])) * @intCast(u64, ((arg1[3]) * 0x2))); + const x47: u64 = (@intCast(u64, (arg1[2])) * @intCast(u64, x2)); + const x48: u64 = (@intCast(u64, (arg1[2])) * x5); + const x49: u64 = (@intCast(u64, (arg1[2])) * @intCast(u64, x9)); + const x50: u64 = (@intCast(u64, (arg1[2])) * @intCast(u64, x12)); + const x51: u64 = (@intCast(u64, (arg1[2])) * @intCast(u64, x14)); + const x52: u64 = (@intCast(u64, (arg1[2])) * @intCast(u64, x15)); + const x53: u64 = (@intCast(u64, (arg1[2])) * @intCast(u64, x16)); + const x54: u64 = (@intCast(u64, (arg1[2])) * @intCast(u64, (arg1[2]))); + const x55: u64 = (@intCast(u64, (arg1[1])) * (@intCast(u64, x2) * @intCast(u64, 0x2))); + const x56: u64 = (@intCast(u64, (arg1[1])) * @intCast(u64, x6)); + const x57: u64 = (@intCast(u64, (arg1[1])) * @intCast(u64, (x9 * 0x2))); + const x58: u64 = (@intCast(u64, (arg1[1])) * @intCast(u64, x12)); + const x59: u64 = (@intCast(u64, (arg1[1])) * @intCast(u64, (x14 * 0x2))); + const x60: u64 = (@intCast(u64, (arg1[1])) * @intCast(u64, x15)); + const x61: u64 = (@intCast(u64, (arg1[1])) * @intCast(u64, (x16 * 0x2))); + const x62: u64 = (@intCast(u64, (arg1[1])) * @intCast(u64, x17)); + const x63: u64 = (@intCast(u64, (arg1[1])) * @intCast(u64, ((arg1[1]) * 0x2))); + const x64: u64 = (@intCast(u64, (arg1[0])) * @intCast(u64, x3)); + const x65: u64 = (@intCast(u64, (arg1[0])) * @intCast(u64, x6)); + const x66: u64 = (@intCast(u64, (arg1[0])) * @intCast(u64, x9)); + const x67: u64 = (@intCast(u64, (arg1[0])) * @intCast(u64, x12)); + const x68: u64 = (@intCast(u64, (arg1[0])) * @intCast(u64, x14)); + const x69: u64 = (@intCast(u64, (arg1[0])) * @intCast(u64, x15)); + const x70: u64 = (@intCast(u64, (arg1[0])) * @intCast(u64, x16)); + const x71: u64 = (@intCast(u64, (arg1[0])) * @intCast(u64, x17)); + const x72: u64 = (@intCast(u64, (arg1[0])) * @intCast(u64, x18)); + const x73: u64 = (@intCast(u64, (arg1[0])) * @intCast(u64, (arg1[0]))); + const x74: u64 = (x73 + (x55 + (x48 + (x42 + (x37 + x33))))); + const x75: u64 = (x74 >> 26); + const x76: u32 = @intCast(u32, (x74 & @intCast(u64, 0x3ffffff))); + const x77: u64 = (x64 + (x56 + (x49 + (x43 + x38)))); + const x78: u64 = (x65 + (x57 + (x50 + (x44 + (x39 + x19))))); + const x79: u64 = (x66 + (x58 + (x51 + (x45 + x20)))); + const x80: u64 = (x67 + (x59 + (x52 + (x46 + (x22 + x21))))); + const x81: u64 = (x68 + (x60 + (x53 + (x25 + x23)))); + const x82: u64 = (x69 + (x61 + (x54 + (x29 + (x26 + x24))))); + const x83: u64 = (x70 + (x62 + (x34 + (x30 + x27)))); + const x84: u64 = (x71 + (x63 + (x40 + (x35 + (x31 + x28))))); + const x85: u64 = (x72 + (x47 + (x41 + (x36 + x32)))); + const x86: u64 = (x75 + x85); + const x87: u64 = (x86 >> 25); + const x88: u32 = @intCast(u32, (x86 & @intCast(u64, 0x1ffffff))); + const x89: u64 = (x87 + x84); + const x90: u64 = (x89 >> 26); + const x91: u32 = @intCast(u32, (x89 & @intCast(u64, 0x3ffffff))); + const x92: u64 = (x90 + x83); + const x93: u64 = (x92 >> 25); + const x94: u32 = @intCast(u32, (x92 & @intCast(u64, 0x1ffffff))); + const x95: u64 = (x93 + x82); + const x96: u64 = (x95 >> 26); + const x97: u32 = @intCast(u32, (x95 & @intCast(u64, 0x3ffffff))); + const x98: u64 = (x96 + x81); + const x99: u64 = (x98 >> 25); + const x100: u32 = @intCast(u32, (x98 & @intCast(u64, 0x1ffffff))); + const x101: u64 = (x99 + x80); + const x102: u64 = (x101 >> 26); + const x103: u32 = @intCast(u32, (x101 & @intCast(u64, 0x3ffffff))); + const x104: u64 = (x102 + x79); + const x105: u64 = (x104 >> 25); + const x106: u32 = @intCast(u32, (x104 & @intCast(u64, 0x1ffffff))); + const x107: u64 = (x105 + x78); + const x108: u64 = (x107 >> 26); + const x109: u32 = @intCast(u32, (x107 & @intCast(u64, 0x3ffffff))); + const x110: u64 = (x108 + x77); + const x111: u64 = (x110 >> 25); + const x112: u32 = @intCast(u32, (x110 & @intCast(u64, 0x1ffffff))); + const x113: u64 = (x111 * @intCast(u64, 0x13)); + const x114: u64 = (@intCast(u64, x76) + x113); + const x115: u32 = @intCast(u32, (x114 >> 26)); + const x116: u32 = @intCast(u32, (x114 & @intCast(u64, 0x3ffffff))); + const x117: u32 = (x115 + x88); + const x118: u1 = @intCast(u1, (x117 >> 25)); + const x119: u32 = (x117 & 0x1ffffff); + const x120: u32 = (@intCast(u32, x118) + x91); + out1[0] = x116; + out1[1] = x119; + out1[2] = x120; + out1[3] = x94; + out1[4] = x97; + out1[5] = x100; + out1[6] = x103; + out1[7] = x106; + out1[8] = x109; + out1[9] = x112; +} + +/// The function fiat25519Carry reduces a field element. +/// Postconditions: +/// eval out1 mod m = eval arg1 mod m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xc000000], [0x0 ~> 0x6000000], [0x0 ~> 0xc000000], [0x0 ~> 0x6000000], [0x0 ~> 0xc000000], [0x0 ~> 0x6000000], [0x0 ~> 0xc000000], [0x0 ~> 0x6000000], [0x0 ~> 0xc000000], [0x0 ~> 0x6000000]] +/// Output Bounds: +/// out1: [[0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000]] +pub fn fiat25519Carry(out1: *[10]u32, arg1: [10]u32) void { + const x1: u32 = (arg1[0]); + const x2: u32 = ((x1 >> 26) + (arg1[1])); + const x3: u32 = ((x2 >> 25) + (arg1[2])); + const x4: u32 = ((x3 >> 26) + (arg1[3])); + const x5: u32 = ((x4 >> 25) + (arg1[4])); + const x6: u32 = ((x5 >> 26) + (arg1[5])); + const x7: u32 = ((x6 >> 25) + (arg1[6])); + const x8: u32 = ((x7 >> 26) + (arg1[7])); + const x9: u32 = ((x8 >> 25) + (arg1[8])); + const x10: u32 = ((x9 >> 26) + (arg1[9])); + const x11: u32 = ((x1 & 0x3ffffff) + ((x10 >> 25) * 0x13)); + const x12: u32 = (@intCast(u32, @intCast(u1, (x11 >> 26))) + (x2 & 0x1ffffff)); + const x13: u32 = (x11 & 0x3ffffff); + const x14: u32 = (x12 & 0x1ffffff); + const x15: u32 = (@intCast(u32, @intCast(u1, (x12 >> 25))) + (x3 & 0x3ffffff)); + const x16: u32 = (x4 & 0x1ffffff); + const x17: u32 = (x5 & 0x3ffffff); + const x18: u32 = (x6 & 0x1ffffff); + const x19: u32 = (x7 & 0x3ffffff); + const x20: u32 = (x8 & 0x1ffffff); + const x21: u32 = (x9 & 0x3ffffff); + const x22: u32 = (x10 & 0x1ffffff); + out1[0] = x13; + out1[1] = x14; + out1[2] = x15; + out1[3] = x16; + out1[4] = x17; + out1[5] = x18; + out1[6] = x19; + out1[7] = x20; + out1[8] = x21; + out1[9] = x22; +} + +/// The function fiat25519Add adds two field elements. +/// Postconditions: +/// eval out1 mod m = (eval arg1 + eval arg2) mod m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000]] +/// arg2: [[0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xc000000], [0x0 ~> 0x6000000], [0x0 ~> 0xc000000], [0x0 ~> 0x6000000], [0x0 ~> 0xc000000], [0x0 ~> 0x6000000], [0x0 ~> 0xc000000], [0x0 ~> 0x6000000], [0x0 ~> 0xc000000], [0x0 ~> 0x6000000]] +pub fn fiat25519Add(out1: *[10]u32, arg1: [10]u32, arg2: [10]u32) void { + const x1: u32 = ((arg1[0]) + (arg2[0])); + const x2: u32 = ((arg1[1]) + (arg2[1])); + const x3: u32 = ((arg1[2]) + (arg2[2])); + const x4: u32 = ((arg1[3]) + (arg2[3])); + const x5: u32 = ((arg1[4]) + (arg2[4])); + const x6: u32 = ((arg1[5]) + (arg2[5])); + const x7: u32 = ((arg1[6]) + (arg2[6])); + const x8: u32 = ((arg1[7]) + (arg2[7])); + const x9: u32 = ((arg1[8]) + (arg2[8])); + const x10: u32 = ((arg1[9]) + (arg2[9])); + out1[0] = x1; + out1[1] = x2; + out1[2] = x3; + out1[3] = x4; + out1[4] = x5; + out1[5] = x6; + out1[6] = x7; + out1[7] = x8; + out1[8] = x9; + out1[9] = x10; +} + +/// The function fiat25519Sub subtracts two field elements. +/// Postconditions: +/// eval out1 mod m = (eval arg1 - eval arg2) mod m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000]] +/// arg2: [[0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xc000000], [0x0 ~> 0x6000000], [0x0 ~> 0xc000000], [0x0 ~> 0x6000000], [0x0 ~> 0xc000000], [0x0 ~> 0x6000000], [0x0 ~> 0xc000000], [0x0 ~> 0x6000000], [0x0 ~> 0xc000000], [0x0 ~> 0x6000000]] +pub fn fiat25519Sub(out1: *[10]u32, arg1: [10]u32, arg2: [10]u32) void { + const x1: u32 = ((0x7ffffda + (arg1[0])) - (arg2[0])); + const x2: u32 = ((0x3fffffe + (arg1[1])) - (arg2[1])); + const x3: u32 = ((0x7fffffe + (arg1[2])) - (arg2[2])); + const x4: u32 = ((0x3fffffe + (arg1[3])) - (arg2[3])); + const x5: u32 = ((0x7fffffe + (arg1[4])) - (arg2[4])); + const x6: u32 = ((0x3fffffe + (arg1[5])) - (arg2[5])); + const x7: u32 = ((0x7fffffe + (arg1[6])) - (arg2[6])); + const x8: u32 = ((0x3fffffe + (arg1[7])) - (arg2[7])); + const x9: u32 = ((0x7fffffe + (arg1[8])) - (arg2[8])); + const x10: u32 = ((0x3fffffe + (arg1[9])) - (arg2[9])); + out1[0] = x1; + out1[1] = x2; + out1[2] = x3; + out1[3] = x4; + out1[4] = x5; + out1[5] = x6; + out1[6] = x7; + out1[7] = x8; + out1[8] = x9; + out1[9] = x10; +} + +/// The function fiat25519Opp negates a field element. +/// Postconditions: +/// eval out1 mod m = -eval arg1 mod m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xc000000], [0x0 ~> 0x6000000], [0x0 ~> 0xc000000], [0x0 ~> 0x6000000], [0x0 ~> 0xc000000], [0x0 ~> 0x6000000], [0x0 ~> 0xc000000], [0x0 ~> 0x6000000], [0x0 ~> 0xc000000], [0x0 ~> 0x6000000]] +pub fn fiat25519Opp(out1: *[10]u32, arg1: [10]u32) void { + const x1: u32 = (0x7ffffda - (arg1[0])); + const x2: u32 = (0x3fffffe - (arg1[1])); + const x3: u32 = (0x7fffffe - (arg1[2])); + const x4: u32 = (0x3fffffe - (arg1[3])); + const x5: u32 = (0x7fffffe - (arg1[4])); + const x6: u32 = (0x3fffffe - (arg1[5])); + const x7: u32 = (0x7fffffe - (arg1[6])); + const x8: u32 = (0x3fffffe - (arg1[7])); + const x9: u32 = (0x7fffffe - (arg1[8])); + const x10: u32 = (0x3fffffe - (arg1[9])); + out1[0] = x1; + out1[1] = x2; + out1[2] = x3; + out1[3] = x4; + out1[4] = x5; + out1[5] = x6; + out1[6] = x7; + out1[7] = x8; + out1[8] = x9; + out1[9] = x10; +} + +/// The function fiat25519Selectznz is a multi-limb conditional select. +/// Postconditions: +/// eval out1 = (if arg1 = 0 then eval arg2 else eval arg3) +/// +/// Input Bounds: +/// arg1: [0x0 ~> 0x1] +/// arg2: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +/// arg3: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +pub fn fiat25519Selectznz(out1: *[10]u32, arg1: u1, arg2: [10]u32, arg3: [10]u32) void { + var x1: u32 = undefined; + fiat25519CmovznzU32(&x1, arg1, (arg2[0]), (arg3[0])); + var x2: u32 = undefined; + fiat25519CmovznzU32(&x2, arg1, (arg2[1]), (arg3[1])); + var x3: u32 = undefined; + fiat25519CmovznzU32(&x3, arg1, (arg2[2]), (arg3[2])); + var x4: u32 = undefined; + fiat25519CmovznzU32(&x4, arg1, (arg2[3]), (arg3[3])); + var x5: u32 = undefined; + fiat25519CmovznzU32(&x5, arg1, (arg2[4]), (arg3[4])); + var x6: u32 = undefined; + fiat25519CmovznzU32(&x6, arg1, (arg2[5]), (arg3[5])); + var x7: u32 = undefined; + fiat25519CmovznzU32(&x7, arg1, (arg2[6]), (arg3[6])); + var x8: u32 = undefined; + fiat25519CmovznzU32(&x8, arg1, (arg2[7]), (arg3[7])); + var x9: u32 = undefined; + fiat25519CmovznzU32(&x9, arg1, (arg2[8]), (arg3[8])); + var x10: u32 = undefined; + fiat25519CmovznzU32(&x10, arg1, (arg2[9]), (arg3[9])); + out1[0] = x1; + out1[1] = x2; + out1[2] = x3; + out1[3] = x4; + out1[4] = x5; + out1[5] = x6; + out1[6] = x7; + out1[7] = x8; + out1[8] = x9; + out1[9] = x10; +} + +/// The function fiat25519ToBytes serializes a field element to bytes in little-endian order. +/// Postconditions: +/// out1 = map (λ x, ⌊((eval arg1 mod m) mod 2^(8 * (x + 1))) / 2^(8 * x)⌋) [0..31] +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0x7f]] +pub fn fiat25519ToBytes(out1: *[32]u8, arg1: [10]u32) void { + var x1: u32 = undefined; + var x2: u1 = undefined; + fiat25519SubborrowxU26(&x1, &x2, 0x0, (arg1[0]), 0x3ffffed); + var x3: u32 = undefined; + var x4: u1 = undefined; + fiat25519SubborrowxU25(&x3, &x4, x2, (arg1[1]), 0x1ffffff); + var x5: u32 = undefined; + var x6: u1 = undefined; + fiat25519SubborrowxU26(&x5, &x6, x4, (arg1[2]), 0x3ffffff); + var x7: u32 = undefined; + var x8: u1 = undefined; + fiat25519SubborrowxU25(&x7, &x8, x6, (arg1[3]), 0x1ffffff); + var x9: u32 = undefined; + var x10: u1 = undefined; + fiat25519SubborrowxU26(&x9, &x10, x8, (arg1[4]), 0x3ffffff); + var x11: u32 = undefined; + var x12: u1 = undefined; + fiat25519SubborrowxU25(&x11, &x12, x10, (arg1[5]), 0x1ffffff); + var x13: u32 = undefined; + var x14: u1 = undefined; + fiat25519SubborrowxU26(&x13, &x14, x12, (arg1[6]), 0x3ffffff); + var x15: u32 = undefined; + var x16: u1 = undefined; + fiat25519SubborrowxU25(&x15, &x16, x14, (arg1[7]), 0x1ffffff); + var x17: u32 = undefined; + var x18: u1 = undefined; + fiat25519SubborrowxU26(&x17, &x18, x16, (arg1[8]), 0x3ffffff); + var x19: u32 = undefined; + var x20: u1 = undefined; + fiat25519SubborrowxU25(&x19, &x20, x18, (arg1[9]), 0x1ffffff); + var x21: u32 = undefined; + fiat25519CmovznzU32(&x21, x20, @intCast(u32, 0x0), 0xffffffff); + var x22: u32 = undefined; + var x23: u1 = undefined; + fiat25519AddcarryxU26(&x22, &x23, 0x0, x1, (x21 & 0x3ffffed)); + var x24: u32 = undefined; + var x25: u1 = undefined; + fiat25519AddcarryxU25(&x24, &x25, x23, x3, (x21 & 0x1ffffff)); + var x26: u32 = undefined; + var x27: u1 = undefined; + fiat25519AddcarryxU26(&x26, &x27, x25, x5, (x21 & 0x3ffffff)); + var x28: u32 = undefined; + var x29: u1 = undefined; + fiat25519AddcarryxU25(&x28, &x29, x27, x7, (x21 & 0x1ffffff)); + var x30: u32 = undefined; + var x31: u1 = undefined; + fiat25519AddcarryxU26(&x30, &x31, x29, x9, (x21 & 0x3ffffff)); + var x32: u32 = undefined; + var x33: u1 = undefined; + fiat25519AddcarryxU25(&x32, &x33, x31, x11, (x21 & 0x1ffffff)); + var x34: u32 = undefined; + var x35: u1 = undefined; + fiat25519AddcarryxU26(&x34, &x35, x33, x13, (x21 & 0x3ffffff)); + var x36: u32 = undefined; + var x37: u1 = undefined; + fiat25519AddcarryxU25(&x36, &x37, x35, x15, (x21 & 0x1ffffff)); + var x38: u32 = undefined; + var x39: u1 = undefined; + fiat25519AddcarryxU26(&x38, &x39, x37, x17, (x21 & 0x3ffffff)); + var x40: u32 = undefined; + var x41: u1 = undefined; + fiat25519AddcarryxU25(&x40, &x41, x39, x19, (x21 & 0x1ffffff)); + const x42: u32 = (x40 << 6); + const x43: u32 = (x38 << 4); + const x44: u32 = (x36 << 3); + const x45: u32 = (x34 * @intCast(u32, 0x2)); + const x46: u32 = (x30 << 6); + const x47: u32 = (x28 << 5); + const x48: u32 = (x26 << 3); + const x49: u32 = (x24 << 2); + const x50: u8 = @intCast(u8, (x22 & @intCast(u32, 0xff))); + const x51: u32 = (x22 >> 8); + const x52: u8 = @intCast(u8, (x51 & @intCast(u32, 0xff))); + const x53: u32 = (x51 >> 8); + const x54: u8 = @intCast(u8, (x53 & @intCast(u32, 0xff))); + const x55: u8 = @intCast(u8, (x53 >> 8)); + const x56: u32 = (x49 + @intCast(u32, x55)); + const x57: u8 = @intCast(u8, (x56 & @intCast(u32, 0xff))); + const x58: u32 = (x56 >> 8); + const x59: u8 = @intCast(u8, (x58 & @intCast(u32, 0xff))); + const x60: u32 = (x58 >> 8); + const x61: u8 = @intCast(u8, (x60 & @intCast(u32, 0xff))); + const x62: u8 = @intCast(u8, (x60 >> 8)); + const x63: u32 = (x48 + @intCast(u32, x62)); + const x64: u8 = @intCast(u8, (x63 & @intCast(u32, 0xff))); + const x65: u32 = (x63 >> 8); + const x66: u8 = @intCast(u8, (x65 & @intCast(u32, 0xff))); + const x67: u32 = (x65 >> 8); + const x68: u8 = @intCast(u8, (x67 & @intCast(u32, 0xff))); + const x69: u8 = @intCast(u8, (x67 >> 8)); + const x70: u32 = (x47 + @intCast(u32, x69)); + const x71: u8 = @intCast(u8, (x70 & @intCast(u32, 0xff))); + const x72: u32 = (x70 >> 8); + const x73: u8 = @intCast(u8, (x72 & @intCast(u32, 0xff))); + const x74: u32 = (x72 >> 8); + const x75: u8 = @intCast(u8, (x74 & @intCast(u32, 0xff))); + const x76: u8 = @intCast(u8, (x74 >> 8)); + const x77: u32 = (x46 + @intCast(u32, x76)); + const x78: u8 = @intCast(u8, (x77 & @intCast(u32, 0xff))); + const x79: u32 = (x77 >> 8); + const x80: u8 = @intCast(u8, (x79 & @intCast(u32, 0xff))); + const x81: u32 = (x79 >> 8); + const x82: u8 = @intCast(u8, (x81 & @intCast(u32, 0xff))); + const x83: u8 = @intCast(u8, (x81 >> 8)); + const x84: u8 = @intCast(u8, (x32 & @intCast(u32, 0xff))); + const x85: u32 = (x32 >> 8); + const x86: u8 = @intCast(u8, (x85 & @intCast(u32, 0xff))); + const x87: u32 = (x85 >> 8); + const x88: u8 = @intCast(u8, (x87 & @intCast(u32, 0xff))); + const x89: u1 = @intCast(u1, (x87 >> 8)); + const x90: u32 = (x45 + @intCast(u32, x89)); + const x91: u8 = @intCast(u8, (x90 & @intCast(u32, 0xff))); + const x92: u32 = (x90 >> 8); + const x93: u8 = @intCast(u8, (x92 & @intCast(u32, 0xff))); + const x94: u32 = (x92 >> 8); + const x95: u8 = @intCast(u8, (x94 & @intCast(u32, 0xff))); + const x96: u8 = @intCast(u8, (x94 >> 8)); + const x97: u32 = (x44 + @intCast(u32, x96)); + const x98: u8 = @intCast(u8, (x97 & @intCast(u32, 0xff))); + const x99: u32 = (x97 >> 8); + const x100: u8 = @intCast(u8, (x99 & @intCast(u32, 0xff))); + const x101: u32 = (x99 >> 8); + const x102: u8 = @intCast(u8, (x101 & @intCast(u32, 0xff))); + const x103: u8 = @intCast(u8, (x101 >> 8)); + const x104: u32 = (x43 + @intCast(u32, x103)); + const x105: u8 = @intCast(u8, (x104 & @intCast(u32, 0xff))); + const x106: u32 = (x104 >> 8); + const x107: u8 = @intCast(u8, (x106 & @intCast(u32, 0xff))); + const x108: u32 = (x106 >> 8); + const x109: u8 = @intCast(u8, (x108 & @intCast(u32, 0xff))); + const x110: u8 = @intCast(u8, (x108 >> 8)); + const x111: u32 = (x42 + @intCast(u32, x110)); + const x112: u8 = @intCast(u8, (x111 & @intCast(u32, 0xff))); + const x113: u32 = (x111 >> 8); + const x114: u8 = @intCast(u8, (x113 & @intCast(u32, 0xff))); + const x115: u32 = (x113 >> 8); + const x116: u8 = @intCast(u8, (x115 & @intCast(u32, 0xff))); + const x117: u8 = @intCast(u8, (x115 >> 8)); + out1[0] = x50; + out1[1] = x52; + out1[2] = x54; + out1[3] = x57; + out1[4] = x59; + out1[5] = x61; + out1[6] = x64; + out1[7] = x66; + out1[8] = x68; + out1[9] = x71; + out1[10] = x73; + out1[11] = x75; + out1[12] = x78; + out1[13] = x80; + out1[14] = x82; + out1[15] = x83; + out1[16] = x84; + out1[17] = x86; + out1[18] = x88; + out1[19] = x91; + out1[20] = x93; + out1[21] = x95; + out1[22] = x98; + out1[23] = x100; + out1[24] = x102; + out1[25] = x105; + out1[26] = x107; + out1[27] = x109; + out1[28] = x112; + out1[29] = x114; + out1[30] = x116; + out1[31] = x117; +} + +/// The function fiat25519FromBytes deserializes a field element from bytes in little-endian order. +/// Postconditions: +/// eval out1 mod m = bytes_eval arg1 mod m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0x7f]] +/// Output Bounds: +/// out1: [[0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000]] +pub fn fiat25519FromBytes(out1: *[10]u32, arg1: [32]u8) void { + const x1: u32 = (@intCast(u32, (arg1[31])) << 18); + const x2: u32 = (@intCast(u32, (arg1[30])) << 10); + const x3: u32 = (@intCast(u32, (arg1[29])) << 2); + const x4: u32 = (@intCast(u32, (arg1[28])) << 20); + const x5: u32 = (@intCast(u32, (arg1[27])) << 12); + const x6: u32 = (@intCast(u32, (arg1[26])) << 4); + const x7: u32 = (@intCast(u32, (arg1[25])) << 21); + const x8: u32 = (@intCast(u32, (arg1[24])) << 13); + const x9: u32 = (@intCast(u32, (arg1[23])) << 5); + const x10: u32 = (@intCast(u32, (arg1[22])) << 23); + const x11: u32 = (@intCast(u32, (arg1[21])) << 15); + const x12: u32 = (@intCast(u32, (arg1[20])) << 7); + const x13: u32 = (@intCast(u32, (arg1[19])) << 24); + const x14: u32 = (@intCast(u32, (arg1[18])) << 16); + const x15: u32 = (@intCast(u32, (arg1[17])) << 8); + const x16: u8 = (arg1[16]); + const x17: u32 = (@intCast(u32, (arg1[15])) << 18); + const x18: u32 = (@intCast(u32, (arg1[14])) << 10); + const x19: u32 = (@intCast(u32, (arg1[13])) << 2); + const x20: u32 = (@intCast(u32, (arg1[12])) << 19); + const x21: u32 = (@intCast(u32, (arg1[11])) << 11); + const x22: u32 = (@intCast(u32, (arg1[10])) << 3); + const x23: u32 = (@intCast(u32, (arg1[9])) << 21); + const x24: u32 = (@intCast(u32, (arg1[8])) << 13); + const x25: u32 = (@intCast(u32, (arg1[7])) << 5); + const x26: u32 = (@intCast(u32, (arg1[6])) << 22); + const x27: u32 = (@intCast(u32, (arg1[5])) << 14); + const x28: u32 = (@intCast(u32, (arg1[4])) << 6); + const x29: u32 = (@intCast(u32, (arg1[3])) << 24); + const x30: u32 = (@intCast(u32, (arg1[2])) << 16); + const x31: u32 = (@intCast(u32, (arg1[1])) << 8); + const x32: u8 = (arg1[0]); + const x33: u32 = (x31 + @intCast(u32, x32)); + const x34: u32 = (x30 + x33); + const x35: u32 = (x29 + x34); + const x36: u32 = (x35 & 0x3ffffff); + const x37: u8 = @intCast(u8, (x35 >> 26)); + const x38: u32 = (x28 + @intCast(u32, x37)); + const x39: u32 = (x27 + x38); + const x40: u32 = (x26 + x39); + const x41: u32 = (x40 & 0x1ffffff); + const x42: u8 = @intCast(u8, (x40 >> 25)); + const x43: u32 = (x25 + @intCast(u32, x42)); + const x44: u32 = (x24 + x43); + const x45: u32 = (x23 + x44); + const x46: u32 = (x45 & 0x3ffffff); + const x47: u8 = @intCast(u8, (x45 >> 26)); + const x48: u32 = (x22 + @intCast(u32, x47)); + const x49: u32 = (x21 + x48); + const x50: u32 = (x20 + x49); + const x51: u32 = (x50 & 0x1ffffff); + const x52: u8 = @intCast(u8, (x50 >> 25)); + const x53: u32 = (x19 + @intCast(u32, x52)); + const x54: u32 = (x18 + x53); + const x55: u32 = (x17 + x54); + const x56: u32 = (x15 + @intCast(u32, x16)); + const x57: u32 = (x14 + x56); + const x58: u32 = (x13 + x57); + const x59: u32 = (x58 & 0x1ffffff); + const x60: u8 = @intCast(u8, (x58 >> 25)); + const x61: u32 = (x12 + @intCast(u32, x60)); + const x62: u32 = (x11 + x61); + const x63: u32 = (x10 + x62); + const x64: u32 = (x63 & 0x3ffffff); + const x65: u8 = @intCast(u8, (x63 >> 26)); + const x66: u32 = (x9 + @intCast(u32, x65)); + const x67: u32 = (x8 + x66); + const x68: u32 = (x7 + x67); + const x69: u32 = (x68 & 0x1ffffff); + const x70: u8 = @intCast(u8, (x68 >> 25)); + const x71: u32 = (x6 + @intCast(u32, x70)); + const x72: u32 = (x5 + x71); + const x73: u32 = (x4 + x72); + const x74: u32 = (x73 & 0x3ffffff); + const x75: u8 = @intCast(u8, (x73 >> 26)); + const x76: u32 = (x3 + @intCast(u32, x75)); + const x77: u32 = (x2 + x76); + const x78: u32 = (x1 + x77); + out1[0] = x36; + out1[1] = x41; + out1[2] = x46; + out1[3] = x51; + out1[4] = x55; + out1[5] = x59; + out1[6] = x64; + out1[7] = x69; + out1[8] = x74; + out1[9] = x78; +} + +/// The function fiat25519CarryScmul121666 multiplies a field element by 121666 and reduces the result. +/// Postconditions: +/// eval out1 mod m = (121666 * eval arg1) mod m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xc000000], [0x0 ~> 0x6000000], [0x0 ~> 0xc000000], [0x0 ~> 0x6000000], [0x0 ~> 0xc000000], [0x0 ~> 0x6000000], [0x0 ~> 0xc000000], [0x0 ~> 0x6000000], [0x0 ~> 0xc000000], [0x0 ~> 0x6000000]] +/// Output Bounds: +/// out1: [[0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000], [0x0 ~> 0x4000000], [0x0 ~> 0x2000000]] +pub fn fiat25519CarryScmul121666(out1: *[10]u32, arg1: [10]u32) void { + const x1: u64 = (@intCast(u64, 0x1db42) * @intCast(u64, (arg1[9]))); + const x2: u64 = (@intCast(u64, 0x1db42) * @intCast(u64, (arg1[8]))); + const x3: u64 = (@intCast(u64, 0x1db42) * @intCast(u64, (arg1[7]))); + const x4: u64 = (@intCast(u64, 0x1db42) * @intCast(u64, (arg1[6]))); + const x5: u64 = (@intCast(u64, 0x1db42) * @intCast(u64, (arg1[5]))); + const x6: u64 = (@intCast(u64, 0x1db42) * @intCast(u64, (arg1[4]))); + const x7: u64 = (@intCast(u64, 0x1db42) * @intCast(u64, (arg1[3]))); + const x8: u64 = (@intCast(u64, 0x1db42) * @intCast(u64, (arg1[2]))); + const x9: u64 = (@intCast(u64, 0x1db42) * @intCast(u64, (arg1[1]))); + const x10: u64 = (@intCast(u64, 0x1db42) * @intCast(u64, (arg1[0]))); + const x11: u32 = @intCast(u32, (x10 >> 26)); + const x12: u32 = @intCast(u32, (x10 & @intCast(u64, 0x3ffffff))); + const x13: u64 = (@intCast(u64, x11) + x9); + const x14: u32 = @intCast(u32, (x13 >> 25)); + const x15: u32 = @intCast(u32, (x13 & @intCast(u64, 0x1ffffff))); + const x16: u64 = (@intCast(u64, x14) + x8); + const x17: u32 = @intCast(u32, (x16 >> 26)); + const x18: u32 = @intCast(u32, (x16 & @intCast(u64, 0x3ffffff))); + const x19: u64 = (@intCast(u64, x17) + x7); + const x20: u32 = @intCast(u32, (x19 >> 25)); + const x21: u32 = @intCast(u32, (x19 & @intCast(u64, 0x1ffffff))); + const x22: u64 = (@intCast(u64, x20) + x6); + const x23: u32 = @intCast(u32, (x22 >> 26)); + const x24: u32 = @intCast(u32, (x22 & @intCast(u64, 0x3ffffff))); + const x25: u64 = (@intCast(u64, x23) + x5); + const x26: u32 = @intCast(u32, (x25 >> 25)); + const x27: u32 = @intCast(u32, (x25 & @intCast(u64, 0x1ffffff))); + const x28: u64 = (@intCast(u64, x26) + x4); + const x29: u32 = @intCast(u32, (x28 >> 26)); + const x30: u32 = @intCast(u32, (x28 & @intCast(u64, 0x3ffffff))); + const x31: u64 = (@intCast(u64, x29) + x3); + const x32: u32 = @intCast(u32, (x31 >> 25)); + const x33: u32 = @intCast(u32, (x31 & @intCast(u64, 0x1ffffff))); + const x34: u64 = (@intCast(u64, x32) + x2); + const x35: u32 = @intCast(u32, (x34 >> 26)); + const x36: u32 = @intCast(u32, (x34 & @intCast(u64, 0x3ffffff))); + const x37: u64 = (@intCast(u64, x35) + x1); + const x38: u32 = @intCast(u32, (x37 >> 25)); + const x39: u32 = @intCast(u32, (x37 & @intCast(u64, 0x1ffffff))); + const x40: u32 = (x38 * 0x13); + const x41: u32 = (x12 + x40); + const x42: u1 = @intCast(u1, (x41 >> 26)); + const x43: u32 = (x41 & 0x3ffffff); + const x44: u32 = (@intCast(u32, x42) + x15); + const x45: u1 = @intCast(u1, (x44 >> 25)); + const x46: u32 = (x44 & 0x1ffffff); + const x47: u32 = (@intCast(u32, x45) + x18); + out1[0] = x43; + out1[1] = x46; + out1[2] = x47; + out1[3] = x21; + out1[4] = x24; + out1[5] = x27; + out1[6] = x30; + out1[7] = x33; + out1[8] = x36; + out1[9] = x39; +} + diff --git a/fiat-zig/src/curve25519_64.zig b/fiat-zig/src/curve25519_64.zig new file mode 100644 index 0000000000..b6a8e14455 --- /dev/null +++ b/fiat-zig/src/curve25519_64.zig @@ -0,0 +1,603 @@ +/// Autogenerated: 'src/ExtractionOCaml/unsaturated_solinas' --lang Zig --internal-static --public-function-case camelCase --private-function-case camelCase 25519 64 '(auto)' '2^255 - 19' carry_mul carry_square carry add sub opp selectznz to_bytes from_bytes carry_scmul121666 +/// curve description: 25519 +/// machine_wordsize = 64 (from "64") +/// requested operations: carry_mul, carry_square, carry, add, sub, opp, selectznz, to_bytes, from_bytes, carry_scmul121666 +/// n = 5 (from "(auto)") +/// s-c = 2^255 - [(1, 19)] (from "2^255 - 19") +/// tight_bounds_multiplier = 1 (from "") +/// +/// Computed values: +/// carry_chain = [0, 1, 2, 3, 4, 0, 1] +/// eval z = z[0] + (z[1] << 51) + (z[2] << 102) + (z[3] << 153) + (z[4] << 204) +/// bytes_eval z = z[0] + (z[1] << 8) + (z[2] << 16) + (z[3] << 24) + (z[4] << 32) + (z[5] << 40) + (z[6] << 48) + (z[7] << 56) + (z[8] << 64) + (z[9] << 72) + (z[10] << 80) + (z[11] << 88) + (z[12] << 96) + (z[13] << 104) + (z[14] << 112) + (z[15] << 120) + (z[16] << 128) + (z[17] << 136) + (z[18] << 144) + (z[19] << 152) + (z[20] << 160) + (z[21] << 168) + (z[22] << 176) + (z[23] << 184) + (z[24] << 192) + (z[25] << 200) + (z[26] << 208) + (z[27] << 216) + (z[28] << 224) + (z[29] << 232) + (z[30] << 240) + (z[31] << 248) +/// balance = [0xfffffffffffda, 0xffffffffffffe, 0xffffffffffffe, 0xffffffffffffe, 0xffffffffffffe] + + +/// The function fiat25519AddcarryxU51 is an addition with carry. +/// Postconditions: +/// out1 = (arg1 + arg2 + arg3) mod 2^51 +/// out2 = ⌊(arg1 + arg2 + arg3) / 2^51⌋ +/// +/// Input Bounds: +/// arg1: [0x0 ~> 0x1] +/// arg2: [0x0 ~> 0x7ffffffffffff] +/// arg3: [0x0 ~> 0x7ffffffffffff] +/// Output Bounds: +/// out1: [0x0 ~> 0x7ffffffffffff] +/// out2: [0x0 ~> 0x1] +fn fiat25519AddcarryxU51(out1: *u64, out2: *u1, arg1: u1, arg2: u64, arg3: u64) callconv(.Inline) void { + const x1: u64 = ((@intCast(u64, arg1) + arg2) + arg3); + const x2: u64 = (x1 & 0x7ffffffffffff); + const x3: u1 = @intCast(u1, (x1 >> 51)); + out1.* = x2; + out2.* = x3; +} + +/// The function fiat25519SubborrowxU51 is a subtraction with borrow. +/// Postconditions: +/// out1 = (-arg1 + arg2 + -arg3) mod 2^51 +/// out2 = -⌊(-arg1 + arg2 + -arg3) / 2^51⌋ +/// +/// Input Bounds: +/// arg1: [0x0 ~> 0x1] +/// arg2: [0x0 ~> 0x7ffffffffffff] +/// arg3: [0x0 ~> 0x7ffffffffffff] +/// Output Bounds: +/// out1: [0x0 ~> 0x7ffffffffffff] +/// out2: [0x0 ~> 0x1] +fn fiat25519SubborrowxU51(out1: *u64, out2: *u1, arg1: u1, arg2: u64, arg3: u64) callconv(.Inline) void { + const x1: i64 = @intCast(i64, (@intCast(i128, @intCast(i64, (@intCast(i128, arg2) - @intCast(i128, arg1)))) - @intCast(i128, arg3))); + const x2: i1 = @intCast(i1, (x1 >> 51)); + const x3: u64 = @intCast(u64, (@intCast(i128, x1) & @intCast(i128, 0x7ffffffffffff))); + out1.* = x3; + out2.* = @intCast(u1, (@intCast(i2, 0x0) - @intCast(i2, x2))); +} + +/// The function fiat25519CmovznzU64 is a single-word conditional move. +/// Postconditions: +/// out1 = (if arg1 = 0 then arg2 else arg3) +/// +/// Input Bounds: +/// arg1: [0x0 ~> 0x1] +/// arg2: [0x0 ~> 0xffffffffffffffff] +/// arg3: [0x0 ~> 0xffffffffffffffff] +/// Output Bounds: +/// out1: [0x0 ~> 0xffffffffffffffff] +fn fiat25519CmovznzU64(out1: *u64, arg1: u1, arg2: u64, arg3: u64) callconv(.Inline) void { + const x1: u1 = (~(~arg1)); + const x2: u64 = @intCast(u64, (@intCast(i128, @intCast(i1, (@intCast(i2, 0x0) - @intCast(i2, x1)))) & @intCast(i128, 0xffffffffffffffff))); + const x3: u64 = ((x2 & arg3) | ((~x2) & arg2)); + out1.* = x3; +} + +/// The function fiat25519CarryMul multiplies two field elements and reduces the result. +/// Postconditions: +/// eval out1 mod m = (eval arg1 * eval arg2) mod m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0x18000000000000], [0x0 ~> 0x18000000000000], [0x0 ~> 0x18000000000000], [0x0 ~> 0x18000000000000], [0x0 ~> 0x18000000000000]] +/// arg2: [[0x0 ~> 0x18000000000000], [0x0 ~> 0x18000000000000], [0x0 ~> 0x18000000000000], [0x0 ~> 0x18000000000000], [0x0 ~> 0x18000000000000]] +/// Output Bounds: +/// out1: [[0x0 ~> 0x8000000000000], [0x0 ~> 0x8000000000000], [0x0 ~> 0x8000000000000], [0x0 ~> 0x8000000000000], [0x0 ~> 0x8000000000000]] +pub fn fiat25519CarryMul(out1: *[5]u64, arg1: [5]u64, arg2: [5]u64) void { + const x1: u128 = (@intCast(u128, (arg1[4])) * @intCast(u128, ((arg2[4]) * 0x13))); + const x2: u128 = (@intCast(u128, (arg1[4])) * @intCast(u128, ((arg2[3]) * 0x13))); + const x3: u128 = (@intCast(u128, (arg1[4])) * @intCast(u128, ((arg2[2]) * 0x13))); + const x4: u128 = (@intCast(u128, (arg1[4])) * @intCast(u128, ((arg2[1]) * 0x13))); + const x5: u128 = (@intCast(u128, (arg1[3])) * @intCast(u128, ((arg2[4]) * 0x13))); + const x6: u128 = (@intCast(u128, (arg1[3])) * @intCast(u128, ((arg2[3]) * 0x13))); + const x7: u128 = (@intCast(u128, (arg1[3])) * @intCast(u128, ((arg2[2]) * 0x13))); + const x8: u128 = (@intCast(u128, (arg1[2])) * @intCast(u128, ((arg2[4]) * 0x13))); + const x9: u128 = (@intCast(u128, (arg1[2])) * @intCast(u128, ((arg2[3]) * 0x13))); + const x10: u128 = (@intCast(u128, (arg1[1])) * @intCast(u128, ((arg2[4]) * 0x13))); + const x11: u128 = (@intCast(u128, (arg1[4])) * @intCast(u128, (arg2[0]))); + const x12: u128 = (@intCast(u128, (arg1[3])) * @intCast(u128, (arg2[1]))); + const x13: u128 = (@intCast(u128, (arg1[3])) * @intCast(u128, (arg2[0]))); + const x14: u128 = (@intCast(u128, (arg1[2])) * @intCast(u128, (arg2[2]))); + const x15: u128 = (@intCast(u128, (arg1[2])) * @intCast(u128, (arg2[1]))); + const x16: u128 = (@intCast(u128, (arg1[2])) * @intCast(u128, (arg2[0]))); + const x17: u128 = (@intCast(u128, (arg1[1])) * @intCast(u128, (arg2[3]))); + const x18: u128 = (@intCast(u128, (arg1[1])) * @intCast(u128, (arg2[2]))); + const x19: u128 = (@intCast(u128, (arg1[1])) * @intCast(u128, (arg2[1]))); + const x20: u128 = (@intCast(u128, (arg1[1])) * @intCast(u128, (arg2[0]))); + const x21: u128 = (@intCast(u128, (arg1[0])) * @intCast(u128, (arg2[4]))); + const x22: u128 = (@intCast(u128, (arg1[0])) * @intCast(u128, (arg2[3]))); + const x23: u128 = (@intCast(u128, (arg1[0])) * @intCast(u128, (arg2[2]))); + const x24: u128 = (@intCast(u128, (arg1[0])) * @intCast(u128, (arg2[1]))); + const x25: u128 = (@intCast(u128, (arg1[0])) * @intCast(u128, (arg2[0]))); + const x26: u128 = (x25 + (x10 + (x9 + (x7 + x4)))); + const x27: u64 = @intCast(u64, (x26 >> 51)); + const x28: u64 = @intCast(u64, (x26 & @intCast(u128, 0x7ffffffffffff))); + const x29: u128 = (x21 + (x17 + (x14 + (x12 + x11)))); + const x30: u128 = (x22 + (x18 + (x15 + (x13 + x1)))); + const x31: u128 = (x23 + (x19 + (x16 + (x5 + x2)))); + const x32: u128 = (x24 + (x20 + (x8 + (x6 + x3)))); + const x33: u128 = (@intCast(u128, x27) + x32); + const x34: u64 = @intCast(u64, (x33 >> 51)); + const x35: u64 = @intCast(u64, (x33 & @intCast(u128, 0x7ffffffffffff))); + const x36: u128 = (@intCast(u128, x34) + x31); + const x37: u64 = @intCast(u64, (x36 >> 51)); + const x38: u64 = @intCast(u64, (x36 & @intCast(u128, 0x7ffffffffffff))); + const x39: u128 = (@intCast(u128, x37) + x30); + const x40: u64 = @intCast(u64, (x39 >> 51)); + const x41: u64 = @intCast(u64, (x39 & @intCast(u128, 0x7ffffffffffff))); + const x42: u128 = (@intCast(u128, x40) + x29); + const x43: u64 = @intCast(u64, (x42 >> 51)); + const x44: u64 = @intCast(u64, (x42 & @intCast(u128, 0x7ffffffffffff))); + const x45: u64 = (x43 * 0x13); + const x46: u64 = (x28 + x45); + const x47: u64 = (x46 >> 51); + const x48: u64 = (x46 & 0x7ffffffffffff); + const x49: u64 = (x47 + x35); + const x50: u1 = @intCast(u1, (x49 >> 51)); + const x51: u64 = (x49 & 0x7ffffffffffff); + const x52: u64 = (@intCast(u64, x50) + x38); + out1[0] = x48; + out1[1] = x51; + out1[2] = x52; + out1[3] = x41; + out1[4] = x44; +} + +/// The function fiat25519CarrySquare squares a field element and reduces the result. +/// Postconditions: +/// eval out1 mod m = (eval arg1 * eval arg1) mod m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0x18000000000000], [0x0 ~> 0x18000000000000], [0x0 ~> 0x18000000000000], [0x0 ~> 0x18000000000000], [0x0 ~> 0x18000000000000]] +/// Output Bounds: +/// out1: [[0x0 ~> 0x8000000000000], [0x0 ~> 0x8000000000000], [0x0 ~> 0x8000000000000], [0x0 ~> 0x8000000000000], [0x0 ~> 0x8000000000000]] +pub fn fiat25519CarrySquare(out1: *[5]u64, arg1: [5]u64) void { + const x1: u64 = ((arg1[4]) * 0x13); + const x2: u64 = (x1 * 0x2); + const x3: u64 = ((arg1[4]) * 0x2); + const x4: u64 = ((arg1[3]) * 0x13); + const x5: u64 = (x4 * 0x2); + const x6: u64 = ((arg1[3]) * 0x2); + const x7: u64 = ((arg1[2]) * 0x2); + const x8: u64 = ((arg1[1]) * 0x2); + const x9: u128 = (@intCast(u128, (arg1[4])) * @intCast(u128, x1)); + const x10: u128 = (@intCast(u128, (arg1[3])) * @intCast(u128, x2)); + const x11: u128 = (@intCast(u128, (arg1[3])) * @intCast(u128, x4)); + const x12: u128 = (@intCast(u128, (arg1[2])) * @intCast(u128, x2)); + const x13: u128 = (@intCast(u128, (arg1[2])) * @intCast(u128, x5)); + const x14: u128 = (@intCast(u128, (arg1[2])) * @intCast(u128, (arg1[2]))); + const x15: u128 = (@intCast(u128, (arg1[1])) * @intCast(u128, x2)); + const x16: u128 = (@intCast(u128, (arg1[1])) * @intCast(u128, x6)); + const x17: u128 = (@intCast(u128, (arg1[1])) * @intCast(u128, x7)); + const x18: u128 = (@intCast(u128, (arg1[1])) * @intCast(u128, (arg1[1]))); + const x19: u128 = (@intCast(u128, (arg1[0])) * @intCast(u128, x3)); + const x20: u128 = (@intCast(u128, (arg1[0])) * @intCast(u128, x6)); + const x21: u128 = (@intCast(u128, (arg1[0])) * @intCast(u128, x7)); + const x22: u128 = (@intCast(u128, (arg1[0])) * @intCast(u128, x8)); + const x23: u128 = (@intCast(u128, (arg1[0])) * @intCast(u128, (arg1[0]))); + const x24: u128 = (x23 + (x15 + x13)); + const x25: u64 = @intCast(u64, (x24 >> 51)); + const x26: u64 = @intCast(u64, (x24 & @intCast(u128, 0x7ffffffffffff))); + const x27: u128 = (x19 + (x16 + x14)); + const x28: u128 = (x20 + (x17 + x9)); + const x29: u128 = (x21 + (x18 + x10)); + const x30: u128 = (x22 + (x12 + x11)); + const x31: u128 = (@intCast(u128, x25) + x30); + const x32: u64 = @intCast(u64, (x31 >> 51)); + const x33: u64 = @intCast(u64, (x31 & @intCast(u128, 0x7ffffffffffff))); + const x34: u128 = (@intCast(u128, x32) + x29); + const x35: u64 = @intCast(u64, (x34 >> 51)); + const x36: u64 = @intCast(u64, (x34 & @intCast(u128, 0x7ffffffffffff))); + const x37: u128 = (@intCast(u128, x35) + x28); + const x38: u64 = @intCast(u64, (x37 >> 51)); + const x39: u64 = @intCast(u64, (x37 & @intCast(u128, 0x7ffffffffffff))); + const x40: u128 = (@intCast(u128, x38) + x27); + const x41: u64 = @intCast(u64, (x40 >> 51)); + const x42: u64 = @intCast(u64, (x40 & @intCast(u128, 0x7ffffffffffff))); + const x43: u64 = (x41 * 0x13); + const x44: u64 = (x26 + x43); + const x45: u64 = (x44 >> 51); + const x46: u64 = (x44 & 0x7ffffffffffff); + const x47: u64 = (x45 + x33); + const x48: u1 = @intCast(u1, (x47 >> 51)); + const x49: u64 = (x47 & 0x7ffffffffffff); + const x50: u64 = (@intCast(u64, x48) + x36); + out1[0] = x46; + out1[1] = x49; + out1[2] = x50; + out1[3] = x39; + out1[4] = x42; +} + +/// The function fiat25519Carry reduces a field element. +/// Postconditions: +/// eval out1 mod m = eval arg1 mod m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0x18000000000000], [0x0 ~> 0x18000000000000], [0x0 ~> 0x18000000000000], [0x0 ~> 0x18000000000000], [0x0 ~> 0x18000000000000]] +/// Output Bounds: +/// out1: [[0x0 ~> 0x8000000000000], [0x0 ~> 0x8000000000000], [0x0 ~> 0x8000000000000], [0x0 ~> 0x8000000000000], [0x0 ~> 0x8000000000000]] +pub fn fiat25519Carry(out1: *[5]u64, arg1: [5]u64) void { + const x1: u64 = (arg1[0]); + const x2: u64 = ((x1 >> 51) + (arg1[1])); + const x3: u64 = ((x2 >> 51) + (arg1[2])); + const x4: u64 = ((x3 >> 51) + (arg1[3])); + const x5: u64 = ((x4 >> 51) + (arg1[4])); + const x6: u64 = ((x1 & 0x7ffffffffffff) + ((x5 >> 51) * 0x13)); + const x7: u64 = (@intCast(u64, @intCast(u1, (x6 >> 51))) + (x2 & 0x7ffffffffffff)); + const x8: u64 = (x6 & 0x7ffffffffffff); + const x9: u64 = (x7 & 0x7ffffffffffff); + const x10: u64 = (@intCast(u64, @intCast(u1, (x7 >> 51))) + (x3 & 0x7ffffffffffff)); + const x11: u64 = (x4 & 0x7ffffffffffff); + const x12: u64 = (x5 & 0x7ffffffffffff); + out1[0] = x8; + out1[1] = x9; + out1[2] = x10; + out1[3] = x11; + out1[4] = x12; +} + +/// The function fiat25519Add adds two field elements. +/// Postconditions: +/// eval out1 mod m = (eval arg1 + eval arg2) mod m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0x8000000000000], [0x0 ~> 0x8000000000000], [0x0 ~> 0x8000000000000], [0x0 ~> 0x8000000000000], [0x0 ~> 0x8000000000000]] +/// arg2: [[0x0 ~> 0x8000000000000], [0x0 ~> 0x8000000000000], [0x0 ~> 0x8000000000000], [0x0 ~> 0x8000000000000], [0x0 ~> 0x8000000000000]] +/// Output Bounds: +/// out1: [[0x0 ~> 0x18000000000000], [0x0 ~> 0x18000000000000], [0x0 ~> 0x18000000000000], [0x0 ~> 0x18000000000000], [0x0 ~> 0x18000000000000]] +pub fn fiat25519Add(out1: *[5]u64, arg1: [5]u64, arg2: [5]u64) void { + const x1: u64 = ((arg1[0]) + (arg2[0])); + const x2: u64 = ((arg1[1]) + (arg2[1])); + const x3: u64 = ((arg1[2]) + (arg2[2])); + const x4: u64 = ((arg1[3]) + (arg2[3])); + const x5: u64 = ((arg1[4]) + (arg2[4])); + out1[0] = x1; + out1[1] = x2; + out1[2] = x3; + out1[3] = x4; + out1[4] = x5; +} + +/// The function fiat25519Sub subtracts two field elements. +/// Postconditions: +/// eval out1 mod m = (eval arg1 - eval arg2) mod m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0x8000000000000], [0x0 ~> 0x8000000000000], [0x0 ~> 0x8000000000000], [0x0 ~> 0x8000000000000], [0x0 ~> 0x8000000000000]] +/// arg2: [[0x0 ~> 0x8000000000000], [0x0 ~> 0x8000000000000], [0x0 ~> 0x8000000000000], [0x0 ~> 0x8000000000000], [0x0 ~> 0x8000000000000]] +/// Output Bounds: +/// out1: [[0x0 ~> 0x18000000000000], [0x0 ~> 0x18000000000000], [0x0 ~> 0x18000000000000], [0x0 ~> 0x18000000000000], [0x0 ~> 0x18000000000000]] +pub fn fiat25519Sub(out1: *[5]u64, arg1: [5]u64, arg2: [5]u64) void { + const x1: u64 = ((0xfffffffffffda + (arg1[0])) - (arg2[0])); + const x2: u64 = ((0xffffffffffffe + (arg1[1])) - (arg2[1])); + const x3: u64 = ((0xffffffffffffe + (arg1[2])) - (arg2[2])); + const x4: u64 = ((0xffffffffffffe + (arg1[3])) - (arg2[3])); + const x5: u64 = ((0xffffffffffffe + (arg1[4])) - (arg2[4])); + out1[0] = x1; + out1[1] = x2; + out1[2] = x3; + out1[3] = x4; + out1[4] = x5; +} + +/// The function fiat25519Opp negates a field element. +/// Postconditions: +/// eval out1 mod m = -eval arg1 mod m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0x8000000000000], [0x0 ~> 0x8000000000000], [0x0 ~> 0x8000000000000], [0x0 ~> 0x8000000000000], [0x0 ~> 0x8000000000000]] +/// Output Bounds: +/// out1: [[0x0 ~> 0x18000000000000], [0x0 ~> 0x18000000000000], [0x0 ~> 0x18000000000000], [0x0 ~> 0x18000000000000], [0x0 ~> 0x18000000000000]] +pub fn fiat25519Opp(out1: *[5]u64, arg1: [5]u64) void { + const x1: u64 = (0xfffffffffffda - (arg1[0])); + const x2: u64 = (0xffffffffffffe - (arg1[1])); + const x3: u64 = (0xffffffffffffe - (arg1[2])); + const x4: u64 = (0xffffffffffffe - (arg1[3])); + const x5: u64 = (0xffffffffffffe - (arg1[4])); + out1[0] = x1; + out1[1] = x2; + out1[2] = x3; + out1[3] = x4; + out1[4] = x5; +} + +/// The function fiat25519Selectznz is a multi-limb conditional select. +/// Postconditions: +/// eval out1 = (if arg1 = 0 then eval arg2 else eval arg3) +/// +/// Input Bounds: +/// arg1: [0x0 ~> 0x1] +/// arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// arg3: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +pub fn fiat25519Selectznz(out1: *[5]u64, arg1: u1, arg2: [5]u64, arg3: [5]u64) void { + var x1: u64 = undefined; + fiat25519CmovznzU64(&x1, arg1, (arg2[0]), (arg3[0])); + var x2: u64 = undefined; + fiat25519CmovznzU64(&x2, arg1, (arg2[1]), (arg3[1])); + var x3: u64 = undefined; + fiat25519CmovznzU64(&x3, arg1, (arg2[2]), (arg3[2])); + var x4: u64 = undefined; + fiat25519CmovznzU64(&x4, arg1, (arg2[3]), (arg3[3])); + var x5: u64 = undefined; + fiat25519CmovznzU64(&x5, arg1, (arg2[4]), (arg3[4])); + out1[0] = x1; + out1[1] = x2; + out1[2] = x3; + out1[3] = x4; + out1[4] = x5; +} + +/// The function fiat25519ToBytes serializes a field element to bytes in little-endian order. +/// Postconditions: +/// out1 = map (λ x, ⌊((eval arg1 mod m) mod 2^(8 * (x + 1))) / 2^(8 * x)⌋) [0..31] +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0x8000000000000], [0x0 ~> 0x8000000000000], [0x0 ~> 0x8000000000000], [0x0 ~> 0x8000000000000], [0x0 ~> 0x8000000000000]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0x7f]] +pub fn fiat25519ToBytes(out1: *[32]u8, arg1: [5]u64) void { + var x1: u64 = undefined; + var x2: u1 = undefined; + fiat25519SubborrowxU51(&x1, &x2, 0x0, (arg1[0]), 0x7ffffffffffed); + var x3: u64 = undefined; + var x4: u1 = undefined; + fiat25519SubborrowxU51(&x3, &x4, x2, (arg1[1]), 0x7ffffffffffff); + var x5: u64 = undefined; + var x6: u1 = undefined; + fiat25519SubborrowxU51(&x5, &x6, x4, (arg1[2]), 0x7ffffffffffff); + var x7: u64 = undefined; + var x8: u1 = undefined; + fiat25519SubborrowxU51(&x7, &x8, x6, (arg1[3]), 0x7ffffffffffff); + var x9: u64 = undefined; + var x10: u1 = undefined; + fiat25519SubborrowxU51(&x9, &x10, x8, (arg1[4]), 0x7ffffffffffff); + var x11: u64 = undefined; + fiat25519CmovznzU64(&x11, x10, @intCast(u64, 0x0), 0xffffffffffffffff); + var x12: u64 = undefined; + var x13: u1 = undefined; + fiat25519AddcarryxU51(&x12, &x13, 0x0, x1, (x11 & 0x7ffffffffffed)); + var x14: u64 = undefined; + var x15: u1 = undefined; + fiat25519AddcarryxU51(&x14, &x15, x13, x3, (x11 & 0x7ffffffffffff)); + var x16: u64 = undefined; + var x17: u1 = undefined; + fiat25519AddcarryxU51(&x16, &x17, x15, x5, (x11 & 0x7ffffffffffff)); + var x18: u64 = undefined; + var x19: u1 = undefined; + fiat25519AddcarryxU51(&x18, &x19, x17, x7, (x11 & 0x7ffffffffffff)); + var x20: u64 = undefined; + var x21: u1 = undefined; + fiat25519AddcarryxU51(&x20, &x21, x19, x9, (x11 & 0x7ffffffffffff)); + const x22: u64 = (x20 << 4); + const x23: u64 = (x18 * @intCast(u64, 0x2)); + const x24: u64 = (x16 << 6); + const x25: u64 = (x14 << 3); + const x26: u8 = @intCast(u8, (x12 & @intCast(u64, 0xff))); + const x27: u64 = (x12 >> 8); + const x28: u8 = @intCast(u8, (x27 & @intCast(u64, 0xff))); + const x29: u64 = (x27 >> 8); + const x30: u8 = @intCast(u8, (x29 & @intCast(u64, 0xff))); + const x31: u64 = (x29 >> 8); + const x32: u8 = @intCast(u8, (x31 & @intCast(u64, 0xff))); + const x33: u64 = (x31 >> 8); + const x34: u8 = @intCast(u8, (x33 & @intCast(u64, 0xff))); + const x35: u64 = (x33 >> 8); + const x36: u8 = @intCast(u8, (x35 & @intCast(u64, 0xff))); + const x37: u8 = @intCast(u8, (x35 >> 8)); + const x38: u64 = (x25 + @intCast(u64, x37)); + const x39: u8 = @intCast(u8, (x38 & @intCast(u64, 0xff))); + const x40: u64 = (x38 >> 8); + const x41: u8 = @intCast(u8, (x40 & @intCast(u64, 0xff))); + const x42: u64 = (x40 >> 8); + const x43: u8 = @intCast(u8, (x42 & @intCast(u64, 0xff))); + const x44: u64 = (x42 >> 8); + const x45: u8 = @intCast(u8, (x44 & @intCast(u64, 0xff))); + const x46: u64 = (x44 >> 8); + const x47: u8 = @intCast(u8, (x46 & @intCast(u64, 0xff))); + const x48: u64 = (x46 >> 8); + const x49: u8 = @intCast(u8, (x48 & @intCast(u64, 0xff))); + const x50: u8 = @intCast(u8, (x48 >> 8)); + const x51: u64 = (x24 + @intCast(u64, x50)); + const x52: u8 = @intCast(u8, (x51 & @intCast(u64, 0xff))); + const x53: u64 = (x51 >> 8); + const x54: u8 = @intCast(u8, (x53 & @intCast(u64, 0xff))); + const x55: u64 = (x53 >> 8); + const x56: u8 = @intCast(u8, (x55 & @intCast(u64, 0xff))); + const x57: u64 = (x55 >> 8); + const x58: u8 = @intCast(u8, (x57 & @intCast(u64, 0xff))); + const x59: u64 = (x57 >> 8); + const x60: u8 = @intCast(u8, (x59 & @intCast(u64, 0xff))); + const x61: u64 = (x59 >> 8); + const x62: u8 = @intCast(u8, (x61 & @intCast(u64, 0xff))); + const x63: u64 = (x61 >> 8); + const x64: u8 = @intCast(u8, (x63 & @intCast(u64, 0xff))); + const x65: u1 = @intCast(u1, (x63 >> 8)); + const x66: u64 = (x23 + @intCast(u64, x65)); + const x67: u8 = @intCast(u8, (x66 & @intCast(u64, 0xff))); + const x68: u64 = (x66 >> 8); + const x69: u8 = @intCast(u8, (x68 & @intCast(u64, 0xff))); + const x70: u64 = (x68 >> 8); + const x71: u8 = @intCast(u8, (x70 & @intCast(u64, 0xff))); + const x72: u64 = (x70 >> 8); + const x73: u8 = @intCast(u8, (x72 & @intCast(u64, 0xff))); + const x74: u64 = (x72 >> 8); + const x75: u8 = @intCast(u8, (x74 & @intCast(u64, 0xff))); + const x76: u64 = (x74 >> 8); + const x77: u8 = @intCast(u8, (x76 & @intCast(u64, 0xff))); + const x78: u8 = @intCast(u8, (x76 >> 8)); + const x79: u64 = (x22 + @intCast(u64, x78)); + const x80: u8 = @intCast(u8, (x79 & @intCast(u64, 0xff))); + const x81: u64 = (x79 >> 8); + const x82: u8 = @intCast(u8, (x81 & @intCast(u64, 0xff))); + const x83: u64 = (x81 >> 8); + const x84: u8 = @intCast(u8, (x83 & @intCast(u64, 0xff))); + const x85: u64 = (x83 >> 8); + const x86: u8 = @intCast(u8, (x85 & @intCast(u64, 0xff))); + const x87: u64 = (x85 >> 8); + const x88: u8 = @intCast(u8, (x87 & @intCast(u64, 0xff))); + const x89: u64 = (x87 >> 8); + const x90: u8 = @intCast(u8, (x89 & @intCast(u64, 0xff))); + const x91: u8 = @intCast(u8, (x89 >> 8)); + out1[0] = x26; + out1[1] = x28; + out1[2] = x30; + out1[3] = x32; + out1[4] = x34; + out1[5] = x36; + out1[6] = x39; + out1[7] = x41; + out1[8] = x43; + out1[9] = x45; + out1[10] = x47; + out1[11] = x49; + out1[12] = x52; + out1[13] = x54; + out1[14] = x56; + out1[15] = x58; + out1[16] = x60; + out1[17] = x62; + out1[18] = x64; + out1[19] = x67; + out1[20] = x69; + out1[21] = x71; + out1[22] = x73; + out1[23] = x75; + out1[24] = x77; + out1[25] = x80; + out1[26] = x82; + out1[27] = x84; + out1[28] = x86; + out1[29] = x88; + out1[30] = x90; + out1[31] = x91; +} + +/// The function fiat25519FromBytes deserializes a field element from bytes in little-endian order. +/// Postconditions: +/// eval out1 mod m = bytes_eval arg1 mod m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0x7f]] +/// Output Bounds: +/// out1: [[0x0 ~> 0x8000000000000], [0x0 ~> 0x8000000000000], [0x0 ~> 0x8000000000000], [0x0 ~> 0x8000000000000], [0x0 ~> 0x8000000000000]] +pub fn fiat25519FromBytes(out1: *[5]u64, arg1: [32]u8) void { + const x1: u64 = (@intCast(u64, (arg1[31])) << 44); + const x2: u64 = (@intCast(u64, (arg1[30])) << 36); + const x3: u64 = (@intCast(u64, (arg1[29])) << 28); + const x4: u64 = (@intCast(u64, (arg1[28])) << 20); + const x5: u64 = (@intCast(u64, (arg1[27])) << 12); + const x6: u64 = (@intCast(u64, (arg1[26])) << 4); + const x7: u64 = (@intCast(u64, (arg1[25])) << 47); + const x8: u64 = (@intCast(u64, (arg1[24])) << 39); + const x9: u64 = (@intCast(u64, (arg1[23])) << 31); + const x10: u64 = (@intCast(u64, (arg1[22])) << 23); + const x11: u64 = (@intCast(u64, (arg1[21])) << 15); + const x12: u64 = (@intCast(u64, (arg1[20])) << 7); + const x13: u64 = (@intCast(u64, (arg1[19])) << 50); + const x14: u64 = (@intCast(u64, (arg1[18])) << 42); + const x15: u64 = (@intCast(u64, (arg1[17])) << 34); + const x16: u64 = (@intCast(u64, (arg1[16])) << 26); + const x17: u64 = (@intCast(u64, (arg1[15])) << 18); + const x18: u64 = (@intCast(u64, (arg1[14])) << 10); + const x19: u64 = (@intCast(u64, (arg1[13])) << 2); + const x20: u64 = (@intCast(u64, (arg1[12])) << 45); + const x21: u64 = (@intCast(u64, (arg1[11])) << 37); + const x22: u64 = (@intCast(u64, (arg1[10])) << 29); + const x23: u64 = (@intCast(u64, (arg1[9])) << 21); + const x24: u64 = (@intCast(u64, (arg1[8])) << 13); + const x25: u64 = (@intCast(u64, (arg1[7])) << 5); + const x26: u64 = (@intCast(u64, (arg1[6])) << 48); + const x27: u64 = (@intCast(u64, (arg1[5])) << 40); + const x28: u64 = (@intCast(u64, (arg1[4])) << 32); + const x29: u64 = (@intCast(u64, (arg1[3])) << 24); + const x30: u64 = (@intCast(u64, (arg1[2])) << 16); + const x31: u64 = (@intCast(u64, (arg1[1])) << 8); + const x32: u8 = (arg1[0]); + const x33: u64 = (x31 + @intCast(u64, x32)); + const x34: u64 = (x30 + x33); + const x35: u64 = (x29 + x34); + const x36: u64 = (x28 + x35); + const x37: u64 = (x27 + x36); + const x38: u64 = (x26 + x37); + const x39: u64 = (x38 & 0x7ffffffffffff); + const x40: u8 = @intCast(u8, (x38 >> 51)); + const x41: u64 = (x25 + @intCast(u64, x40)); + const x42: u64 = (x24 + x41); + const x43: u64 = (x23 + x42); + const x44: u64 = (x22 + x43); + const x45: u64 = (x21 + x44); + const x46: u64 = (x20 + x45); + const x47: u64 = (x46 & 0x7ffffffffffff); + const x48: u8 = @intCast(u8, (x46 >> 51)); + const x49: u64 = (x19 + @intCast(u64, x48)); + const x50: u64 = (x18 + x49); + const x51: u64 = (x17 + x50); + const x52: u64 = (x16 + x51); + const x53: u64 = (x15 + x52); + const x54: u64 = (x14 + x53); + const x55: u64 = (x13 + x54); + const x56: u64 = (x55 & 0x7ffffffffffff); + const x57: u8 = @intCast(u8, (x55 >> 51)); + const x58: u64 = (x12 + @intCast(u64, x57)); + const x59: u64 = (x11 + x58); + const x60: u64 = (x10 + x59); + const x61: u64 = (x9 + x60); + const x62: u64 = (x8 + x61); + const x63: u64 = (x7 + x62); + const x64: u64 = (x63 & 0x7ffffffffffff); + const x65: u8 = @intCast(u8, (x63 >> 51)); + const x66: u64 = (x6 + @intCast(u64, x65)); + const x67: u64 = (x5 + x66); + const x68: u64 = (x4 + x67); + const x69: u64 = (x3 + x68); + const x70: u64 = (x2 + x69); + const x71: u64 = (x1 + x70); + out1[0] = x39; + out1[1] = x47; + out1[2] = x56; + out1[3] = x64; + out1[4] = x71; +} + +/// The function fiat25519CarryScmul121666 multiplies a field element by 121666 and reduces the result. +/// Postconditions: +/// eval out1 mod m = (121666 * eval arg1) mod m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0x18000000000000], [0x0 ~> 0x18000000000000], [0x0 ~> 0x18000000000000], [0x0 ~> 0x18000000000000], [0x0 ~> 0x18000000000000]] +/// Output Bounds: +/// out1: [[0x0 ~> 0x8000000000000], [0x0 ~> 0x8000000000000], [0x0 ~> 0x8000000000000], [0x0 ~> 0x8000000000000], [0x0 ~> 0x8000000000000]] +pub fn fiat25519CarryScmul121666(out1: *[5]u64, arg1: [5]u64) void { + const x1: u128 = (@intCast(u128, 0x1db42) * @intCast(u128, (arg1[4]))); + const x2: u128 = (@intCast(u128, 0x1db42) * @intCast(u128, (arg1[3]))); + const x3: u128 = (@intCast(u128, 0x1db42) * @intCast(u128, (arg1[2]))); + const x4: u128 = (@intCast(u128, 0x1db42) * @intCast(u128, (arg1[1]))); + const x5: u128 = (@intCast(u128, 0x1db42) * @intCast(u128, (arg1[0]))); + const x6: u64 = @intCast(u64, (x5 >> 51)); + const x7: u64 = @intCast(u64, (x5 & @intCast(u128, 0x7ffffffffffff))); + const x8: u128 = (@intCast(u128, x6) + x4); + const x9: u64 = @intCast(u64, (x8 >> 51)); + const x10: u64 = @intCast(u64, (x8 & @intCast(u128, 0x7ffffffffffff))); + const x11: u128 = (@intCast(u128, x9) + x3); + const x12: u64 = @intCast(u64, (x11 >> 51)); + const x13: u64 = @intCast(u64, (x11 & @intCast(u128, 0x7ffffffffffff))); + const x14: u128 = (@intCast(u128, x12) + x2); + const x15: u64 = @intCast(u64, (x14 >> 51)); + const x16: u64 = @intCast(u64, (x14 & @intCast(u128, 0x7ffffffffffff))); + const x17: u128 = (@intCast(u128, x15) + x1); + const x18: u64 = @intCast(u64, (x17 >> 51)); + const x19: u64 = @intCast(u64, (x17 & @intCast(u128, 0x7ffffffffffff))); + const x20: u64 = (x18 * 0x13); + const x21: u64 = (x7 + x20); + const x22: u1 = @intCast(u1, (x21 >> 51)); + const x23: u64 = (x21 & 0x7ffffffffffff); + const x24: u64 = (@intCast(u64, x22) + x10); + const x25: u1 = @intCast(u1, (x24 >> 51)); + const x26: u64 = (x24 & 0x7ffffffffffff); + const x27: u64 = (@intCast(u64, x25) + x13); + out1[0] = x23; + out1[1] = x26; + out1[2] = x27; + out1[3] = x16; + out1[4] = x19; +} + diff --git a/fiat-zig/src/main.zig b/fiat-zig/src/main.zig new file mode 100644 index 0000000000..a3318f0157 --- /dev/null +++ b/fiat-zig/src/main.zig @@ -0,0 +1,18 @@ +pub fn main() void { + _ = @import("curve25519_32.zig"); + _ = @import("curve25519_64.zig"); + _ = @import("p224_32.zig"); + _ = @import("p224_64.zig"); + _ = @import("p256_32.zig"); + _ = @import("p256_64.zig"); + _ = @import("p384_32.zig"); + _ = @import("p384_64.zig"); + _ = @import("p434_64.zig"); + _ = @import("p448_solinas_32.zig"); + _ = @import("p448_solinas_64.zig"); + _ = @import("p521_64.zig"); + _ = @import("poly1305_32.zig"); + _ = @import("poly1305_64.zig"); + _ = @import("secp256k1_32.zig"); + _ = @import("secp256k1_64.zig"); +} diff --git a/fiat-zig/src/p224_32.zig b/fiat-zig/src/p224_32.zig new file mode 100644 index 0000000000..cba4eb1e46 --- /dev/null +++ b/fiat-zig/src/p224_32.zig @@ -0,0 +1,3733 @@ +/// Autogenerated: 'src/ExtractionOCaml/word_by_word_montgomery' --lang Zig --internal-static --public-function-case camelCase --private-function-case camelCase p224 32 '2^224 - 2^96 + 1' mul square add sub opp from_montgomery to_montgomery nonzero selectznz to_bytes from_bytes one msat divstep divstep_precomp +/// curve description: p224 +/// machine_wordsize = 32 (from "32") +/// requested operations: mul, square, add, sub, opp, from_montgomery, to_montgomery, nonzero, selectznz, to_bytes, from_bytes, one, msat, divstep, divstep_precomp +/// m = 0xffffffffffffffffffffffffffffffff000000000000000000000001 (from "2^224 - 2^96 + 1") +/// +/// NOTE: In addition to the bounds specified above each function, all +/// functions synthesized for this Montgomery arithmetic require the +/// input to be strictly less than the prime modulus (m), and also +/// require the input to be in the unique saturated representation. +/// All functions also ensure that these two properties are true of +/// return values. +/// +/// Computed values: +/// eval z = z[0] + (z[1] << 32) + (z[2] << 64) + (z[3] << 96) + (z[4] << 128) + (z[5] << 160) + (z[6] << 192) +/// bytes_eval z = z[0] + (z[1] << 8) + (z[2] << 16) + (z[3] << 24) + (z[4] << 32) + (z[5] << 40) + (z[6] << 48) + (z[7] << 56) + (z[8] << 64) + (z[9] << 72) + (z[10] << 80) + (z[11] << 88) + (z[12] << 96) + (z[13] << 104) + (z[14] << 112) + (z[15] << 120) + (z[16] << 128) + (z[17] << 136) + (z[18] << 144) + (z[19] << 152) + (z[20] << 160) + (z[21] << 168) + (z[22] << 176) + (z[23] << 184) + (z[24] << 192) + (z[25] << 200) + (z[26] << 208) + (z[27] << 216) + + +/// The function fiatP224AddcarryxU32 is an addition with carry. +/// Postconditions: +/// out1 = (arg1 + arg2 + arg3) mod 2^32 +/// out2 = ⌊(arg1 + arg2 + arg3) / 2^32⌋ +/// +/// Input Bounds: +/// arg1: [0x0 ~> 0x1] +/// arg2: [0x0 ~> 0xffffffff] +/// arg3: [0x0 ~> 0xffffffff] +/// Output Bounds: +/// out1: [0x0 ~> 0xffffffff] +/// out2: [0x0 ~> 0x1] +fn fiatP224AddcarryxU32(out1: *u32, out2: *u1, arg1: u1, arg2: u32, arg3: u32) callconv(.Inline) void { + const x1: u64 = ((@intCast(u64, arg1) + @intCast(u64, arg2)) + @intCast(u64, arg3)); + const x2: u32 = @intCast(u32, (x1 & @intCast(u64, 0xffffffff))); + const x3: u1 = @intCast(u1, (x1 >> 32)); + out1.* = x2; + out2.* = x3; +} + +/// The function fiatP224SubborrowxU32 is a subtraction with borrow. +/// Postconditions: +/// out1 = (-arg1 + arg2 + -arg3) mod 2^32 +/// out2 = -⌊(-arg1 + arg2 + -arg3) / 2^32⌋ +/// +/// Input Bounds: +/// arg1: [0x0 ~> 0x1] +/// arg2: [0x0 ~> 0xffffffff] +/// arg3: [0x0 ~> 0xffffffff] +/// Output Bounds: +/// out1: [0x0 ~> 0xffffffff] +/// out2: [0x0 ~> 0x1] +fn fiatP224SubborrowxU32(out1: *u32, out2: *u1, arg1: u1, arg2: u32, arg3: u32) callconv(.Inline) void { + const x1: i64 = ((@intCast(i64, arg2) - @intCast(i64, arg1)) - @intCast(i64, arg3)); + const x2: i1 = @intCast(i1, (x1 >> 32)); + const x3: u32 = @intCast(u32, (x1 & @intCast(i64, 0xffffffff))); + out1.* = x3; + out2.* = @intCast(u1, (@intCast(i2, 0x0) - @intCast(i2, x2))); +} + +/// The function fiatP224MulxU32 is a multiplication, returning the full double-width result. +/// Postconditions: +/// out1 = (arg1 * arg2) mod 2^32 +/// out2 = ⌊arg1 * arg2 / 2^32⌋ +/// +/// Input Bounds: +/// arg1: [0x0 ~> 0xffffffff] +/// arg2: [0x0 ~> 0xffffffff] +/// Output Bounds: +/// out1: [0x0 ~> 0xffffffff] +/// out2: [0x0 ~> 0xffffffff] +fn fiatP224MulxU32(out1: *u32, out2: *u32, arg1: u32, arg2: u32) callconv(.Inline) void { + const x1: u64 = (@intCast(u64, arg1) * @intCast(u64, arg2)); + const x2: u32 = @intCast(u32, (x1 & @intCast(u64, 0xffffffff))); + const x3: u32 = @intCast(u32, (x1 >> 32)); + out1.* = x2; + out2.* = x3; +} + +/// The function fiatP224CmovznzU32 is a single-word conditional move. +/// Postconditions: +/// out1 = (if arg1 = 0 then arg2 else arg3) +/// +/// Input Bounds: +/// arg1: [0x0 ~> 0x1] +/// arg2: [0x0 ~> 0xffffffff] +/// arg3: [0x0 ~> 0xffffffff] +/// Output Bounds: +/// out1: [0x0 ~> 0xffffffff] +fn fiatP224CmovznzU32(out1: *u32, arg1: u1, arg2: u32, arg3: u32) callconv(.Inline) void { + const x1: u1 = (~(~arg1)); + const x2: u32 = @intCast(u32, (@intCast(i64, @intCast(i1, (@intCast(i2, 0x0) - @intCast(i2, x1)))) & @intCast(i64, 0xffffffff))); + const x3: u32 = ((x2 & arg3) | ((~x2) & arg2)); + out1.* = x3; +} + +/// The function fiatP224Mul multiplies two field elements in the Montgomery domain. +/// Preconditions: +/// 0 ≤ eval arg1 < m +/// 0 ≤ eval arg2 < m +/// Postconditions: +/// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg2)) mod m +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +/// arg2: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +pub fn fiatP224Mul(out1: *[7]u32, arg1: [7]u32, arg2: [7]u32) void { + const x1: u32 = (arg1[1]); + const x2: u32 = (arg1[2]); + const x3: u32 = (arg1[3]); + const x4: u32 = (arg1[4]); + const x5: u32 = (arg1[5]); + const x6: u32 = (arg1[6]); + const x7: u32 = (arg1[0]); + var x8: u32 = undefined; + var x9: u32 = undefined; + fiatP224MulxU32(&x8, &x9, x7, (arg2[6])); + var x10: u32 = undefined; + var x11: u32 = undefined; + fiatP224MulxU32(&x10, &x11, x7, (arg2[5])); + var x12: u32 = undefined; + var x13: u32 = undefined; + fiatP224MulxU32(&x12, &x13, x7, (arg2[4])); + var x14: u32 = undefined; + var x15: u32 = undefined; + fiatP224MulxU32(&x14, &x15, x7, (arg2[3])); + var x16: u32 = undefined; + var x17: u32 = undefined; + fiatP224MulxU32(&x16, &x17, x7, (arg2[2])); + var x18: u32 = undefined; + var x19: u32 = undefined; + fiatP224MulxU32(&x18, &x19, x7, (arg2[1])); + var x20: u32 = undefined; + var x21: u32 = undefined; + fiatP224MulxU32(&x20, &x21, x7, (arg2[0])); + var x22: u32 = undefined; + var x23: u1 = undefined; + fiatP224AddcarryxU32(&x22, &x23, 0x0, x21, x18); + var x24: u32 = undefined; + var x25: u1 = undefined; + fiatP224AddcarryxU32(&x24, &x25, x23, x19, x16); + var x26: u32 = undefined; + var x27: u1 = undefined; + fiatP224AddcarryxU32(&x26, &x27, x25, x17, x14); + var x28: u32 = undefined; + var x29: u1 = undefined; + fiatP224AddcarryxU32(&x28, &x29, x27, x15, x12); + var x30: u32 = undefined; + var x31: u1 = undefined; + fiatP224AddcarryxU32(&x30, &x31, x29, x13, x10); + var x32: u32 = undefined; + var x33: u1 = undefined; + fiatP224AddcarryxU32(&x32, &x33, x31, x11, x8); + const x34: u32 = (@intCast(u32, x33) + x9); + var x35: u32 = undefined; + var x36: u32 = undefined; + fiatP224MulxU32(&x35, &x36, x20, 0xffffffff); + var x37: u32 = undefined; + var x38: u32 = undefined; + fiatP224MulxU32(&x37, &x38, x35, 0xffffffff); + var x39: u32 = undefined; + var x40: u32 = undefined; + fiatP224MulxU32(&x39, &x40, x35, 0xffffffff); + var x41: u32 = undefined; + var x42: u32 = undefined; + fiatP224MulxU32(&x41, &x42, x35, 0xffffffff); + var x43: u32 = undefined; + var x44: u32 = undefined; + fiatP224MulxU32(&x43, &x44, x35, 0xffffffff); + var x45: u32 = undefined; + var x46: u1 = undefined; + fiatP224AddcarryxU32(&x45, &x46, 0x0, x44, x41); + var x47: u32 = undefined; + var x48: u1 = undefined; + fiatP224AddcarryxU32(&x47, &x48, x46, x42, x39); + var x49: u32 = undefined; + var x50: u1 = undefined; + fiatP224AddcarryxU32(&x49, &x50, x48, x40, x37); + const x51: u32 = (@intCast(u32, x50) + x38); + var x52: u32 = undefined; + var x53: u1 = undefined; + fiatP224AddcarryxU32(&x52, &x53, 0x0, x20, x35); + var x54: u32 = undefined; + var x55: u1 = undefined; + fiatP224AddcarryxU32(&x54, &x55, x53, x22, @intCast(u32, 0x0)); + var x56: u32 = undefined; + var x57: u1 = undefined; + fiatP224AddcarryxU32(&x56, &x57, x55, x24, @intCast(u32, 0x0)); + var x58: u32 = undefined; + var x59: u1 = undefined; + fiatP224AddcarryxU32(&x58, &x59, x57, x26, x43); + var x60: u32 = undefined; + var x61: u1 = undefined; + fiatP224AddcarryxU32(&x60, &x61, x59, x28, x45); + var x62: u32 = undefined; + var x63: u1 = undefined; + fiatP224AddcarryxU32(&x62, &x63, x61, x30, x47); + var x64: u32 = undefined; + var x65: u1 = undefined; + fiatP224AddcarryxU32(&x64, &x65, x63, x32, x49); + var x66: u32 = undefined; + var x67: u1 = undefined; + fiatP224AddcarryxU32(&x66, &x67, x65, x34, x51); + var x68: u32 = undefined; + var x69: u32 = undefined; + fiatP224MulxU32(&x68, &x69, x1, (arg2[6])); + var x70: u32 = undefined; + var x71: u32 = undefined; + fiatP224MulxU32(&x70, &x71, x1, (arg2[5])); + var x72: u32 = undefined; + var x73: u32 = undefined; + fiatP224MulxU32(&x72, &x73, x1, (arg2[4])); + var x74: u32 = undefined; + var x75: u32 = undefined; + fiatP224MulxU32(&x74, &x75, x1, (arg2[3])); + var x76: u32 = undefined; + var x77: u32 = undefined; + fiatP224MulxU32(&x76, &x77, x1, (arg2[2])); + var x78: u32 = undefined; + var x79: u32 = undefined; + fiatP224MulxU32(&x78, &x79, x1, (arg2[1])); + var x80: u32 = undefined; + var x81: u32 = undefined; + fiatP224MulxU32(&x80, &x81, x1, (arg2[0])); + var x82: u32 = undefined; + var x83: u1 = undefined; + fiatP224AddcarryxU32(&x82, &x83, 0x0, x81, x78); + var x84: u32 = undefined; + var x85: u1 = undefined; + fiatP224AddcarryxU32(&x84, &x85, x83, x79, x76); + var x86: u32 = undefined; + var x87: u1 = undefined; + fiatP224AddcarryxU32(&x86, &x87, x85, x77, x74); + var x88: u32 = undefined; + var x89: u1 = undefined; + fiatP224AddcarryxU32(&x88, &x89, x87, x75, x72); + var x90: u32 = undefined; + var x91: u1 = undefined; + fiatP224AddcarryxU32(&x90, &x91, x89, x73, x70); + var x92: u32 = undefined; + var x93: u1 = undefined; + fiatP224AddcarryxU32(&x92, &x93, x91, x71, x68); + const x94: u32 = (@intCast(u32, x93) + x69); + var x95: u32 = undefined; + var x96: u1 = undefined; + fiatP224AddcarryxU32(&x95, &x96, 0x0, x54, x80); + var x97: u32 = undefined; + var x98: u1 = undefined; + fiatP224AddcarryxU32(&x97, &x98, x96, x56, x82); + var x99: u32 = undefined; + var x100: u1 = undefined; + fiatP224AddcarryxU32(&x99, &x100, x98, x58, x84); + var x101: u32 = undefined; + var x102: u1 = undefined; + fiatP224AddcarryxU32(&x101, &x102, x100, x60, x86); + var x103: u32 = undefined; + var x104: u1 = undefined; + fiatP224AddcarryxU32(&x103, &x104, x102, x62, x88); + var x105: u32 = undefined; + var x106: u1 = undefined; + fiatP224AddcarryxU32(&x105, &x106, x104, x64, x90); + var x107: u32 = undefined; + var x108: u1 = undefined; + fiatP224AddcarryxU32(&x107, &x108, x106, x66, x92); + var x109: u32 = undefined; + var x110: u1 = undefined; + fiatP224AddcarryxU32(&x109, &x110, x108, @intCast(u32, x67), x94); + var x111: u32 = undefined; + var x112: u32 = undefined; + fiatP224MulxU32(&x111, &x112, x95, 0xffffffff); + var x113: u32 = undefined; + var x114: u32 = undefined; + fiatP224MulxU32(&x113, &x114, x111, 0xffffffff); + var x115: u32 = undefined; + var x116: u32 = undefined; + fiatP224MulxU32(&x115, &x116, x111, 0xffffffff); + var x117: u32 = undefined; + var x118: u32 = undefined; + fiatP224MulxU32(&x117, &x118, x111, 0xffffffff); + var x119: u32 = undefined; + var x120: u32 = undefined; + fiatP224MulxU32(&x119, &x120, x111, 0xffffffff); + var x121: u32 = undefined; + var x122: u1 = undefined; + fiatP224AddcarryxU32(&x121, &x122, 0x0, x120, x117); + var x123: u32 = undefined; + var x124: u1 = undefined; + fiatP224AddcarryxU32(&x123, &x124, x122, x118, x115); + var x125: u32 = undefined; + var x126: u1 = undefined; + fiatP224AddcarryxU32(&x125, &x126, x124, x116, x113); + const x127: u32 = (@intCast(u32, x126) + x114); + var x128: u32 = undefined; + var x129: u1 = undefined; + fiatP224AddcarryxU32(&x128, &x129, 0x0, x95, x111); + var x130: u32 = undefined; + var x131: u1 = undefined; + fiatP224AddcarryxU32(&x130, &x131, x129, x97, @intCast(u32, 0x0)); + var x132: u32 = undefined; + var x133: u1 = undefined; + fiatP224AddcarryxU32(&x132, &x133, x131, x99, @intCast(u32, 0x0)); + var x134: u32 = undefined; + var x135: u1 = undefined; + fiatP224AddcarryxU32(&x134, &x135, x133, x101, x119); + var x136: u32 = undefined; + var x137: u1 = undefined; + fiatP224AddcarryxU32(&x136, &x137, x135, x103, x121); + var x138: u32 = undefined; + var x139: u1 = undefined; + fiatP224AddcarryxU32(&x138, &x139, x137, x105, x123); + var x140: u32 = undefined; + var x141: u1 = undefined; + fiatP224AddcarryxU32(&x140, &x141, x139, x107, x125); + var x142: u32 = undefined; + var x143: u1 = undefined; + fiatP224AddcarryxU32(&x142, &x143, x141, x109, x127); + const x144: u32 = (@intCast(u32, x143) + @intCast(u32, x110)); + var x145: u32 = undefined; + var x146: u32 = undefined; + fiatP224MulxU32(&x145, &x146, x2, (arg2[6])); + var x147: u32 = undefined; + var x148: u32 = undefined; + fiatP224MulxU32(&x147, &x148, x2, (arg2[5])); + var x149: u32 = undefined; + var x150: u32 = undefined; + fiatP224MulxU32(&x149, &x150, x2, (arg2[4])); + var x151: u32 = undefined; + var x152: u32 = undefined; + fiatP224MulxU32(&x151, &x152, x2, (arg2[3])); + var x153: u32 = undefined; + var x154: u32 = undefined; + fiatP224MulxU32(&x153, &x154, x2, (arg2[2])); + var x155: u32 = undefined; + var x156: u32 = undefined; + fiatP224MulxU32(&x155, &x156, x2, (arg2[1])); + var x157: u32 = undefined; + var x158: u32 = undefined; + fiatP224MulxU32(&x157, &x158, x2, (arg2[0])); + var x159: u32 = undefined; + var x160: u1 = undefined; + fiatP224AddcarryxU32(&x159, &x160, 0x0, x158, x155); + var x161: u32 = undefined; + var x162: u1 = undefined; + fiatP224AddcarryxU32(&x161, &x162, x160, x156, x153); + var x163: u32 = undefined; + var x164: u1 = undefined; + fiatP224AddcarryxU32(&x163, &x164, x162, x154, x151); + var x165: u32 = undefined; + var x166: u1 = undefined; + fiatP224AddcarryxU32(&x165, &x166, x164, x152, x149); + var x167: u32 = undefined; + var x168: u1 = undefined; + fiatP224AddcarryxU32(&x167, &x168, x166, x150, x147); + var x169: u32 = undefined; + var x170: u1 = undefined; + fiatP224AddcarryxU32(&x169, &x170, x168, x148, x145); + const x171: u32 = (@intCast(u32, x170) + x146); + var x172: u32 = undefined; + var x173: u1 = undefined; + fiatP224AddcarryxU32(&x172, &x173, 0x0, x130, x157); + var x174: u32 = undefined; + var x175: u1 = undefined; + fiatP224AddcarryxU32(&x174, &x175, x173, x132, x159); + var x176: u32 = undefined; + var x177: u1 = undefined; + fiatP224AddcarryxU32(&x176, &x177, x175, x134, x161); + var x178: u32 = undefined; + var x179: u1 = undefined; + fiatP224AddcarryxU32(&x178, &x179, x177, x136, x163); + var x180: u32 = undefined; + var x181: u1 = undefined; + fiatP224AddcarryxU32(&x180, &x181, x179, x138, x165); + var x182: u32 = undefined; + var x183: u1 = undefined; + fiatP224AddcarryxU32(&x182, &x183, x181, x140, x167); + var x184: u32 = undefined; + var x185: u1 = undefined; + fiatP224AddcarryxU32(&x184, &x185, x183, x142, x169); + var x186: u32 = undefined; + var x187: u1 = undefined; + fiatP224AddcarryxU32(&x186, &x187, x185, x144, x171); + var x188: u32 = undefined; + var x189: u32 = undefined; + fiatP224MulxU32(&x188, &x189, x172, 0xffffffff); + var x190: u32 = undefined; + var x191: u32 = undefined; + fiatP224MulxU32(&x190, &x191, x188, 0xffffffff); + var x192: u32 = undefined; + var x193: u32 = undefined; + fiatP224MulxU32(&x192, &x193, x188, 0xffffffff); + var x194: u32 = undefined; + var x195: u32 = undefined; + fiatP224MulxU32(&x194, &x195, x188, 0xffffffff); + var x196: u32 = undefined; + var x197: u32 = undefined; + fiatP224MulxU32(&x196, &x197, x188, 0xffffffff); + var x198: u32 = undefined; + var x199: u1 = undefined; + fiatP224AddcarryxU32(&x198, &x199, 0x0, x197, x194); + var x200: u32 = undefined; + var x201: u1 = undefined; + fiatP224AddcarryxU32(&x200, &x201, x199, x195, x192); + var x202: u32 = undefined; + var x203: u1 = undefined; + fiatP224AddcarryxU32(&x202, &x203, x201, x193, x190); + const x204: u32 = (@intCast(u32, x203) + x191); + var x205: u32 = undefined; + var x206: u1 = undefined; + fiatP224AddcarryxU32(&x205, &x206, 0x0, x172, x188); + var x207: u32 = undefined; + var x208: u1 = undefined; + fiatP224AddcarryxU32(&x207, &x208, x206, x174, @intCast(u32, 0x0)); + var x209: u32 = undefined; + var x210: u1 = undefined; + fiatP224AddcarryxU32(&x209, &x210, x208, x176, @intCast(u32, 0x0)); + var x211: u32 = undefined; + var x212: u1 = undefined; + fiatP224AddcarryxU32(&x211, &x212, x210, x178, x196); + var x213: u32 = undefined; + var x214: u1 = undefined; + fiatP224AddcarryxU32(&x213, &x214, x212, x180, x198); + var x215: u32 = undefined; + var x216: u1 = undefined; + fiatP224AddcarryxU32(&x215, &x216, x214, x182, x200); + var x217: u32 = undefined; + var x218: u1 = undefined; + fiatP224AddcarryxU32(&x217, &x218, x216, x184, x202); + var x219: u32 = undefined; + var x220: u1 = undefined; + fiatP224AddcarryxU32(&x219, &x220, x218, x186, x204); + const x221: u32 = (@intCast(u32, x220) + @intCast(u32, x187)); + var x222: u32 = undefined; + var x223: u32 = undefined; + fiatP224MulxU32(&x222, &x223, x3, (arg2[6])); + var x224: u32 = undefined; + var x225: u32 = undefined; + fiatP224MulxU32(&x224, &x225, x3, (arg2[5])); + var x226: u32 = undefined; + var x227: u32 = undefined; + fiatP224MulxU32(&x226, &x227, x3, (arg2[4])); + var x228: u32 = undefined; + var x229: u32 = undefined; + fiatP224MulxU32(&x228, &x229, x3, (arg2[3])); + var x230: u32 = undefined; + var x231: u32 = undefined; + fiatP224MulxU32(&x230, &x231, x3, (arg2[2])); + var x232: u32 = undefined; + var x233: u32 = undefined; + fiatP224MulxU32(&x232, &x233, x3, (arg2[1])); + var x234: u32 = undefined; + var x235: u32 = undefined; + fiatP224MulxU32(&x234, &x235, x3, (arg2[0])); + var x236: u32 = undefined; + var x237: u1 = undefined; + fiatP224AddcarryxU32(&x236, &x237, 0x0, x235, x232); + var x238: u32 = undefined; + var x239: u1 = undefined; + fiatP224AddcarryxU32(&x238, &x239, x237, x233, x230); + var x240: u32 = undefined; + var x241: u1 = undefined; + fiatP224AddcarryxU32(&x240, &x241, x239, x231, x228); + var x242: u32 = undefined; + var x243: u1 = undefined; + fiatP224AddcarryxU32(&x242, &x243, x241, x229, x226); + var x244: u32 = undefined; + var x245: u1 = undefined; + fiatP224AddcarryxU32(&x244, &x245, x243, x227, x224); + var x246: u32 = undefined; + var x247: u1 = undefined; + fiatP224AddcarryxU32(&x246, &x247, x245, x225, x222); + const x248: u32 = (@intCast(u32, x247) + x223); + var x249: u32 = undefined; + var x250: u1 = undefined; + fiatP224AddcarryxU32(&x249, &x250, 0x0, x207, x234); + var x251: u32 = undefined; + var x252: u1 = undefined; + fiatP224AddcarryxU32(&x251, &x252, x250, x209, x236); + var x253: u32 = undefined; + var x254: u1 = undefined; + fiatP224AddcarryxU32(&x253, &x254, x252, x211, x238); + var x255: u32 = undefined; + var x256: u1 = undefined; + fiatP224AddcarryxU32(&x255, &x256, x254, x213, x240); + var x257: u32 = undefined; + var x258: u1 = undefined; + fiatP224AddcarryxU32(&x257, &x258, x256, x215, x242); + var x259: u32 = undefined; + var x260: u1 = undefined; + fiatP224AddcarryxU32(&x259, &x260, x258, x217, x244); + var x261: u32 = undefined; + var x262: u1 = undefined; + fiatP224AddcarryxU32(&x261, &x262, x260, x219, x246); + var x263: u32 = undefined; + var x264: u1 = undefined; + fiatP224AddcarryxU32(&x263, &x264, x262, x221, x248); + var x265: u32 = undefined; + var x266: u32 = undefined; + fiatP224MulxU32(&x265, &x266, x249, 0xffffffff); + var x267: u32 = undefined; + var x268: u32 = undefined; + fiatP224MulxU32(&x267, &x268, x265, 0xffffffff); + var x269: u32 = undefined; + var x270: u32 = undefined; + fiatP224MulxU32(&x269, &x270, x265, 0xffffffff); + var x271: u32 = undefined; + var x272: u32 = undefined; + fiatP224MulxU32(&x271, &x272, x265, 0xffffffff); + var x273: u32 = undefined; + var x274: u32 = undefined; + fiatP224MulxU32(&x273, &x274, x265, 0xffffffff); + var x275: u32 = undefined; + var x276: u1 = undefined; + fiatP224AddcarryxU32(&x275, &x276, 0x0, x274, x271); + var x277: u32 = undefined; + var x278: u1 = undefined; + fiatP224AddcarryxU32(&x277, &x278, x276, x272, x269); + var x279: u32 = undefined; + var x280: u1 = undefined; + fiatP224AddcarryxU32(&x279, &x280, x278, x270, x267); + const x281: u32 = (@intCast(u32, x280) + x268); + var x282: u32 = undefined; + var x283: u1 = undefined; + fiatP224AddcarryxU32(&x282, &x283, 0x0, x249, x265); + var x284: u32 = undefined; + var x285: u1 = undefined; + fiatP224AddcarryxU32(&x284, &x285, x283, x251, @intCast(u32, 0x0)); + var x286: u32 = undefined; + var x287: u1 = undefined; + fiatP224AddcarryxU32(&x286, &x287, x285, x253, @intCast(u32, 0x0)); + var x288: u32 = undefined; + var x289: u1 = undefined; + fiatP224AddcarryxU32(&x288, &x289, x287, x255, x273); + var x290: u32 = undefined; + var x291: u1 = undefined; + fiatP224AddcarryxU32(&x290, &x291, x289, x257, x275); + var x292: u32 = undefined; + var x293: u1 = undefined; + fiatP224AddcarryxU32(&x292, &x293, x291, x259, x277); + var x294: u32 = undefined; + var x295: u1 = undefined; + fiatP224AddcarryxU32(&x294, &x295, x293, x261, x279); + var x296: u32 = undefined; + var x297: u1 = undefined; + fiatP224AddcarryxU32(&x296, &x297, x295, x263, x281); + const x298: u32 = (@intCast(u32, x297) + @intCast(u32, x264)); + var x299: u32 = undefined; + var x300: u32 = undefined; + fiatP224MulxU32(&x299, &x300, x4, (arg2[6])); + var x301: u32 = undefined; + var x302: u32 = undefined; + fiatP224MulxU32(&x301, &x302, x4, (arg2[5])); + var x303: u32 = undefined; + var x304: u32 = undefined; + fiatP224MulxU32(&x303, &x304, x4, (arg2[4])); + var x305: u32 = undefined; + var x306: u32 = undefined; + fiatP224MulxU32(&x305, &x306, x4, (arg2[3])); + var x307: u32 = undefined; + var x308: u32 = undefined; + fiatP224MulxU32(&x307, &x308, x4, (arg2[2])); + var x309: u32 = undefined; + var x310: u32 = undefined; + fiatP224MulxU32(&x309, &x310, x4, (arg2[1])); + var x311: u32 = undefined; + var x312: u32 = undefined; + fiatP224MulxU32(&x311, &x312, x4, (arg2[0])); + var x313: u32 = undefined; + var x314: u1 = undefined; + fiatP224AddcarryxU32(&x313, &x314, 0x0, x312, x309); + var x315: u32 = undefined; + var x316: u1 = undefined; + fiatP224AddcarryxU32(&x315, &x316, x314, x310, x307); + var x317: u32 = undefined; + var x318: u1 = undefined; + fiatP224AddcarryxU32(&x317, &x318, x316, x308, x305); + var x319: u32 = undefined; + var x320: u1 = undefined; + fiatP224AddcarryxU32(&x319, &x320, x318, x306, x303); + var x321: u32 = undefined; + var x322: u1 = undefined; + fiatP224AddcarryxU32(&x321, &x322, x320, x304, x301); + var x323: u32 = undefined; + var x324: u1 = undefined; + fiatP224AddcarryxU32(&x323, &x324, x322, x302, x299); + const x325: u32 = (@intCast(u32, x324) + x300); + var x326: u32 = undefined; + var x327: u1 = undefined; + fiatP224AddcarryxU32(&x326, &x327, 0x0, x284, x311); + var x328: u32 = undefined; + var x329: u1 = undefined; + fiatP224AddcarryxU32(&x328, &x329, x327, x286, x313); + var x330: u32 = undefined; + var x331: u1 = undefined; + fiatP224AddcarryxU32(&x330, &x331, x329, x288, x315); + var x332: u32 = undefined; + var x333: u1 = undefined; + fiatP224AddcarryxU32(&x332, &x333, x331, x290, x317); + var x334: u32 = undefined; + var x335: u1 = undefined; + fiatP224AddcarryxU32(&x334, &x335, x333, x292, x319); + var x336: u32 = undefined; + var x337: u1 = undefined; + fiatP224AddcarryxU32(&x336, &x337, x335, x294, x321); + var x338: u32 = undefined; + var x339: u1 = undefined; + fiatP224AddcarryxU32(&x338, &x339, x337, x296, x323); + var x340: u32 = undefined; + var x341: u1 = undefined; + fiatP224AddcarryxU32(&x340, &x341, x339, x298, x325); + var x342: u32 = undefined; + var x343: u32 = undefined; + fiatP224MulxU32(&x342, &x343, x326, 0xffffffff); + var x344: u32 = undefined; + var x345: u32 = undefined; + fiatP224MulxU32(&x344, &x345, x342, 0xffffffff); + var x346: u32 = undefined; + var x347: u32 = undefined; + fiatP224MulxU32(&x346, &x347, x342, 0xffffffff); + var x348: u32 = undefined; + var x349: u32 = undefined; + fiatP224MulxU32(&x348, &x349, x342, 0xffffffff); + var x350: u32 = undefined; + var x351: u32 = undefined; + fiatP224MulxU32(&x350, &x351, x342, 0xffffffff); + var x352: u32 = undefined; + var x353: u1 = undefined; + fiatP224AddcarryxU32(&x352, &x353, 0x0, x351, x348); + var x354: u32 = undefined; + var x355: u1 = undefined; + fiatP224AddcarryxU32(&x354, &x355, x353, x349, x346); + var x356: u32 = undefined; + var x357: u1 = undefined; + fiatP224AddcarryxU32(&x356, &x357, x355, x347, x344); + const x358: u32 = (@intCast(u32, x357) + x345); + var x359: u32 = undefined; + var x360: u1 = undefined; + fiatP224AddcarryxU32(&x359, &x360, 0x0, x326, x342); + var x361: u32 = undefined; + var x362: u1 = undefined; + fiatP224AddcarryxU32(&x361, &x362, x360, x328, @intCast(u32, 0x0)); + var x363: u32 = undefined; + var x364: u1 = undefined; + fiatP224AddcarryxU32(&x363, &x364, x362, x330, @intCast(u32, 0x0)); + var x365: u32 = undefined; + var x366: u1 = undefined; + fiatP224AddcarryxU32(&x365, &x366, x364, x332, x350); + var x367: u32 = undefined; + var x368: u1 = undefined; + fiatP224AddcarryxU32(&x367, &x368, x366, x334, x352); + var x369: u32 = undefined; + var x370: u1 = undefined; + fiatP224AddcarryxU32(&x369, &x370, x368, x336, x354); + var x371: u32 = undefined; + var x372: u1 = undefined; + fiatP224AddcarryxU32(&x371, &x372, x370, x338, x356); + var x373: u32 = undefined; + var x374: u1 = undefined; + fiatP224AddcarryxU32(&x373, &x374, x372, x340, x358); + const x375: u32 = (@intCast(u32, x374) + @intCast(u32, x341)); + var x376: u32 = undefined; + var x377: u32 = undefined; + fiatP224MulxU32(&x376, &x377, x5, (arg2[6])); + var x378: u32 = undefined; + var x379: u32 = undefined; + fiatP224MulxU32(&x378, &x379, x5, (arg2[5])); + var x380: u32 = undefined; + var x381: u32 = undefined; + fiatP224MulxU32(&x380, &x381, x5, (arg2[4])); + var x382: u32 = undefined; + var x383: u32 = undefined; + fiatP224MulxU32(&x382, &x383, x5, (arg2[3])); + var x384: u32 = undefined; + var x385: u32 = undefined; + fiatP224MulxU32(&x384, &x385, x5, (arg2[2])); + var x386: u32 = undefined; + var x387: u32 = undefined; + fiatP224MulxU32(&x386, &x387, x5, (arg2[1])); + var x388: u32 = undefined; + var x389: u32 = undefined; + fiatP224MulxU32(&x388, &x389, x5, (arg2[0])); + var x390: u32 = undefined; + var x391: u1 = undefined; + fiatP224AddcarryxU32(&x390, &x391, 0x0, x389, x386); + var x392: u32 = undefined; + var x393: u1 = undefined; + fiatP224AddcarryxU32(&x392, &x393, x391, x387, x384); + var x394: u32 = undefined; + var x395: u1 = undefined; + fiatP224AddcarryxU32(&x394, &x395, x393, x385, x382); + var x396: u32 = undefined; + var x397: u1 = undefined; + fiatP224AddcarryxU32(&x396, &x397, x395, x383, x380); + var x398: u32 = undefined; + var x399: u1 = undefined; + fiatP224AddcarryxU32(&x398, &x399, x397, x381, x378); + var x400: u32 = undefined; + var x401: u1 = undefined; + fiatP224AddcarryxU32(&x400, &x401, x399, x379, x376); + const x402: u32 = (@intCast(u32, x401) + x377); + var x403: u32 = undefined; + var x404: u1 = undefined; + fiatP224AddcarryxU32(&x403, &x404, 0x0, x361, x388); + var x405: u32 = undefined; + var x406: u1 = undefined; + fiatP224AddcarryxU32(&x405, &x406, x404, x363, x390); + var x407: u32 = undefined; + var x408: u1 = undefined; + fiatP224AddcarryxU32(&x407, &x408, x406, x365, x392); + var x409: u32 = undefined; + var x410: u1 = undefined; + fiatP224AddcarryxU32(&x409, &x410, x408, x367, x394); + var x411: u32 = undefined; + var x412: u1 = undefined; + fiatP224AddcarryxU32(&x411, &x412, x410, x369, x396); + var x413: u32 = undefined; + var x414: u1 = undefined; + fiatP224AddcarryxU32(&x413, &x414, x412, x371, x398); + var x415: u32 = undefined; + var x416: u1 = undefined; + fiatP224AddcarryxU32(&x415, &x416, x414, x373, x400); + var x417: u32 = undefined; + var x418: u1 = undefined; + fiatP224AddcarryxU32(&x417, &x418, x416, x375, x402); + var x419: u32 = undefined; + var x420: u32 = undefined; + fiatP224MulxU32(&x419, &x420, x403, 0xffffffff); + var x421: u32 = undefined; + var x422: u32 = undefined; + fiatP224MulxU32(&x421, &x422, x419, 0xffffffff); + var x423: u32 = undefined; + var x424: u32 = undefined; + fiatP224MulxU32(&x423, &x424, x419, 0xffffffff); + var x425: u32 = undefined; + var x426: u32 = undefined; + fiatP224MulxU32(&x425, &x426, x419, 0xffffffff); + var x427: u32 = undefined; + var x428: u32 = undefined; + fiatP224MulxU32(&x427, &x428, x419, 0xffffffff); + var x429: u32 = undefined; + var x430: u1 = undefined; + fiatP224AddcarryxU32(&x429, &x430, 0x0, x428, x425); + var x431: u32 = undefined; + var x432: u1 = undefined; + fiatP224AddcarryxU32(&x431, &x432, x430, x426, x423); + var x433: u32 = undefined; + var x434: u1 = undefined; + fiatP224AddcarryxU32(&x433, &x434, x432, x424, x421); + const x435: u32 = (@intCast(u32, x434) + x422); + var x436: u32 = undefined; + var x437: u1 = undefined; + fiatP224AddcarryxU32(&x436, &x437, 0x0, x403, x419); + var x438: u32 = undefined; + var x439: u1 = undefined; + fiatP224AddcarryxU32(&x438, &x439, x437, x405, @intCast(u32, 0x0)); + var x440: u32 = undefined; + var x441: u1 = undefined; + fiatP224AddcarryxU32(&x440, &x441, x439, x407, @intCast(u32, 0x0)); + var x442: u32 = undefined; + var x443: u1 = undefined; + fiatP224AddcarryxU32(&x442, &x443, x441, x409, x427); + var x444: u32 = undefined; + var x445: u1 = undefined; + fiatP224AddcarryxU32(&x444, &x445, x443, x411, x429); + var x446: u32 = undefined; + var x447: u1 = undefined; + fiatP224AddcarryxU32(&x446, &x447, x445, x413, x431); + var x448: u32 = undefined; + var x449: u1 = undefined; + fiatP224AddcarryxU32(&x448, &x449, x447, x415, x433); + var x450: u32 = undefined; + var x451: u1 = undefined; + fiatP224AddcarryxU32(&x450, &x451, x449, x417, x435); + const x452: u32 = (@intCast(u32, x451) + @intCast(u32, x418)); + var x453: u32 = undefined; + var x454: u32 = undefined; + fiatP224MulxU32(&x453, &x454, x6, (arg2[6])); + var x455: u32 = undefined; + var x456: u32 = undefined; + fiatP224MulxU32(&x455, &x456, x6, (arg2[5])); + var x457: u32 = undefined; + var x458: u32 = undefined; + fiatP224MulxU32(&x457, &x458, x6, (arg2[4])); + var x459: u32 = undefined; + var x460: u32 = undefined; + fiatP224MulxU32(&x459, &x460, x6, (arg2[3])); + var x461: u32 = undefined; + var x462: u32 = undefined; + fiatP224MulxU32(&x461, &x462, x6, (arg2[2])); + var x463: u32 = undefined; + var x464: u32 = undefined; + fiatP224MulxU32(&x463, &x464, x6, (arg2[1])); + var x465: u32 = undefined; + var x466: u32 = undefined; + fiatP224MulxU32(&x465, &x466, x6, (arg2[0])); + var x467: u32 = undefined; + var x468: u1 = undefined; + fiatP224AddcarryxU32(&x467, &x468, 0x0, x466, x463); + var x469: u32 = undefined; + var x470: u1 = undefined; + fiatP224AddcarryxU32(&x469, &x470, x468, x464, x461); + var x471: u32 = undefined; + var x472: u1 = undefined; + fiatP224AddcarryxU32(&x471, &x472, x470, x462, x459); + var x473: u32 = undefined; + var x474: u1 = undefined; + fiatP224AddcarryxU32(&x473, &x474, x472, x460, x457); + var x475: u32 = undefined; + var x476: u1 = undefined; + fiatP224AddcarryxU32(&x475, &x476, x474, x458, x455); + var x477: u32 = undefined; + var x478: u1 = undefined; + fiatP224AddcarryxU32(&x477, &x478, x476, x456, x453); + const x479: u32 = (@intCast(u32, x478) + x454); + var x480: u32 = undefined; + var x481: u1 = undefined; + fiatP224AddcarryxU32(&x480, &x481, 0x0, x438, x465); + var x482: u32 = undefined; + var x483: u1 = undefined; + fiatP224AddcarryxU32(&x482, &x483, x481, x440, x467); + var x484: u32 = undefined; + var x485: u1 = undefined; + fiatP224AddcarryxU32(&x484, &x485, x483, x442, x469); + var x486: u32 = undefined; + var x487: u1 = undefined; + fiatP224AddcarryxU32(&x486, &x487, x485, x444, x471); + var x488: u32 = undefined; + var x489: u1 = undefined; + fiatP224AddcarryxU32(&x488, &x489, x487, x446, x473); + var x490: u32 = undefined; + var x491: u1 = undefined; + fiatP224AddcarryxU32(&x490, &x491, x489, x448, x475); + var x492: u32 = undefined; + var x493: u1 = undefined; + fiatP224AddcarryxU32(&x492, &x493, x491, x450, x477); + var x494: u32 = undefined; + var x495: u1 = undefined; + fiatP224AddcarryxU32(&x494, &x495, x493, x452, x479); + var x496: u32 = undefined; + var x497: u32 = undefined; + fiatP224MulxU32(&x496, &x497, x480, 0xffffffff); + var x498: u32 = undefined; + var x499: u32 = undefined; + fiatP224MulxU32(&x498, &x499, x496, 0xffffffff); + var x500: u32 = undefined; + var x501: u32 = undefined; + fiatP224MulxU32(&x500, &x501, x496, 0xffffffff); + var x502: u32 = undefined; + var x503: u32 = undefined; + fiatP224MulxU32(&x502, &x503, x496, 0xffffffff); + var x504: u32 = undefined; + var x505: u32 = undefined; + fiatP224MulxU32(&x504, &x505, x496, 0xffffffff); + var x506: u32 = undefined; + var x507: u1 = undefined; + fiatP224AddcarryxU32(&x506, &x507, 0x0, x505, x502); + var x508: u32 = undefined; + var x509: u1 = undefined; + fiatP224AddcarryxU32(&x508, &x509, x507, x503, x500); + var x510: u32 = undefined; + var x511: u1 = undefined; + fiatP224AddcarryxU32(&x510, &x511, x509, x501, x498); + const x512: u32 = (@intCast(u32, x511) + x499); + var x513: u32 = undefined; + var x514: u1 = undefined; + fiatP224AddcarryxU32(&x513, &x514, 0x0, x480, x496); + var x515: u32 = undefined; + var x516: u1 = undefined; + fiatP224AddcarryxU32(&x515, &x516, x514, x482, @intCast(u32, 0x0)); + var x517: u32 = undefined; + var x518: u1 = undefined; + fiatP224AddcarryxU32(&x517, &x518, x516, x484, @intCast(u32, 0x0)); + var x519: u32 = undefined; + var x520: u1 = undefined; + fiatP224AddcarryxU32(&x519, &x520, x518, x486, x504); + var x521: u32 = undefined; + var x522: u1 = undefined; + fiatP224AddcarryxU32(&x521, &x522, x520, x488, x506); + var x523: u32 = undefined; + var x524: u1 = undefined; + fiatP224AddcarryxU32(&x523, &x524, x522, x490, x508); + var x525: u32 = undefined; + var x526: u1 = undefined; + fiatP224AddcarryxU32(&x525, &x526, x524, x492, x510); + var x527: u32 = undefined; + var x528: u1 = undefined; + fiatP224AddcarryxU32(&x527, &x528, x526, x494, x512); + const x529: u32 = (@intCast(u32, x528) + @intCast(u32, x495)); + var x530: u32 = undefined; + var x531: u1 = undefined; + fiatP224SubborrowxU32(&x530, &x531, 0x0, x515, @intCast(u32, 0x1)); + var x532: u32 = undefined; + var x533: u1 = undefined; + fiatP224SubborrowxU32(&x532, &x533, x531, x517, @intCast(u32, 0x0)); + var x534: u32 = undefined; + var x535: u1 = undefined; + fiatP224SubborrowxU32(&x534, &x535, x533, x519, @intCast(u32, 0x0)); + var x536: u32 = undefined; + var x537: u1 = undefined; + fiatP224SubborrowxU32(&x536, &x537, x535, x521, 0xffffffff); + var x538: u32 = undefined; + var x539: u1 = undefined; + fiatP224SubborrowxU32(&x538, &x539, x537, x523, 0xffffffff); + var x540: u32 = undefined; + var x541: u1 = undefined; + fiatP224SubborrowxU32(&x540, &x541, x539, x525, 0xffffffff); + var x542: u32 = undefined; + var x543: u1 = undefined; + fiatP224SubborrowxU32(&x542, &x543, x541, x527, 0xffffffff); + var x544: u32 = undefined; + var x545: u1 = undefined; + fiatP224SubborrowxU32(&x544, &x545, x543, x529, @intCast(u32, 0x0)); + var x546: u32 = undefined; + fiatP224CmovznzU32(&x546, x545, x530, x515); + var x547: u32 = undefined; + fiatP224CmovznzU32(&x547, x545, x532, x517); + var x548: u32 = undefined; + fiatP224CmovznzU32(&x548, x545, x534, x519); + var x549: u32 = undefined; + fiatP224CmovznzU32(&x549, x545, x536, x521); + var x550: u32 = undefined; + fiatP224CmovznzU32(&x550, x545, x538, x523); + var x551: u32 = undefined; + fiatP224CmovznzU32(&x551, x545, x540, x525); + var x552: u32 = undefined; + fiatP224CmovznzU32(&x552, x545, x542, x527); + out1[0] = x546; + out1[1] = x547; + out1[2] = x548; + out1[3] = x549; + out1[4] = x550; + out1[5] = x551; + out1[6] = x552; +} + +/// The function fiatP224Square squares a field element in the Montgomery domain. +/// Preconditions: +/// 0 ≤ eval arg1 < m +/// Postconditions: +/// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg1)) mod m +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +pub fn fiatP224Square(out1: *[7]u32, arg1: [7]u32) void { + const x1: u32 = (arg1[1]); + const x2: u32 = (arg1[2]); + const x3: u32 = (arg1[3]); + const x4: u32 = (arg1[4]); + const x5: u32 = (arg1[5]); + const x6: u32 = (arg1[6]); + const x7: u32 = (arg1[0]); + var x8: u32 = undefined; + var x9: u32 = undefined; + fiatP224MulxU32(&x8, &x9, x7, (arg1[6])); + var x10: u32 = undefined; + var x11: u32 = undefined; + fiatP224MulxU32(&x10, &x11, x7, (arg1[5])); + var x12: u32 = undefined; + var x13: u32 = undefined; + fiatP224MulxU32(&x12, &x13, x7, (arg1[4])); + var x14: u32 = undefined; + var x15: u32 = undefined; + fiatP224MulxU32(&x14, &x15, x7, (arg1[3])); + var x16: u32 = undefined; + var x17: u32 = undefined; + fiatP224MulxU32(&x16, &x17, x7, (arg1[2])); + var x18: u32 = undefined; + var x19: u32 = undefined; + fiatP224MulxU32(&x18, &x19, x7, (arg1[1])); + var x20: u32 = undefined; + var x21: u32 = undefined; + fiatP224MulxU32(&x20, &x21, x7, (arg1[0])); + var x22: u32 = undefined; + var x23: u1 = undefined; + fiatP224AddcarryxU32(&x22, &x23, 0x0, x21, x18); + var x24: u32 = undefined; + var x25: u1 = undefined; + fiatP224AddcarryxU32(&x24, &x25, x23, x19, x16); + var x26: u32 = undefined; + var x27: u1 = undefined; + fiatP224AddcarryxU32(&x26, &x27, x25, x17, x14); + var x28: u32 = undefined; + var x29: u1 = undefined; + fiatP224AddcarryxU32(&x28, &x29, x27, x15, x12); + var x30: u32 = undefined; + var x31: u1 = undefined; + fiatP224AddcarryxU32(&x30, &x31, x29, x13, x10); + var x32: u32 = undefined; + var x33: u1 = undefined; + fiatP224AddcarryxU32(&x32, &x33, x31, x11, x8); + const x34: u32 = (@intCast(u32, x33) + x9); + var x35: u32 = undefined; + var x36: u32 = undefined; + fiatP224MulxU32(&x35, &x36, x20, 0xffffffff); + var x37: u32 = undefined; + var x38: u32 = undefined; + fiatP224MulxU32(&x37, &x38, x35, 0xffffffff); + var x39: u32 = undefined; + var x40: u32 = undefined; + fiatP224MulxU32(&x39, &x40, x35, 0xffffffff); + var x41: u32 = undefined; + var x42: u32 = undefined; + fiatP224MulxU32(&x41, &x42, x35, 0xffffffff); + var x43: u32 = undefined; + var x44: u32 = undefined; + fiatP224MulxU32(&x43, &x44, x35, 0xffffffff); + var x45: u32 = undefined; + var x46: u1 = undefined; + fiatP224AddcarryxU32(&x45, &x46, 0x0, x44, x41); + var x47: u32 = undefined; + var x48: u1 = undefined; + fiatP224AddcarryxU32(&x47, &x48, x46, x42, x39); + var x49: u32 = undefined; + var x50: u1 = undefined; + fiatP224AddcarryxU32(&x49, &x50, x48, x40, x37); + const x51: u32 = (@intCast(u32, x50) + x38); + var x52: u32 = undefined; + var x53: u1 = undefined; + fiatP224AddcarryxU32(&x52, &x53, 0x0, x20, x35); + var x54: u32 = undefined; + var x55: u1 = undefined; + fiatP224AddcarryxU32(&x54, &x55, x53, x22, @intCast(u32, 0x0)); + var x56: u32 = undefined; + var x57: u1 = undefined; + fiatP224AddcarryxU32(&x56, &x57, x55, x24, @intCast(u32, 0x0)); + var x58: u32 = undefined; + var x59: u1 = undefined; + fiatP224AddcarryxU32(&x58, &x59, x57, x26, x43); + var x60: u32 = undefined; + var x61: u1 = undefined; + fiatP224AddcarryxU32(&x60, &x61, x59, x28, x45); + var x62: u32 = undefined; + var x63: u1 = undefined; + fiatP224AddcarryxU32(&x62, &x63, x61, x30, x47); + var x64: u32 = undefined; + var x65: u1 = undefined; + fiatP224AddcarryxU32(&x64, &x65, x63, x32, x49); + var x66: u32 = undefined; + var x67: u1 = undefined; + fiatP224AddcarryxU32(&x66, &x67, x65, x34, x51); + var x68: u32 = undefined; + var x69: u32 = undefined; + fiatP224MulxU32(&x68, &x69, x1, (arg1[6])); + var x70: u32 = undefined; + var x71: u32 = undefined; + fiatP224MulxU32(&x70, &x71, x1, (arg1[5])); + var x72: u32 = undefined; + var x73: u32 = undefined; + fiatP224MulxU32(&x72, &x73, x1, (arg1[4])); + var x74: u32 = undefined; + var x75: u32 = undefined; + fiatP224MulxU32(&x74, &x75, x1, (arg1[3])); + var x76: u32 = undefined; + var x77: u32 = undefined; + fiatP224MulxU32(&x76, &x77, x1, (arg1[2])); + var x78: u32 = undefined; + var x79: u32 = undefined; + fiatP224MulxU32(&x78, &x79, x1, (arg1[1])); + var x80: u32 = undefined; + var x81: u32 = undefined; + fiatP224MulxU32(&x80, &x81, x1, (arg1[0])); + var x82: u32 = undefined; + var x83: u1 = undefined; + fiatP224AddcarryxU32(&x82, &x83, 0x0, x81, x78); + var x84: u32 = undefined; + var x85: u1 = undefined; + fiatP224AddcarryxU32(&x84, &x85, x83, x79, x76); + var x86: u32 = undefined; + var x87: u1 = undefined; + fiatP224AddcarryxU32(&x86, &x87, x85, x77, x74); + var x88: u32 = undefined; + var x89: u1 = undefined; + fiatP224AddcarryxU32(&x88, &x89, x87, x75, x72); + var x90: u32 = undefined; + var x91: u1 = undefined; + fiatP224AddcarryxU32(&x90, &x91, x89, x73, x70); + var x92: u32 = undefined; + var x93: u1 = undefined; + fiatP224AddcarryxU32(&x92, &x93, x91, x71, x68); + const x94: u32 = (@intCast(u32, x93) + x69); + var x95: u32 = undefined; + var x96: u1 = undefined; + fiatP224AddcarryxU32(&x95, &x96, 0x0, x54, x80); + var x97: u32 = undefined; + var x98: u1 = undefined; + fiatP224AddcarryxU32(&x97, &x98, x96, x56, x82); + var x99: u32 = undefined; + var x100: u1 = undefined; + fiatP224AddcarryxU32(&x99, &x100, x98, x58, x84); + var x101: u32 = undefined; + var x102: u1 = undefined; + fiatP224AddcarryxU32(&x101, &x102, x100, x60, x86); + var x103: u32 = undefined; + var x104: u1 = undefined; + fiatP224AddcarryxU32(&x103, &x104, x102, x62, x88); + var x105: u32 = undefined; + var x106: u1 = undefined; + fiatP224AddcarryxU32(&x105, &x106, x104, x64, x90); + var x107: u32 = undefined; + var x108: u1 = undefined; + fiatP224AddcarryxU32(&x107, &x108, x106, x66, x92); + var x109: u32 = undefined; + var x110: u1 = undefined; + fiatP224AddcarryxU32(&x109, &x110, x108, @intCast(u32, x67), x94); + var x111: u32 = undefined; + var x112: u32 = undefined; + fiatP224MulxU32(&x111, &x112, x95, 0xffffffff); + var x113: u32 = undefined; + var x114: u32 = undefined; + fiatP224MulxU32(&x113, &x114, x111, 0xffffffff); + var x115: u32 = undefined; + var x116: u32 = undefined; + fiatP224MulxU32(&x115, &x116, x111, 0xffffffff); + var x117: u32 = undefined; + var x118: u32 = undefined; + fiatP224MulxU32(&x117, &x118, x111, 0xffffffff); + var x119: u32 = undefined; + var x120: u32 = undefined; + fiatP224MulxU32(&x119, &x120, x111, 0xffffffff); + var x121: u32 = undefined; + var x122: u1 = undefined; + fiatP224AddcarryxU32(&x121, &x122, 0x0, x120, x117); + var x123: u32 = undefined; + var x124: u1 = undefined; + fiatP224AddcarryxU32(&x123, &x124, x122, x118, x115); + var x125: u32 = undefined; + var x126: u1 = undefined; + fiatP224AddcarryxU32(&x125, &x126, x124, x116, x113); + const x127: u32 = (@intCast(u32, x126) + x114); + var x128: u32 = undefined; + var x129: u1 = undefined; + fiatP224AddcarryxU32(&x128, &x129, 0x0, x95, x111); + var x130: u32 = undefined; + var x131: u1 = undefined; + fiatP224AddcarryxU32(&x130, &x131, x129, x97, @intCast(u32, 0x0)); + var x132: u32 = undefined; + var x133: u1 = undefined; + fiatP224AddcarryxU32(&x132, &x133, x131, x99, @intCast(u32, 0x0)); + var x134: u32 = undefined; + var x135: u1 = undefined; + fiatP224AddcarryxU32(&x134, &x135, x133, x101, x119); + var x136: u32 = undefined; + var x137: u1 = undefined; + fiatP224AddcarryxU32(&x136, &x137, x135, x103, x121); + var x138: u32 = undefined; + var x139: u1 = undefined; + fiatP224AddcarryxU32(&x138, &x139, x137, x105, x123); + var x140: u32 = undefined; + var x141: u1 = undefined; + fiatP224AddcarryxU32(&x140, &x141, x139, x107, x125); + var x142: u32 = undefined; + var x143: u1 = undefined; + fiatP224AddcarryxU32(&x142, &x143, x141, x109, x127); + const x144: u32 = (@intCast(u32, x143) + @intCast(u32, x110)); + var x145: u32 = undefined; + var x146: u32 = undefined; + fiatP224MulxU32(&x145, &x146, x2, (arg1[6])); + var x147: u32 = undefined; + var x148: u32 = undefined; + fiatP224MulxU32(&x147, &x148, x2, (arg1[5])); + var x149: u32 = undefined; + var x150: u32 = undefined; + fiatP224MulxU32(&x149, &x150, x2, (arg1[4])); + var x151: u32 = undefined; + var x152: u32 = undefined; + fiatP224MulxU32(&x151, &x152, x2, (arg1[3])); + var x153: u32 = undefined; + var x154: u32 = undefined; + fiatP224MulxU32(&x153, &x154, x2, (arg1[2])); + var x155: u32 = undefined; + var x156: u32 = undefined; + fiatP224MulxU32(&x155, &x156, x2, (arg1[1])); + var x157: u32 = undefined; + var x158: u32 = undefined; + fiatP224MulxU32(&x157, &x158, x2, (arg1[0])); + var x159: u32 = undefined; + var x160: u1 = undefined; + fiatP224AddcarryxU32(&x159, &x160, 0x0, x158, x155); + var x161: u32 = undefined; + var x162: u1 = undefined; + fiatP224AddcarryxU32(&x161, &x162, x160, x156, x153); + var x163: u32 = undefined; + var x164: u1 = undefined; + fiatP224AddcarryxU32(&x163, &x164, x162, x154, x151); + var x165: u32 = undefined; + var x166: u1 = undefined; + fiatP224AddcarryxU32(&x165, &x166, x164, x152, x149); + var x167: u32 = undefined; + var x168: u1 = undefined; + fiatP224AddcarryxU32(&x167, &x168, x166, x150, x147); + var x169: u32 = undefined; + var x170: u1 = undefined; + fiatP224AddcarryxU32(&x169, &x170, x168, x148, x145); + const x171: u32 = (@intCast(u32, x170) + x146); + var x172: u32 = undefined; + var x173: u1 = undefined; + fiatP224AddcarryxU32(&x172, &x173, 0x0, x130, x157); + var x174: u32 = undefined; + var x175: u1 = undefined; + fiatP224AddcarryxU32(&x174, &x175, x173, x132, x159); + var x176: u32 = undefined; + var x177: u1 = undefined; + fiatP224AddcarryxU32(&x176, &x177, x175, x134, x161); + var x178: u32 = undefined; + var x179: u1 = undefined; + fiatP224AddcarryxU32(&x178, &x179, x177, x136, x163); + var x180: u32 = undefined; + var x181: u1 = undefined; + fiatP224AddcarryxU32(&x180, &x181, x179, x138, x165); + var x182: u32 = undefined; + var x183: u1 = undefined; + fiatP224AddcarryxU32(&x182, &x183, x181, x140, x167); + var x184: u32 = undefined; + var x185: u1 = undefined; + fiatP224AddcarryxU32(&x184, &x185, x183, x142, x169); + var x186: u32 = undefined; + var x187: u1 = undefined; + fiatP224AddcarryxU32(&x186, &x187, x185, x144, x171); + var x188: u32 = undefined; + var x189: u32 = undefined; + fiatP224MulxU32(&x188, &x189, x172, 0xffffffff); + var x190: u32 = undefined; + var x191: u32 = undefined; + fiatP224MulxU32(&x190, &x191, x188, 0xffffffff); + var x192: u32 = undefined; + var x193: u32 = undefined; + fiatP224MulxU32(&x192, &x193, x188, 0xffffffff); + var x194: u32 = undefined; + var x195: u32 = undefined; + fiatP224MulxU32(&x194, &x195, x188, 0xffffffff); + var x196: u32 = undefined; + var x197: u32 = undefined; + fiatP224MulxU32(&x196, &x197, x188, 0xffffffff); + var x198: u32 = undefined; + var x199: u1 = undefined; + fiatP224AddcarryxU32(&x198, &x199, 0x0, x197, x194); + var x200: u32 = undefined; + var x201: u1 = undefined; + fiatP224AddcarryxU32(&x200, &x201, x199, x195, x192); + var x202: u32 = undefined; + var x203: u1 = undefined; + fiatP224AddcarryxU32(&x202, &x203, x201, x193, x190); + const x204: u32 = (@intCast(u32, x203) + x191); + var x205: u32 = undefined; + var x206: u1 = undefined; + fiatP224AddcarryxU32(&x205, &x206, 0x0, x172, x188); + var x207: u32 = undefined; + var x208: u1 = undefined; + fiatP224AddcarryxU32(&x207, &x208, x206, x174, @intCast(u32, 0x0)); + var x209: u32 = undefined; + var x210: u1 = undefined; + fiatP224AddcarryxU32(&x209, &x210, x208, x176, @intCast(u32, 0x0)); + var x211: u32 = undefined; + var x212: u1 = undefined; + fiatP224AddcarryxU32(&x211, &x212, x210, x178, x196); + var x213: u32 = undefined; + var x214: u1 = undefined; + fiatP224AddcarryxU32(&x213, &x214, x212, x180, x198); + var x215: u32 = undefined; + var x216: u1 = undefined; + fiatP224AddcarryxU32(&x215, &x216, x214, x182, x200); + var x217: u32 = undefined; + var x218: u1 = undefined; + fiatP224AddcarryxU32(&x217, &x218, x216, x184, x202); + var x219: u32 = undefined; + var x220: u1 = undefined; + fiatP224AddcarryxU32(&x219, &x220, x218, x186, x204); + const x221: u32 = (@intCast(u32, x220) + @intCast(u32, x187)); + var x222: u32 = undefined; + var x223: u32 = undefined; + fiatP224MulxU32(&x222, &x223, x3, (arg1[6])); + var x224: u32 = undefined; + var x225: u32 = undefined; + fiatP224MulxU32(&x224, &x225, x3, (arg1[5])); + var x226: u32 = undefined; + var x227: u32 = undefined; + fiatP224MulxU32(&x226, &x227, x3, (arg1[4])); + var x228: u32 = undefined; + var x229: u32 = undefined; + fiatP224MulxU32(&x228, &x229, x3, (arg1[3])); + var x230: u32 = undefined; + var x231: u32 = undefined; + fiatP224MulxU32(&x230, &x231, x3, (arg1[2])); + var x232: u32 = undefined; + var x233: u32 = undefined; + fiatP224MulxU32(&x232, &x233, x3, (arg1[1])); + var x234: u32 = undefined; + var x235: u32 = undefined; + fiatP224MulxU32(&x234, &x235, x3, (arg1[0])); + var x236: u32 = undefined; + var x237: u1 = undefined; + fiatP224AddcarryxU32(&x236, &x237, 0x0, x235, x232); + var x238: u32 = undefined; + var x239: u1 = undefined; + fiatP224AddcarryxU32(&x238, &x239, x237, x233, x230); + var x240: u32 = undefined; + var x241: u1 = undefined; + fiatP224AddcarryxU32(&x240, &x241, x239, x231, x228); + var x242: u32 = undefined; + var x243: u1 = undefined; + fiatP224AddcarryxU32(&x242, &x243, x241, x229, x226); + var x244: u32 = undefined; + var x245: u1 = undefined; + fiatP224AddcarryxU32(&x244, &x245, x243, x227, x224); + var x246: u32 = undefined; + var x247: u1 = undefined; + fiatP224AddcarryxU32(&x246, &x247, x245, x225, x222); + const x248: u32 = (@intCast(u32, x247) + x223); + var x249: u32 = undefined; + var x250: u1 = undefined; + fiatP224AddcarryxU32(&x249, &x250, 0x0, x207, x234); + var x251: u32 = undefined; + var x252: u1 = undefined; + fiatP224AddcarryxU32(&x251, &x252, x250, x209, x236); + var x253: u32 = undefined; + var x254: u1 = undefined; + fiatP224AddcarryxU32(&x253, &x254, x252, x211, x238); + var x255: u32 = undefined; + var x256: u1 = undefined; + fiatP224AddcarryxU32(&x255, &x256, x254, x213, x240); + var x257: u32 = undefined; + var x258: u1 = undefined; + fiatP224AddcarryxU32(&x257, &x258, x256, x215, x242); + var x259: u32 = undefined; + var x260: u1 = undefined; + fiatP224AddcarryxU32(&x259, &x260, x258, x217, x244); + var x261: u32 = undefined; + var x262: u1 = undefined; + fiatP224AddcarryxU32(&x261, &x262, x260, x219, x246); + var x263: u32 = undefined; + var x264: u1 = undefined; + fiatP224AddcarryxU32(&x263, &x264, x262, x221, x248); + var x265: u32 = undefined; + var x266: u32 = undefined; + fiatP224MulxU32(&x265, &x266, x249, 0xffffffff); + var x267: u32 = undefined; + var x268: u32 = undefined; + fiatP224MulxU32(&x267, &x268, x265, 0xffffffff); + var x269: u32 = undefined; + var x270: u32 = undefined; + fiatP224MulxU32(&x269, &x270, x265, 0xffffffff); + var x271: u32 = undefined; + var x272: u32 = undefined; + fiatP224MulxU32(&x271, &x272, x265, 0xffffffff); + var x273: u32 = undefined; + var x274: u32 = undefined; + fiatP224MulxU32(&x273, &x274, x265, 0xffffffff); + var x275: u32 = undefined; + var x276: u1 = undefined; + fiatP224AddcarryxU32(&x275, &x276, 0x0, x274, x271); + var x277: u32 = undefined; + var x278: u1 = undefined; + fiatP224AddcarryxU32(&x277, &x278, x276, x272, x269); + var x279: u32 = undefined; + var x280: u1 = undefined; + fiatP224AddcarryxU32(&x279, &x280, x278, x270, x267); + const x281: u32 = (@intCast(u32, x280) + x268); + var x282: u32 = undefined; + var x283: u1 = undefined; + fiatP224AddcarryxU32(&x282, &x283, 0x0, x249, x265); + var x284: u32 = undefined; + var x285: u1 = undefined; + fiatP224AddcarryxU32(&x284, &x285, x283, x251, @intCast(u32, 0x0)); + var x286: u32 = undefined; + var x287: u1 = undefined; + fiatP224AddcarryxU32(&x286, &x287, x285, x253, @intCast(u32, 0x0)); + var x288: u32 = undefined; + var x289: u1 = undefined; + fiatP224AddcarryxU32(&x288, &x289, x287, x255, x273); + var x290: u32 = undefined; + var x291: u1 = undefined; + fiatP224AddcarryxU32(&x290, &x291, x289, x257, x275); + var x292: u32 = undefined; + var x293: u1 = undefined; + fiatP224AddcarryxU32(&x292, &x293, x291, x259, x277); + var x294: u32 = undefined; + var x295: u1 = undefined; + fiatP224AddcarryxU32(&x294, &x295, x293, x261, x279); + var x296: u32 = undefined; + var x297: u1 = undefined; + fiatP224AddcarryxU32(&x296, &x297, x295, x263, x281); + const x298: u32 = (@intCast(u32, x297) + @intCast(u32, x264)); + var x299: u32 = undefined; + var x300: u32 = undefined; + fiatP224MulxU32(&x299, &x300, x4, (arg1[6])); + var x301: u32 = undefined; + var x302: u32 = undefined; + fiatP224MulxU32(&x301, &x302, x4, (arg1[5])); + var x303: u32 = undefined; + var x304: u32 = undefined; + fiatP224MulxU32(&x303, &x304, x4, (arg1[4])); + var x305: u32 = undefined; + var x306: u32 = undefined; + fiatP224MulxU32(&x305, &x306, x4, (arg1[3])); + var x307: u32 = undefined; + var x308: u32 = undefined; + fiatP224MulxU32(&x307, &x308, x4, (arg1[2])); + var x309: u32 = undefined; + var x310: u32 = undefined; + fiatP224MulxU32(&x309, &x310, x4, (arg1[1])); + var x311: u32 = undefined; + var x312: u32 = undefined; + fiatP224MulxU32(&x311, &x312, x4, (arg1[0])); + var x313: u32 = undefined; + var x314: u1 = undefined; + fiatP224AddcarryxU32(&x313, &x314, 0x0, x312, x309); + var x315: u32 = undefined; + var x316: u1 = undefined; + fiatP224AddcarryxU32(&x315, &x316, x314, x310, x307); + var x317: u32 = undefined; + var x318: u1 = undefined; + fiatP224AddcarryxU32(&x317, &x318, x316, x308, x305); + var x319: u32 = undefined; + var x320: u1 = undefined; + fiatP224AddcarryxU32(&x319, &x320, x318, x306, x303); + var x321: u32 = undefined; + var x322: u1 = undefined; + fiatP224AddcarryxU32(&x321, &x322, x320, x304, x301); + var x323: u32 = undefined; + var x324: u1 = undefined; + fiatP224AddcarryxU32(&x323, &x324, x322, x302, x299); + const x325: u32 = (@intCast(u32, x324) + x300); + var x326: u32 = undefined; + var x327: u1 = undefined; + fiatP224AddcarryxU32(&x326, &x327, 0x0, x284, x311); + var x328: u32 = undefined; + var x329: u1 = undefined; + fiatP224AddcarryxU32(&x328, &x329, x327, x286, x313); + var x330: u32 = undefined; + var x331: u1 = undefined; + fiatP224AddcarryxU32(&x330, &x331, x329, x288, x315); + var x332: u32 = undefined; + var x333: u1 = undefined; + fiatP224AddcarryxU32(&x332, &x333, x331, x290, x317); + var x334: u32 = undefined; + var x335: u1 = undefined; + fiatP224AddcarryxU32(&x334, &x335, x333, x292, x319); + var x336: u32 = undefined; + var x337: u1 = undefined; + fiatP224AddcarryxU32(&x336, &x337, x335, x294, x321); + var x338: u32 = undefined; + var x339: u1 = undefined; + fiatP224AddcarryxU32(&x338, &x339, x337, x296, x323); + var x340: u32 = undefined; + var x341: u1 = undefined; + fiatP224AddcarryxU32(&x340, &x341, x339, x298, x325); + var x342: u32 = undefined; + var x343: u32 = undefined; + fiatP224MulxU32(&x342, &x343, x326, 0xffffffff); + var x344: u32 = undefined; + var x345: u32 = undefined; + fiatP224MulxU32(&x344, &x345, x342, 0xffffffff); + var x346: u32 = undefined; + var x347: u32 = undefined; + fiatP224MulxU32(&x346, &x347, x342, 0xffffffff); + var x348: u32 = undefined; + var x349: u32 = undefined; + fiatP224MulxU32(&x348, &x349, x342, 0xffffffff); + var x350: u32 = undefined; + var x351: u32 = undefined; + fiatP224MulxU32(&x350, &x351, x342, 0xffffffff); + var x352: u32 = undefined; + var x353: u1 = undefined; + fiatP224AddcarryxU32(&x352, &x353, 0x0, x351, x348); + var x354: u32 = undefined; + var x355: u1 = undefined; + fiatP224AddcarryxU32(&x354, &x355, x353, x349, x346); + var x356: u32 = undefined; + var x357: u1 = undefined; + fiatP224AddcarryxU32(&x356, &x357, x355, x347, x344); + const x358: u32 = (@intCast(u32, x357) + x345); + var x359: u32 = undefined; + var x360: u1 = undefined; + fiatP224AddcarryxU32(&x359, &x360, 0x0, x326, x342); + var x361: u32 = undefined; + var x362: u1 = undefined; + fiatP224AddcarryxU32(&x361, &x362, x360, x328, @intCast(u32, 0x0)); + var x363: u32 = undefined; + var x364: u1 = undefined; + fiatP224AddcarryxU32(&x363, &x364, x362, x330, @intCast(u32, 0x0)); + var x365: u32 = undefined; + var x366: u1 = undefined; + fiatP224AddcarryxU32(&x365, &x366, x364, x332, x350); + var x367: u32 = undefined; + var x368: u1 = undefined; + fiatP224AddcarryxU32(&x367, &x368, x366, x334, x352); + var x369: u32 = undefined; + var x370: u1 = undefined; + fiatP224AddcarryxU32(&x369, &x370, x368, x336, x354); + var x371: u32 = undefined; + var x372: u1 = undefined; + fiatP224AddcarryxU32(&x371, &x372, x370, x338, x356); + var x373: u32 = undefined; + var x374: u1 = undefined; + fiatP224AddcarryxU32(&x373, &x374, x372, x340, x358); + const x375: u32 = (@intCast(u32, x374) + @intCast(u32, x341)); + var x376: u32 = undefined; + var x377: u32 = undefined; + fiatP224MulxU32(&x376, &x377, x5, (arg1[6])); + var x378: u32 = undefined; + var x379: u32 = undefined; + fiatP224MulxU32(&x378, &x379, x5, (arg1[5])); + var x380: u32 = undefined; + var x381: u32 = undefined; + fiatP224MulxU32(&x380, &x381, x5, (arg1[4])); + var x382: u32 = undefined; + var x383: u32 = undefined; + fiatP224MulxU32(&x382, &x383, x5, (arg1[3])); + var x384: u32 = undefined; + var x385: u32 = undefined; + fiatP224MulxU32(&x384, &x385, x5, (arg1[2])); + var x386: u32 = undefined; + var x387: u32 = undefined; + fiatP224MulxU32(&x386, &x387, x5, (arg1[1])); + var x388: u32 = undefined; + var x389: u32 = undefined; + fiatP224MulxU32(&x388, &x389, x5, (arg1[0])); + var x390: u32 = undefined; + var x391: u1 = undefined; + fiatP224AddcarryxU32(&x390, &x391, 0x0, x389, x386); + var x392: u32 = undefined; + var x393: u1 = undefined; + fiatP224AddcarryxU32(&x392, &x393, x391, x387, x384); + var x394: u32 = undefined; + var x395: u1 = undefined; + fiatP224AddcarryxU32(&x394, &x395, x393, x385, x382); + var x396: u32 = undefined; + var x397: u1 = undefined; + fiatP224AddcarryxU32(&x396, &x397, x395, x383, x380); + var x398: u32 = undefined; + var x399: u1 = undefined; + fiatP224AddcarryxU32(&x398, &x399, x397, x381, x378); + var x400: u32 = undefined; + var x401: u1 = undefined; + fiatP224AddcarryxU32(&x400, &x401, x399, x379, x376); + const x402: u32 = (@intCast(u32, x401) + x377); + var x403: u32 = undefined; + var x404: u1 = undefined; + fiatP224AddcarryxU32(&x403, &x404, 0x0, x361, x388); + var x405: u32 = undefined; + var x406: u1 = undefined; + fiatP224AddcarryxU32(&x405, &x406, x404, x363, x390); + var x407: u32 = undefined; + var x408: u1 = undefined; + fiatP224AddcarryxU32(&x407, &x408, x406, x365, x392); + var x409: u32 = undefined; + var x410: u1 = undefined; + fiatP224AddcarryxU32(&x409, &x410, x408, x367, x394); + var x411: u32 = undefined; + var x412: u1 = undefined; + fiatP224AddcarryxU32(&x411, &x412, x410, x369, x396); + var x413: u32 = undefined; + var x414: u1 = undefined; + fiatP224AddcarryxU32(&x413, &x414, x412, x371, x398); + var x415: u32 = undefined; + var x416: u1 = undefined; + fiatP224AddcarryxU32(&x415, &x416, x414, x373, x400); + var x417: u32 = undefined; + var x418: u1 = undefined; + fiatP224AddcarryxU32(&x417, &x418, x416, x375, x402); + var x419: u32 = undefined; + var x420: u32 = undefined; + fiatP224MulxU32(&x419, &x420, x403, 0xffffffff); + var x421: u32 = undefined; + var x422: u32 = undefined; + fiatP224MulxU32(&x421, &x422, x419, 0xffffffff); + var x423: u32 = undefined; + var x424: u32 = undefined; + fiatP224MulxU32(&x423, &x424, x419, 0xffffffff); + var x425: u32 = undefined; + var x426: u32 = undefined; + fiatP224MulxU32(&x425, &x426, x419, 0xffffffff); + var x427: u32 = undefined; + var x428: u32 = undefined; + fiatP224MulxU32(&x427, &x428, x419, 0xffffffff); + var x429: u32 = undefined; + var x430: u1 = undefined; + fiatP224AddcarryxU32(&x429, &x430, 0x0, x428, x425); + var x431: u32 = undefined; + var x432: u1 = undefined; + fiatP224AddcarryxU32(&x431, &x432, x430, x426, x423); + var x433: u32 = undefined; + var x434: u1 = undefined; + fiatP224AddcarryxU32(&x433, &x434, x432, x424, x421); + const x435: u32 = (@intCast(u32, x434) + x422); + var x436: u32 = undefined; + var x437: u1 = undefined; + fiatP224AddcarryxU32(&x436, &x437, 0x0, x403, x419); + var x438: u32 = undefined; + var x439: u1 = undefined; + fiatP224AddcarryxU32(&x438, &x439, x437, x405, @intCast(u32, 0x0)); + var x440: u32 = undefined; + var x441: u1 = undefined; + fiatP224AddcarryxU32(&x440, &x441, x439, x407, @intCast(u32, 0x0)); + var x442: u32 = undefined; + var x443: u1 = undefined; + fiatP224AddcarryxU32(&x442, &x443, x441, x409, x427); + var x444: u32 = undefined; + var x445: u1 = undefined; + fiatP224AddcarryxU32(&x444, &x445, x443, x411, x429); + var x446: u32 = undefined; + var x447: u1 = undefined; + fiatP224AddcarryxU32(&x446, &x447, x445, x413, x431); + var x448: u32 = undefined; + var x449: u1 = undefined; + fiatP224AddcarryxU32(&x448, &x449, x447, x415, x433); + var x450: u32 = undefined; + var x451: u1 = undefined; + fiatP224AddcarryxU32(&x450, &x451, x449, x417, x435); + const x452: u32 = (@intCast(u32, x451) + @intCast(u32, x418)); + var x453: u32 = undefined; + var x454: u32 = undefined; + fiatP224MulxU32(&x453, &x454, x6, (arg1[6])); + var x455: u32 = undefined; + var x456: u32 = undefined; + fiatP224MulxU32(&x455, &x456, x6, (arg1[5])); + var x457: u32 = undefined; + var x458: u32 = undefined; + fiatP224MulxU32(&x457, &x458, x6, (arg1[4])); + var x459: u32 = undefined; + var x460: u32 = undefined; + fiatP224MulxU32(&x459, &x460, x6, (arg1[3])); + var x461: u32 = undefined; + var x462: u32 = undefined; + fiatP224MulxU32(&x461, &x462, x6, (arg1[2])); + var x463: u32 = undefined; + var x464: u32 = undefined; + fiatP224MulxU32(&x463, &x464, x6, (arg1[1])); + var x465: u32 = undefined; + var x466: u32 = undefined; + fiatP224MulxU32(&x465, &x466, x6, (arg1[0])); + var x467: u32 = undefined; + var x468: u1 = undefined; + fiatP224AddcarryxU32(&x467, &x468, 0x0, x466, x463); + var x469: u32 = undefined; + var x470: u1 = undefined; + fiatP224AddcarryxU32(&x469, &x470, x468, x464, x461); + var x471: u32 = undefined; + var x472: u1 = undefined; + fiatP224AddcarryxU32(&x471, &x472, x470, x462, x459); + var x473: u32 = undefined; + var x474: u1 = undefined; + fiatP224AddcarryxU32(&x473, &x474, x472, x460, x457); + var x475: u32 = undefined; + var x476: u1 = undefined; + fiatP224AddcarryxU32(&x475, &x476, x474, x458, x455); + var x477: u32 = undefined; + var x478: u1 = undefined; + fiatP224AddcarryxU32(&x477, &x478, x476, x456, x453); + const x479: u32 = (@intCast(u32, x478) + x454); + var x480: u32 = undefined; + var x481: u1 = undefined; + fiatP224AddcarryxU32(&x480, &x481, 0x0, x438, x465); + var x482: u32 = undefined; + var x483: u1 = undefined; + fiatP224AddcarryxU32(&x482, &x483, x481, x440, x467); + var x484: u32 = undefined; + var x485: u1 = undefined; + fiatP224AddcarryxU32(&x484, &x485, x483, x442, x469); + var x486: u32 = undefined; + var x487: u1 = undefined; + fiatP224AddcarryxU32(&x486, &x487, x485, x444, x471); + var x488: u32 = undefined; + var x489: u1 = undefined; + fiatP224AddcarryxU32(&x488, &x489, x487, x446, x473); + var x490: u32 = undefined; + var x491: u1 = undefined; + fiatP224AddcarryxU32(&x490, &x491, x489, x448, x475); + var x492: u32 = undefined; + var x493: u1 = undefined; + fiatP224AddcarryxU32(&x492, &x493, x491, x450, x477); + var x494: u32 = undefined; + var x495: u1 = undefined; + fiatP224AddcarryxU32(&x494, &x495, x493, x452, x479); + var x496: u32 = undefined; + var x497: u32 = undefined; + fiatP224MulxU32(&x496, &x497, x480, 0xffffffff); + var x498: u32 = undefined; + var x499: u32 = undefined; + fiatP224MulxU32(&x498, &x499, x496, 0xffffffff); + var x500: u32 = undefined; + var x501: u32 = undefined; + fiatP224MulxU32(&x500, &x501, x496, 0xffffffff); + var x502: u32 = undefined; + var x503: u32 = undefined; + fiatP224MulxU32(&x502, &x503, x496, 0xffffffff); + var x504: u32 = undefined; + var x505: u32 = undefined; + fiatP224MulxU32(&x504, &x505, x496, 0xffffffff); + var x506: u32 = undefined; + var x507: u1 = undefined; + fiatP224AddcarryxU32(&x506, &x507, 0x0, x505, x502); + var x508: u32 = undefined; + var x509: u1 = undefined; + fiatP224AddcarryxU32(&x508, &x509, x507, x503, x500); + var x510: u32 = undefined; + var x511: u1 = undefined; + fiatP224AddcarryxU32(&x510, &x511, x509, x501, x498); + const x512: u32 = (@intCast(u32, x511) + x499); + var x513: u32 = undefined; + var x514: u1 = undefined; + fiatP224AddcarryxU32(&x513, &x514, 0x0, x480, x496); + var x515: u32 = undefined; + var x516: u1 = undefined; + fiatP224AddcarryxU32(&x515, &x516, x514, x482, @intCast(u32, 0x0)); + var x517: u32 = undefined; + var x518: u1 = undefined; + fiatP224AddcarryxU32(&x517, &x518, x516, x484, @intCast(u32, 0x0)); + var x519: u32 = undefined; + var x520: u1 = undefined; + fiatP224AddcarryxU32(&x519, &x520, x518, x486, x504); + var x521: u32 = undefined; + var x522: u1 = undefined; + fiatP224AddcarryxU32(&x521, &x522, x520, x488, x506); + var x523: u32 = undefined; + var x524: u1 = undefined; + fiatP224AddcarryxU32(&x523, &x524, x522, x490, x508); + var x525: u32 = undefined; + var x526: u1 = undefined; + fiatP224AddcarryxU32(&x525, &x526, x524, x492, x510); + var x527: u32 = undefined; + var x528: u1 = undefined; + fiatP224AddcarryxU32(&x527, &x528, x526, x494, x512); + const x529: u32 = (@intCast(u32, x528) + @intCast(u32, x495)); + var x530: u32 = undefined; + var x531: u1 = undefined; + fiatP224SubborrowxU32(&x530, &x531, 0x0, x515, @intCast(u32, 0x1)); + var x532: u32 = undefined; + var x533: u1 = undefined; + fiatP224SubborrowxU32(&x532, &x533, x531, x517, @intCast(u32, 0x0)); + var x534: u32 = undefined; + var x535: u1 = undefined; + fiatP224SubborrowxU32(&x534, &x535, x533, x519, @intCast(u32, 0x0)); + var x536: u32 = undefined; + var x537: u1 = undefined; + fiatP224SubborrowxU32(&x536, &x537, x535, x521, 0xffffffff); + var x538: u32 = undefined; + var x539: u1 = undefined; + fiatP224SubborrowxU32(&x538, &x539, x537, x523, 0xffffffff); + var x540: u32 = undefined; + var x541: u1 = undefined; + fiatP224SubborrowxU32(&x540, &x541, x539, x525, 0xffffffff); + var x542: u32 = undefined; + var x543: u1 = undefined; + fiatP224SubborrowxU32(&x542, &x543, x541, x527, 0xffffffff); + var x544: u32 = undefined; + var x545: u1 = undefined; + fiatP224SubborrowxU32(&x544, &x545, x543, x529, @intCast(u32, 0x0)); + var x546: u32 = undefined; + fiatP224CmovznzU32(&x546, x545, x530, x515); + var x547: u32 = undefined; + fiatP224CmovznzU32(&x547, x545, x532, x517); + var x548: u32 = undefined; + fiatP224CmovznzU32(&x548, x545, x534, x519); + var x549: u32 = undefined; + fiatP224CmovznzU32(&x549, x545, x536, x521); + var x550: u32 = undefined; + fiatP224CmovznzU32(&x550, x545, x538, x523); + var x551: u32 = undefined; + fiatP224CmovznzU32(&x551, x545, x540, x525); + var x552: u32 = undefined; + fiatP224CmovznzU32(&x552, x545, x542, x527); + out1[0] = x546; + out1[1] = x547; + out1[2] = x548; + out1[3] = x549; + out1[4] = x550; + out1[5] = x551; + out1[6] = x552; +} + +/// The function fiatP224Add adds two field elements in the Montgomery domain. +/// Preconditions: +/// 0 ≤ eval arg1 < m +/// 0 ≤ eval arg2 < m +/// Postconditions: +/// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) + eval (from_montgomery arg2)) mod m +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +/// arg2: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +pub fn fiatP224Add(out1: *[7]u32, arg1: [7]u32, arg2: [7]u32) void { + var x1: u32 = undefined; + var x2: u1 = undefined; + fiatP224AddcarryxU32(&x1, &x2, 0x0, (arg1[0]), (arg2[0])); + var x3: u32 = undefined; + var x4: u1 = undefined; + fiatP224AddcarryxU32(&x3, &x4, x2, (arg1[1]), (arg2[1])); + var x5: u32 = undefined; + var x6: u1 = undefined; + fiatP224AddcarryxU32(&x5, &x6, x4, (arg1[2]), (arg2[2])); + var x7: u32 = undefined; + var x8: u1 = undefined; + fiatP224AddcarryxU32(&x7, &x8, x6, (arg1[3]), (arg2[3])); + var x9: u32 = undefined; + var x10: u1 = undefined; + fiatP224AddcarryxU32(&x9, &x10, x8, (arg1[4]), (arg2[4])); + var x11: u32 = undefined; + var x12: u1 = undefined; + fiatP224AddcarryxU32(&x11, &x12, x10, (arg1[5]), (arg2[5])); + var x13: u32 = undefined; + var x14: u1 = undefined; + fiatP224AddcarryxU32(&x13, &x14, x12, (arg1[6]), (arg2[6])); + var x15: u32 = undefined; + var x16: u1 = undefined; + fiatP224SubborrowxU32(&x15, &x16, 0x0, x1, @intCast(u32, 0x1)); + var x17: u32 = undefined; + var x18: u1 = undefined; + fiatP224SubborrowxU32(&x17, &x18, x16, x3, @intCast(u32, 0x0)); + var x19: u32 = undefined; + var x20: u1 = undefined; + fiatP224SubborrowxU32(&x19, &x20, x18, x5, @intCast(u32, 0x0)); + var x21: u32 = undefined; + var x22: u1 = undefined; + fiatP224SubborrowxU32(&x21, &x22, x20, x7, 0xffffffff); + var x23: u32 = undefined; + var x24: u1 = undefined; + fiatP224SubborrowxU32(&x23, &x24, x22, x9, 0xffffffff); + var x25: u32 = undefined; + var x26: u1 = undefined; + fiatP224SubborrowxU32(&x25, &x26, x24, x11, 0xffffffff); + var x27: u32 = undefined; + var x28: u1 = undefined; + fiatP224SubborrowxU32(&x27, &x28, x26, x13, 0xffffffff); + var x29: u32 = undefined; + var x30: u1 = undefined; + fiatP224SubborrowxU32(&x29, &x30, x28, @intCast(u32, x14), @intCast(u32, 0x0)); + var x31: u32 = undefined; + fiatP224CmovznzU32(&x31, x30, x15, x1); + var x32: u32 = undefined; + fiatP224CmovznzU32(&x32, x30, x17, x3); + var x33: u32 = undefined; + fiatP224CmovznzU32(&x33, x30, x19, x5); + var x34: u32 = undefined; + fiatP224CmovznzU32(&x34, x30, x21, x7); + var x35: u32 = undefined; + fiatP224CmovznzU32(&x35, x30, x23, x9); + var x36: u32 = undefined; + fiatP224CmovznzU32(&x36, x30, x25, x11); + var x37: u32 = undefined; + fiatP224CmovznzU32(&x37, x30, x27, x13); + out1[0] = x31; + out1[1] = x32; + out1[2] = x33; + out1[3] = x34; + out1[4] = x35; + out1[5] = x36; + out1[6] = x37; +} + +/// The function fiatP224Sub subtracts two field elements in the Montgomery domain. +/// Preconditions: +/// 0 ≤ eval arg1 < m +/// 0 ≤ eval arg2 < m +/// Postconditions: +/// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) - eval (from_montgomery arg2)) mod m +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +/// arg2: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +pub fn fiatP224Sub(out1: *[7]u32, arg1: [7]u32, arg2: [7]u32) void { + var x1: u32 = undefined; + var x2: u1 = undefined; + fiatP224SubborrowxU32(&x1, &x2, 0x0, (arg1[0]), (arg2[0])); + var x3: u32 = undefined; + var x4: u1 = undefined; + fiatP224SubborrowxU32(&x3, &x4, x2, (arg1[1]), (arg2[1])); + var x5: u32 = undefined; + var x6: u1 = undefined; + fiatP224SubborrowxU32(&x5, &x6, x4, (arg1[2]), (arg2[2])); + var x7: u32 = undefined; + var x8: u1 = undefined; + fiatP224SubborrowxU32(&x7, &x8, x6, (arg1[3]), (arg2[3])); + var x9: u32 = undefined; + var x10: u1 = undefined; + fiatP224SubborrowxU32(&x9, &x10, x8, (arg1[4]), (arg2[4])); + var x11: u32 = undefined; + var x12: u1 = undefined; + fiatP224SubborrowxU32(&x11, &x12, x10, (arg1[5]), (arg2[5])); + var x13: u32 = undefined; + var x14: u1 = undefined; + fiatP224SubborrowxU32(&x13, &x14, x12, (arg1[6]), (arg2[6])); + var x15: u32 = undefined; + fiatP224CmovznzU32(&x15, x14, @intCast(u32, 0x0), 0xffffffff); + var x16: u32 = undefined; + var x17: u1 = undefined; + fiatP224AddcarryxU32(&x16, &x17, 0x0, x1, @intCast(u32, @intCast(u1, (x15 & @intCast(u32, 0x1))))); + var x18: u32 = undefined; + var x19: u1 = undefined; + fiatP224AddcarryxU32(&x18, &x19, x17, x3, @intCast(u32, 0x0)); + var x20: u32 = undefined; + var x21: u1 = undefined; + fiatP224AddcarryxU32(&x20, &x21, x19, x5, @intCast(u32, 0x0)); + var x22: u32 = undefined; + var x23: u1 = undefined; + fiatP224AddcarryxU32(&x22, &x23, x21, x7, x15); + var x24: u32 = undefined; + var x25: u1 = undefined; + fiatP224AddcarryxU32(&x24, &x25, x23, x9, x15); + var x26: u32 = undefined; + var x27: u1 = undefined; + fiatP224AddcarryxU32(&x26, &x27, x25, x11, x15); + var x28: u32 = undefined; + var x29: u1 = undefined; + fiatP224AddcarryxU32(&x28, &x29, x27, x13, x15); + out1[0] = x16; + out1[1] = x18; + out1[2] = x20; + out1[3] = x22; + out1[4] = x24; + out1[5] = x26; + out1[6] = x28; +} + +/// The function fiatP224Opp negates a field element in the Montgomery domain. +/// Preconditions: +/// 0 ≤ eval arg1 < m +/// Postconditions: +/// eval (from_montgomery out1) mod m = -eval (from_montgomery arg1) mod m +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +pub fn fiatP224Opp(out1: *[7]u32, arg1: [7]u32) void { + var x1: u32 = undefined; + var x2: u1 = undefined; + fiatP224SubborrowxU32(&x1, &x2, 0x0, @intCast(u32, 0x0), (arg1[0])); + var x3: u32 = undefined; + var x4: u1 = undefined; + fiatP224SubborrowxU32(&x3, &x4, x2, @intCast(u32, 0x0), (arg1[1])); + var x5: u32 = undefined; + var x6: u1 = undefined; + fiatP224SubborrowxU32(&x5, &x6, x4, @intCast(u32, 0x0), (arg1[2])); + var x7: u32 = undefined; + var x8: u1 = undefined; + fiatP224SubborrowxU32(&x7, &x8, x6, @intCast(u32, 0x0), (arg1[3])); + var x9: u32 = undefined; + var x10: u1 = undefined; + fiatP224SubborrowxU32(&x9, &x10, x8, @intCast(u32, 0x0), (arg1[4])); + var x11: u32 = undefined; + var x12: u1 = undefined; + fiatP224SubborrowxU32(&x11, &x12, x10, @intCast(u32, 0x0), (arg1[5])); + var x13: u32 = undefined; + var x14: u1 = undefined; + fiatP224SubborrowxU32(&x13, &x14, x12, @intCast(u32, 0x0), (arg1[6])); + var x15: u32 = undefined; + fiatP224CmovznzU32(&x15, x14, @intCast(u32, 0x0), 0xffffffff); + var x16: u32 = undefined; + var x17: u1 = undefined; + fiatP224AddcarryxU32(&x16, &x17, 0x0, x1, @intCast(u32, @intCast(u1, (x15 & @intCast(u32, 0x1))))); + var x18: u32 = undefined; + var x19: u1 = undefined; + fiatP224AddcarryxU32(&x18, &x19, x17, x3, @intCast(u32, 0x0)); + var x20: u32 = undefined; + var x21: u1 = undefined; + fiatP224AddcarryxU32(&x20, &x21, x19, x5, @intCast(u32, 0x0)); + var x22: u32 = undefined; + var x23: u1 = undefined; + fiatP224AddcarryxU32(&x22, &x23, x21, x7, x15); + var x24: u32 = undefined; + var x25: u1 = undefined; + fiatP224AddcarryxU32(&x24, &x25, x23, x9, x15); + var x26: u32 = undefined; + var x27: u1 = undefined; + fiatP224AddcarryxU32(&x26, &x27, x25, x11, x15); + var x28: u32 = undefined; + var x29: u1 = undefined; + fiatP224AddcarryxU32(&x28, &x29, x27, x13, x15); + out1[0] = x16; + out1[1] = x18; + out1[2] = x20; + out1[3] = x22; + out1[4] = x24; + out1[5] = x26; + out1[6] = x28; +} + +/// The function fiatP224FromMontgomery translates a field element out of the Montgomery domain. +/// Preconditions: +/// 0 ≤ eval arg1 < m +/// Postconditions: +/// eval out1 mod m = (eval arg1 * ((2^32)⁻¹ mod m)^7) mod m +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +pub fn fiatP224FromMontgomery(out1: *[7]u32, arg1: [7]u32) void { + const x1: u32 = (arg1[0]); + var x2: u32 = undefined; + var x3: u32 = undefined; + fiatP224MulxU32(&x2, &x3, x1, 0xffffffff); + var x4: u32 = undefined; + var x5: u32 = undefined; + fiatP224MulxU32(&x4, &x5, x2, 0xffffffff); + var x6: u32 = undefined; + var x7: u32 = undefined; + fiatP224MulxU32(&x6, &x7, x2, 0xffffffff); + var x8: u32 = undefined; + var x9: u32 = undefined; + fiatP224MulxU32(&x8, &x9, x2, 0xffffffff); + var x10: u32 = undefined; + var x11: u32 = undefined; + fiatP224MulxU32(&x10, &x11, x2, 0xffffffff); + var x12: u32 = undefined; + var x13: u1 = undefined; + fiatP224AddcarryxU32(&x12, &x13, 0x0, x11, x8); + var x14: u32 = undefined; + var x15: u1 = undefined; + fiatP224AddcarryxU32(&x14, &x15, x13, x9, x6); + var x16: u32 = undefined; + var x17: u1 = undefined; + fiatP224AddcarryxU32(&x16, &x17, x15, x7, x4); + var x18: u32 = undefined; + var x19: u1 = undefined; + fiatP224AddcarryxU32(&x18, &x19, 0x0, x1, x2); + var x20: u32 = undefined; + var x21: u1 = undefined; + fiatP224AddcarryxU32(&x20, &x21, 0x0, @intCast(u32, x19), (arg1[1])); + var x22: u32 = undefined; + var x23: u32 = undefined; + fiatP224MulxU32(&x22, &x23, x20, 0xffffffff); + var x24: u32 = undefined; + var x25: u32 = undefined; + fiatP224MulxU32(&x24, &x25, x22, 0xffffffff); + var x26: u32 = undefined; + var x27: u32 = undefined; + fiatP224MulxU32(&x26, &x27, x22, 0xffffffff); + var x28: u32 = undefined; + var x29: u32 = undefined; + fiatP224MulxU32(&x28, &x29, x22, 0xffffffff); + var x30: u32 = undefined; + var x31: u32 = undefined; + fiatP224MulxU32(&x30, &x31, x22, 0xffffffff); + var x32: u32 = undefined; + var x33: u1 = undefined; + fiatP224AddcarryxU32(&x32, &x33, 0x0, x31, x28); + var x34: u32 = undefined; + var x35: u1 = undefined; + fiatP224AddcarryxU32(&x34, &x35, x33, x29, x26); + var x36: u32 = undefined; + var x37: u1 = undefined; + fiatP224AddcarryxU32(&x36, &x37, x35, x27, x24); + var x38: u32 = undefined; + var x39: u1 = undefined; + fiatP224AddcarryxU32(&x38, &x39, 0x0, x12, x30); + var x40: u32 = undefined; + var x41: u1 = undefined; + fiatP224AddcarryxU32(&x40, &x41, x39, x14, x32); + var x42: u32 = undefined; + var x43: u1 = undefined; + fiatP224AddcarryxU32(&x42, &x43, x41, x16, x34); + var x44: u32 = undefined; + var x45: u1 = undefined; + fiatP224AddcarryxU32(&x44, &x45, x43, (@intCast(u32, x17) + x5), x36); + var x46: u32 = undefined; + var x47: u1 = undefined; + fiatP224AddcarryxU32(&x46, &x47, x45, @intCast(u32, 0x0), (@intCast(u32, x37) + x25)); + var x48: u32 = undefined; + var x49: u1 = undefined; + fiatP224AddcarryxU32(&x48, &x49, 0x0, x20, x22); + var x50: u32 = undefined; + var x51: u1 = undefined; + fiatP224AddcarryxU32(&x50, &x51, 0x0, (@intCast(u32, x49) + @intCast(u32, x21)), (arg1[2])); + var x52: u32 = undefined; + var x53: u1 = undefined; + fiatP224AddcarryxU32(&x52, &x53, x51, x10, @intCast(u32, 0x0)); + var x54: u32 = undefined; + var x55: u1 = undefined; + fiatP224AddcarryxU32(&x54, &x55, x53, x38, @intCast(u32, 0x0)); + var x56: u32 = undefined; + var x57: u1 = undefined; + fiatP224AddcarryxU32(&x56, &x57, x55, x40, @intCast(u32, 0x0)); + var x58: u32 = undefined; + var x59: u1 = undefined; + fiatP224AddcarryxU32(&x58, &x59, x57, x42, @intCast(u32, 0x0)); + var x60: u32 = undefined; + var x61: u1 = undefined; + fiatP224AddcarryxU32(&x60, &x61, x59, x44, @intCast(u32, 0x0)); + var x62: u32 = undefined; + var x63: u1 = undefined; + fiatP224AddcarryxU32(&x62, &x63, x61, x46, @intCast(u32, 0x0)); + var x64: u32 = undefined; + var x65: u32 = undefined; + fiatP224MulxU32(&x64, &x65, x50, 0xffffffff); + var x66: u32 = undefined; + var x67: u32 = undefined; + fiatP224MulxU32(&x66, &x67, x64, 0xffffffff); + var x68: u32 = undefined; + var x69: u32 = undefined; + fiatP224MulxU32(&x68, &x69, x64, 0xffffffff); + var x70: u32 = undefined; + var x71: u32 = undefined; + fiatP224MulxU32(&x70, &x71, x64, 0xffffffff); + var x72: u32 = undefined; + var x73: u32 = undefined; + fiatP224MulxU32(&x72, &x73, x64, 0xffffffff); + var x74: u32 = undefined; + var x75: u1 = undefined; + fiatP224AddcarryxU32(&x74, &x75, 0x0, x73, x70); + var x76: u32 = undefined; + var x77: u1 = undefined; + fiatP224AddcarryxU32(&x76, &x77, x75, x71, x68); + var x78: u32 = undefined; + var x79: u1 = undefined; + fiatP224AddcarryxU32(&x78, &x79, x77, x69, x66); + var x80: u32 = undefined; + var x81: u1 = undefined; + fiatP224AddcarryxU32(&x80, &x81, 0x0, x50, x64); + var x82: u32 = undefined; + var x83: u1 = undefined; + fiatP224AddcarryxU32(&x82, &x83, x81, x52, @intCast(u32, 0x0)); + var x84: u32 = undefined; + var x85: u1 = undefined; + fiatP224AddcarryxU32(&x84, &x85, x83, x54, @intCast(u32, 0x0)); + var x86: u32 = undefined; + var x87: u1 = undefined; + fiatP224AddcarryxU32(&x86, &x87, x85, x56, x72); + var x88: u32 = undefined; + var x89: u1 = undefined; + fiatP224AddcarryxU32(&x88, &x89, x87, x58, x74); + var x90: u32 = undefined; + var x91: u1 = undefined; + fiatP224AddcarryxU32(&x90, &x91, x89, x60, x76); + var x92: u32 = undefined; + var x93: u1 = undefined; + fiatP224AddcarryxU32(&x92, &x93, x91, x62, x78); + var x94: u32 = undefined; + var x95: u1 = undefined; + fiatP224AddcarryxU32(&x94, &x95, x93, (@intCast(u32, x63) + @intCast(u32, x47)), (@intCast(u32, x79) + x67)); + var x96: u32 = undefined; + var x97: u1 = undefined; + fiatP224AddcarryxU32(&x96, &x97, 0x0, x82, (arg1[3])); + var x98: u32 = undefined; + var x99: u1 = undefined; + fiatP224AddcarryxU32(&x98, &x99, x97, x84, @intCast(u32, 0x0)); + var x100: u32 = undefined; + var x101: u1 = undefined; + fiatP224AddcarryxU32(&x100, &x101, x99, x86, @intCast(u32, 0x0)); + var x102: u32 = undefined; + var x103: u1 = undefined; + fiatP224AddcarryxU32(&x102, &x103, x101, x88, @intCast(u32, 0x0)); + var x104: u32 = undefined; + var x105: u1 = undefined; + fiatP224AddcarryxU32(&x104, &x105, x103, x90, @intCast(u32, 0x0)); + var x106: u32 = undefined; + var x107: u1 = undefined; + fiatP224AddcarryxU32(&x106, &x107, x105, x92, @intCast(u32, 0x0)); + var x108: u32 = undefined; + var x109: u1 = undefined; + fiatP224AddcarryxU32(&x108, &x109, x107, x94, @intCast(u32, 0x0)); + var x110: u32 = undefined; + var x111: u32 = undefined; + fiatP224MulxU32(&x110, &x111, x96, 0xffffffff); + var x112: u32 = undefined; + var x113: u32 = undefined; + fiatP224MulxU32(&x112, &x113, x110, 0xffffffff); + var x114: u32 = undefined; + var x115: u32 = undefined; + fiatP224MulxU32(&x114, &x115, x110, 0xffffffff); + var x116: u32 = undefined; + var x117: u32 = undefined; + fiatP224MulxU32(&x116, &x117, x110, 0xffffffff); + var x118: u32 = undefined; + var x119: u32 = undefined; + fiatP224MulxU32(&x118, &x119, x110, 0xffffffff); + var x120: u32 = undefined; + var x121: u1 = undefined; + fiatP224AddcarryxU32(&x120, &x121, 0x0, x119, x116); + var x122: u32 = undefined; + var x123: u1 = undefined; + fiatP224AddcarryxU32(&x122, &x123, x121, x117, x114); + var x124: u32 = undefined; + var x125: u1 = undefined; + fiatP224AddcarryxU32(&x124, &x125, x123, x115, x112); + var x126: u32 = undefined; + var x127: u1 = undefined; + fiatP224AddcarryxU32(&x126, &x127, 0x0, x96, x110); + var x128: u32 = undefined; + var x129: u1 = undefined; + fiatP224AddcarryxU32(&x128, &x129, x127, x98, @intCast(u32, 0x0)); + var x130: u32 = undefined; + var x131: u1 = undefined; + fiatP224AddcarryxU32(&x130, &x131, x129, x100, @intCast(u32, 0x0)); + var x132: u32 = undefined; + var x133: u1 = undefined; + fiatP224AddcarryxU32(&x132, &x133, x131, x102, x118); + var x134: u32 = undefined; + var x135: u1 = undefined; + fiatP224AddcarryxU32(&x134, &x135, x133, x104, x120); + var x136: u32 = undefined; + var x137: u1 = undefined; + fiatP224AddcarryxU32(&x136, &x137, x135, x106, x122); + var x138: u32 = undefined; + var x139: u1 = undefined; + fiatP224AddcarryxU32(&x138, &x139, x137, x108, x124); + var x140: u32 = undefined; + var x141: u1 = undefined; + fiatP224AddcarryxU32(&x140, &x141, x139, (@intCast(u32, x109) + @intCast(u32, x95)), (@intCast(u32, x125) + x113)); + var x142: u32 = undefined; + var x143: u1 = undefined; + fiatP224AddcarryxU32(&x142, &x143, 0x0, x128, (arg1[4])); + var x144: u32 = undefined; + var x145: u1 = undefined; + fiatP224AddcarryxU32(&x144, &x145, x143, x130, @intCast(u32, 0x0)); + var x146: u32 = undefined; + var x147: u1 = undefined; + fiatP224AddcarryxU32(&x146, &x147, x145, x132, @intCast(u32, 0x0)); + var x148: u32 = undefined; + var x149: u1 = undefined; + fiatP224AddcarryxU32(&x148, &x149, x147, x134, @intCast(u32, 0x0)); + var x150: u32 = undefined; + var x151: u1 = undefined; + fiatP224AddcarryxU32(&x150, &x151, x149, x136, @intCast(u32, 0x0)); + var x152: u32 = undefined; + var x153: u1 = undefined; + fiatP224AddcarryxU32(&x152, &x153, x151, x138, @intCast(u32, 0x0)); + var x154: u32 = undefined; + var x155: u1 = undefined; + fiatP224AddcarryxU32(&x154, &x155, x153, x140, @intCast(u32, 0x0)); + var x156: u32 = undefined; + var x157: u32 = undefined; + fiatP224MulxU32(&x156, &x157, x142, 0xffffffff); + var x158: u32 = undefined; + var x159: u32 = undefined; + fiatP224MulxU32(&x158, &x159, x156, 0xffffffff); + var x160: u32 = undefined; + var x161: u32 = undefined; + fiatP224MulxU32(&x160, &x161, x156, 0xffffffff); + var x162: u32 = undefined; + var x163: u32 = undefined; + fiatP224MulxU32(&x162, &x163, x156, 0xffffffff); + var x164: u32 = undefined; + var x165: u32 = undefined; + fiatP224MulxU32(&x164, &x165, x156, 0xffffffff); + var x166: u32 = undefined; + var x167: u1 = undefined; + fiatP224AddcarryxU32(&x166, &x167, 0x0, x165, x162); + var x168: u32 = undefined; + var x169: u1 = undefined; + fiatP224AddcarryxU32(&x168, &x169, x167, x163, x160); + var x170: u32 = undefined; + var x171: u1 = undefined; + fiatP224AddcarryxU32(&x170, &x171, x169, x161, x158); + var x172: u32 = undefined; + var x173: u1 = undefined; + fiatP224AddcarryxU32(&x172, &x173, 0x0, x142, x156); + var x174: u32 = undefined; + var x175: u1 = undefined; + fiatP224AddcarryxU32(&x174, &x175, x173, x144, @intCast(u32, 0x0)); + var x176: u32 = undefined; + var x177: u1 = undefined; + fiatP224AddcarryxU32(&x176, &x177, x175, x146, @intCast(u32, 0x0)); + var x178: u32 = undefined; + var x179: u1 = undefined; + fiatP224AddcarryxU32(&x178, &x179, x177, x148, x164); + var x180: u32 = undefined; + var x181: u1 = undefined; + fiatP224AddcarryxU32(&x180, &x181, x179, x150, x166); + var x182: u32 = undefined; + var x183: u1 = undefined; + fiatP224AddcarryxU32(&x182, &x183, x181, x152, x168); + var x184: u32 = undefined; + var x185: u1 = undefined; + fiatP224AddcarryxU32(&x184, &x185, x183, x154, x170); + var x186: u32 = undefined; + var x187: u1 = undefined; + fiatP224AddcarryxU32(&x186, &x187, x185, (@intCast(u32, x155) + @intCast(u32, x141)), (@intCast(u32, x171) + x159)); + var x188: u32 = undefined; + var x189: u1 = undefined; + fiatP224AddcarryxU32(&x188, &x189, 0x0, x174, (arg1[5])); + var x190: u32 = undefined; + var x191: u1 = undefined; + fiatP224AddcarryxU32(&x190, &x191, x189, x176, @intCast(u32, 0x0)); + var x192: u32 = undefined; + var x193: u1 = undefined; + fiatP224AddcarryxU32(&x192, &x193, x191, x178, @intCast(u32, 0x0)); + var x194: u32 = undefined; + var x195: u1 = undefined; + fiatP224AddcarryxU32(&x194, &x195, x193, x180, @intCast(u32, 0x0)); + var x196: u32 = undefined; + var x197: u1 = undefined; + fiatP224AddcarryxU32(&x196, &x197, x195, x182, @intCast(u32, 0x0)); + var x198: u32 = undefined; + var x199: u1 = undefined; + fiatP224AddcarryxU32(&x198, &x199, x197, x184, @intCast(u32, 0x0)); + var x200: u32 = undefined; + var x201: u1 = undefined; + fiatP224AddcarryxU32(&x200, &x201, x199, x186, @intCast(u32, 0x0)); + var x202: u32 = undefined; + var x203: u32 = undefined; + fiatP224MulxU32(&x202, &x203, x188, 0xffffffff); + var x204: u32 = undefined; + var x205: u32 = undefined; + fiatP224MulxU32(&x204, &x205, x202, 0xffffffff); + var x206: u32 = undefined; + var x207: u32 = undefined; + fiatP224MulxU32(&x206, &x207, x202, 0xffffffff); + var x208: u32 = undefined; + var x209: u32 = undefined; + fiatP224MulxU32(&x208, &x209, x202, 0xffffffff); + var x210: u32 = undefined; + var x211: u32 = undefined; + fiatP224MulxU32(&x210, &x211, x202, 0xffffffff); + var x212: u32 = undefined; + var x213: u1 = undefined; + fiatP224AddcarryxU32(&x212, &x213, 0x0, x211, x208); + var x214: u32 = undefined; + var x215: u1 = undefined; + fiatP224AddcarryxU32(&x214, &x215, x213, x209, x206); + var x216: u32 = undefined; + var x217: u1 = undefined; + fiatP224AddcarryxU32(&x216, &x217, x215, x207, x204); + var x218: u32 = undefined; + var x219: u1 = undefined; + fiatP224AddcarryxU32(&x218, &x219, 0x0, x188, x202); + var x220: u32 = undefined; + var x221: u1 = undefined; + fiatP224AddcarryxU32(&x220, &x221, x219, x190, @intCast(u32, 0x0)); + var x222: u32 = undefined; + var x223: u1 = undefined; + fiatP224AddcarryxU32(&x222, &x223, x221, x192, @intCast(u32, 0x0)); + var x224: u32 = undefined; + var x225: u1 = undefined; + fiatP224AddcarryxU32(&x224, &x225, x223, x194, x210); + var x226: u32 = undefined; + var x227: u1 = undefined; + fiatP224AddcarryxU32(&x226, &x227, x225, x196, x212); + var x228: u32 = undefined; + var x229: u1 = undefined; + fiatP224AddcarryxU32(&x228, &x229, x227, x198, x214); + var x230: u32 = undefined; + var x231: u1 = undefined; + fiatP224AddcarryxU32(&x230, &x231, x229, x200, x216); + var x232: u32 = undefined; + var x233: u1 = undefined; + fiatP224AddcarryxU32(&x232, &x233, x231, (@intCast(u32, x201) + @intCast(u32, x187)), (@intCast(u32, x217) + x205)); + var x234: u32 = undefined; + var x235: u1 = undefined; + fiatP224AddcarryxU32(&x234, &x235, 0x0, x220, (arg1[6])); + var x236: u32 = undefined; + var x237: u1 = undefined; + fiatP224AddcarryxU32(&x236, &x237, x235, x222, @intCast(u32, 0x0)); + var x238: u32 = undefined; + var x239: u1 = undefined; + fiatP224AddcarryxU32(&x238, &x239, x237, x224, @intCast(u32, 0x0)); + var x240: u32 = undefined; + var x241: u1 = undefined; + fiatP224AddcarryxU32(&x240, &x241, x239, x226, @intCast(u32, 0x0)); + var x242: u32 = undefined; + var x243: u1 = undefined; + fiatP224AddcarryxU32(&x242, &x243, x241, x228, @intCast(u32, 0x0)); + var x244: u32 = undefined; + var x245: u1 = undefined; + fiatP224AddcarryxU32(&x244, &x245, x243, x230, @intCast(u32, 0x0)); + var x246: u32 = undefined; + var x247: u1 = undefined; + fiatP224AddcarryxU32(&x246, &x247, x245, x232, @intCast(u32, 0x0)); + var x248: u32 = undefined; + var x249: u32 = undefined; + fiatP224MulxU32(&x248, &x249, x234, 0xffffffff); + var x250: u32 = undefined; + var x251: u32 = undefined; + fiatP224MulxU32(&x250, &x251, x248, 0xffffffff); + var x252: u32 = undefined; + var x253: u32 = undefined; + fiatP224MulxU32(&x252, &x253, x248, 0xffffffff); + var x254: u32 = undefined; + var x255: u32 = undefined; + fiatP224MulxU32(&x254, &x255, x248, 0xffffffff); + var x256: u32 = undefined; + var x257: u32 = undefined; + fiatP224MulxU32(&x256, &x257, x248, 0xffffffff); + var x258: u32 = undefined; + var x259: u1 = undefined; + fiatP224AddcarryxU32(&x258, &x259, 0x0, x257, x254); + var x260: u32 = undefined; + var x261: u1 = undefined; + fiatP224AddcarryxU32(&x260, &x261, x259, x255, x252); + var x262: u32 = undefined; + var x263: u1 = undefined; + fiatP224AddcarryxU32(&x262, &x263, x261, x253, x250); + var x264: u32 = undefined; + var x265: u1 = undefined; + fiatP224AddcarryxU32(&x264, &x265, 0x0, x234, x248); + var x266: u32 = undefined; + var x267: u1 = undefined; + fiatP224AddcarryxU32(&x266, &x267, x265, x236, @intCast(u32, 0x0)); + var x268: u32 = undefined; + var x269: u1 = undefined; + fiatP224AddcarryxU32(&x268, &x269, x267, x238, @intCast(u32, 0x0)); + var x270: u32 = undefined; + var x271: u1 = undefined; + fiatP224AddcarryxU32(&x270, &x271, x269, x240, x256); + var x272: u32 = undefined; + var x273: u1 = undefined; + fiatP224AddcarryxU32(&x272, &x273, x271, x242, x258); + var x274: u32 = undefined; + var x275: u1 = undefined; + fiatP224AddcarryxU32(&x274, &x275, x273, x244, x260); + var x276: u32 = undefined; + var x277: u1 = undefined; + fiatP224AddcarryxU32(&x276, &x277, x275, x246, x262); + var x278: u32 = undefined; + var x279: u1 = undefined; + fiatP224AddcarryxU32(&x278, &x279, x277, (@intCast(u32, x247) + @intCast(u32, x233)), (@intCast(u32, x263) + x251)); + var x280: u32 = undefined; + var x281: u1 = undefined; + fiatP224SubborrowxU32(&x280, &x281, 0x0, x266, @intCast(u32, 0x1)); + var x282: u32 = undefined; + var x283: u1 = undefined; + fiatP224SubborrowxU32(&x282, &x283, x281, x268, @intCast(u32, 0x0)); + var x284: u32 = undefined; + var x285: u1 = undefined; + fiatP224SubborrowxU32(&x284, &x285, x283, x270, @intCast(u32, 0x0)); + var x286: u32 = undefined; + var x287: u1 = undefined; + fiatP224SubborrowxU32(&x286, &x287, x285, x272, 0xffffffff); + var x288: u32 = undefined; + var x289: u1 = undefined; + fiatP224SubborrowxU32(&x288, &x289, x287, x274, 0xffffffff); + var x290: u32 = undefined; + var x291: u1 = undefined; + fiatP224SubborrowxU32(&x290, &x291, x289, x276, 0xffffffff); + var x292: u32 = undefined; + var x293: u1 = undefined; + fiatP224SubborrowxU32(&x292, &x293, x291, x278, 0xffffffff); + var x294: u32 = undefined; + var x295: u1 = undefined; + fiatP224SubborrowxU32(&x294, &x295, x293, @intCast(u32, x279), @intCast(u32, 0x0)); + var x296: u32 = undefined; + fiatP224CmovznzU32(&x296, x295, x280, x266); + var x297: u32 = undefined; + fiatP224CmovznzU32(&x297, x295, x282, x268); + var x298: u32 = undefined; + fiatP224CmovznzU32(&x298, x295, x284, x270); + var x299: u32 = undefined; + fiatP224CmovznzU32(&x299, x295, x286, x272); + var x300: u32 = undefined; + fiatP224CmovznzU32(&x300, x295, x288, x274); + var x301: u32 = undefined; + fiatP224CmovznzU32(&x301, x295, x290, x276); + var x302: u32 = undefined; + fiatP224CmovznzU32(&x302, x295, x292, x278); + out1[0] = x296; + out1[1] = x297; + out1[2] = x298; + out1[3] = x299; + out1[4] = x300; + out1[5] = x301; + out1[6] = x302; +} + +/// The function fiatP224ToMontgomery translates a field element into the Montgomery domain. +/// Preconditions: +/// 0 ≤ eval arg1 < m +/// Postconditions: +/// eval (from_montgomery out1) mod m = eval arg1 mod m +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +pub fn fiatP224ToMontgomery(out1: *[7]u32, arg1: [7]u32) void { + const x1: u32 = (arg1[1]); + const x2: u32 = (arg1[2]); + const x3: u32 = (arg1[3]); + const x4: u32 = (arg1[4]); + const x5: u32 = (arg1[5]); + const x6: u32 = (arg1[6]); + const x7: u32 = (arg1[0]); + var x8: u32 = undefined; + var x9: u32 = undefined; + fiatP224MulxU32(&x8, &x9, x7, 0xffffffff); + var x10: u32 = undefined; + var x11: u32 = undefined; + fiatP224MulxU32(&x10, &x11, x7, 0xffffffff); + var x12: u32 = undefined; + var x13: u32 = undefined; + fiatP224MulxU32(&x12, &x13, x7, 0xfffffffe); + var x14: u32 = undefined; + var x15: u1 = undefined; + fiatP224AddcarryxU32(&x14, &x15, 0x0, x13, x10); + var x16: u32 = undefined; + var x17: u1 = undefined; + fiatP224AddcarryxU32(&x16, &x17, x15, x11, x8); + var x18: u32 = undefined; + var x19: u32 = undefined; + fiatP224MulxU32(&x18, &x19, x7, 0xffffffff); + var x20: u32 = undefined; + var x21: u32 = undefined; + fiatP224MulxU32(&x20, &x21, x18, 0xffffffff); + var x22: u32 = undefined; + var x23: u32 = undefined; + fiatP224MulxU32(&x22, &x23, x18, 0xffffffff); + var x24: u32 = undefined; + var x25: u32 = undefined; + fiatP224MulxU32(&x24, &x25, x18, 0xffffffff); + var x26: u32 = undefined; + var x27: u32 = undefined; + fiatP224MulxU32(&x26, &x27, x18, 0xffffffff); + var x28: u32 = undefined; + var x29: u1 = undefined; + fiatP224AddcarryxU32(&x28, &x29, 0x0, x27, x24); + var x30: u32 = undefined; + var x31: u1 = undefined; + fiatP224AddcarryxU32(&x30, &x31, x29, x25, x22); + var x32: u32 = undefined; + var x33: u1 = undefined; + fiatP224AddcarryxU32(&x32, &x33, x31, x23, x20); + var x34: u32 = undefined; + var x35: u1 = undefined; + fiatP224AddcarryxU32(&x34, &x35, 0x0, x12, x26); + var x36: u32 = undefined; + var x37: u1 = undefined; + fiatP224AddcarryxU32(&x36, &x37, x35, x14, x28); + var x38: u32 = undefined; + var x39: u1 = undefined; + fiatP224AddcarryxU32(&x38, &x39, x37, x16, x30); + var x40: u32 = undefined; + var x41: u1 = undefined; + fiatP224AddcarryxU32(&x40, &x41, x39, (@intCast(u32, x17) + x9), x32); + var x42: u32 = undefined; + var x43: u1 = undefined; + fiatP224AddcarryxU32(&x42, &x43, x41, @intCast(u32, 0x0), (@intCast(u32, x33) + x21)); + var x44: u32 = undefined; + var x45: u32 = undefined; + fiatP224MulxU32(&x44, &x45, x1, 0xffffffff); + var x46: u32 = undefined; + var x47: u32 = undefined; + fiatP224MulxU32(&x46, &x47, x1, 0xffffffff); + var x48: u32 = undefined; + var x49: u32 = undefined; + fiatP224MulxU32(&x48, &x49, x1, 0xfffffffe); + var x50: u32 = undefined; + var x51: u1 = undefined; + fiatP224AddcarryxU32(&x50, &x51, 0x0, x49, x46); + var x52: u32 = undefined; + var x53: u1 = undefined; + fiatP224AddcarryxU32(&x52, &x53, x51, x47, x44); + var x54: u32 = undefined; + var x55: u1 = undefined; + fiatP224AddcarryxU32(&x54, &x55, 0x0, x7, x18); + var x56: u32 = undefined; + var x57: u1 = undefined; + fiatP224AddcarryxU32(&x56, &x57, 0x0, @intCast(u32, x55), x1); + var x58: u32 = undefined; + var x59: u1 = undefined; + fiatP224AddcarryxU32(&x58, &x59, 0x0, x36, x48); + var x60: u32 = undefined; + var x61: u1 = undefined; + fiatP224AddcarryxU32(&x60, &x61, x59, x38, x50); + var x62: u32 = undefined; + var x63: u1 = undefined; + fiatP224AddcarryxU32(&x62, &x63, x61, x40, x52); + var x64: u32 = undefined; + var x65: u1 = undefined; + fiatP224AddcarryxU32(&x64, &x65, x63, x42, (@intCast(u32, x53) + x45)); + var x66: u32 = undefined; + var x67: u32 = undefined; + fiatP224MulxU32(&x66, &x67, x56, 0xffffffff); + var x68: u32 = undefined; + var x69: u32 = undefined; + fiatP224MulxU32(&x68, &x69, x66, 0xffffffff); + var x70: u32 = undefined; + var x71: u32 = undefined; + fiatP224MulxU32(&x70, &x71, x66, 0xffffffff); + var x72: u32 = undefined; + var x73: u32 = undefined; + fiatP224MulxU32(&x72, &x73, x66, 0xffffffff); + var x74: u32 = undefined; + var x75: u32 = undefined; + fiatP224MulxU32(&x74, &x75, x66, 0xffffffff); + var x76: u32 = undefined; + var x77: u1 = undefined; + fiatP224AddcarryxU32(&x76, &x77, 0x0, x75, x72); + var x78: u32 = undefined; + var x79: u1 = undefined; + fiatP224AddcarryxU32(&x78, &x79, x77, x73, x70); + var x80: u32 = undefined; + var x81: u1 = undefined; + fiatP224AddcarryxU32(&x80, &x81, x79, x71, x68); + var x82: u32 = undefined; + var x83: u1 = undefined; + fiatP224AddcarryxU32(&x82, &x83, 0x0, x58, x74); + var x84: u32 = undefined; + var x85: u1 = undefined; + fiatP224AddcarryxU32(&x84, &x85, x83, x60, x76); + var x86: u32 = undefined; + var x87: u1 = undefined; + fiatP224AddcarryxU32(&x86, &x87, x85, x62, x78); + var x88: u32 = undefined; + var x89: u1 = undefined; + fiatP224AddcarryxU32(&x88, &x89, x87, x64, x80); + var x90: u32 = undefined; + var x91: u1 = undefined; + fiatP224AddcarryxU32(&x90, &x91, x89, (@intCast(u32, x65) + @intCast(u32, x43)), (@intCast(u32, x81) + x69)); + var x92: u32 = undefined; + var x93: u32 = undefined; + fiatP224MulxU32(&x92, &x93, x2, 0xffffffff); + var x94: u32 = undefined; + var x95: u32 = undefined; + fiatP224MulxU32(&x94, &x95, x2, 0xffffffff); + var x96: u32 = undefined; + var x97: u32 = undefined; + fiatP224MulxU32(&x96, &x97, x2, 0xfffffffe); + var x98: u32 = undefined; + var x99: u1 = undefined; + fiatP224AddcarryxU32(&x98, &x99, 0x0, x97, x94); + var x100: u32 = undefined; + var x101: u1 = undefined; + fiatP224AddcarryxU32(&x100, &x101, x99, x95, x92); + var x102: u32 = undefined; + var x103: u1 = undefined; + fiatP224AddcarryxU32(&x102, &x103, 0x0, x56, x66); + var x104: u32 = undefined; + var x105: u1 = undefined; + fiatP224AddcarryxU32(&x104, &x105, 0x0, (@intCast(u32, x103) + @intCast(u32, x57)), x2); + var x106: u32 = undefined; + var x107: u1 = undefined; + fiatP224AddcarryxU32(&x106, &x107, x105, x34, @intCast(u32, 0x0)); + var x108: u32 = undefined; + var x109: u1 = undefined; + fiatP224AddcarryxU32(&x108, &x109, x107, x82, @intCast(u32, 0x0)); + var x110: u32 = undefined; + var x111: u1 = undefined; + fiatP224AddcarryxU32(&x110, &x111, x109, x84, x96); + var x112: u32 = undefined; + var x113: u1 = undefined; + fiatP224AddcarryxU32(&x112, &x113, x111, x86, x98); + var x114: u32 = undefined; + var x115: u1 = undefined; + fiatP224AddcarryxU32(&x114, &x115, x113, x88, x100); + var x116: u32 = undefined; + var x117: u1 = undefined; + fiatP224AddcarryxU32(&x116, &x117, x115, x90, (@intCast(u32, x101) + x93)); + var x118: u32 = undefined; + var x119: u32 = undefined; + fiatP224MulxU32(&x118, &x119, x104, 0xffffffff); + var x120: u32 = undefined; + var x121: u32 = undefined; + fiatP224MulxU32(&x120, &x121, x118, 0xffffffff); + var x122: u32 = undefined; + var x123: u32 = undefined; + fiatP224MulxU32(&x122, &x123, x118, 0xffffffff); + var x124: u32 = undefined; + var x125: u32 = undefined; + fiatP224MulxU32(&x124, &x125, x118, 0xffffffff); + var x126: u32 = undefined; + var x127: u32 = undefined; + fiatP224MulxU32(&x126, &x127, x118, 0xffffffff); + var x128: u32 = undefined; + var x129: u1 = undefined; + fiatP224AddcarryxU32(&x128, &x129, 0x0, x127, x124); + var x130: u32 = undefined; + var x131: u1 = undefined; + fiatP224AddcarryxU32(&x130, &x131, x129, x125, x122); + var x132: u32 = undefined; + var x133: u1 = undefined; + fiatP224AddcarryxU32(&x132, &x133, x131, x123, x120); + var x134: u32 = undefined; + var x135: u1 = undefined; + fiatP224AddcarryxU32(&x134, &x135, 0x0, x104, x118); + var x136: u32 = undefined; + var x137: u1 = undefined; + fiatP224AddcarryxU32(&x136, &x137, x135, x106, @intCast(u32, 0x0)); + var x138: u32 = undefined; + var x139: u1 = undefined; + fiatP224AddcarryxU32(&x138, &x139, x137, x108, @intCast(u32, 0x0)); + var x140: u32 = undefined; + var x141: u1 = undefined; + fiatP224AddcarryxU32(&x140, &x141, x139, x110, x126); + var x142: u32 = undefined; + var x143: u1 = undefined; + fiatP224AddcarryxU32(&x142, &x143, x141, x112, x128); + var x144: u32 = undefined; + var x145: u1 = undefined; + fiatP224AddcarryxU32(&x144, &x145, x143, x114, x130); + var x146: u32 = undefined; + var x147: u1 = undefined; + fiatP224AddcarryxU32(&x146, &x147, x145, x116, x132); + var x148: u32 = undefined; + var x149: u1 = undefined; + fiatP224AddcarryxU32(&x148, &x149, x147, (@intCast(u32, x117) + @intCast(u32, x91)), (@intCast(u32, x133) + x121)); + var x150: u32 = undefined; + var x151: u32 = undefined; + fiatP224MulxU32(&x150, &x151, x3, 0xffffffff); + var x152: u32 = undefined; + var x153: u32 = undefined; + fiatP224MulxU32(&x152, &x153, x3, 0xffffffff); + var x154: u32 = undefined; + var x155: u32 = undefined; + fiatP224MulxU32(&x154, &x155, x3, 0xfffffffe); + var x156: u32 = undefined; + var x157: u1 = undefined; + fiatP224AddcarryxU32(&x156, &x157, 0x0, x155, x152); + var x158: u32 = undefined; + var x159: u1 = undefined; + fiatP224AddcarryxU32(&x158, &x159, x157, x153, x150); + var x160: u32 = undefined; + var x161: u1 = undefined; + fiatP224AddcarryxU32(&x160, &x161, 0x0, x136, x3); + var x162: u32 = undefined; + var x163: u1 = undefined; + fiatP224AddcarryxU32(&x162, &x163, x161, x138, @intCast(u32, 0x0)); + var x164: u32 = undefined; + var x165: u1 = undefined; + fiatP224AddcarryxU32(&x164, &x165, x163, x140, @intCast(u32, 0x0)); + var x166: u32 = undefined; + var x167: u1 = undefined; + fiatP224AddcarryxU32(&x166, &x167, x165, x142, x154); + var x168: u32 = undefined; + var x169: u1 = undefined; + fiatP224AddcarryxU32(&x168, &x169, x167, x144, x156); + var x170: u32 = undefined; + var x171: u1 = undefined; + fiatP224AddcarryxU32(&x170, &x171, x169, x146, x158); + var x172: u32 = undefined; + var x173: u1 = undefined; + fiatP224AddcarryxU32(&x172, &x173, x171, x148, (@intCast(u32, x159) + x151)); + var x174: u32 = undefined; + var x175: u32 = undefined; + fiatP224MulxU32(&x174, &x175, x160, 0xffffffff); + var x176: u32 = undefined; + var x177: u32 = undefined; + fiatP224MulxU32(&x176, &x177, x174, 0xffffffff); + var x178: u32 = undefined; + var x179: u32 = undefined; + fiatP224MulxU32(&x178, &x179, x174, 0xffffffff); + var x180: u32 = undefined; + var x181: u32 = undefined; + fiatP224MulxU32(&x180, &x181, x174, 0xffffffff); + var x182: u32 = undefined; + var x183: u32 = undefined; + fiatP224MulxU32(&x182, &x183, x174, 0xffffffff); + var x184: u32 = undefined; + var x185: u1 = undefined; + fiatP224AddcarryxU32(&x184, &x185, 0x0, x183, x180); + var x186: u32 = undefined; + var x187: u1 = undefined; + fiatP224AddcarryxU32(&x186, &x187, x185, x181, x178); + var x188: u32 = undefined; + var x189: u1 = undefined; + fiatP224AddcarryxU32(&x188, &x189, x187, x179, x176); + var x190: u32 = undefined; + var x191: u1 = undefined; + fiatP224AddcarryxU32(&x190, &x191, 0x0, x160, x174); + var x192: u32 = undefined; + var x193: u1 = undefined; + fiatP224AddcarryxU32(&x192, &x193, x191, x162, @intCast(u32, 0x0)); + var x194: u32 = undefined; + var x195: u1 = undefined; + fiatP224AddcarryxU32(&x194, &x195, x193, x164, @intCast(u32, 0x0)); + var x196: u32 = undefined; + var x197: u1 = undefined; + fiatP224AddcarryxU32(&x196, &x197, x195, x166, x182); + var x198: u32 = undefined; + var x199: u1 = undefined; + fiatP224AddcarryxU32(&x198, &x199, x197, x168, x184); + var x200: u32 = undefined; + var x201: u1 = undefined; + fiatP224AddcarryxU32(&x200, &x201, x199, x170, x186); + var x202: u32 = undefined; + var x203: u1 = undefined; + fiatP224AddcarryxU32(&x202, &x203, x201, x172, x188); + var x204: u32 = undefined; + var x205: u1 = undefined; + fiatP224AddcarryxU32(&x204, &x205, x203, (@intCast(u32, x173) + @intCast(u32, x149)), (@intCast(u32, x189) + x177)); + var x206: u32 = undefined; + var x207: u32 = undefined; + fiatP224MulxU32(&x206, &x207, x4, 0xffffffff); + var x208: u32 = undefined; + var x209: u32 = undefined; + fiatP224MulxU32(&x208, &x209, x4, 0xffffffff); + var x210: u32 = undefined; + var x211: u32 = undefined; + fiatP224MulxU32(&x210, &x211, x4, 0xfffffffe); + var x212: u32 = undefined; + var x213: u1 = undefined; + fiatP224AddcarryxU32(&x212, &x213, 0x0, x211, x208); + var x214: u32 = undefined; + var x215: u1 = undefined; + fiatP224AddcarryxU32(&x214, &x215, x213, x209, x206); + var x216: u32 = undefined; + var x217: u1 = undefined; + fiatP224AddcarryxU32(&x216, &x217, 0x0, x192, x4); + var x218: u32 = undefined; + var x219: u1 = undefined; + fiatP224AddcarryxU32(&x218, &x219, x217, x194, @intCast(u32, 0x0)); + var x220: u32 = undefined; + var x221: u1 = undefined; + fiatP224AddcarryxU32(&x220, &x221, x219, x196, @intCast(u32, 0x0)); + var x222: u32 = undefined; + var x223: u1 = undefined; + fiatP224AddcarryxU32(&x222, &x223, x221, x198, x210); + var x224: u32 = undefined; + var x225: u1 = undefined; + fiatP224AddcarryxU32(&x224, &x225, x223, x200, x212); + var x226: u32 = undefined; + var x227: u1 = undefined; + fiatP224AddcarryxU32(&x226, &x227, x225, x202, x214); + var x228: u32 = undefined; + var x229: u1 = undefined; + fiatP224AddcarryxU32(&x228, &x229, x227, x204, (@intCast(u32, x215) + x207)); + var x230: u32 = undefined; + var x231: u32 = undefined; + fiatP224MulxU32(&x230, &x231, x216, 0xffffffff); + var x232: u32 = undefined; + var x233: u32 = undefined; + fiatP224MulxU32(&x232, &x233, x230, 0xffffffff); + var x234: u32 = undefined; + var x235: u32 = undefined; + fiatP224MulxU32(&x234, &x235, x230, 0xffffffff); + var x236: u32 = undefined; + var x237: u32 = undefined; + fiatP224MulxU32(&x236, &x237, x230, 0xffffffff); + var x238: u32 = undefined; + var x239: u32 = undefined; + fiatP224MulxU32(&x238, &x239, x230, 0xffffffff); + var x240: u32 = undefined; + var x241: u1 = undefined; + fiatP224AddcarryxU32(&x240, &x241, 0x0, x239, x236); + var x242: u32 = undefined; + var x243: u1 = undefined; + fiatP224AddcarryxU32(&x242, &x243, x241, x237, x234); + var x244: u32 = undefined; + var x245: u1 = undefined; + fiatP224AddcarryxU32(&x244, &x245, x243, x235, x232); + var x246: u32 = undefined; + var x247: u1 = undefined; + fiatP224AddcarryxU32(&x246, &x247, 0x0, x216, x230); + var x248: u32 = undefined; + var x249: u1 = undefined; + fiatP224AddcarryxU32(&x248, &x249, x247, x218, @intCast(u32, 0x0)); + var x250: u32 = undefined; + var x251: u1 = undefined; + fiatP224AddcarryxU32(&x250, &x251, x249, x220, @intCast(u32, 0x0)); + var x252: u32 = undefined; + var x253: u1 = undefined; + fiatP224AddcarryxU32(&x252, &x253, x251, x222, x238); + var x254: u32 = undefined; + var x255: u1 = undefined; + fiatP224AddcarryxU32(&x254, &x255, x253, x224, x240); + var x256: u32 = undefined; + var x257: u1 = undefined; + fiatP224AddcarryxU32(&x256, &x257, x255, x226, x242); + var x258: u32 = undefined; + var x259: u1 = undefined; + fiatP224AddcarryxU32(&x258, &x259, x257, x228, x244); + var x260: u32 = undefined; + var x261: u1 = undefined; + fiatP224AddcarryxU32(&x260, &x261, x259, (@intCast(u32, x229) + @intCast(u32, x205)), (@intCast(u32, x245) + x233)); + var x262: u32 = undefined; + var x263: u32 = undefined; + fiatP224MulxU32(&x262, &x263, x5, 0xffffffff); + var x264: u32 = undefined; + var x265: u32 = undefined; + fiatP224MulxU32(&x264, &x265, x5, 0xffffffff); + var x266: u32 = undefined; + var x267: u32 = undefined; + fiatP224MulxU32(&x266, &x267, x5, 0xfffffffe); + var x268: u32 = undefined; + var x269: u1 = undefined; + fiatP224AddcarryxU32(&x268, &x269, 0x0, x267, x264); + var x270: u32 = undefined; + var x271: u1 = undefined; + fiatP224AddcarryxU32(&x270, &x271, x269, x265, x262); + var x272: u32 = undefined; + var x273: u1 = undefined; + fiatP224AddcarryxU32(&x272, &x273, 0x0, x248, x5); + var x274: u32 = undefined; + var x275: u1 = undefined; + fiatP224AddcarryxU32(&x274, &x275, x273, x250, @intCast(u32, 0x0)); + var x276: u32 = undefined; + var x277: u1 = undefined; + fiatP224AddcarryxU32(&x276, &x277, x275, x252, @intCast(u32, 0x0)); + var x278: u32 = undefined; + var x279: u1 = undefined; + fiatP224AddcarryxU32(&x278, &x279, x277, x254, x266); + var x280: u32 = undefined; + var x281: u1 = undefined; + fiatP224AddcarryxU32(&x280, &x281, x279, x256, x268); + var x282: u32 = undefined; + var x283: u1 = undefined; + fiatP224AddcarryxU32(&x282, &x283, x281, x258, x270); + var x284: u32 = undefined; + var x285: u1 = undefined; + fiatP224AddcarryxU32(&x284, &x285, x283, x260, (@intCast(u32, x271) + x263)); + var x286: u32 = undefined; + var x287: u32 = undefined; + fiatP224MulxU32(&x286, &x287, x272, 0xffffffff); + var x288: u32 = undefined; + var x289: u32 = undefined; + fiatP224MulxU32(&x288, &x289, x286, 0xffffffff); + var x290: u32 = undefined; + var x291: u32 = undefined; + fiatP224MulxU32(&x290, &x291, x286, 0xffffffff); + var x292: u32 = undefined; + var x293: u32 = undefined; + fiatP224MulxU32(&x292, &x293, x286, 0xffffffff); + var x294: u32 = undefined; + var x295: u32 = undefined; + fiatP224MulxU32(&x294, &x295, x286, 0xffffffff); + var x296: u32 = undefined; + var x297: u1 = undefined; + fiatP224AddcarryxU32(&x296, &x297, 0x0, x295, x292); + var x298: u32 = undefined; + var x299: u1 = undefined; + fiatP224AddcarryxU32(&x298, &x299, x297, x293, x290); + var x300: u32 = undefined; + var x301: u1 = undefined; + fiatP224AddcarryxU32(&x300, &x301, x299, x291, x288); + var x302: u32 = undefined; + var x303: u1 = undefined; + fiatP224AddcarryxU32(&x302, &x303, 0x0, x272, x286); + var x304: u32 = undefined; + var x305: u1 = undefined; + fiatP224AddcarryxU32(&x304, &x305, x303, x274, @intCast(u32, 0x0)); + var x306: u32 = undefined; + var x307: u1 = undefined; + fiatP224AddcarryxU32(&x306, &x307, x305, x276, @intCast(u32, 0x0)); + var x308: u32 = undefined; + var x309: u1 = undefined; + fiatP224AddcarryxU32(&x308, &x309, x307, x278, x294); + var x310: u32 = undefined; + var x311: u1 = undefined; + fiatP224AddcarryxU32(&x310, &x311, x309, x280, x296); + var x312: u32 = undefined; + var x313: u1 = undefined; + fiatP224AddcarryxU32(&x312, &x313, x311, x282, x298); + var x314: u32 = undefined; + var x315: u1 = undefined; + fiatP224AddcarryxU32(&x314, &x315, x313, x284, x300); + var x316: u32 = undefined; + var x317: u1 = undefined; + fiatP224AddcarryxU32(&x316, &x317, x315, (@intCast(u32, x285) + @intCast(u32, x261)), (@intCast(u32, x301) + x289)); + var x318: u32 = undefined; + var x319: u32 = undefined; + fiatP224MulxU32(&x318, &x319, x6, 0xffffffff); + var x320: u32 = undefined; + var x321: u32 = undefined; + fiatP224MulxU32(&x320, &x321, x6, 0xffffffff); + var x322: u32 = undefined; + var x323: u32 = undefined; + fiatP224MulxU32(&x322, &x323, x6, 0xfffffffe); + var x324: u32 = undefined; + var x325: u1 = undefined; + fiatP224AddcarryxU32(&x324, &x325, 0x0, x323, x320); + var x326: u32 = undefined; + var x327: u1 = undefined; + fiatP224AddcarryxU32(&x326, &x327, x325, x321, x318); + var x328: u32 = undefined; + var x329: u1 = undefined; + fiatP224AddcarryxU32(&x328, &x329, 0x0, x304, x6); + var x330: u32 = undefined; + var x331: u1 = undefined; + fiatP224AddcarryxU32(&x330, &x331, x329, x306, @intCast(u32, 0x0)); + var x332: u32 = undefined; + var x333: u1 = undefined; + fiatP224AddcarryxU32(&x332, &x333, x331, x308, @intCast(u32, 0x0)); + var x334: u32 = undefined; + var x335: u1 = undefined; + fiatP224AddcarryxU32(&x334, &x335, x333, x310, x322); + var x336: u32 = undefined; + var x337: u1 = undefined; + fiatP224AddcarryxU32(&x336, &x337, x335, x312, x324); + var x338: u32 = undefined; + var x339: u1 = undefined; + fiatP224AddcarryxU32(&x338, &x339, x337, x314, x326); + var x340: u32 = undefined; + var x341: u1 = undefined; + fiatP224AddcarryxU32(&x340, &x341, x339, x316, (@intCast(u32, x327) + x319)); + var x342: u32 = undefined; + var x343: u32 = undefined; + fiatP224MulxU32(&x342, &x343, x328, 0xffffffff); + var x344: u32 = undefined; + var x345: u32 = undefined; + fiatP224MulxU32(&x344, &x345, x342, 0xffffffff); + var x346: u32 = undefined; + var x347: u32 = undefined; + fiatP224MulxU32(&x346, &x347, x342, 0xffffffff); + var x348: u32 = undefined; + var x349: u32 = undefined; + fiatP224MulxU32(&x348, &x349, x342, 0xffffffff); + var x350: u32 = undefined; + var x351: u32 = undefined; + fiatP224MulxU32(&x350, &x351, x342, 0xffffffff); + var x352: u32 = undefined; + var x353: u1 = undefined; + fiatP224AddcarryxU32(&x352, &x353, 0x0, x351, x348); + var x354: u32 = undefined; + var x355: u1 = undefined; + fiatP224AddcarryxU32(&x354, &x355, x353, x349, x346); + var x356: u32 = undefined; + var x357: u1 = undefined; + fiatP224AddcarryxU32(&x356, &x357, x355, x347, x344); + var x358: u32 = undefined; + var x359: u1 = undefined; + fiatP224AddcarryxU32(&x358, &x359, 0x0, x328, x342); + var x360: u32 = undefined; + var x361: u1 = undefined; + fiatP224AddcarryxU32(&x360, &x361, x359, x330, @intCast(u32, 0x0)); + var x362: u32 = undefined; + var x363: u1 = undefined; + fiatP224AddcarryxU32(&x362, &x363, x361, x332, @intCast(u32, 0x0)); + var x364: u32 = undefined; + var x365: u1 = undefined; + fiatP224AddcarryxU32(&x364, &x365, x363, x334, x350); + var x366: u32 = undefined; + var x367: u1 = undefined; + fiatP224AddcarryxU32(&x366, &x367, x365, x336, x352); + var x368: u32 = undefined; + var x369: u1 = undefined; + fiatP224AddcarryxU32(&x368, &x369, x367, x338, x354); + var x370: u32 = undefined; + var x371: u1 = undefined; + fiatP224AddcarryxU32(&x370, &x371, x369, x340, x356); + var x372: u32 = undefined; + var x373: u1 = undefined; + fiatP224AddcarryxU32(&x372, &x373, x371, (@intCast(u32, x341) + @intCast(u32, x317)), (@intCast(u32, x357) + x345)); + var x374: u32 = undefined; + var x375: u1 = undefined; + fiatP224SubborrowxU32(&x374, &x375, 0x0, x360, @intCast(u32, 0x1)); + var x376: u32 = undefined; + var x377: u1 = undefined; + fiatP224SubborrowxU32(&x376, &x377, x375, x362, @intCast(u32, 0x0)); + var x378: u32 = undefined; + var x379: u1 = undefined; + fiatP224SubborrowxU32(&x378, &x379, x377, x364, @intCast(u32, 0x0)); + var x380: u32 = undefined; + var x381: u1 = undefined; + fiatP224SubborrowxU32(&x380, &x381, x379, x366, 0xffffffff); + var x382: u32 = undefined; + var x383: u1 = undefined; + fiatP224SubborrowxU32(&x382, &x383, x381, x368, 0xffffffff); + var x384: u32 = undefined; + var x385: u1 = undefined; + fiatP224SubborrowxU32(&x384, &x385, x383, x370, 0xffffffff); + var x386: u32 = undefined; + var x387: u1 = undefined; + fiatP224SubborrowxU32(&x386, &x387, x385, x372, 0xffffffff); + var x388: u32 = undefined; + var x389: u1 = undefined; + fiatP224SubborrowxU32(&x388, &x389, x387, @intCast(u32, x373), @intCast(u32, 0x0)); + var x390: u32 = undefined; + fiatP224CmovznzU32(&x390, x389, x374, x360); + var x391: u32 = undefined; + fiatP224CmovznzU32(&x391, x389, x376, x362); + var x392: u32 = undefined; + fiatP224CmovznzU32(&x392, x389, x378, x364); + var x393: u32 = undefined; + fiatP224CmovznzU32(&x393, x389, x380, x366); + var x394: u32 = undefined; + fiatP224CmovznzU32(&x394, x389, x382, x368); + var x395: u32 = undefined; + fiatP224CmovznzU32(&x395, x389, x384, x370); + var x396: u32 = undefined; + fiatP224CmovznzU32(&x396, x389, x386, x372); + out1[0] = x390; + out1[1] = x391; + out1[2] = x392; + out1[3] = x393; + out1[4] = x394; + out1[5] = x395; + out1[6] = x396; +} + +/// The function fiatP224Nonzero outputs a single non-zero word if the input is non-zero and zero otherwise. +/// Preconditions: +/// 0 ≤ eval arg1 < m +/// Postconditions: +/// out1 = 0 ↔ eval (from_montgomery arg1) mod m = 0 +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +/// Output Bounds: +/// out1: [0x0 ~> 0xffffffff] +pub fn fiatP224Nonzero(out1: *u32, arg1: [7]u32) void { + const x1: u32 = ((arg1[0]) | ((arg1[1]) | ((arg1[2]) | ((arg1[3]) | ((arg1[4]) | ((arg1[5]) | (arg1[6]))))))); + out1.* = x1; +} + +/// The function fiatP224Selectznz is a multi-limb conditional select. +/// Postconditions: +/// eval out1 = (if arg1 = 0 then eval arg2 else eval arg3) +/// +/// Input Bounds: +/// arg1: [0x0 ~> 0x1] +/// arg2: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +/// arg3: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +pub fn fiatP224Selectznz(out1: *[7]u32, arg1: u1, arg2: [7]u32, arg3: [7]u32) void { + var x1: u32 = undefined; + fiatP224CmovznzU32(&x1, arg1, (arg2[0]), (arg3[0])); + var x2: u32 = undefined; + fiatP224CmovznzU32(&x2, arg1, (arg2[1]), (arg3[1])); + var x3: u32 = undefined; + fiatP224CmovznzU32(&x3, arg1, (arg2[2]), (arg3[2])); + var x4: u32 = undefined; + fiatP224CmovznzU32(&x4, arg1, (arg2[3]), (arg3[3])); + var x5: u32 = undefined; + fiatP224CmovznzU32(&x5, arg1, (arg2[4]), (arg3[4])); + var x6: u32 = undefined; + fiatP224CmovznzU32(&x6, arg1, (arg2[5]), (arg3[5])); + var x7: u32 = undefined; + fiatP224CmovznzU32(&x7, arg1, (arg2[6]), (arg3[6])); + out1[0] = x1; + out1[1] = x2; + out1[2] = x3; + out1[3] = x4; + out1[4] = x5; + out1[5] = x6; + out1[6] = x7; +} + +/// The function fiatP224ToBytes serializes a field element NOT in the Montgomery domain to bytes in little-endian order. +/// Preconditions: +/// 0 ≤ eval arg1 < m +/// Postconditions: +/// out1 = map (λ x, ⌊((eval arg1 mod m) mod 2^(8 * (x + 1))) / 2^(8 * x)⌋) [0..27] +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff]] +pub fn fiatP224ToBytes(out1: *[28]u8, arg1: [7]u32) void { + const x1: u32 = (arg1[6]); + const x2: u32 = (arg1[5]); + const x3: u32 = (arg1[4]); + const x4: u32 = (arg1[3]); + const x5: u32 = (arg1[2]); + const x6: u32 = (arg1[1]); + const x7: u32 = (arg1[0]); + const x8: u8 = @intCast(u8, (x7 & @intCast(u32, 0xff))); + const x9: u32 = (x7 >> 8); + const x10: u8 = @intCast(u8, (x9 & @intCast(u32, 0xff))); + const x11: u32 = (x9 >> 8); + const x12: u8 = @intCast(u8, (x11 & @intCast(u32, 0xff))); + const x13: u8 = @intCast(u8, (x11 >> 8)); + const x14: u8 = @intCast(u8, (x6 & @intCast(u32, 0xff))); + const x15: u32 = (x6 >> 8); + const x16: u8 = @intCast(u8, (x15 & @intCast(u32, 0xff))); + const x17: u32 = (x15 >> 8); + const x18: u8 = @intCast(u8, (x17 & @intCast(u32, 0xff))); + const x19: u8 = @intCast(u8, (x17 >> 8)); + const x20: u8 = @intCast(u8, (x5 & @intCast(u32, 0xff))); + const x21: u32 = (x5 >> 8); + const x22: u8 = @intCast(u8, (x21 & @intCast(u32, 0xff))); + const x23: u32 = (x21 >> 8); + const x24: u8 = @intCast(u8, (x23 & @intCast(u32, 0xff))); + const x25: u8 = @intCast(u8, (x23 >> 8)); + const x26: u8 = @intCast(u8, (x4 & @intCast(u32, 0xff))); + const x27: u32 = (x4 >> 8); + const x28: u8 = @intCast(u8, (x27 & @intCast(u32, 0xff))); + const x29: u32 = (x27 >> 8); + const x30: u8 = @intCast(u8, (x29 & @intCast(u32, 0xff))); + const x31: u8 = @intCast(u8, (x29 >> 8)); + const x32: u8 = @intCast(u8, (x3 & @intCast(u32, 0xff))); + const x33: u32 = (x3 >> 8); + const x34: u8 = @intCast(u8, (x33 & @intCast(u32, 0xff))); + const x35: u32 = (x33 >> 8); + const x36: u8 = @intCast(u8, (x35 & @intCast(u32, 0xff))); + const x37: u8 = @intCast(u8, (x35 >> 8)); + const x38: u8 = @intCast(u8, (x2 & @intCast(u32, 0xff))); + const x39: u32 = (x2 >> 8); + const x40: u8 = @intCast(u8, (x39 & @intCast(u32, 0xff))); + const x41: u32 = (x39 >> 8); + const x42: u8 = @intCast(u8, (x41 & @intCast(u32, 0xff))); + const x43: u8 = @intCast(u8, (x41 >> 8)); + const x44: u8 = @intCast(u8, (x1 & @intCast(u32, 0xff))); + const x45: u32 = (x1 >> 8); + const x46: u8 = @intCast(u8, (x45 & @intCast(u32, 0xff))); + const x47: u32 = (x45 >> 8); + const x48: u8 = @intCast(u8, (x47 & @intCast(u32, 0xff))); + const x49: u8 = @intCast(u8, (x47 >> 8)); + out1[0] = x8; + out1[1] = x10; + out1[2] = x12; + out1[3] = x13; + out1[4] = x14; + out1[5] = x16; + out1[6] = x18; + out1[7] = x19; + out1[8] = x20; + out1[9] = x22; + out1[10] = x24; + out1[11] = x25; + out1[12] = x26; + out1[13] = x28; + out1[14] = x30; + out1[15] = x31; + out1[16] = x32; + out1[17] = x34; + out1[18] = x36; + out1[19] = x37; + out1[20] = x38; + out1[21] = x40; + out1[22] = x42; + out1[23] = x43; + out1[24] = x44; + out1[25] = x46; + out1[26] = x48; + out1[27] = x49; +} + +/// The function fiatP224FromBytes deserializes a field element NOT in the Montgomery domain from bytes in little-endian order. +/// Preconditions: +/// 0 ≤ bytes_eval arg1 < m +/// Postconditions: +/// eval out1 mod m = bytes_eval arg1 mod m +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +pub fn fiatP224FromBytes(out1: *[7]u32, arg1: [28]u8) void { + const x1: u32 = (@intCast(u32, (arg1[27])) << 24); + const x2: u32 = (@intCast(u32, (arg1[26])) << 16); + const x3: u32 = (@intCast(u32, (arg1[25])) << 8); + const x4: u8 = (arg1[24]); + const x5: u32 = (@intCast(u32, (arg1[23])) << 24); + const x6: u32 = (@intCast(u32, (arg1[22])) << 16); + const x7: u32 = (@intCast(u32, (arg1[21])) << 8); + const x8: u8 = (arg1[20]); + const x9: u32 = (@intCast(u32, (arg1[19])) << 24); + const x10: u32 = (@intCast(u32, (arg1[18])) << 16); + const x11: u32 = (@intCast(u32, (arg1[17])) << 8); + const x12: u8 = (arg1[16]); + const x13: u32 = (@intCast(u32, (arg1[15])) << 24); + const x14: u32 = (@intCast(u32, (arg1[14])) << 16); + const x15: u32 = (@intCast(u32, (arg1[13])) << 8); + const x16: u8 = (arg1[12]); + const x17: u32 = (@intCast(u32, (arg1[11])) << 24); + const x18: u32 = (@intCast(u32, (arg1[10])) << 16); + const x19: u32 = (@intCast(u32, (arg1[9])) << 8); + const x20: u8 = (arg1[8]); + const x21: u32 = (@intCast(u32, (arg1[7])) << 24); + const x22: u32 = (@intCast(u32, (arg1[6])) << 16); + const x23: u32 = (@intCast(u32, (arg1[5])) << 8); + const x24: u8 = (arg1[4]); + const x25: u32 = (@intCast(u32, (arg1[3])) << 24); + const x26: u32 = (@intCast(u32, (arg1[2])) << 16); + const x27: u32 = (@intCast(u32, (arg1[1])) << 8); + const x28: u8 = (arg1[0]); + const x29: u32 = (x27 + @intCast(u32, x28)); + const x30: u32 = (x26 + x29); + const x31: u32 = (x25 + x30); + const x32: u32 = (x23 + @intCast(u32, x24)); + const x33: u32 = (x22 + x32); + const x34: u32 = (x21 + x33); + const x35: u32 = (x19 + @intCast(u32, x20)); + const x36: u32 = (x18 + x35); + const x37: u32 = (x17 + x36); + const x38: u32 = (x15 + @intCast(u32, x16)); + const x39: u32 = (x14 + x38); + const x40: u32 = (x13 + x39); + const x41: u32 = (x11 + @intCast(u32, x12)); + const x42: u32 = (x10 + x41); + const x43: u32 = (x9 + x42); + const x44: u32 = (x7 + @intCast(u32, x8)); + const x45: u32 = (x6 + x44); + const x46: u32 = (x5 + x45); + const x47: u32 = (x3 + @intCast(u32, x4)); + const x48: u32 = (x2 + x47); + const x49: u32 = (x1 + x48); + out1[0] = x31; + out1[1] = x34; + out1[2] = x37; + out1[3] = x40; + out1[4] = x43; + out1[5] = x46; + out1[6] = x49; +} + +/// The function fiatP224SetOne returns the field element one in the Montgomery domain. +/// Postconditions: +/// eval (from_montgomery out1) mod m = 1 mod m +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +pub fn fiatP224SetOne(out1: *[7]u32) void { + out1[0] = 0xffffffff; + out1[1] = 0xffffffff; + out1[2] = 0xffffffff; + out1[3] = @intCast(u32, 0x0); + out1[4] = @intCast(u32, 0x0); + out1[5] = @intCast(u32, 0x0); + out1[6] = @intCast(u32, 0x0); +} + +/// The function fiatP224Msat returns the saturated representation of the prime modulus. +/// Postconditions: +/// twos_complement_eval out1 = m +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +pub fn fiatP224Msat(out1: *[8]u32) void { + out1[0] = @intCast(u32, 0x1); + out1[1] = @intCast(u32, 0x0); + out1[2] = @intCast(u32, 0x0); + out1[3] = 0xffffffff; + out1[4] = 0xffffffff; + out1[5] = 0xffffffff; + out1[6] = 0xffffffff; + out1[7] = @intCast(u32, 0x0); +} + +/// The function fiatP224Divstep computes a divstep. +/// Preconditions: +/// 0 ≤ eval arg4 < m +/// 0 ≤ eval arg5 < m +/// Postconditions: +/// out1 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then 1 - arg1 else 1 + arg1) +/// twos_complement_eval out2 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then twos_complement_eval arg3 else twos_complement_eval arg2) +/// twos_complement_eval out3 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then ⌊(twos_complement_eval arg3 - twos_complement_eval arg2) / 2⌋ else ⌊(twos_complement_eval arg3 + (twos_complement_eval arg3 mod 2) * twos_complement_eval arg2) / 2⌋) +/// eval (from_montgomery out4) mod m = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then (2 * eval (from_montgomery arg5)) mod m else (2 * eval (from_montgomery arg4)) mod m) +/// eval (from_montgomery out5) mod m = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then (eval (from_montgomery arg4) - eval (from_montgomery arg4)) mod m else (eval (from_montgomery arg5) + (twos_complement_eval arg3 mod 2) * eval (from_montgomery arg4)) mod m) +/// 0 ≤ eval out5 < m +/// 0 ≤ eval out5 < m +/// 0 ≤ eval out2 < m +/// 0 ≤ eval out3 < m +/// +/// Input Bounds: +/// arg1: [0x0 ~> 0xffffffff] +/// arg2: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +/// arg3: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +/// arg4: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +/// arg5: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +/// Output Bounds: +/// out1: [0x0 ~> 0xffffffff] +/// out2: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +/// out3: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +/// out4: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +/// out5: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +pub fn fiatP224Divstep(out1: *u32, out2: *[8]u32, out3: *[8]u32, out4: *[7]u32, out5: *[7]u32, arg1: u32, arg2: [8]u32, arg3: [8]u32, arg4: [7]u32, arg5: [7]u32) void { + var x1: u32 = undefined; + var x2: u1 = undefined; + fiatP224AddcarryxU32(&x1, &x2, 0x0, (~arg1), @intCast(u32, 0x1)); + const x3: u1 = (@intCast(u1, (x1 >> 31)) & @intCast(u1, ((arg3[0]) & @intCast(u32, 0x1)))); + var x4: u32 = undefined; + var x5: u1 = undefined; + fiatP224AddcarryxU32(&x4, &x5, 0x0, (~arg1), @intCast(u32, 0x1)); + var x6: u32 = undefined; + fiatP224CmovznzU32(&x6, x3, arg1, x4); + var x7: u32 = undefined; + fiatP224CmovznzU32(&x7, x3, (arg2[0]), (arg3[0])); + var x8: u32 = undefined; + fiatP224CmovznzU32(&x8, x3, (arg2[1]), (arg3[1])); + var x9: u32 = undefined; + fiatP224CmovznzU32(&x9, x3, (arg2[2]), (arg3[2])); + var x10: u32 = undefined; + fiatP224CmovznzU32(&x10, x3, (arg2[3]), (arg3[3])); + var x11: u32 = undefined; + fiatP224CmovznzU32(&x11, x3, (arg2[4]), (arg3[4])); + var x12: u32 = undefined; + fiatP224CmovznzU32(&x12, x3, (arg2[5]), (arg3[5])); + var x13: u32 = undefined; + fiatP224CmovznzU32(&x13, x3, (arg2[6]), (arg3[6])); + var x14: u32 = undefined; + fiatP224CmovznzU32(&x14, x3, (arg2[7]), (arg3[7])); + var x15: u32 = undefined; + var x16: u1 = undefined; + fiatP224AddcarryxU32(&x15, &x16, 0x0, @intCast(u32, 0x1), (~(arg2[0]))); + var x17: u32 = undefined; + var x18: u1 = undefined; + fiatP224AddcarryxU32(&x17, &x18, x16, @intCast(u32, 0x0), (~(arg2[1]))); + var x19: u32 = undefined; + var x20: u1 = undefined; + fiatP224AddcarryxU32(&x19, &x20, x18, @intCast(u32, 0x0), (~(arg2[2]))); + var x21: u32 = undefined; + var x22: u1 = undefined; + fiatP224AddcarryxU32(&x21, &x22, x20, @intCast(u32, 0x0), (~(arg2[3]))); + var x23: u32 = undefined; + var x24: u1 = undefined; + fiatP224AddcarryxU32(&x23, &x24, x22, @intCast(u32, 0x0), (~(arg2[4]))); + var x25: u32 = undefined; + var x26: u1 = undefined; + fiatP224AddcarryxU32(&x25, &x26, x24, @intCast(u32, 0x0), (~(arg2[5]))); + var x27: u32 = undefined; + var x28: u1 = undefined; + fiatP224AddcarryxU32(&x27, &x28, x26, @intCast(u32, 0x0), (~(arg2[6]))); + var x29: u32 = undefined; + var x30: u1 = undefined; + fiatP224AddcarryxU32(&x29, &x30, x28, @intCast(u32, 0x0), (~(arg2[7]))); + var x31: u32 = undefined; + fiatP224CmovznzU32(&x31, x3, (arg3[0]), x15); + var x32: u32 = undefined; + fiatP224CmovznzU32(&x32, x3, (arg3[1]), x17); + var x33: u32 = undefined; + fiatP224CmovznzU32(&x33, x3, (arg3[2]), x19); + var x34: u32 = undefined; + fiatP224CmovznzU32(&x34, x3, (arg3[3]), x21); + var x35: u32 = undefined; + fiatP224CmovznzU32(&x35, x3, (arg3[4]), x23); + var x36: u32 = undefined; + fiatP224CmovznzU32(&x36, x3, (arg3[5]), x25); + var x37: u32 = undefined; + fiatP224CmovznzU32(&x37, x3, (arg3[6]), x27); + var x38: u32 = undefined; + fiatP224CmovznzU32(&x38, x3, (arg3[7]), x29); + var x39: u32 = undefined; + fiatP224CmovznzU32(&x39, x3, (arg4[0]), (arg5[0])); + var x40: u32 = undefined; + fiatP224CmovznzU32(&x40, x3, (arg4[1]), (arg5[1])); + var x41: u32 = undefined; + fiatP224CmovznzU32(&x41, x3, (arg4[2]), (arg5[2])); + var x42: u32 = undefined; + fiatP224CmovznzU32(&x42, x3, (arg4[3]), (arg5[3])); + var x43: u32 = undefined; + fiatP224CmovznzU32(&x43, x3, (arg4[4]), (arg5[4])); + var x44: u32 = undefined; + fiatP224CmovznzU32(&x44, x3, (arg4[5]), (arg5[5])); + var x45: u32 = undefined; + fiatP224CmovznzU32(&x45, x3, (arg4[6]), (arg5[6])); + var x46: u32 = undefined; + var x47: u1 = undefined; + fiatP224AddcarryxU32(&x46, &x47, 0x0, x39, x39); + var x48: u32 = undefined; + var x49: u1 = undefined; + fiatP224AddcarryxU32(&x48, &x49, x47, x40, x40); + var x50: u32 = undefined; + var x51: u1 = undefined; + fiatP224AddcarryxU32(&x50, &x51, x49, x41, x41); + var x52: u32 = undefined; + var x53: u1 = undefined; + fiatP224AddcarryxU32(&x52, &x53, x51, x42, x42); + var x54: u32 = undefined; + var x55: u1 = undefined; + fiatP224AddcarryxU32(&x54, &x55, x53, x43, x43); + var x56: u32 = undefined; + var x57: u1 = undefined; + fiatP224AddcarryxU32(&x56, &x57, x55, x44, x44); + var x58: u32 = undefined; + var x59: u1 = undefined; + fiatP224AddcarryxU32(&x58, &x59, x57, x45, x45); + var x60: u32 = undefined; + var x61: u1 = undefined; + fiatP224SubborrowxU32(&x60, &x61, 0x0, x46, @intCast(u32, 0x1)); + var x62: u32 = undefined; + var x63: u1 = undefined; + fiatP224SubborrowxU32(&x62, &x63, x61, x48, @intCast(u32, 0x0)); + var x64: u32 = undefined; + var x65: u1 = undefined; + fiatP224SubborrowxU32(&x64, &x65, x63, x50, @intCast(u32, 0x0)); + var x66: u32 = undefined; + var x67: u1 = undefined; + fiatP224SubborrowxU32(&x66, &x67, x65, x52, 0xffffffff); + var x68: u32 = undefined; + var x69: u1 = undefined; + fiatP224SubborrowxU32(&x68, &x69, x67, x54, 0xffffffff); + var x70: u32 = undefined; + var x71: u1 = undefined; + fiatP224SubborrowxU32(&x70, &x71, x69, x56, 0xffffffff); + var x72: u32 = undefined; + var x73: u1 = undefined; + fiatP224SubborrowxU32(&x72, &x73, x71, x58, 0xffffffff); + var x74: u32 = undefined; + var x75: u1 = undefined; + fiatP224SubborrowxU32(&x74, &x75, x73, @intCast(u32, x59), @intCast(u32, 0x0)); + const x76: u32 = (arg4[6]); + const x77: u32 = (arg4[5]); + const x78: u32 = (arg4[4]); + const x79: u32 = (arg4[3]); + const x80: u32 = (arg4[2]); + const x81: u32 = (arg4[1]); + const x82: u32 = (arg4[0]); + var x83: u32 = undefined; + var x84: u1 = undefined; + fiatP224SubborrowxU32(&x83, &x84, 0x0, @intCast(u32, 0x0), x82); + var x85: u32 = undefined; + var x86: u1 = undefined; + fiatP224SubborrowxU32(&x85, &x86, x84, @intCast(u32, 0x0), x81); + var x87: u32 = undefined; + var x88: u1 = undefined; + fiatP224SubborrowxU32(&x87, &x88, x86, @intCast(u32, 0x0), x80); + var x89: u32 = undefined; + var x90: u1 = undefined; + fiatP224SubborrowxU32(&x89, &x90, x88, @intCast(u32, 0x0), x79); + var x91: u32 = undefined; + var x92: u1 = undefined; + fiatP224SubborrowxU32(&x91, &x92, x90, @intCast(u32, 0x0), x78); + var x93: u32 = undefined; + var x94: u1 = undefined; + fiatP224SubborrowxU32(&x93, &x94, x92, @intCast(u32, 0x0), x77); + var x95: u32 = undefined; + var x96: u1 = undefined; + fiatP224SubborrowxU32(&x95, &x96, x94, @intCast(u32, 0x0), x76); + var x97: u32 = undefined; + fiatP224CmovznzU32(&x97, x96, @intCast(u32, 0x0), 0xffffffff); + var x98: u32 = undefined; + var x99: u1 = undefined; + fiatP224AddcarryxU32(&x98, &x99, 0x0, x83, @intCast(u32, @intCast(u1, (x97 & @intCast(u32, 0x1))))); + var x100: u32 = undefined; + var x101: u1 = undefined; + fiatP224AddcarryxU32(&x100, &x101, x99, x85, @intCast(u32, 0x0)); + var x102: u32 = undefined; + var x103: u1 = undefined; + fiatP224AddcarryxU32(&x102, &x103, x101, x87, @intCast(u32, 0x0)); + var x104: u32 = undefined; + var x105: u1 = undefined; + fiatP224AddcarryxU32(&x104, &x105, x103, x89, x97); + var x106: u32 = undefined; + var x107: u1 = undefined; + fiatP224AddcarryxU32(&x106, &x107, x105, x91, x97); + var x108: u32 = undefined; + var x109: u1 = undefined; + fiatP224AddcarryxU32(&x108, &x109, x107, x93, x97); + var x110: u32 = undefined; + var x111: u1 = undefined; + fiatP224AddcarryxU32(&x110, &x111, x109, x95, x97); + var x112: u32 = undefined; + fiatP224CmovznzU32(&x112, x3, (arg5[0]), x98); + var x113: u32 = undefined; + fiatP224CmovznzU32(&x113, x3, (arg5[1]), x100); + var x114: u32 = undefined; + fiatP224CmovznzU32(&x114, x3, (arg5[2]), x102); + var x115: u32 = undefined; + fiatP224CmovznzU32(&x115, x3, (arg5[3]), x104); + var x116: u32 = undefined; + fiatP224CmovznzU32(&x116, x3, (arg5[4]), x106); + var x117: u32 = undefined; + fiatP224CmovznzU32(&x117, x3, (arg5[5]), x108); + var x118: u32 = undefined; + fiatP224CmovznzU32(&x118, x3, (arg5[6]), x110); + const x119: u1 = @intCast(u1, (x31 & @intCast(u32, 0x1))); + var x120: u32 = undefined; + fiatP224CmovznzU32(&x120, x119, @intCast(u32, 0x0), x7); + var x121: u32 = undefined; + fiatP224CmovznzU32(&x121, x119, @intCast(u32, 0x0), x8); + var x122: u32 = undefined; + fiatP224CmovznzU32(&x122, x119, @intCast(u32, 0x0), x9); + var x123: u32 = undefined; + fiatP224CmovznzU32(&x123, x119, @intCast(u32, 0x0), x10); + var x124: u32 = undefined; + fiatP224CmovznzU32(&x124, x119, @intCast(u32, 0x0), x11); + var x125: u32 = undefined; + fiatP224CmovznzU32(&x125, x119, @intCast(u32, 0x0), x12); + var x126: u32 = undefined; + fiatP224CmovznzU32(&x126, x119, @intCast(u32, 0x0), x13); + var x127: u32 = undefined; + fiatP224CmovznzU32(&x127, x119, @intCast(u32, 0x0), x14); + var x128: u32 = undefined; + var x129: u1 = undefined; + fiatP224AddcarryxU32(&x128, &x129, 0x0, x31, x120); + var x130: u32 = undefined; + var x131: u1 = undefined; + fiatP224AddcarryxU32(&x130, &x131, x129, x32, x121); + var x132: u32 = undefined; + var x133: u1 = undefined; + fiatP224AddcarryxU32(&x132, &x133, x131, x33, x122); + var x134: u32 = undefined; + var x135: u1 = undefined; + fiatP224AddcarryxU32(&x134, &x135, x133, x34, x123); + var x136: u32 = undefined; + var x137: u1 = undefined; + fiatP224AddcarryxU32(&x136, &x137, x135, x35, x124); + var x138: u32 = undefined; + var x139: u1 = undefined; + fiatP224AddcarryxU32(&x138, &x139, x137, x36, x125); + var x140: u32 = undefined; + var x141: u1 = undefined; + fiatP224AddcarryxU32(&x140, &x141, x139, x37, x126); + var x142: u32 = undefined; + var x143: u1 = undefined; + fiatP224AddcarryxU32(&x142, &x143, x141, x38, x127); + var x144: u32 = undefined; + fiatP224CmovznzU32(&x144, x119, @intCast(u32, 0x0), x39); + var x145: u32 = undefined; + fiatP224CmovznzU32(&x145, x119, @intCast(u32, 0x0), x40); + var x146: u32 = undefined; + fiatP224CmovznzU32(&x146, x119, @intCast(u32, 0x0), x41); + var x147: u32 = undefined; + fiatP224CmovznzU32(&x147, x119, @intCast(u32, 0x0), x42); + var x148: u32 = undefined; + fiatP224CmovznzU32(&x148, x119, @intCast(u32, 0x0), x43); + var x149: u32 = undefined; + fiatP224CmovznzU32(&x149, x119, @intCast(u32, 0x0), x44); + var x150: u32 = undefined; + fiatP224CmovznzU32(&x150, x119, @intCast(u32, 0x0), x45); + var x151: u32 = undefined; + var x152: u1 = undefined; + fiatP224AddcarryxU32(&x151, &x152, 0x0, x112, x144); + var x153: u32 = undefined; + var x154: u1 = undefined; + fiatP224AddcarryxU32(&x153, &x154, x152, x113, x145); + var x155: u32 = undefined; + var x156: u1 = undefined; + fiatP224AddcarryxU32(&x155, &x156, x154, x114, x146); + var x157: u32 = undefined; + var x158: u1 = undefined; + fiatP224AddcarryxU32(&x157, &x158, x156, x115, x147); + var x159: u32 = undefined; + var x160: u1 = undefined; + fiatP224AddcarryxU32(&x159, &x160, x158, x116, x148); + var x161: u32 = undefined; + var x162: u1 = undefined; + fiatP224AddcarryxU32(&x161, &x162, x160, x117, x149); + var x163: u32 = undefined; + var x164: u1 = undefined; + fiatP224AddcarryxU32(&x163, &x164, x162, x118, x150); + var x165: u32 = undefined; + var x166: u1 = undefined; + fiatP224SubborrowxU32(&x165, &x166, 0x0, x151, @intCast(u32, 0x1)); + var x167: u32 = undefined; + var x168: u1 = undefined; + fiatP224SubborrowxU32(&x167, &x168, x166, x153, @intCast(u32, 0x0)); + var x169: u32 = undefined; + var x170: u1 = undefined; + fiatP224SubborrowxU32(&x169, &x170, x168, x155, @intCast(u32, 0x0)); + var x171: u32 = undefined; + var x172: u1 = undefined; + fiatP224SubborrowxU32(&x171, &x172, x170, x157, 0xffffffff); + var x173: u32 = undefined; + var x174: u1 = undefined; + fiatP224SubborrowxU32(&x173, &x174, x172, x159, 0xffffffff); + var x175: u32 = undefined; + var x176: u1 = undefined; + fiatP224SubborrowxU32(&x175, &x176, x174, x161, 0xffffffff); + var x177: u32 = undefined; + var x178: u1 = undefined; + fiatP224SubborrowxU32(&x177, &x178, x176, x163, 0xffffffff); + var x179: u32 = undefined; + var x180: u1 = undefined; + fiatP224SubborrowxU32(&x179, &x180, x178, @intCast(u32, x164), @intCast(u32, 0x0)); + var x181: u32 = undefined; + var x182: u1 = undefined; + fiatP224AddcarryxU32(&x181, &x182, 0x0, x6, @intCast(u32, 0x1)); + const x183: u32 = ((x128 >> 1) | ((x130 << 31) & 0xffffffff)); + const x184: u32 = ((x130 >> 1) | ((x132 << 31) & 0xffffffff)); + const x185: u32 = ((x132 >> 1) | ((x134 << 31) & 0xffffffff)); + const x186: u32 = ((x134 >> 1) | ((x136 << 31) & 0xffffffff)); + const x187: u32 = ((x136 >> 1) | ((x138 << 31) & 0xffffffff)); + const x188: u32 = ((x138 >> 1) | ((x140 << 31) & 0xffffffff)); + const x189: u32 = ((x140 >> 1) | ((x142 << 31) & 0xffffffff)); + const x190: u32 = ((x142 & 0x80000000) | (x142 >> 1)); + var x191: u32 = undefined; + fiatP224CmovznzU32(&x191, x75, x60, x46); + var x192: u32 = undefined; + fiatP224CmovznzU32(&x192, x75, x62, x48); + var x193: u32 = undefined; + fiatP224CmovznzU32(&x193, x75, x64, x50); + var x194: u32 = undefined; + fiatP224CmovznzU32(&x194, x75, x66, x52); + var x195: u32 = undefined; + fiatP224CmovznzU32(&x195, x75, x68, x54); + var x196: u32 = undefined; + fiatP224CmovznzU32(&x196, x75, x70, x56); + var x197: u32 = undefined; + fiatP224CmovznzU32(&x197, x75, x72, x58); + var x198: u32 = undefined; + fiatP224CmovznzU32(&x198, x180, x165, x151); + var x199: u32 = undefined; + fiatP224CmovznzU32(&x199, x180, x167, x153); + var x200: u32 = undefined; + fiatP224CmovznzU32(&x200, x180, x169, x155); + var x201: u32 = undefined; + fiatP224CmovznzU32(&x201, x180, x171, x157); + var x202: u32 = undefined; + fiatP224CmovznzU32(&x202, x180, x173, x159); + var x203: u32 = undefined; + fiatP224CmovznzU32(&x203, x180, x175, x161); + var x204: u32 = undefined; + fiatP224CmovznzU32(&x204, x180, x177, x163); + out1.* = x181; + out2[0] = x7; + out2[1] = x8; + out2[2] = x9; + out2[3] = x10; + out2[4] = x11; + out2[5] = x12; + out2[6] = x13; + out2[7] = x14; + out3[0] = x183; + out3[1] = x184; + out3[2] = x185; + out3[3] = x186; + out3[4] = x187; + out3[5] = x188; + out3[6] = x189; + out3[7] = x190; + out4[0] = x191; + out4[1] = x192; + out4[2] = x193; + out4[3] = x194; + out4[4] = x195; + out4[5] = x196; + out4[6] = x197; + out5[0] = x198; + out5[1] = x199; + out5[2] = x200; + out5[3] = x201; + out5[4] = x202; + out5[5] = x203; + out5[6] = x204; +} + +/// The function fiatP224DivstepPrecomp returns the precomputed value for Bernstein-Yang-inversion (in montgomery form). +/// Postconditions: +/// eval (from_montgomery out1) = ⌊(m - 1) / 2⌋^(if (log2 m) + 1 < 46 then ⌊(49 * ((log2 m) + 1) + 80) / 17⌋ else ⌊(49 * ((log2 m) + 1) + 57) / 17⌋) +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +pub fn fiatP224DivstepPrecomp(out1: *[7]u32) void { + out1[0] = 0x800000; + out1[1] = 0x800000; + out1[2] = 0xfe000000; + out1[3] = 0xffffff; + out1[4] = @intCast(u32, 0x0); + out1[5] = 0xff800000; + out1[6] = 0x17fffff; +} + diff --git a/fiat-zig/src/p224_64.zig b/fiat-zig/src/p224_64.zig new file mode 100644 index 0000000000..e9c24f5f78 --- /dev/null +++ b/fiat-zig/src/p224_64.zig @@ -0,0 +1,1851 @@ +/// Autogenerated: 'src/ExtractionOCaml/word_by_word_montgomery' --lang Zig --internal-static --public-function-case camelCase --private-function-case camelCase p224 64 '2^224 - 2^96 + 1' mul square add sub opp from_montgomery to_montgomery nonzero selectznz to_bytes from_bytes one msat divstep divstep_precomp +/// curve description: p224 +/// machine_wordsize = 64 (from "64") +/// requested operations: mul, square, add, sub, opp, from_montgomery, to_montgomery, nonzero, selectznz, to_bytes, from_bytes, one, msat, divstep, divstep_precomp +/// m = 0xffffffffffffffffffffffffffffffff000000000000000000000001 (from "2^224 - 2^96 + 1") +/// +/// NOTE: In addition to the bounds specified above each function, all +/// functions synthesized for this Montgomery arithmetic require the +/// input to be strictly less than the prime modulus (m), and also +/// require the input to be in the unique saturated representation. +/// All functions also ensure that these two properties are true of +/// return values. +/// +/// Computed values: +/// eval z = z[0] + (z[1] << 64) + (z[2] << 128) + (z[3] << 192) +/// bytes_eval z = z[0] + (z[1] << 8) + (z[2] << 16) + (z[3] << 24) + (z[4] << 32) + (z[5] << 40) + (z[6] << 48) + (z[7] << 56) + (z[8] << 64) + (z[9] << 72) + (z[10] << 80) + (z[11] << 88) + (z[12] << 96) + (z[13] << 104) + (z[14] << 112) + (z[15] << 120) + (z[16] << 128) + (z[17] << 136) + (z[18] << 144) + (z[19] << 152) + (z[20] << 160) + (z[21] << 168) + (z[22] << 176) + (z[23] << 184) + (z[24] << 192) + (z[25] << 200) + (z[26] << 208) + (z[27] << 216) + + +/// The function fiatP224AddcarryxU64 is an addition with carry. +/// Postconditions: +/// out1 = (arg1 + arg2 + arg3) mod 2^64 +/// out2 = ⌊(arg1 + arg2 + arg3) / 2^64⌋ +/// +/// Input Bounds: +/// arg1: [0x0 ~> 0x1] +/// arg2: [0x0 ~> 0xffffffffffffffff] +/// arg3: [0x0 ~> 0xffffffffffffffff] +/// Output Bounds: +/// out1: [0x0 ~> 0xffffffffffffffff] +/// out2: [0x0 ~> 0x1] +fn fiatP224AddcarryxU64(out1: *u64, out2: *u1, arg1: u1, arg2: u64, arg3: u64) callconv(.Inline) void { + const x1: u128 = ((@intCast(u128, arg1) + @intCast(u128, arg2)) + @intCast(u128, arg3)); + const x2: u64 = @intCast(u64, (x1 & @intCast(u128, 0xffffffffffffffff))); + const x3: u1 = @intCast(u1, (x1 >> 64)); + out1.* = x2; + out2.* = x3; +} + +/// The function fiatP224SubborrowxU64 is a subtraction with borrow. +/// Postconditions: +/// out1 = (-arg1 + arg2 + -arg3) mod 2^64 +/// out2 = -⌊(-arg1 + arg2 + -arg3) / 2^64⌋ +/// +/// Input Bounds: +/// arg1: [0x0 ~> 0x1] +/// arg2: [0x0 ~> 0xffffffffffffffff] +/// arg3: [0x0 ~> 0xffffffffffffffff] +/// Output Bounds: +/// out1: [0x0 ~> 0xffffffffffffffff] +/// out2: [0x0 ~> 0x1] +fn fiatP224SubborrowxU64(out1: *u64, out2: *u1, arg1: u1, arg2: u64, arg3: u64) callconv(.Inline) void { + const x1: i128 = ((@intCast(i128, arg2) - @intCast(i128, arg1)) - @intCast(i128, arg3)); + const x2: i1 = @intCast(i1, (x1 >> 64)); + const x3: u64 = @intCast(u64, (x1 & @intCast(i128, 0xffffffffffffffff))); + out1.* = x3; + out2.* = @intCast(u1, (@intCast(i2, 0x0) - @intCast(i2, x2))); +} + +/// The function fiatP224MulxU64 is a multiplication, returning the full double-width result. +/// Postconditions: +/// out1 = (arg1 * arg2) mod 2^64 +/// out2 = ⌊arg1 * arg2 / 2^64⌋ +/// +/// Input Bounds: +/// arg1: [0x0 ~> 0xffffffffffffffff] +/// arg2: [0x0 ~> 0xffffffffffffffff] +/// Output Bounds: +/// out1: [0x0 ~> 0xffffffffffffffff] +/// out2: [0x0 ~> 0xffffffffffffffff] +fn fiatP224MulxU64(out1: *u64, out2: *u64, arg1: u64, arg2: u64) callconv(.Inline) void { + const x1: u128 = (@intCast(u128, arg1) * @intCast(u128, arg2)); + const x2: u64 = @intCast(u64, (x1 & @intCast(u128, 0xffffffffffffffff))); + const x3: u64 = @intCast(u64, (x1 >> 64)); + out1.* = x2; + out2.* = x3; +} + +/// The function fiatP224CmovznzU64 is a single-word conditional move. +/// Postconditions: +/// out1 = (if arg1 = 0 then arg2 else arg3) +/// +/// Input Bounds: +/// arg1: [0x0 ~> 0x1] +/// arg2: [0x0 ~> 0xffffffffffffffff] +/// arg3: [0x0 ~> 0xffffffffffffffff] +/// Output Bounds: +/// out1: [0x0 ~> 0xffffffffffffffff] +fn fiatP224CmovznzU64(out1: *u64, arg1: u1, arg2: u64, arg3: u64) callconv(.Inline) void { + const x1: u1 = (~(~arg1)); + const x2: u64 = @intCast(u64, (@intCast(i128, @intCast(i1, (@intCast(i2, 0x0) - @intCast(i2, x1)))) & @intCast(i128, 0xffffffffffffffff))); + const x3: u64 = ((x2 & arg3) | ((~x2) & arg2)); + out1.* = x3; +} + +/// The function fiatP224Mul multiplies two field elements in the Montgomery domain. +/// Preconditions: +/// 0 ≤ eval arg1 < m +/// 0 ≤ eval arg2 < m +/// Postconditions: +/// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg2)) mod m +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +pub fn fiatP224Mul(out1: *[4]u64, arg1: [4]u64, arg2: [4]u64) void { + const x1: u64 = (arg1[1]); + const x2: u64 = (arg1[2]); + const x3: u64 = (arg1[3]); + const x4: u64 = (arg1[0]); + var x5: u64 = undefined; + var x6: u64 = undefined; + fiatP224MulxU64(&x5, &x6, x4, (arg2[3])); + var x7: u64 = undefined; + var x8: u64 = undefined; + fiatP224MulxU64(&x7, &x8, x4, (arg2[2])); + var x9: u64 = undefined; + var x10: u64 = undefined; + fiatP224MulxU64(&x9, &x10, x4, (arg2[1])); + var x11: u64 = undefined; + var x12: u64 = undefined; + fiatP224MulxU64(&x11, &x12, x4, (arg2[0])); + var x13: u64 = undefined; + var x14: u1 = undefined; + fiatP224AddcarryxU64(&x13, &x14, 0x0, x12, x9); + var x15: u64 = undefined; + var x16: u1 = undefined; + fiatP224AddcarryxU64(&x15, &x16, x14, x10, x7); + var x17: u64 = undefined; + var x18: u1 = undefined; + fiatP224AddcarryxU64(&x17, &x18, x16, x8, x5); + const x19: u64 = (@intCast(u64, x18) + x6); + var x20: u64 = undefined; + var x21: u64 = undefined; + fiatP224MulxU64(&x20, &x21, x11, 0xffffffffffffffff); + var x22: u64 = undefined; + var x23: u64 = undefined; + fiatP224MulxU64(&x22, &x23, x20, 0xffffffff); + var x24: u64 = undefined; + var x25: u64 = undefined; + fiatP224MulxU64(&x24, &x25, x20, 0xffffffffffffffff); + var x26: u64 = undefined; + var x27: u64 = undefined; + fiatP224MulxU64(&x26, &x27, x20, 0xffffffff00000000); + var x28: u64 = undefined; + var x29: u1 = undefined; + fiatP224AddcarryxU64(&x28, &x29, 0x0, x27, x24); + var x30: u64 = undefined; + var x31: u1 = undefined; + fiatP224AddcarryxU64(&x30, &x31, x29, x25, x22); + const x32: u64 = (@intCast(u64, x31) + x23); + var x33: u64 = undefined; + var x34: u1 = undefined; + fiatP224AddcarryxU64(&x33, &x34, 0x0, x11, x20); + var x35: u64 = undefined; + var x36: u1 = undefined; + fiatP224AddcarryxU64(&x35, &x36, x34, x13, x26); + var x37: u64 = undefined; + var x38: u1 = undefined; + fiatP224AddcarryxU64(&x37, &x38, x36, x15, x28); + var x39: u64 = undefined; + var x40: u1 = undefined; + fiatP224AddcarryxU64(&x39, &x40, x38, x17, x30); + var x41: u64 = undefined; + var x42: u1 = undefined; + fiatP224AddcarryxU64(&x41, &x42, x40, x19, x32); + var x43: u64 = undefined; + var x44: u64 = undefined; + fiatP224MulxU64(&x43, &x44, x1, (arg2[3])); + var x45: u64 = undefined; + var x46: u64 = undefined; + fiatP224MulxU64(&x45, &x46, x1, (arg2[2])); + var x47: u64 = undefined; + var x48: u64 = undefined; + fiatP224MulxU64(&x47, &x48, x1, (arg2[1])); + var x49: u64 = undefined; + var x50: u64 = undefined; + fiatP224MulxU64(&x49, &x50, x1, (arg2[0])); + var x51: u64 = undefined; + var x52: u1 = undefined; + fiatP224AddcarryxU64(&x51, &x52, 0x0, x50, x47); + var x53: u64 = undefined; + var x54: u1 = undefined; + fiatP224AddcarryxU64(&x53, &x54, x52, x48, x45); + var x55: u64 = undefined; + var x56: u1 = undefined; + fiatP224AddcarryxU64(&x55, &x56, x54, x46, x43); + const x57: u64 = (@intCast(u64, x56) + x44); + var x58: u64 = undefined; + var x59: u1 = undefined; + fiatP224AddcarryxU64(&x58, &x59, 0x0, x35, x49); + var x60: u64 = undefined; + var x61: u1 = undefined; + fiatP224AddcarryxU64(&x60, &x61, x59, x37, x51); + var x62: u64 = undefined; + var x63: u1 = undefined; + fiatP224AddcarryxU64(&x62, &x63, x61, x39, x53); + var x64: u64 = undefined; + var x65: u1 = undefined; + fiatP224AddcarryxU64(&x64, &x65, x63, x41, x55); + var x66: u64 = undefined; + var x67: u1 = undefined; + fiatP224AddcarryxU64(&x66, &x67, x65, @intCast(u64, x42), x57); + var x68: u64 = undefined; + var x69: u64 = undefined; + fiatP224MulxU64(&x68, &x69, x58, 0xffffffffffffffff); + var x70: u64 = undefined; + var x71: u64 = undefined; + fiatP224MulxU64(&x70, &x71, x68, 0xffffffff); + var x72: u64 = undefined; + var x73: u64 = undefined; + fiatP224MulxU64(&x72, &x73, x68, 0xffffffffffffffff); + var x74: u64 = undefined; + var x75: u64 = undefined; + fiatP224MulxU64(&x74, &x75, x68, 0xffffffff00000000); + var x76: u64 = undefined; + var x77: u1 = undefined; + fiatP224AddcarryxU64(&x76, &x77, 0x0, x75, x72); + var x78: u64 = undefined; + var x79: u1 = undefined; + fiatP224AddcarryxU64(&x78, &x79, x77, x73, x70); + const x80: u64 = (@intCast(u64, x79) + x71); + var x81: u64 = undefined; + var x82: u1 = undefined; + fiatP224AddcarryxU64(&x81, &x82, 0x0, x58, x68); + var x83: u64 = undefined; + var x84: u1 = undefined; + fiatP224AddcarryxU64(&x83, &x84, x82, x60, x74); + var x85: u64 = undefined; + var x86: u1 = undefined; + fiatP224AddcarryxU64(&x85, &x86, x84, x62, x76); + var x87: u64 = undefined; + var x88: u1 = undefined; + fiatP224AddcarryxU64(&x87, &x88, x86, x64, x78); + var x89: u64 = undefined; + var x90: u1 = undefined; + fiatP224AddcarryxU64(&x89, &x90, x88, x66, x80); + const x91: u64 = (@intCast(u64, x90) + @intCast(u64, x67)); + var x92: u64 = undefined; + var x93: u64 = undefined; + fiatP224MulxU64(&x92, &x93, x2, (arg2[3])); + var x94: u64 = undefined; + var x95: u64 = undefined; + fiatP224MulxU64(&x94, &x95, x2, (arg2[2])); + var x96: u64 = undefined; + var x97: u64 = undefined; + fiatP224MulxU64(&x96, &x97, x2, (arg2[1])); + var x98: u64 = undefined; + var x99: u64 = undefined; + fiatP224MulxU64(&x98, &x99, x2, (arg2[0])); + var x100: u64 = undefined; + var x101: u1 = undefined; + fiatP224AddcarryxU64(&x100, &x101, 0x0, x99, x96); + var x102: u64 = undefined; + var x103: u1 = undefined; + fiatP224AddcarryxU64(&x102, &x103, x101, x97, x94); + var x104: u64 = undefined; + var x105: u1 = undefined; + fiatP224AddcarryxU64(&x104, &x105, x103, x95, x92); + const x106: u64 = (@intCast(u64, x105) + x93); + var x107: u64 = undefined; + var x108: u1 = undefined; + fiatP224AddcarryxU64(&x107, &x108, 0x0, x83, x98); + var x109: u64 = undefined; + var x110: u1 = undefined; + fiatP224AddcarryxU64(&x109, &x110, x108, x85, x100); + var x111: u64 = undefined; + var x112: u1 = undefined; + fiatP224AddcarryxU64(&x111, &x112, x110, x87, x102); + var x113: u64 = undefined; + var x114: u1 = undefined; + fiatP224AddcarryxU64(&x113, &x114, x112, x89, x104); + var x115: u64 = undefined; + var x116: u1 = undefined; + fiatP224AddcarryxU64(&x115, &x116, x114, x91, x106); + var x117: u64 = undefined; + var x118: u64 = undefined; + fiatP224MulxU64(&x117, &x118, x107, 0xffffffffffffffff); + var x119: u64 = undefined; + var x120: u64 = undefined; + fiatP224MulxU64(&x119, &x120, x117, 0xffffffff); + var x121: u64 = undefined; + var x122: u64 = undefined; + fiatP224MulxU64(&x121, &x122, x117, 0xffffffffffffffff); + var x123: u64 = undefined; + var x124: u64 = undefined; + fiatP224MulxU64(&x123, &x124, x117, 0xffffffff00000000); + var x125: u64 = undefined; + var x126: u1 = undefined; + fiatP224AddcarryxU64(&x125, &x126, 0x0, x124, x121); + var x127: u64 = undefined; + var x128: u1 = undefined; + fiatP224AddcarryxU64(&x127, &x128, x126, x122, x119); + const x129: u64 = (@intCast(u64, x128) + x120); + var x130: u64 = undefined; + var x131: u1 = undefined; + fiatP224AddcarryxU64(&x130, &x131, 0x0, x107, x117); + var x132: u64 = undefined; + var x133: u1 = undefined; + fiatP224AddcarryxU64(&x132, &x133, x131, x109, x123); + var x134: u64 = undefined; + var x135: u1 = undefined; + fiatP224AddcarryxU64(&x134, &x135, x133, x111, x125); + var x136: u64 = undefined; + var x137: u1 = undefined; + fiatP224AddcarryxU64(&x136, &x137, x135, x113, x127); + var x138: u64 = undefined; + var x139: u1 = undefined; + fiatP224AddcarryxU64(&x138, &x139, x137, x115, x129); + const x140: u64 = (@intCast(u64, x139) + @intCast(u64, x116)); + var x141: u64 = undefined; + var x142: u64 = undefined; + fiatP224MulxU64(&x141, &x142, x3, (arg2[3])); + var x143: u64 = undefined; + var x144: u64 = undefined; + fiatP224MulxU64(&x143, &x144, x3, (arg2[2])); + var x145: u64 = undefined; + var x146: u64 = undefined; + fiatP224MulxU64(&x145, &x146, x3, (arg2[1])); + var x147: u64 = undefined; + var x148: u64 = undefined; + fiatP224MulxU64(&x147, &x148, x3, (arg2[0])); + var x149: u64 = undefined; + var x150: u1 = undefined; + fiatP224AddcarryxU64(&x149, &x150, 0x0, x148, x145); + var x151: u64 = undefined; + var x152: u1 = undefined; + fiatP224AddcarryxU64(&x151, &x152, x150, x146, x143); + var x153: u64 = undefined; + var x154: u1 = undefined; + fiatP224AddcarryxU64(&x153, &x154, x152, x144, x141); + const x155: u64 = (@intCast(u64, x154) + x142); + var x156: u64 = undefined; + var x157: u1 = undefined; + fiatP224AddcarryxU64(&x156, &x157, 0x0, x132, x147); + var x158: u64 = undefined; + var x159: u1 = undefined; + fiatP224AddcarryxU64(&x158, &x159, x157, x134, x149); + var x160: u64 = undefined; + var x161: u1 = undefined; + fiatP224AddcarryxU64(&x160, &x161, x159, x136, x151); + var x162: u64 = undefined; + var x163: u1 = undefined; + fiatP224AddcarryxU64(&x162, &x163, x161, x138, x153); + var x164: u64 = undefined; + var x165: u1 = undefined; + fiatP224AddcarryxU64(&x164, &x165, x163, x140, x155); + var x166: u64 = undefined; + var x167: u64 = undefined; + fiatP224MulxU64(&x166, &x167, x156, 0xffffffffffffffff); + var x168: u64 = undefined; + var x169: u64 = undefined; + fiatP224MulxU64(&x168, &x169, x166, 0xffffffff); + var x170: u64 = undefined; + var x171: u64 = undefined; + fiatP224MulxU64(&x170, &x171, x166, 0xffffffffffffffff); + var x172: u64 = undefined; + var x173: u64 = undefined; + fiatP224MulxU64(&x172, &x173, x166, 0xffffffff00000000); + var x174: u64 = undefined; + var x175: u1 = undefined; + fiatP224AddcarryxU64(&x174, &x175, 0x0, x173, x170); + var x176: u64 = undefined; + var x177: u1 = undefined; + fiatP224AddcarryxU64(&x176, &x177, x175, x171, x168); + const x178: u64 = (@intCast(u64, x177) + x169); + var x179: u64 = undefined; + var x180: u1 = undefined; + fiatP224AddcarryxU64(&x179, &x180, 0x0, x156, x166); + var x181: u64 = undefined; + var x182: u1 = undefined; + fiatP224AddcarryxU64(&x181, &x182, x180, x158, x172); + var x183: u64 = undefined; + var x184: u1 = undefined; + fiatP224AddcarryxU64(&x183, &x184, x182, x160, x174); + var x185: u64 = undefined; + var x186: u1 = undefined; + fiatP224AddcarryxU64(&x185, &x186, x184, x162, x176); + var x187: u64 = undefined; + var x188: u1 = undefined; + fiatP224AddcarryxU64(&x187, &x188, x186, x164, x178); + const x189: u64 = (@intCast(u64, x188) + @intCast(u64, x165)); + var x190: u64 = undefined; + var x191: u1 = undefined; + fiatP224SubborrowxU64(&x190, &x191, 0x0, x181, @intCast(u64, 0x1)); + var x192: u64 = undefined; + var x193: u1 = undefined; + fiatP224SubborrowxU64(&x192, &x193, x191, x183, 0xffffffff00000000); + var x194: u64 = undefined; + var x195: u1 = undefined; + fiatP224SubborrowxU64(&x194, &x195, x193, x185, 0xffffffffffffffff); + var x196: u64 = undefined; + var x197: u1 = undefined; + fiatP224SubborrowxU64(&x196, &x197, x195, x187, 0xffffffff); + var x198: u64 = undefined; + var x199: u1 = undefined; + fiatP224SubborrowxU64(&x198, &x199, x197, x189, @intCast(u64, 0x0)); + var x200: u64 = undefined; + fiatP224CmovznzU64(&x200, x199, x190, x181); + var x201: u64 = undefined; + fiatP224CmovznzU64(&x201, x199, x192, x183); + var x202: u64 = undefined; + fiatP224CmovznzU64(&x202, x199, x194, x185); + var x203: u64 = undefined; + fiatP224CmovznzU64(&x203, x199, x196, x187); + out1[0] = x200; + out1[1] = x201; + out1[2] = x202; + out1[3] = x203; +} + +/// The function fiatP224Square squares a field element in the Montgomery domain. +/// Preconditions: +/// 0 ≤ eval arg1 < m +/// Postconditions: +/// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg1)) mod m +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +pub fn fiatP224Square(out1: *[4]u64, arg1: [4]u64) void { + const x1: u64 = (arg1[1]); + const x2: u64 = (arg1[2]); + const x3: u64 = (arg1[3]); + const x4: u64 = (arg1[0]); + var x5: u64 = undefined; + var x6: u64 = undefined; + fiatP224MulxU64(&x5, &x6, x4, (arg1[3])); + var x7: u64 = undefined; + var x8: u64 = undefined; + fiatP224MulxU64(&x7, &x8, x4, (arg1[2])); + var x9: u64 = undefined; + var x10: u64 = undefined; + fiatP224MulxU64(&x9, &x10, x4, (arg1[1])); + var x11: u64 = undefined; + var x12: u64 = undefined; + fiatP224MulxU64(&x11, &x12, x4, (arg1[0])); + var x13: u64 = undefined; + var x14: u1 = undefined; + fiatP224AddcarryxU64(&x13, &x14, 0x0, x12, x9); + var x15: u64 = undefined; + var x16: u1 = undefined; + fiatP224AddcarryxU64(&x15, &x16, x14, x10, x7); + var x17: u64 = undefined; + var x18: u1 = undefined; + fiatP224AddcarryxU64(&x17, &x18, x16, x8, x5); + const x19: u64 = (@intCast(u64, x18) + x6); + var x20: u64 = undefined; + var x21: u64 = undefined; + fiatP224MulxU64(&x20, &x21, x11, 0xffffffffffffffff); + var x22: u64 = undefined; + var x23: u64 = undefined; + fiatP224MulxU64(&x22, &x23, x20, 0xffffffff); + var x24: u64 = undefined; + var x25: u64 = undefined; + fiatP224MulxU64(&x24, &x25, x20, 0xffffffffffffffff); + var x26: u64 = undefined; + var x27: u64 = undefined; + fiatP224MulxU64(&x26, &x27, x20, 0xffffffff00000000); + var x28: u64 = undefined; + var x29: u1 = undefined; + fiatP224AddcarryxU64(&x28, &x29, 0x0, x27, x24); + var x30: u64 = undefined; + var x31: u1 = undefined; + fiatP224AddcarryxU64(&x30, &x31, x29, x25, x22); + const x32: u64 = (@intCast(u64, x31) + x23); + var x33: u64 = undefined; + var x34: u1 = undefined; + fiatP224AddcarryxU64(&x33, &x34, 0x0, x11, x20); + var x35: u64 = undefined; + var x36: u1 = undefined; + fiatP224AddcarryxU64(&x35, &x36, x34, x13, x26); + var x37: u64 = undefined; + var x38: u1 = undefined; + fiatP224AddcarryxU64(&x37, &x38, x36, x15, x28); + var x39: u64 = undefined; + var x40: u1 = undefined; + fiatP224AddcarryxU64(&x39, &x40, x38, x17, x30); + var x41: u64 = undefined; + var x42: u1 = undefined; + fiatP224AddcarryxU64(&x41, &x42, x40, x19, x32); + var x43: u64 = undefined; + var x44: u64 = undefined; + fiatP224MulxU64(&x43, &x44, x1, (arg1[3])); + var x45: u64 = undefined; + var x46: u64 = undefined; + fiatP224MulxU64(&x45, &x46, x1, (arg1[2])); + var x47: u64 = undefined; + var x48: u64 = undefined; + fiatP224MulxU64(&x47, &x48, x1, (arg1[1])); + var x49: u64 = undefined; + var x50: u64 = undefined; + fiatP224MulxU64(&x49, &x50, x1, (arg1[0])); + var x51: u64 = undefined; + var x52: u1 = undefined; + fiatP224AddcarryxU64(&x51, &x52, 0x0, x50, x47); + var x53: u64 = undefined; + var x54: u1 = undefined; + fiatP224AddcarryxU64(&x53, &x54, x52, x48, x45); + var x55: u64 = undefined; + var x56: u1 = undefined; + fiatP224AddcarryxU64(&x55, &x56, x54, x46, x43); + const x57: u64 = (@intCast(u64, x56) + x44); + var x58: u64 = undefined; + var x59: u1 = undefined; + fiatP224AddcarryxU64(&x58, &x59, 0x0, x35, x49); + var x60: u64 = undefined; + var x61: u1 = undefined; + fiatP224AddcarryxU64(&x60, &x61, x59, x37, x51); + var x62: u64 = undefined; + var x63: u1 = undefined; + fiatP224AddcarryxU64(&x62, &x63, x61, x39, x53); + var x64: u64 = undefined; + var x65: u1 = undefined; + fiatP224AddcarryxU64(&x64, &x65, x63, x41, x55); + var x66: u64 = undefined; + var x67: u1 = undefined; + fiatP224AddcarryxU64(&x66, &x67, x65, @intCast(u64, x42), x57); + var x68: u64 = undefined; + var x69: u64 = undefined; + fiatP224MulxU64(&x68, &x69, x58, 0xffffffffffffffff); + var x70: u64 = undefined; + var x71: u64 = undefined; + fiatP224MulxU64(&x70, &x71, x68, 0xffffffff); + var x72: u64 = undefined; + var x73: u64 = undefined; + fiatP224MulxU64(&x72, &x73, x68, 0xffffffffffffffff); + var x74: u64 = undefined; + var x75: u64 = undefined; + fiatP224MulxU64(&x74, &x75, x68, 0xffffffff00000000); + var x76: u64 = undefined; + var x77: u1 = undefined; + fiatP224AddcarryxU64(&x76, &x77, 0x0, x75, x72); + var x78: u64 = undefined; + var x79: u1 = undefined; + fiatP224AddcarryxU64(&x78, &x79, x77, x73, x70); + const x80: u64 = (@intCast(u64, x79) + x71); + var x81: u64 = undefined; + var x82: u1 = undefined; + fiatP224AddcarryxU64(&x81, &x82, 0x0, x58, x68); + var x83: u64 = undefined; + var x84: u1 = undefined; + fiatP224AddcarryxU64(&x83, &x84, x82, x60, x74); + var x85: u64 = undefined; + var x86: u1 = undefined; + fiatP224AddcarryxU64(&x85, &x86, x84, x62, x76); + var x87: u64 = undefined; + var x88: u1 = undefined; + fiatP224AddcarryxU64(&x87, &x88, x86, x64, x78); + var x89: u64 = undefined; + var x90: u1 = undefined; + fiatP224AddcarryxU64(&x89, &x90, x88, x66, x80); + const x91: u64 = (@intCast(u64, x90) + @intCast(u64, x67)); + var x92: u64 = undefined; + var x93: u64 = undefined; + fiatP224MulxU64(&x92, &x93, x2, (arg1[3])); + var x94: u64 = undefined; + var x95: u64 = undefined; + fiatP224MulxU64(&x94, &x95, x2, (arg1[2])); + var x96: u64 = undefined; + var x97: u64 = undefined; + fiatP224MulxU64(&x96, &x97, x2, (arg1[1])); + var x98: u64 = undefined; + var x99: u64 = undefined; + fiatP224MulxU64(&x98, &x99, x2, (arg1[0])); + var x100: u64 = undefined; + var x101: u1 = undefined; + fiatP224AddcarryxU64(&x100, &x101, 0x0, x99, x96); + var x102: u64 = undefined; + var x103: u1 = undefined; + fiatP224AddcarryxU64(&x102, &x103, x101, x97, x94); + var x104: u64 = undefined; + var x105: u1 = undefined; + fiatP224AddcarryxU64(&x104, &x105, x103, x95, x92); + const x106: u64 = (@intCast(u64, x105) + x93); + var x107: u64 = undefined; + var x108: u1 = undefined; + fiatP224AddcarryxU64(&x107, &x108, 0x0, x83, x98); + var x109: u64 = undefined; + var x110: u1 = undefined; + fiatP224AddcarryxU64(&x109, &x110, x108, x85, x100); + var x111: u64 = undefined; + var x112: u1 = undefined; + fiatP224AddcarryxU64(&x111, &x112, x110, x87, x102); + var x113: u64 = undefined; + var x114: u1 = undefined; + fiatP224AddcarryxU64(&x113, &x114, x112, x89, x104); + var x115: u64 = undefined; + var x116: u1 = undefined; + fiatP224AddcarryxU64(&x115, &x116, x114, x91, x106); + var x117: u64 = undefined; + var x118: u64 = undefined; + fiatP224MulxU64(&x117, &x118, x107, 0xffffffffffffffff); + var x119: u64 = undefined; + var x120: u64 = undefined; + fiatP224MulxU64(&x119, &x120, x117, 0xffffffff); + var x121: u64 = undefined; + var x122: u64 = undefined; + fiatP224MulxU64(&x121, &x122, x117, 0xffffffffffffffff); + var x123: u64 = undefined; + var x124: u64 = undefined; + fiatP224MulxU64(&x123, &x124, x117, 0xffffffff00000000); + var x125: u64 = undefined; + var x126: u1 = undefined; + fiatP224AddcarryxU64(&x125, &x126, 0x0, x124, x121); + var x127: u64 = undefined; + var x128: u1 = undefined; + fiatP224AddcarryxU64(&x127, &x128, x126, x122, x119); + const x129: u64 = (@intCast(u64, x128) + x120); + var x130: u64 = undefined; + var x131: u1 = undefined; + fiatP224AddcarryxU64(&x130, &x131, 0x0, x107, x117); + var x132: u64 = undefined; + var x133: u1 = undefined; + fiatP224AddcarryxU64(&x132, &x133, x131, x109, x123); + var x134: u64 = undefined; + var x135: u1 = undefined; + fiatP224AddcarryxU64(&x134, &x135, x133, x111, x125); + var x136: u64 = undefined; + var x137: u1 = undefined; + fiatP224AddcarryxU64(&x136, &x137, x135, x113, x127); + var x138: u64 = undefined; + var x139: u1 = undefined; + fiatP224AddcarryxU64(&x138, &x139, x137, x115, x129); + const x140: u64 = (@intCast(u64, x139) + @intCast(u64, x116)); + var x141: u64 = undefined; + var x142: u64 = undefined; + fiatP224MulxU64(&x141, &x142, x3, (arg1[3])); + var x143: u64 = undefined; + var x144: u64 = undefined; + fiatP224MulxU64(&x143, &x144, x3, (arg1[2])); + var x145: u64 = undefined; + var x146: u64 = undefined; + fiatP224MulxU64(&x145, &x146, x3, (arg1[1])); + var x147: u64 = undefined; + var x148: u64 = undefined; + fiatP224MulxU64(&x147, &x148, x3, (arg1[0])); + var x149: u64 = undefined; + var x150: u1 = undefined; + fiatP224AddcarryxU64(&x149, &x150, 0x0, x148, x145); + var x151: u64 = undefined; + var x152: u1 = undefined; + fiatP224AddcarryxU64(&x151, &x152, x150, x146, x143); + var x153: u64 = undefined; + var x154: u1 = undefined; + fiatP224AddcarryxU64(&x153, &x154, x152, x144, x141); + const x155: u64 = (@intCast(u64, x154) + x142); + var x156: u64 = undefined; + var x157: u1 = undefined; + fiatP224AddcarryxU64(&x156, &x157, 0x0, x132, x147); + var x158: u64 = undefined; + var x159: u1 = undefined; + fiatP224AddcarryxU64(&x158, &x159, x157, x134, x149); + var x160: u64 = undefined; + var x161: u1 = undefined; + fiatP224AddcarryxU64(&x160, &x161, x159, x136, x151); + var x162: u64 = undefined; + var x163: u1 = undefined; + fiatP224AddcarryxU64(&x162, &x163, x161, x138, x153); + var x164: u64 = undefined; + var x165: u1 = undefined; + fiatP224AddcarryxU64(&x164, &x165, x163, x140, x155); + var x166: u64 = undefined; + var x167: u64 = undefined; + fiatP224MulxU64(&x166, &x167, x156, 0xffffffffffffffff); + var x168: u64 = undefined; + var x169: u64 = undefined; + fiatP224MulxU64(&x168, &x169, x166, 0xffffffff); + var x170: u64 = undefined; + var x171: u64 = undefined; + fiatP224MulxU64(&x170, &x171, x166, 0xffffffffffffffff); + var x172: u64 = undefined; + var x173: u64 = undefined; + fiatP224MulxU64(&x172, &x173, x166, 0xffffffff00000000); + var x174: u64 = undefined; + var x175: u1 = undefined; + fiatP224AddcarryxU64(&x174, &x175, 0x0, x173, x170); + var x176: u64 = undefined; + var x177: u1 = undefined; + fiatP224AddcarryxU64(&x176, &x177, x175, x171, x168); + const x178: u64 = (@intCast(u64, x177) + x169); + var x179: u64 = undefined; + var x180: u1 = undefined; + fiatP224AddcarryxU64(&x179, &x180, 0x0, x156, x166); + var x181: u64 = undefined; + var x182: u1 = undefined; + fiatP224AddcarryxU64(&x181, &x182, x180, x158, x172); + var x183: u64 = undefined; + var x184: u1 = undefined; + fiatP224AddcarryxU64(&x183, &x184, x182, x160, x174); + var x185: u64 = undefined; + var x186: u1 = undefined; + fiatP224AddcarryxU64(&x185, &x186, x184, x162, x176); + var x187: u64 = undefined; + var x188: u1 = undefined; + fiatP224AddcarryxU64(&x187, &x188, x186, x164, x178); + const x189: u64 = (@intCast(u64, x188) + @intCast(u64, x165)); + var x190: u64 = undefined; + var x191: u1 = undefined; + fiatP224SubborrowxU64(&x190, &x191, 0x0, x181, @intCast(u64, 0x1)); + var x192: u64 = undefined; + var x193: u1 = undefined; + fiatP224SubborrowxU64(&x192, &x193, x191, x183, 0xffffffff00000000); + var x194: u64 = undefined; + var x195: u1 = undefined; + fiatP224SubborrowxU64(&x194, &x195, x193, x185, 0xffffffffffffffff); + var x196: u64 = undefined; + var x197: u1 = undefined; + fiatP224SubborrowxU64(&x196, &x197, x195, x187, 0xffffffff); + var x198: u64 = undefined; + var x199: u1 = undefined; + fiatP224SubborrowxU64(&x198, &x199, x197, x189, @intCast(u64, 0x0)); + var x200: u64 = undefined; + fiatP224CmovznzU64(&x200, x199, x190, x181); + var x201: u64 = undefined; + fiatP224CmovznzU64(&x201, x199, x192, x183); + var x202: u64 = undefined; + fiatP224CmovznzU64(&x202, x199, x194, x185); + var x203: u64 = undefined; + fiatP224CmovznzU64(&x203, x199, x196, x187); + out1[0] = x200; + out1[1] = x201; + out1[2] = x202; + out1[3] = x203; +} + +/// The function fiatP224Add adds two field elements in the Montgomery domain. +/// Preconditions: +/// 0 ≤ eval arg1 < m +/// 0 ≤ eval arg2 < m +/// Postconditions: +/// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) + eval (from_montgomery arg2)) mod m +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +pub fn fiatP224Add(out1: *[4]u64, arg1: [4]u64, arg2: [4]u64) void { + var x1: u64 = undefined; + var x2: u1 = undefined; + fiatP224AddcarryxU64(&x1, &x2, 0x0, (arg1[0]), (arg2[0])); + var x3: u64 = undefined; + var x4: u1 = undefined; + fiatP224AddcarryxU64(&x3, &x4, x2, (arg1[1]), (arg2[1])); + var x5: u64 = undefined; + var x6: u1 = undefined; + fiatP224AddcarryxU64(&x5, &x6, x4, (arg1[2]), (arg2[2])); + var x7: u64 = undefined; + var x8: u1 = undefined; + fiatP224AddcarryxU64(&x7, &x8, x6, (arg1[3]), (arg2[3])); + var x9: u64 = undefined; + var x10: u1 = undefined; + fiatP224SubborrowxU64(&x9, &x10, 0x0, x1, @intCast(u64, 0x1)); + var x11: u64 = undefined; + var x12: u1 = undefined; + fiatP224SubborrowxU64(&x11, &x12, x10, x3, 0xffffffff00000000); + var x13: u64 = undefined; + var x14: u1 = undefined; + fiatP224SubborrowxU64(&x13, &x14, x12, x5, 0xffffffffffffffff); + var x15: u64 = undefined; + var x16: u1 = undefined; + fiatP224SubborrowxU64(&x15, &x16, x14, x7, 0xffffffff); + var x17: u64 = undefined; + var x18: u1 = undefined; + fiatP224SubborrowxU64(&x17, &x18, x16, @intCast(u64, x8), @intCast(u64, 0x0)); + var x19: u64 = undefined; + fiatP224CmovznzU64(&x19, x18, x9, x1); + var x20: u64 = undefined; + fiatP224CmovznzU64(&x20, x18, x11, x3); + var x21: u64 = undefined; + fiatP224CmovznzU64(&x21, x18, x13, x5); + var x22: u64 = undefined; + fiatP224CmovznzU64(&x22, x18, x15, x7); + out1[0] = x19; + out1[1] = x20; + out1[2] = x21; + out1[3] = x22; +} + +/// The function fiatP224Sub subtracts two field elements in the Montgomery domain. +/// Preconditions: +/// 0 ≤ eval arg1 < m +/// 0 ≤ eval arg2 < m +/// Postconditions: +/// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) - eval (from_montgomery arg2)) mod m +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +pub fn fiatP224Sub(out1: *[4]u64, arg1: [4]u64, arg2: [4]u64) void { + var x1: u64 = undefined; + var x2: u1 = undefined; + fiatP224SubborrowxU64(&x1, &x2, 0x0, (arg1[0]), (arg2[0])); + var x3: u64 = undefined; + var x4: u1 = undefined; + fiatP224SubborrowxU64(&x3, &x4, x2, (arg1[1]), (arg2[1])); + var x5: u64 = undefined; + var x6: u1 = undefined; + fiatP224SubborrowxU64(&x5, &x6, x4, (arg1[2]), (arg2[2])); + var x7: u64 = undefined; + var x8: u1 = undefined; + fiatP224SubborrowxU64(&x7, &x8, x6, (arg1[3]), (arg2[3])); + var x9: u64 = undefined; + fiatP224CmovznzU64(&x9, x8, @intCast(u64, 0x0), 0xffffffffffffffff); + var x10: u64 = undefined; + var x11: u1 = undefined; + fiatP224AddcarryxU64(&x10, &x11, 0x0, x1, @intCast(u64, @intCast(u1, (x9 & @intCast(u64, 0x1))))); + var x12: u64 = undefined; + var x13: u1 = undefined; + fiatP224AddcarryxU64(&x12, &x13, x11, x3, (x9 & 0xffffffff00000000)); + var x14: u64 = undefined; + var x15: u1 = undefined; + fiatP224AddcarryxU64(&x14, &x15, x13, x5, x9); + var x16: u64 = undefined; + var x17: u1 = undefined; + fiatP224AddcarryxU64(&x16, &x17, x15, x7, (x9 & 0xffffffff)); + out1[0] = x10; + out1[1] = x12; + out1[2] = x14; + out1[3] = x16; +} + +/// The function fiatP224Opp negates a field element in the Montgomery domain. +/// Preconditions: +/// 0 ≤ eval arg1 < m +/// Postconditions: +/// eval (from_montgomery out1) mod m = -eval (from_montgomery arg1) mod m +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +pub fn fiatP224Opp(out1: *[4]u64, arg1: [4]u64) void { + var x1: u64 = undefined; + var x2: u1 = undefined; + fiatP224SubborrowxU64(&x1, &x2, 0x0, @intCast(u64, 0x0), (arg1[0])); + var x3: u64 = undefined; + var x4: u1 = undefined; + fiatP224SubborrowxU64(&x3, &x4, x2, @intCast(u64, 0x0), (arg1[1])); + var x5: u64 = undefined; + var x6: u1 = undefined; + fiatP224SubborrowxU64(&x5, &x6, x4, @intCast(u64, 0x0), (arg1[2])); + var x7: u64 = undefined; + var x8: u1 = undefined; + fiatP224SubborrowxU64(&x7, &x8, x6, @intCast(u64, 0x0), (arg1[3])); + var x9: u64 = undefined; + fiatP224CmovznzU64(&x9, x8, @intCast(u64, 0x0), 0xffffffffffffffff); + var x10: u64 = undefined; + var x11: u1 = undefined; + fiatP224AddcarryxU64(&x10, &x11, 0x0, x1, @intCast(u64, @intCast(u1, (x9 & @intCast(u64, 0x1))))); + var x12: u64 = undefined; + var x13: u1 = undefined; + fiatP224AddcarryxU64(&x12, &x13, x11, x3, (x9 & 0xffffffff00000000)); + var x14: u64 = undefined; + var x15: u1 = undefined; + fiatP224AddcarryxU64(&x14, &x15, x13, x5, x9); + var x16: u64 = undefined; + var x17: u1 = undefined; + fiatP224AddcarryxU64(&x16, &x17, x15, x7, (x9 & 0xffffffff)); + out1[0] = x10; + out1[1] = x12; + out1[2] = x14; + out1[3] = x16; +} + +/// The function fiatP224FromMontgomery translates a field element out of the Montgomery domain. +/// Preconditions: +/// 0 ≤ eval arg1 < m +/// Postconditions: +/// eval out1 mod m = (eval arg1 * ((2^64)⁻¹ mod m)^4) mod m +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +pub fn fiatP224FromMontgomery(out1: *[4]u64, arg1: [4]u64) void { + const x1: u64 = (arg1[0]); + var x2: u64 = undefined; + var x3: u64 = undefined; + fiatP224MulxU64(&x2, &x3, x1, 0xffffffffffffffff); + var x4: u64 = undefined; + var x5: u64 = undefined; + fiatP224MulxU64(&x4, &x5, x2, 0xffffffff); + var x6: u64 = undefined; + var x7: u64 = undefined; + fiatP224MulxU64(&x6, &x7, x2, 0xffffffffffffffff); + var x8: u64 = undefined; + var x9: u64 = undefined; + fiatP224MulxU64(&x8, &x9, x2, 0xffffffff00000000); + var x10: u64 = undefined; + var x11: u1 = undefined; + fiatP224AddcarryxU64(&x10, &x11, 0x0, x9, x6); + var x12: u64 = undefined; + var x13: u1 = undefined; + fiatP224AddcarryxU64(&x12, &x13, x11, x7, x4); + var x14: u64 = undefined; + var x15: u1 = undefined; + fiatP224AddcarryxU64(&x14, &x15, 0x0, x1, x2); + var x16: u64 = undefined; + var x17: u1 = undefined; + fiatP224AddcarryxU64(&x16, &x17, x15, @intCast(u64, 0x0), x8); + var x18: u64 = undefined; + var x19: u1 = undefined; + fiatP224AddcarryxU64(&x18, &x19, x17, @intCast(u64, 0x0), x10); + var x20: u64 = undefined; + var x21: u1 = undefined; + fiatP224AddcarryxU64(&x20, &x21, x19, @intCast(u64, 0x0), x12); + var x22: u64 = undefined; + var x23: u1 = undefined; + fiatP224AddcarryxU64(&x22, &x23, 0x0, x16, (arg1[1])); + var x24: u64 = undefined; + var x25: u1 = undefined; + fiatP224AddcarryxU64(&x24, &x25, x23, x18, @intCast(u64, 0x0)); + var x26: u64 = undefined; + var x27: u1 = undefined; + fiatP224AddcarryxU64(&x26, &x27, x25, x20, @intCast(u64, 0x0)); + var x28: u64 = undefined; + var x29: u64 = undefined; + fiatP224MulxU64(&x28, &x29, x22, 0xffffffffffffffff); + var x30: u64 = undefined; + var x31: u64 = undefined; + fiatP224MulxU64(&x30, &x31, x28, 0xffffffff); + var x32: u64 = undefined; + var x33: u64 = undefined; + fiatP224MulxU64(&x32, &x33, x28, 0xffffffffffffffff); + var x34: u64 = undefined; + var x35: u64 = undefined; + fiatP224MulxU64(&x34, &x35, x28, 0xffffffff00000000); + var x36: u64 = undefined; + var x37: u1 = undefined; + fiatP224AddcarryxU64(&x36, &x37, 0x0, x35, x32); + var x38: u64 = undefined; + var x39: u1 = undefined; + fiatP224AddcarryxU64(&x38, &x39, x37, x33, x30); + var x40: u64 = undefined; + var x41: u1 = undefined; + fiatP224AddcarryxU64(&x40, &x41, 0x0, x22, x28); + var x42: u64 = undefined; + var x43: u1 = undefined; + fiatP224AddcarryxU64(&x42, &x43, x41, x24, x34); + var x44: u64 = undefined; + var x45: u1 = undefined; + fiatP224AddcarryxU64(&x44, &x45, x43, x26, x36); + var x46: u64 = undefined; + var x47: u1 = undefined; + fiatP224AddcarryxU64(&x46, &x47, x45, (@intCast(u64, x27) + (@intCast(u64, x21) + (@intCast(u64, x13) + x5))), x38); + var x48: u64 = undefined; + var x49: u1 = undefined; + fiatP224AddcarryxU64(&x48, &x49, 0x0, x42, (arg1[2])); + var x50: u64 = undefined; + var x51: u1 = undefined; + fiatP224AddcarryxU64(&x50, &x51, x49, x44, @intCast(u64, 0x0)); + var x52: u64 = undefined; + var x53: u1 = undefined; + fiatP224AddcarryxU64(&x52, &x53, x51, x46, @intCast(u64, 0x0)); + var x54: u64 = undefined; + var x55: u64 = undefined; + fiatP224MulxU64(&x54, &x55, x48, 0xffffffffffffffff); + var x56: u64 = undefined; + var x57: u64 = undefined; + fiatP224MulxU64(&x56, &x57, x54, 0xffffffff); + var x58: u64 = undefined; + var x59: u64 = undefined; + fiatP224MulxU64(&x58, &x59, x54, 0xffffffffffffffff); + var x60: u64 = undefined; + var x61: u64 = undefined; + fiatP224MulxU64(&x60, &x61, x54, 0xffffffff00000000); + var x62: u64 = undefined; + var x63: u1 = undefined; + fiatP224AddcarryxU64(&x62, &x63, 0x0, x61, x58); + var x64: u64 = undefined; + var x65: u1 = undefined; + fiatP224AddcarryxU64(&x64, &x65, x63, x59, x56); + var x66: u64 = undefined; + var x67: u1 = undefined; + fiatP224AddcarryxU64(&x66, &x67, 0x0, x48, x54); + var x68: u64 = undefined; + var x69: u1 = undefined; + fiatP224AddcarryxU64(&x68, &x69, x67, x50, x60); + var x70: u64 = undefined; + var x71: u1 = undefined; + fiatP224AddcarryxU64(&x70, &x71, x69, x52, x62); + var x72: u64 = undefined; + var x73: u1 = undefined; + fiatP224AddcarryxU64(&x72, &x73, x71, (@intCast(u64, x53) + (@intCast(u64, x47) + (@intCast(u64, x39) + x31))), x64); + var x74: u64 = undefined; + var x75: u1 = undefined; + fiatP224AddcarryxU64(&x74, &x75, 0x0, x68, (arg1[3])); + var x76: u64 = undefined; + var x77: u1 = undefined; + fiatP224AddcarryxU64(&x76, &x77, x75, x70, @intCast(u64, 0x0)); + var x78: u64 = undefined; + var x79: u1 = undefined; + fiatP224AddcarryxU64(&x78, &x79, x77, x72, @intCast(u64, 0x0)); + var x80: u64 = undefined; + var x81: u64 = undefined; + fiatP224MulxU64(&x80, &x81, x74, 0xffffffffffffffff); + var x82: u64 = undefined; + var x83: u64 = undefined; + fiatP224MulxU64(&x82, &x83, x80, 0xffffffff); + var x84: u64 = undefined; + var x85: u64 = undefined; + fiatP224MulxU64(&x84, &x85, x80, 0xffffffffffffffff); + var x86: u64 = undefined; + var x87: u64 = undefined; + fiatP224MulxU64(&x86, &x87, x80, 0xffffffff00000000); + var x88: u64 = undefined; + var x89: u1 = undefined; + fiatP224AddcarryxU64(&x88, &x89, 0x0, x87, x84); + var x90: u64 = undefined; + var x91: u1 = undefined; + fiatP224AddcarryxU64(&x90, &x91, x89, x85, x82); + var x92: u64 = undefined; + var x93: u1 = undefined; + fiatP224AddcarryxU64(&x92, &x93, 0x0, x74, x80); + var x94: u64 = undefined; + var x95: u1 = undefined; + fiatP224AddcarryxU64(&x94, &x95, x93, x76, x86); + var x96: u64 = undefined; + var x97: u1 = undefined; + fiatP224AddcarryxU64(&x96, &x97, x95, x78, x88); + var x98: u64 = undefined; + var x99: u1 = undefined; + fiatP224AddcarryxU64(&x98, &x99, x97, (@intCast(u64, x79) + (@intCast(u64, x73) + (@intCast(u64, x65) + x57))), x90); + const x100: u64 = (@intCast(u64, x99) + (@intCast(u64, x91) + x83)); + var x101: u64 = undefined; + var x102: u1 = undefined; + fiatP224SubborrowxU64(&x101, &x102, 0x0, x94, @intCast(u64, 0x1)); + var x103: u64 = undefined; + var x104: u1 = undefined; + fiatP224SubborrowxU64(&x103, &x104, x102, x96, 0xffffffff00000000); + var x105: u64 = undefined; + var x106: u1 = undefined; + fiatP224SubborrowxU64(&x105, &x106, x104, x98, 0xffffffffffffffff); + var x107: u64 = undefined; + var x108: u1 = undefined; + fiatP224SubborrowxU64(&x107, &x108, x106, x100, 0xffffffff); + var x109: u64 = undefined; + var x110: u1 = undefined; + fiatP224SubborrowxU64(&x109, &x110, x108, @intCast(u64, 0x0), @intCast(u64, 0x0)); + var x111: u64 = undefined; + fiatP224CmovznzU64(&x111, x110, x101, x94); + var x112: u64 = undefined; + fiatP224CmovznzU64(&x112, x110, x103, x96); + var x113: u64 = undefined; + fiatP224CmovznzU64(&x113, x110, x105, x98); + var x114: u64 = undefined; + fiatP224CmovznzU64(&x114, x110, x107, x100); + out1[0] = x111; + out1[1] = x112; + out1[2] = x113; + out1[3] = x114; +} + +/// The function fiatP224ToMontgomery translates a field element into the Montgomery domain. +/// Preconditions: +/// 0 ≤ eval arg1 < m +/// Postconditions: +/// eval (from_montgomery out1) mod m = eval arg1 mod m +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +pub fn fiatP224ToMontgomery(out1: *[4]u64, arg1: [4]u64) void { + const x1: u64 = (arg1[1]); + const x2: u64 = (arg1[2]); + const x3: u64 = (arg1[3]); + const x4: u64 = (arg1[0]); + var x5: u64 = undefined; + var x6: u64 = undefined; + fiatP224MulxU64(&x5, &x6, x4, 0xffffffff); + var x7: u64 = undefined; + var x8: u64 = undefined; + fiatP224MulxU64(&x7, &x8, x4, 0xfffffffe00000000); + var x9: u64 = undefined; + var x10: u64 = undefined; + fiatP224MulxU64(&x9, &x10, x4, 0xffffffff00000000); + var x11: u64 = undefined; + var x12: u64 = undefined; + fiatP224MulxU64(&x11, &x12, x4, 0xffffffff00000001); + var x13: u64 = undefined; + var x14: u1 = undefined; + fiatP224AddcarryxU64(&x13, &x14, 0x0, x12, x9); + var x15: u64 = undefined; + var x16: u1 = undefined; + fiatP224AddcarryxU64(&x15, &x16, x14, x10, x7); + var x17: u64 = undefined; + var x18: u1 = undefined; + fiatP224AddcarryxU64(&x17, &x18, x16, x8, x5); + var x19: u64 = undefined; + var x20: u64 = undefined; + fiatP224MulxU64(&x19, &x20, x11, 0xffffffffffffffff); + var x21: u64 = undefined; + var x22: u64 = undefined; + fiatP224MulxU64(&x21, &x22, x19, 0xffffffff); + var x23: u64 = undefined; + var x24: u64 = undefined; + fiatP224MulxU64(&x23, &x24, x19, 0xffffffffffffffff); + var x25: u64 = undefined; + var x26: u64 = undefined; + fiatP224MulxU64(&x25, &x26, x19, 0xffffffff00000000); + var x27: u64 = undefined; + var x28: u1 = undefined; + fiatP224AddcarryxU64(&x27, &x28, 0x0, x26, x23); + var x29: u64 = undefined; + var x30: u1 = undefined; + fiatP224AddcarryxU64(&x29, &x30, x28, x24, x21); + var x31: u64 = undefined; + var x32: u1 = undefined; + fiatP224AddcarryxU64(&x31, &x32, 0x0, x11, x19); + var x33: u64 = undefined; + var x34: u1 = undefined; + fiatP224AddcarryxU64(&x33, &x34, x32, x13, x25); + var x35: u64 = undefined; + var x36: u1 = undefined; + fiatP224AddcarryxU64(&x35, &x36, x34, x15, x27); + var x37: u64 = undefined; + var x38: u1 = undefined; + fiatP224AddcarryxU64(&x37, &x38, x36, x17, x29); + var x39: u64 = undefined; + var x40: u64 = undefined; + fiatP224MulxU64(&x39, &x40, x1, 0xffffffff); + var x41: u64 = undefined; + var x42: u64 = undefined; + fiatP224MulxU64(&x41, &x42, x1, 0xfffffffe00000000); + var x43: u64 = undefined; + var x44: u64 = undefined; + fiatP224MulxU64(&x43, &x44, x1, 0xffffffff00000000); + var x45: u64 = undefined; + var x46: u64 = undefined; + fiatP224MulxU64(&x45, &x46, x1, 0xffffffff00000001); + var x47: u64 = undefined; + var x48: u1 = undefined; + fiatP224AddcarryxU64(&x47, &x48, 0x0, x46, x43); + var x49: u64 = undefined; + var x50: u1 = undefined; + fiatP224AddcarryxU64(&x49, &x50, x48, x44, x41); + var x51: u64 = undefined; + var x52: u1 = undefined; + fiatP224AddcarryxU64(&x51, &x52, x50, x42, x39); + var x53: u64 = undefined; + var x54: u1 = undefined; + fiatP224AddcarryxU64(&x53, &x54, 0x0, x33, x45); + var x55: u64 = undefined; + var x56: u1 = undefined; + fiatP224AddcarryxU64(&x55, &x56, x54, x35, x47); + var x57: u64 = undefined; + var x58: u1 = undefined; + fiatP224AddcarryxU64(&x57, &x58, x56, x37, x49); + var x59: u64 = undefined; + var x60: u1 = undefined; + fiatP224AddcarryxU64(&x59, &x60, x58, ((@intCast(u64, x38) + (@intCast(u64, x18) + x6)) + (@intCast(u64, x30) + x22)), x51); + var x61: u64 = undefined; + var x62: u64 = undefined; + fiatP224MulxU64(&x61, &x62, x53, 0xffffffffffffffff); + var x63: u64 = undefined; + var x64: u64 = undefined; + fiatP224MulxU64(&x63, &x64, x61, 0xffffffff); + var x65: u64 = undefined; + var x66: u64 = undefined; + fiatP224MulxU64(&x65, &x66, x61, 0xffffffffffffffff); + var x67: u64 = undefined; + var x68: u64 = undefined; + fiatP224MulxU64(&x67, &x68, x61, 0xffffffff00000000); + var x69: u64 = undefined; + var x70: u1 = undefined; + fiatP224AddcarryxU64(&x69, &x70, 0x0, x68, x65); + var x71: u64 = undefined; + var x72: u1 = undefined; + fiatP224AddcarryxU64(&x71, &x72, x70, x66, x63); + var x73: u64 = undefined; + var x74: u1 = undefined; + fiatP224AddcarryxU64(&x73, &x74, 0x0, x53, x61); + var x75: u64 = undefined; + var x76: u1 = undefined; + fiatP224AddcarryxU64(&x75, &x76, x74, x55, x67); + var x77: u64 = undefined; + var x78: u1 = undefined; + fiatP224AddcarryxU64(&x77, &x78, x76, x57, x69); + var x79: u64 = undefined; + var x80: u1 = undefined; + fiatP224AddcarryxU64(&x79, &x80, x78, x59, x71); + var x81: u64 = undefined; + var x82: u64 = undefined; + fiatP224MulxU64(&x81, &x82, x2, 0xffffffff); + var x83: u64 = undefined; + var x84: u64 = undefined; + fiatP224MulxU64(&x83, &x84, x2, 0xfffffffe00000000); + var x85: u64 = undefined; + var x86: u64 = undefined; + fiatP224MulxU64(&x85, &x86, x2, 0xffffffff00000000); + var x87: u64 = undefined; + var x88: u64 = undefined; + fiatP224MulxU64(&x87, &x88, x2, 0xffffffff00000001); + var x89: u64 = undefined; + var x90: u1 = undefined; + fiatP224AddcarryxU64(&x89, &x90, 0x0, x88, x85); + var x91: u64 = undefined; + var x92: u1 = undefined; + fiatP224AddcarryxU64(&x91, &x92, x90, x86, x83); + var x93: u64 = undefined; + var x94: u1 = undefined; + fiatP224AddcarryxU64(&x93, &x94, x92, x84, x81); + var x95: u64 = undefined; + var x96: u1 = undefined; + fiatP224AddcarryxU64(&x95, &x96, 0x0, x75, x87); + var x97: u64 = undefined; + var x98: u1 = undefined; + fiatP224AddcarryxU64(&x97, &x98, x96, x77, x89); + var x99: u64 = undefined; + var x100: u1 = undefined; + fiatP224AddcarryxU64(&x99, &x100, x98, x79, x91); + var x101: u64 = undefined; + var x102: u1 = undefined; + fiatP224AddcarryxU64(&x101, &x102, x100, ((@intCast(u64, x80) + (@intCast(u64, x60) + (@intCast(u64, x52) + x40))) + (@intCast(u64, x72) + x64)), x93); + var x103: u64 = undefined; + var x104: u64 = undefined; + fiatP224MulxU64(&x103, &x104, x95, 0xffffffffffffffff); + var x105: u64 = undefined; + var x106: u64 = undefined; + fiatP224MulxU64(&x105, &x106, x103, 0xffffffff); + var x107: u64 = undefined; + var x108: u64 = undefined; + fiatP224MulxU64(&x107, &x108, x103, 0xffffffffffffffff); + var x109: u64 = undefined; + var x110: u64 = undefined; + fiatP224MulxU64(&x109, &x110, x103, 0xffffffff00000000); + var x111: u64 = undefined; + var x112: u1 = undefined; + fiatP224AddcarryxU64(&x111, &x112, 0x0, x110, x107); + var x113: u64 = undefined; + var x114: u1 = undefined; + fiatP224AddcarryxU64(&x113, &x114, x112, x108, x105); + var x115: u64 = undefined; + var x116: u1 = undefined; + fiatP224AddcarryxU64(&x115, &x116, 0x0, x95, x103); + var x117: u64 = undefined; + var x118: u1 = undefined; + fiatP224AddcarryxU64(&x117, &x118, x116, x97, x109); + var x119: u64 = undefined; + var x120: u1 = undefined; + fiatP224AddcarryxU64(&x119, &x120, x118, x99, x111); + var x121: u64 = undefined; + var x122: u1 = undefined; + fiatP224AddcarryxU64(&x121, &x122, x120, x101, x113); + var x123: u64 = undefined; + var x124: u64 = undefined; + fiatP224MulxU64(&x123, &x124, x3, 0xffffffff); + var x125: u64 = undefined; + var x126: u64 = undefined; + fiatP224MulxU64(&x125, &x126, x3, 0xfffffffe00000000); + var x127: u64 = undefined; + var x128: u64 = undefined; + fiatP224MulxU64(&x127, &x128, x3, 0xffffffff00000000); + var x129: u64 = undefined; + var x130: u64 = undefined; + fiatP224MulxU64(&x129, &x130, x3, 0xffffffff00000001); + var x131: u64 = undefined; + var x132: u1 = undefined; + fiatP224AddcarryxU64(&x131, &x132, 0x0, x130, x127); + var x133: u64 = undefined; + var x134: u1 = undefined; + fiatP224AddcarryxU64(&x133, &x134, x132, x128, x125); + var x135: u64 = undefined; + var x136: u1 = undefined; + fiatP224AddcarryxU64(&x135, &x136, x134, x126, x123); + var x137: u64 = undefined; + var x138: u1 = undefined; + fiatP224AddcarryxU64(&x137, &x138, 0x0, x117, x129); + var x139: u64 = undefined; + var x140: u1 = undefined; + fiatP224AddcarryxU64(&x139, &x140, x138, x119, x131); + var x141: u64 = undefined; + var x142: u1 = undefined; + fiatP224AddcarryxU64(&x141, &x142, x140, x121, x133); + var x143: u64 = undefined; + var x144: u1 = undefined; + fiatP224AddcarryxU64(&x143, &x144, x142, ((@intCast(u64, x122) + (@intCast(u64, x102) + (@intCast(u64, x94) + x82))) + (@intCast(u64, x114) + x106)), x135); + var x145: u64 = undefined; + var x146: u64 = undefined; + fiatP224MulxU64(&x145, &x146, x137, 0xffffffffffffffff); + var x147: u64 = undefined; + var x148: u64 = undefined; + fiatP224MulxU64(&x147, &x148, x145, 0xffffffff); + var x149: u64 = undefined; + var x150: u64 = undefined; + fiatP224MulxU64(&x149, &x150, x145, 0xffffffffffffffff); + var x151: u64 = undefined; + var x152: u64 = undefined; + fiatP224MulxU64(&x151, &x152, x145, 0xffffffff00000000); + var x153: u64 = undefined; + var x154: u1 = undefined; + fiatP224AddcarryxU64(&x153, &x154, 0x0, x152, x149); + var x155: u64 = undefined; + var x156: u1 = undefined; + fiatP224AddcarryxU64(&x155, &x156, x154, x150, x147); + var x157: u64 = undefined; + var x158: u1 = undefined; + fiatP224AddcarryxU64(&x157, &x158, 0x0, x137, x145); + var x159: u64 = undefined; + var x160: u1 = undefined; + fiatP224AddcarryxU64(&x159, &x160, x158, x139, x151); + var x161: u64 = undefined; + var x162: u1 = undefined; + fiatP224AddcarryxU64(&x161, &x162, x160, x141, x153); + var x163: u64 = undefined; + var x164: u1 = undefined; + fiatP224AddcarryxU64(&x163, &x164, x162, x143, x155); + const x165: u64 = ((@intCast(u64, x164) + (@intCast(u64, x144) + (@intCast(u64, x136) + x124))) + (@intCast(u64, x156) + x148)); + var x166: u64 = undefined; + var x167: u1 = undefined; + fiatP224SubborrowxU64(&x166, &x167, 0x0, x159, @intCast(u64, 0x1)); + var x168: u64 = undefined; + var x169: u1 = undefined; + fiatP224SubborrowxU64(&x168, &x169, x167, x161, 0xffffffff00000000); + var x170: u64 = undefined; + var x171: u1 = undefined; + fiatP224SubborrowxU64(&x170, &x171, x169, x163, 0xffffffffffffffff); + var x172: u64 = undefined; + var x173: u1 = undefined; + fiatP224SubborrowxU64(&x172, &x173, x171, x165, 0xffffffff); + var x174: u64 = undefined; + var x175: u1 = undefined; + fiatP224SubborrowxU64(&x174, &x175, x173, @intCast(u64, 0x0), @intCast(u64, 0x0)); + var x176: u64 = undefined; + fiatP224CmovznzU64(&x176, x175, x166, x159); + var x177: u64 = undefined; + fiatP224CmovznzU64(&x177, x175, x168, x161); + var x178: u64 = undefined; + fiatP224CmovznzU64(&x178, x175, x170, x163); + var x179: u64 = undefined; + fiatP224CmovznzU64(&x179, x175, x172, x165); + out1[0] = x176; + out1[1] = x177; + out1[2] = x178; + out1[3] = x179; +} + +/// The function fiatP224Nonzero outputs a single non-zero word if the input is non-zero and zero otherwise. +/// Preconditions: +/// 0 ≤ eval arg1 < m +/// Postconditions: +/// out1 = 0 ↔ eval (from_montgomery arg1) mod m = 0 +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// Output Bounds: +/// out1: [0x0 ~> 0xffffffffffffffff] +pub fn fiatP224Nonzero(out1: *u64, arg1: [4]u64) void { + const x1: u64 = ((arg1[0]) | ((arg1[1]) | ((arg1[2]) | (arg1[3])))); + out1.* = x1; +} + +/// The function fiatP224Selectznz is a multi-limb conditional select. +/// Postconditions: +/// eval out1 = (if arg1 = 0 then eval arg2 else eval arg3) +/// +/// Input Bounds: +/// arg1: [0x0 ~> 0x1] +/// arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// arg3: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +pub fn fiatP224Selectznz(out1: *[4]u64, arg1: u1, arg2: [4]u64, arg3: [4]u64) void { + var x1: u64 = undefined; + fiatP224CmovznzU64(&x1, arg1, (arg2[0]), (arg3[0])); + var x2: u64 = undefined; + fiatP224CmovznzU64(&x2, arg1, (arg2[1]), (arg3[1])); + var x3: u64 = undefined; + fiatP224CmovznzU64(&x3, arg1, (arg2[2]), (arg3[2])); + var x4: u64 = undefined; + fiatP224CmovznzU64(&x4, arg1, (arg2[3]), (arg3[3])); + out1[0] = x1; + out1[1] = x2; + out1[2] = x3; + out1[3] = x4; +} + +/// The function fiatP224ToBytes serializes a field element NOT in the Montgomery domain to bytes in little-endian order. +/// Preconditions: +/// 0 ≤ eval arg1 < m +/// Postconditions: +/// out1 = map (λ x, ⌊((eval arg1 mod m) mod 2^(8 * (x + 1))) / 2^(8 * x)⌋) [0..27] +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff]] +pub fn fiatP224ToBytes(out1: *[28]u8, arg1: [4]u64) void { + const x1: u64 = (arg1[3]); + const x2: u64 = (arg1[2]); + const x3: u64 = (arg1[1]); + const x4: u64 = (arg1[0]); + const x5: u8 = @intCast(u8, (x4 & @intCast(u64, 0xff))); + const x6: u64 = (x4 >> 8); + const x7: u8 = @intCast(u8, (x6 & @intCast(u64, 0xff))); + const x8: u64 = (x6 >> 8); + const x9: u8 = @intCast(u8, (x8 & @intCast(u64, 0xff))); + const x10: u64 = (x8 >> 8); + const x11: u8 = @intCast(u8, (x10 & @intCast(u64, 0xff))); + const x12: u64 = (x10 >> 8); + const x13: u8 = @intCast(u8, (x12 & @intCast(u64, 0xff))); + const x14: u64 = (x12 >> 8); + const x15: u8 = @intCast(u8, (x14 & @intCast(u64, 0xff))); + const x16: u64 = (x14 >> 8); + const x17: u8 = @intCast(u8, (x16 & @intCast(u64, 0xff))); + const x18: u8 = @intCast(u8, (x16 >> 8)); + const x19: u8 = @intCast(u8, (x3 & @intCast(u64, 0xff))); + const x20: u64 = (x3 >> 8); + const x21: u8 = @intCast(u8, (x20 & @intCast(u64, 0xff))); + const x22: u64 = (x20 >> 8); + const x23: u8 = @intCast(u8, (x22 & @intCast(u64, 0xff))); + const x24: u64 = (x22 >> 8); + const x25: u8 = @intCast(u8, (x24 & @intCast(u64, 0xff))); + const x26: u64 = (x24 >> 8); + const x27: u8 = @intCast(u8, (x26 & @intCast(u64, 0xff))); + const x28: u64 = (x26 >> 8); + const x29: u8 = @intCast(u8, (x28 & @intCast(u64, 0xff))); + const x30: u64 = (x28 >> 8); + const x31: u8 = @intCast(u8, (x30 & @intCast(u64, 0xff))); + const x32: u8 = @intCast(u8, (x30 >> 8)); + const x33: u8 = @intCast(u8, (x2 & @intCast(u64, 0xff))); + const x34: u64 = (x2 >> 8); + const x35: u8 = @intCast(u8, (x34 & @intCast(u64, 0xff))); + const x36: u64 = (x34 >> 8); + const x37: u8 = @intCast(u8, (x36 & @intCast(u64, 0xff))); + const x38: u64 = (x36 >> 8); + const x39: u8 = @intCast(u8, (x38 & @intCast(u64, 0xff))); + const x40: u64 = (x38 >> 8); + const x41: u8 = @intCast(u8, (x40 & @intCast(u64, 0xff))); + const x42: u64 = (x40 >> 8); + const x43: u8 = @intCast(u8, (x42 & @intCast(u64, 0xff))); + const x44: u64 = (x42 >> 8); + const x45: u8 = @intCast(u8, (x44 & @intCast(u64, 0xff))); + const x46: u8 = @intCast(u8, (x44 >> 8)); + const x47: u8 = @intCast(u8, (x1 & @intCast(u64, 0xff))); + const x48: u64 = (x1 >> 8); + const x49: u8 = @intCast(u8, (x48 & @intCast(u64, 0xff))); + const x50: u64 = (x48 >> 8); + const x51: u8 = @intCast(u8, (x50 & @intCast(u64, 0xff))); + const x52: u8 = @intCast(u8, (x50 >> 8)); + out1[0] = x5; + out1[1] = x7; + out1[2] = x9; + out1[3] = x11; + out1[4] = x13; + out1[5] = x15; + out1[6] = x17; + out1[7] = x18; + out1[8] = x19; + out1[9] = x21; + out1[10] = x23; + out1[11] = x25; + out1[12] = x27; + out1[13] = x29; + out1[14] = x31; + out1[15] = x32; + out1[16] = x33; + out1[17] = x35; + out1[18] = x37; + out1[19] = x39; + out1[20] = x41; + out1[21] = x43; + out1[22] = x45; + out1[23] = x46; + out1[24] = x47; + out1[25] = x49; + out1[26] = x51; + out1[27] = x52; +} + +/// The function fiatP224FromBytes deserializes a field element NOT in the Montgomery domain from bytes in little-endian order. +/// Preconditions: +/// 0 ≤ bytes_eval arg1 < m +/// Postconditions: +/// eval out1 mod m = bytes_eval arg1 mod m +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffff]] +pub fn fiatP224FromBytes(out1: *[4]u64, arg1: [28]u8) void { + const x1: u64 = (@intCast(u64, (arg1[27])) << 24); + const x2: u64 = (@intCast(u64, (arg1[26])) << 16); + const x3: u64 = (@intCast(u64, (arg1[25])) << 8); + const x4: u8 = (arg1[24]); + const x5: u64 = (@intCast(u64, (arg1[23])) << 56); + const x6: u64 = (@intCast(u64, (arg1[22])) << 48); + const x7: u64 = (@intCast(u64, (arg1[21])) << 40); + const x8: u64 = (@intCast(u64, (arg1[20])) << 32); + const x9: u64 = (@intCast(u64, (arg1[19])) << 24); + const x10: u64 = (@intCast(u64, (arg1[18])) << 16); + const x11: u64 = (@intCast(u64, (arg1[17])) << 8); + const x12: u8 = (arg1[16]); + const x13: u64 = (@intCast(u64, (arg1[15])) << 56); + const x14: u64 = (@intCast(u64, (arg1[14])) << 48); + const x15: u64 = (@intCast(u64, (arg1[13])) << 40); + const x16: u64 = (@intCast(u64, (arg1[12])) << 32); + const x17: u64 = (@intCast(u64, (arg1[11])) << 24); + const x18: u64 = (@intCast(u64, (arg1[10])) << 16); + const x19: u64 = (@intCast(u64, (arg1[9])) << 8); + const x20: u8 = (arg1[8]); + const x21: u64 = (@intCast(u64, (arg1[7])) << 56); + const x22: u64 = (@intCast(u64, (arg1[6])) << 48); + const x23: u64 = (@intCast(u64, (arg1[5])) << 40); + const x24: u64 = (@intCast(u64, (arg1[4])) << 32); + const x25: u64 = (@intCast(u64, (arg1[3])) << 24); + const x26: u64 = (@intCast(u64, (arg1[2])) << 16); + const x27: u64 = (@intCast(u64, (arg1[1])) << 8); + const x28: u8 = (arg1[0]); + const x29: u64 = (x27 + @intCast(u64, x28)); + const x30: u64 = (x26 + x29); + const x31: u64 = (x25 + x30); + const x32: u64 = (x24 + x31); + const x33: u64 = (x23 + x32); + const x34: u64 = (x22 + x33); + const x35: u64 = (x21 + x34); + const x36: u64 = (x19 + @intCast(u64, x20)); + const x37: u64 = (x18 + x36); + const x38: u64 = (x17 + x37); + const x39: u64 = (x16 + x38); + const x40: u64 = (x15 + x39); + const x41: u64 = (x14 + x40); + const x42: u64 = (x13 + x41); + const x43: u64 = (x11 + @intCast(u64, x12)); + const x44: u64 = (x10 + x43); + const x45: u64 = (x9 + x44); + const x46: u64 = (x8 + x45); + const x47: u64 = (x7 + x46); + const x48: u64 = (x6 + x47); + const x49: u64 = (x5 + x48); + const x50: u64 = (x3 + @intCast(u64, x4)); + const x51: u64 = (x2 + x50); + const x52: u64 = (x1 + x51); + out1[0] = x35; + out1[1] = x42; + out1[2] = x49; + out1[3] = x52; +} + +/// The function fiatP224SetOne returns the field element one in the Montgomery domain. +/// Postconditions: +/// eval (from_montgomery out1) mod m = 1 mod m +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +pub fn fiatP224SetOne(out1: *[4]u64) void { + out1[0] = 0xffffffff00000000; + out1[1] = 0xffffffffffffffff; + out1[2] = @intCast(u64, 0x0); + out1[3] = @intCast(u64, 0x0); +} + +/// The function fiatP224Msat returns the saturated representation of the prime modulus. +/// Postconditions: +/// twos_complement_eval out1 = m +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +pub fn fiatP224Msat(out1: *[5]u64) void { + out1[0] = @intCast(u64, 0x1); + out1[1] = 0xffffffff00000000; + out1[2] = 0xffffffffffffffff; + out1[3] = 0xffffffff; + out1[4] = @intCast(u64, 0x0); +} + +/// The function fiatP224Divstep computes a divstep. +/// Preconditions: +/// 0 ≤ eval arg4 < m +/// 0 ≤ eval arg5 < m +/// Postconditions: +/// out1 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then 1 - arg1 else 1 + arg1) +/// twos_complement_eval out2 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then twos_complement_eval arg3 else twos_complement_eval arg2) +/// twos_complement_eval out3 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then ⌊(twos_complement_eval arg3 - twos_complement_eval arg2) / 2⌋ else ⌊(twos_complement_eval arg3 + (twos_complement_eval arg3 mod 2) * twos_complement_eval arg2) / 2⌋) +/// eval (from_montgomery out4) mod m = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then (2 * eval (from_montgomery arg5)) mod m else (2 * eval (from_montgomery arg4)) mod m) +/// eval (from_montgomery out5) mod m = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then (eval (from_montgomery arg4) - eval (from_montgomery arg4)) mod m else (eval (from_montgomery arg5) + (twos_complement_eval arg3 mod 2) * eval (from_montgomery arg4)) mod m) +/// 0 ≤ eval out5 < m +/// 0 ≤ eval out5 < m +/// 0 ≤ eval out2 < m +/// 0 ≤ eval out3 < m +/// +/// Input Bounds: +/// arg1: [0x0 ~> 0xffffffffffffffff] +/// arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// arg3: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// arg4: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// arg5: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// Output Bounds: +/// out1: [0x0 ~> 0xffffffffffffffff] +/// out2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// out3: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// out4: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// out5: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +pub fn fiatP224Divstep(out1: *u64, out2: *[5]u64, out3: *[5]u64, out4: *[4]u64, out5: *[4]u64, arg1: u64, arg2: [5]u64, arg3: [5]u64, arg4: [4]u64, arg5: [4]u64) void { + var x1: u64 = undefined; + var x2: u1 = undefined; + fiatP224AddcarryxU64(&x1, &x2, 0x0, (~arg1), @intCast(u64, 0x1)); + const x3: u1 = (@intCast(u1, (x1 >> 63)) & @intCast(u1, ((arg3[0]) & @intCast(u64, 0x1)))); + var x4: u64 = undefined; + var x5: u1 = undefined; + fiatP224AddcarryxU64(&x4, &x5, 0x0, (~arg1), @intCast(u64, 0x1)); + var x6: u64 = undefined; + fiatP224CmovznzU64(&x6, x3, arg1, x4); + var x7: u64 = undefined; + fiatP224CmovznzU64(&x7, x3, (arg2[0]), (arg3[0])); + var x8: u64 = undefined; + fiatP224CmovznzU64(&x8, x3, (arg2[1]), (arg3[1])); + var x9: u64 = undefined; + fiatP224CmovznzU64(&x9, x3, (arg2[2]), (arg3[2])); + var x10: u64 = undefined; + fiatP224CmovznzU64(&x10, x3, (arg2[3]), (arg3[3])); + var x11: u64 = undefined; + fiatP224CmovznzU64(&x11, x3, (arg2[4]), (arg3[4])); + var x12: u64 = undefined; + var x13: u1 = undefined; + fiatP224AddcarryxU64(&x12, &x13, 0x0, @intCast(u64, 0x1), (~(arg2[0]))); + var x14: u64 = undefined; + var x15: u1 = undefined; + fiatP224AddcarryxU64(&x14, &x15, x13, @intCast(u64, 0x0), (~(arg2[1]))); + var x16: u64 = undefined; + var x17: u1 = undefined; + fiatP224AddcarryxU64(&x16, &x17, x15, @intCast(u64, 0x0), (~(arg2[2]))); + var x18: u64 = undefined; + var x19: u1 = undefined; + fiatP224AddcarryxU64(&x18, &x19, x17, @intCast(u64, 0x0), (~(arg2[3]))); + var x20: u64 = undefined; + var x21: u1 = undefined; + fiatP224AddcarryxU64(&x20, &x21, x19, @intCast(u64, 0x0), (~(arg2[4]))); + var x22: u64 = undefined; + fiatP224CmovznzU64(&x22, x3, (arg3[0]), x12); + var x23: u64 = undefined; + fiatP224CmovznzU64(&x23, x3, (arg3[1]), x14); + var x24: u64 = undefined; + fiatP224CmovznzU64(&x24, x3, (arg3[2]), x16); + var x25: u64 = undefined; + fiatP224CmovznzU64(&x25, x3, (arg3[3]), x18); + var x26: u64 = undefined; + fiatP224CmovznzU64(&x26, x3, (arg3[4]), x20); + var x27: u64 = undefined; + fiatP224CmovznzU64(&x27, x3, (arg4[0]), (arg5[0])); + var x28: u64 = undefined; + fiatP224CmovznzU64(&x28, x3, (arg4[1]), (arg5[1])); + var x29: u64 = undefined; + fiatP224CmovznzU64(&x29, x3, (arg4[2]), (arg5[2])); + var x30: u64 = undefined; + fiatP224CmovznzU64(&x30, x3, (arg4[3]), (arg5[3])); + var x31: u64 = undefined; + var x32: u1 = undefined; + fiatP224AddcarryxU64(&x31, &x32, 0x0, x27, x27); + var x33: u64 = undefined; + var x34: u1 = undefined; + fiatP224AddcarryxU64(&x33, &x34, x32, x28, x28); + var x35: u64 = undefined; + var x36: u1 = undefined; + fiatP224AddcarryxU64(&x35, &x36, x34, x29, x29); + var x37: u64 = undefined; + var x38: u1 = undefined; + fiatP224AddcarryxU64(&x37, &x38, x36, x30, x30); + var x39: u64 = undefined; + var x40: u1 = undefined; + fiatP224SubborrowxU64(&x39, &x40, 0x0, x31, @intCast(u64, 0x1)); + var x41: u64 = undefined; + var x42: u1 = undefined; + fiatP224SubborrowxU64(&x41, &x42, x40, x33, 0xffffffff00000000); + var x43: u64 = undefined; + var x44: u1 = undefined; + fiatP224SubborrowxU64(&x43, &x44, x42, x35, 0xffffffffffffffff); + var x45: u64 = undefined; + var x46: u1 = undefined; + fiatP224SubborrowxU64(&x45, &x46, x44, x37, 0xffffffff); + var x47: u64 = undefined; + var x48: u1 = undefined; + fiatP224SubborrowxU64(&x47, &x48, x46, @intCast(u64, x38), @intCast(u64, 0x0)); + const x49: u64 = (arg4[3]); + const x50: u64 = (arg4[2]); + const x51: u64 = (arg4[1]); + const x52: u64 = (arg4[0]); + var x53: u64 = undefined; + var x54: u1 = undefined; + fiatP224SubborrowxU64(&x53, &x54, 0x0, @intCast(u64, 0x0), x52); + var x55: u64 = undefined; + var x56: u1 = undefined; + fiatP224SubborrowxU64(&x55, &x56, x54, @intCast(u64, 0x0), x51); + var x57: u64 = undefined; + var x58: u1 = undefined; + fiatP224SubborrowxU64(&x57, &x58, x56, @intCast(u64, 0x0), x50); + var x59: u64 = undefined; + var x60: u1 = undefined; + fiatP224SubborrowxU64(&x59, &x60, x58, @intCast(u64, 0x0), x49); + var x61: u64 = undefined; + fiatP224CmovznzU64(&x61, x60, @intCast(u64, 0x0), 0xffffffffffffffff); + var x62: u64 = undefined; + var x63: u1 = undefined; + fiatP224AddcarryxU64(&x62, &x63, 0x0, x53, @intCast(u64, @intCast(u1, (x61 & @intCast(u64, 0x1))))); + var x64: u64 = undefined; + var x65: u1 = undefined; + fiatP224AddcarryxU64(&x64, &x65, x63, x55, (x61 & 0xffffffff00000000)); + var x66: u64 = undefined; + var x67: u1 = undefined; + fiatP224AddcarryxU64(&x66, &x67, x65, x57, x61); + var x68: u64 = undefined; + var x69: u1 = undefined; + fiatP224AddcarryxU64(&x68, &x69, x67, x59, (x61 & 0xffffffff)); + var x70: u64 = undefined; + fiatP224CmovznzU64(&x70, x3, (arg5[0]), x62); + var x71: u64 = undefined; + fiatP224CmovznzU64(&x71, x3, (arg5[1]), x64); + var x72: u64 = undefined; + fiatP224CmovznzU64(&x72, x3, (arg5[2]), x66); + var x73: u64 = undefined; + fiatP224CmovznzU64(&x73, x3, (arg5[3]), x68); + const x74: u1 = @intCast(u1, (x22 & @intCast(u64, 0x1))); + var x75: u64 = undefined; + fiatP224CmovznzU64(&x75, x74, @intCast(u64, 0x0), x7); + var x76: u64 = undefined; + fiatP224CmovznzU64(&x76, x74, @intCast(u64, 0x0), x8); + var x77: u64 = undefined; + fiatP224CmovznzU64(&x77, x74, @intCast(u64, 0x0), x9); + var x78: u64 = undefined; + fiatP224CmovznzU64(&x78, x74, @intCast(u64, 0x0), x10); + var x79: u64 = undefined; + fiatP224CmovznzU64(&x79, x74, @intCast(u64, 0x0), x11); + var x80: u64 = undefined; + var x81: u1 = undefined; + fiatP224AddcarryxU64(&x80, &x81, 0x0, x22, x75); + var x82: u64 = undefined; + var x83: u1 = undefined; + fiatP224AddcarryxU64(&x82, &x83, x81, x23, x76); + var x84: u64 = undefined; + var x85: u1 = undefined; + fiatP224AddcarryxU64(&x84, &x85, x83, x24, x77); + var x86: u64 = undefined; + var x87: u1 = undefined; + fiatP224AddcarryxU64(&x86, &x87, x85, x25, x78); + var x88: u64 = undefined; + var x89: u1 = undefined; + fiatP224AddcarryxU64(&x88, &x89, x87, x26, x79); + var x90: u64 = undefined; + fiatP224CmovznzU64(&x90, x74, @intCast(u64, 0x0), x27); + var x91: u64 = undefined; + fiatP224CmovznzU64(&x91, x74, @intCast(u64, 0x0), x28); + var x92: u64 = undefined; + fiatP224CmovznzU64(&x92, x74, @intCast(u64, 0x0), x29); + var x93: u64 = undefined; + fiatP224CmovznzU64(&x93, x74, @intCast(u64, 0x0), x30); + var x94: u64 = undefined; + var x95: u1 = undefined; + fiatP224AddcarryxU64(&x94, &x95, 0x0, x70, x90); + var x96: u64 = undefined; + var x97: u1 = undefined; + fiatP224AddcarryxU64(&x96, &x97, x95, x71, x91); + var x98: u64 = undefined; + var x99: u1 = undefined; + fiatP224AddcarryxU64(&x98, &x99, x97, x72, x92); + var x100: u64 = undefined; + var x101: u1 = undefined; + fiatP224AddcarryxU64(&x100, &x101, x99, x73, x93); + var x102: u64 = undefined; + var x103: u1 = undefined; + fiatP224SubborrowxU64(&x102, &x103, 0x0, x94, @intCast(u64, 0x1)); + var x104: u64 = undefined; + var x105: u1 = undefined; + fiatP224SubborrowxU64(&x104, &x105, x103, x96, 0xffffffff00000000); + var x106: u64 = undefined; + var x107: u1 = undefined; + fiatP224SubborrowxU64(&x106, &x107, x105, x98, 0xffffffffffffffff); + var x108: u64 = undefined; + var x109: u1 = undefined; + fiatP224SubborrowxU64(&x108, &x109, x107, x100, 0xffffffff); + var x110: u64 = undefined; + var x111: u1 = undefined; + fiatP224SubborrowxU64(&x110, &x111, x109, @intCast(u64, x101), @intCast(u64, 0x0)); + var x112: u64 = undefined; + var x113: u1 = undefined; + fiatP224AddcarryxU64(&x112, &x113, 0x0, x6, @intCast(u64, 0x1)); + const x114: u64 = ((x80 >> 1) | ((x82 << 63) & 0xffffffffffffffff)); + const x115: u64 = ((x82 >> 1) | ((x84 << 63) & 0xffffffffffffffff)); + const x116: u64 = ((x84 >> 1) | ((x86 << 63) & 0xffffffffffffffff)); + const x117: u64 = ((x86 >> 1) | ((x88 << 63) & 0xffffffffffffffff)); + const x118: u64 = ((x88 & 0x8000000000000000) | (x88 >> 1)); + var x119: u64 = undefined; + fiatP224CmovznzU64(&x119, x48, x39, x31); + var x120: u64 = undefined; + fiatP224CmovznzU64(&x120, x48, x41, x33); + var x121: u64 = undefined; + fiatP224CmovznzU64(&x121, x48, x43, x35); + var x122: u64 = undefined; + fiatP224CmovznzU64(&x122, x48, x45, x37); + var x123: u64 = undefined; + fiatP224CmovznzU64(&x123, x111, x102, x94); + var x124: u64 = undefined; + fiatP224CmovznzU64(&x124, x111, x104, x96); + var x125: u64 = undefined; + fiatP224CmovznzU64(&x125, x111, x106, x98); + var x126: u64 = undefined; + fiatP224CmovznzU64(&x126, x111, x108, x100); + out1.* = x112; + out2[0] = x7; + out2[1] = x8; + out2[2] = x9; + out2[3] = x10; + out2[4] = x11; + out3[0] = x114; + out3[1] = x115; + out3[2] = x116; + out3[3] = x117; + out3[4] = x118; + out4[0] = x119; + out4[1] = x120; + out4[2] = x121; + out4[3] = x122; + out5[0] = x123; + out5[1] = x124; + out5[2] = x125; + out5[3] = x126; +} + +/// The function fiatP224DivstepPrecomp returns the precomputed value for Bernstein-Yang-inversion (in montgomery form). +/// Postconditions: +/// eval (from_montgomery out1) = ⌊(m - 1) / 2⌋^(if (log2 m) + 1 < 46 then ⌊(49 * ((log2 m) + 1) + 80) / 17⌋ else ⌊(49 * ((log2 m) + 1) + 57) / 17⌋) +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +pub fn fiatP224DivstepPrecomp(out1: *[4]u64) void { + out1[0] = 0x7ffffffe800001; + out1[1] = 0xff7fffff00800000; + out1[2] = 0xffffff; + out1[3] = 0xff800000; +} + diff --git a/fiat-zig/src/p256_32.zig b/fiat-zig/src/p256_32.zig new file mode 100644 index 0000000000..6e1ea70108 --- /dev/null +++ b/fiat-zig/src/p256_32.zig @@ -0,0 +1,4493 @@ +/// Autogenerated: 'src/ExtractionOCaml/word_by_word_montgomery' --lang Zig --internal-static --public-function-case camelCase --private-function-case camelCase p256 32 '2^256 - 2^224 + 2^192 + 2^96 - 1' mul square add sub opp from_montgomery to_montgomery nonzero selectznz to_bytes from_bytes one msat divstep divstep_precomp +/// curve description: p256 +/// machine_wordsize = 32 (from "32") +/// requested operations: mul, square, add, sub, opp, from_montgomery, to_montgomery, nonzero, selectznz, to_bytes, from_bytes, one, msat, divstep, divstep_precomp +/// m = 0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff (from "2^256 - 2^224 + 2^192 + 2^96 - 1") +/// +/// NOTE: In addition to the bounds specified above each function, all +/// functions synthesized for this Montgomery arithmetic require the +/// input to be strictly less than the prime modulus (m), and also +/// require the input to be in the unique saturated representation. +/// All functions also ensure that these two properties are true of +/// return values. +/// +/// Computed values: +/// eval z = z[0] + (z[1] << 32) + (z[2] << 64) + (z[3] << 96) + (z[4] << 128) + (z[5] << 160) + (z[6] << 192) + (z[7] << 224) +/// bytes_eval z = z[0] + (z[1] << 8) + (z[2] << 16) + (z[3] << 24) + (z[4] << 32) + (z[5] << 40) + (z[6] << 48) + (z[7] << 56) + (z[8] << 64) + (z[9] << 72) + (z[10] << 80) + (z[11] << 88) + (z[12] << 96) + (z[13] << 104) + (z[14] << 112) + (z[15] << 120) + (z[16] << 128) + (z[17] << 136) + (z[18] << 144) + (z[19] << 152) + (z[20] << 160) + (z[21] << 168) + (z[22] << 176) + (z[23] << 184) + (z[24] << 192) + (z[25] << 200) + (z[26] << 208) + (z[27] << 216) + (z[28] << 224) + (z[29] << 232) + (z[30] << 240) + (z[31] << 248) + + +/// The function fiatP256AddcarryxU32 is an addition with carry. +/// Postconditions: +/// out1 = (arg1 + arg2 + arg3) mod 2^32 +/// out2 = ⌊(arg1 + arg2 + arg3) / 2^32⌋ +/// +/// Input Bounds: +/// arg1: [0x0 ~> 0x1] +/// arg2: [0x0 ~> 0xffffffff] +/// arg3: [0x0 ~> 0xffffffff] +/// Output Bounds: +/// out1: [0x0 ~> 0xffffffff] +/// out2: [0x0 ~> 0x1] +fn fiatP256AddcarryxU32(out1: *u32, out2: *u1, arg1: u1, arg2: u32, arg3: u32) callconv(.Inline) void { + const x1: u64 = ((@intCast(u64, arg1) + @intCast(u64, arg2)) + @intCast(u64, arg3)); + const x2: u32 = @intCast(u32, (x1 & @intCast(u64, 0xffffffff))); + const x3: u1 = @intCast(u1, (x1 >> 32)); + out1.* = x2; + out2.* = x3; +} + +/// The function fiatP256SubborrowxU32 is a subtraction with borrow. +/// Postconditions: +/// out1 = (-arg1 + arg2 + -arg3) mod 2^32 +/// out2 = -⌊(-arg1 + arg2 + -arg3) / 2^32⌋ +/// +/// Input Bounds: +/// arg1: [0x0 ~> 0x1] +/// arg2: [0x0 ~> 0xffffffff] +/// arg3: [0x0 ~> 0xffffffff] +/// Output Bounds: +/// out1: [0x0 ~> 0xffffffff] +/// out2: [0x0 ~> 0x1] +fn fiatP256SubborrowxU32(out1: *u32, out2: *u1, arg1: u1, arg2: u32, arg3: u32) callconv(.Inline) void { + const x1: i64 = ((@intCast(i64, arg2) - @intCast(i64, arg1)) - @intCast(i64, arg3)); + const x2: i1 = @intCast(i1, (x1 >> 32)); + const x3: u32 = @intCast(u32, (x1 & @intCast(i64, 0xffffffff))); + out1.* = x3; + out2.* = @intCast(u1, (@intCast(i2, 0x0) - @intCast(i2, x2))); +} + +/// The function fiatP256MulxU32 is a multiplication, returning the full double-width result. +/// Postconditions: +/// out1 = (arg1 * arg2) mod 2^32 +/// out2 = ⌊arg1 * arg2 / 2^32⌋ +/// +/// Input Bounds: +/// arg1: [0x0 ~> 0xffffffff] +/// arg2: [0x0 ~> 0xffffffff] +/// Output Bounds: +/// out1: [0x0 ~> 0xffffffff] +/// out2: [0x0 ~> 0xffffffff] +fn fiatP256MulxU32(out1: *u32, out2: *u32, arg1: u32, arg2: u32) callconv(.Inline) void { + const x1: u64 = (@intCast(u64, arg1) * @intCast(u64, arg2)); + const x2: u32 = @intCast(u32, (x1 & @intCast(u64, 0xffffffff))); + const x3: u32 = @intCast(u32, (x1 >> 32)); + out1.* = x2; + out2.* = x3; +} + +/// The function fiatP256CmovznzU32 is a single-word conditional move. +/// Postconditions: +/// out1 = (if arg1 = 0 then arg2 else arg3) +/// +/// Input Bounds: +/// arg1: [0x0 ~> 0x1] +/// arg2: [0x0 ~> 0xffffffff] +/// arg3: [0x0 ~> 0xffffffff] +/// Output Bounds: +/// out1: [0x0 ~> 0xffffffff] +fn fiatP256CmovznzU32(out1: *u32, arg1: u1, arg2: u32, arg3: u32) callconv(.Inline) void { + const x1: u1 = (~(~arg1)); + const x2: u32 = @intCast(u32, (@intCast(i64, @intCast(i1, (@intCast(i2, 0x0) - @intCast(i2, x1)))) & @intCast(i64, 0xffffffff))); + const x3: u32 = ((x2 & arg3) | ((~x2) & arg2)); + out1.* = x3; +} + +/// The function fiatP256Mul multiplies two field elements in the Montgomery domain. +/// Preconditions: +/// 0 ≤ eval arg1 < m +/// 0 ≤ eval arg2 < m +/// Postconditions: +/// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg2)) mod m +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +/// arg2: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +pub fn fiatP256Mul(out1: *[8]u32, arg1: [8]u32, arg2: [8]u32) void { + const x1: u32 = (arg1[1]); + const x2: u32 = (arg1[2]); + const x3: u32 = (arg1[3]); + const x4: u32 = (arg1[4]); + const x5: u32 = (arg1[5]); + const x6: u32 = (arg1[6]); + const x7: u32 = (arg1[7]); + const x8: u32 = (arg1[0]); + var x9: u32 = undefined; + var x10: u32 = undefined; + fiatP256MulxU32(&x9, &x10, x8, (arg2[7])); + var x11: u32 = undefined; + var x12: u32 = undefined; + fiatP256MulxU32(&x11, &x12, x8, (arg2[6])); + var x13: u32 = undefined; + var x14: u32 = undefined; + fiatP256MulxU32(&x13, &x14, x8, (arg2[5])); + var x15: u32 = undefined; + var x16: u32 = undefined; + fiatP256MulxU32(&x15, &x16, x8, (arg2[4])); + var x17: u32 = undefined; + var x18: u32 = undefined; + fiatP256MulxU32(&x17, &x18, x8, (arg2[3])); + var x19: u32 = undefined; + var x20: u32 = undefined; + fiatP256MulxU32(&x19, &x20, x8, (arg2[2])); + var x21: u32 = undefined; + var x22: u32 = undefined; + fiatP256MulxU32(&x21, &x22, x8, (arg2[1])); + var x23: u32 = undefined; + var x24: u32 = undefined; + fiatP256MulxU32(&x23, &x24, x8, (arg2[0])); + var x25: u32 = undefined; + var x26: u1 = undefined; + fiatP256AddcarryxU32(&x25, &x26, 0x0, x24, x21); + var x27: u32 = undefined; + var x28: u1 = undefined; + fiatP256AddcarryxU32(&x27, &x28, x26, x22, x19); + var x29: u32 = undefined; + var x30: u1 = undefined; + fiatP256AddcarryxU32(&x29, &x30, x28, x20, x17); + var x31: u32 = undefined; + var x32: u1 = undefined; + fiatP256AddcarryxU32(&x31, &x32, x30, x18, x15); + var x33: u32 = undefined; + var x34: u1 = undefined; + fiatP256AddcarryxU32(&x33, &x34, x32, x16, x13); + var x35: u32 = undefined; + var x36: u1 = undefined; + fiatP256AddcarryxU32(&x35, &x36, x34, x14, x11); + var x37: u32 = undefined; + var x38: u1 = undefined; + fiatP256AddcarryxU32(&x37, &x38, x36, x12, x9); + const x39: u32 = (@intCast(u32, x38) + x10); + var x40: u32 = undefined; + var x41: u32 = undefined; + fiatP256MulxU32(&x40, &x41, x23, 0xffffffff); + var x42: u32 = undefined; + var x43: u32 = undefined; + fiatP256MulxU32(&x42, &x43, x23, 0xffffffff); + var x44: u32 = undefined; + var x45: u32 = undefined; + fiatP256MulxU32(&x44, &x45, x23, 0xffffffff); + var x46: u32 = undefined; + var x47: u32 = undefined; + fiatP256MulxU32(&x46, &x47, x23, 0xffffffff); + var x48: u32 = undefined; + var x49: u1 = undefined; + fiatP256AddcarryxU32(&x48, &x49, 0x0, x47, x44); + var x50: u32 = undefined; + var x51: u1 = undefined; + fiatP256AddcarryxU32(&x50, &x51, x49, x45, x42); + const x52: u32 = (@intCast(u32, x51) + x43); + var x53: u32 = undefined; + var x54: u1 = undefined; + fiatP256AddcarryxU32(&x53, &x54, 0x0, x23, x46); + var x55: u32 = undefined; + var x56: u1 = undefined; + fiatP256AddcarryxU32(&x55, &x56, x54, x25, x48); + var x57: u32 = undefined; + var x58: u1 = undefined; + fiatP256AddcarryxU32(&x57, &x58, x56, x27, x50); + var x59: u32 = undefined; + var x60: u1 = undefined; + fiatP256AddcarryxU32(&x59, &x60, x58, x29, x52); + var x61: u32 = undefined; + var x62: u1 = undefined; + fiatP256AddcarryxU32(&x61, &x62, x60, x31, @intCast(u32, 0x0)); + var x63: u32 = undefined; + var x64: u1 = undefined; + fiatP256AddcarryxU32(&x63, &x64, x62, x33, @intCast(u32, 0x0)); + var x65: u32 = undefined; + var x66: u1 = undefined; + fiatP256AddcarryxU32(&x65, &x66, x64, x35, x23); + var x67: u32 = undefined; + var x68: u1 = undefined; + fiatP256AddcarryxU32(&x67, &x68, x66, x37, x40); + var x69: u32 = undefined; + var x70: u1 = undefined; + fiatP256AddcarryxU32(&x69, &x70, x68, x39, x41); + var x71: u32 = undefined; + var x72: u32 = undefined; + fiatP256MulxU32(&x71, &x72, x1, (arg2[7])); + var x73: u32 = undefined; + var x74: u32 = undefined; + fiatP256MulxU32(&x73, &x74, x1, (arg2[6])); + var x75: u32 = undefined; + var x76: u32 = undefined; + fiatP256MulxU32(&x75, &x76, x1, (arg2[5])); + var x77: u32 = undefined; + var x78: u32 = undefined; + fiatP256MulxU32(&x77, &x78, x1, (arg2[4])); + var x79: u32 = undefined; + var x80: u32 = undefined; + fiatP256MulxU32(&x79, &x80, x1, (arg2[3])); + var x81: u32 = undefined; + var x82: u32 = undefined; + fiatP256MulxU32(&x81, &x82, x1, (arg2[2])); + var x83: u32 = undefined; + var x84: u32 = undefined; + fiatP256MulxU32(&x83, &x84, x1, (arg2[1])); + var x85: u32 = undefined; + var x86: u32 = undefined; + fiatP256MulxU32(&x85, &x86, x1, (arg2[0])); + var x87: u32 = undefined; + var x88: u1 = undefined; + fiatP256AddcarryxU32(&x87, &x88, 0x0, x86, x83); + var x89: u32 = undefined; + var x90: u1 = undefined; + fiatP256AddcarryxU32(&x89, &x90, x88, x84, x81); + var x91: u32 = undefined; + var x92: u1 = undefined; + fiatP256AddcarryxU32(&x91, &x92, x90, x82, x79); + var x93: u32 = undefined; + var x94: u1 = undefined; + fiatP256AddcarryxU32(&x93, &x94, x92, x80, x77); + var x95: u32 = undefined; + var x96: u1 = undefined; + fiatP256AddcarryxU32(&x95, &x96, x94, x78, x75); + var x97: u32 = undefined; + var x98: u1 = undefined; + fiatP256AddcarryxU32(&x97, &x98, x96, x76, x73); + var x99: u32 = undefined; + var x100: u1 = undefined; + fiatP256AddcarryxU32(&x99, &x100, x98, x74, x71); + const x101: u32 = (@intCast(u32, x100) + x72); + var x102: u32 = undefined; + var x103: u1 = undefined; + fiatP256AddcarryxU32(&x102, &x103, 0x0, x55, x85); + var x104: u32 = undefined; + var x105: u1 = undefined; + fiatP256AddcarryxU32(&x104, &x105, x103, x57, x87); + var x106: u32 = undefined; + var x107: u1 = undefined; + fiatP256AddcarryxU32(&x106, &x107, x105, x59, x89); + var x108: u32 = undefined; + var x109: u1 = undefined; + fiatP256AddcarryxU32(&x108, &x109, x107, x61, x91); + var x110: u32 = undefined; + var x111: u1 = undefined; + fiatP256AddcarryxU32(&x110, &x111, x109, x63, x93); + var x112: u32 = undefined; + var x113: u1 = undefined; + fiatP256AddcarryxU32(&x112, &x113, x111, x65, x95); + var x114: u32 = undefined; + var x115: u1 = undefined; + fiatP256AddcarryxU32(&x114, &x115, x113, x67, x97); + var x116: u32 = undefined; + var x117: u1 = undefined; + fiatP256AddcarryxU32(&x116, &x117, x115, x69, x99); + var x118: u32 = undefined; + var x119: u1 = undefined; + fiatP256AddcarryxU32(&x118, &x119, x117, @intCast(u32, x70), x101); + var x120: u32 = undefined; + var x121: u32 = undefined; + fiatP256MulxU32(&x120, &x121, x102, 0xffffffff); + var x122: u32 = undefined; + var x123: u32 = undefined; + fiatP256MulxU32(&x122, &x123, x102, 0xffffffff); + var x124: u32 = undefined; + var x125: u32 = undefined; + fiatP256MulxU32(&x124, &x125, x102, 0xffffffff); + var x126: u32 = undefined; + var x127: u32 = undefined; + fiatP256MulxU32(&x126, &x127, x102, 0xffffffff); + var x128: u32 = undefined; + var x129: u1 = undefined; + fiatP256AddcarryxU32(&x128, &x129, 0x0, x127, x124); + var x130: u32 = undefined; + var x131: u1 = undefined; + fiatP256AddcarryxU32(&x130, &x131, x129, x125, x122); + const x132: u32 = (@intCast(u32, x131) + x123); + var x133: u32 = undefined; + var x134: u1 = undefined; + fiatP256AddcarryxU32(&x133, &x134, 0x0, x102, x126); + var x135: u32 = undefined; + var x136: u1 = undefined; + fiatP256AddcarryxU32(&x135, &x136, x134, x104, x128); + var x137: u32 = undefined; + var x138: u1 = undefined; + fiatP256AddcarryxU32(&x137, &x138, x136, x106, x130); + var x139: u32 = undefined; + var x140: u1 = undefined; + fiatP256AddcarryxU32(&x139, &x140, x138, x108, x132); + var x141: u32 = undefined; + var x142: u1 = undefined; + fiatP256AddcarryxU32(&x141, &x142, x140, x110, @intCast(u32, 0x0)); + var x143: u32 = undefined; + var x144: u1 = undefined; + fiatP256AddcarryxU32(&x143, &x144, x142, x112, @intCast(u32, 0x0)); + var x145: u32 = undefined; + var x146: u1 = undefined; + fiatP256AddcarryxU32(&x145, &x146, x144, x114, x102); + var x147: u32 = undefined; + var x148: u1 = undefined; + fiatP256AddcarryxU32(&x147, &x148, x146, x116, x120); + var x149: u32 = undefined; + var x150: u1 = undefined; + fiatP256AddcarryxU32(&x149, &x150, x148, x118, x121); + const x151: u32 = (@intCast(u32, x150) + @intCast(u32, x119)); + var x152: u32 = undefined; + var x153: u32 = undefined; + fiatP256MulxU32(&x152, &x153, x2, (arg2[7])); + var x154: u32 = undefined; + var x155: u32 = undefined; + fiatP256MulxU32(&x154, &x155, x2, (arg2[6])); + var x156: u32 = undefined; + var x157: u32 = undefined; + fiatP256MulxU32(&x156, &x157, x2, (arg2[5])); + var x158: u32 = undefined; + var x159: u32 = undefined; + fiatP256MulxU32(&x158, &x159, x2, (arg2[4])); + var x160: u32 = undefined; + var x161: u32 = undefined; + fiatP256MulxU32(&x160, &x161, x2, (arg2[3])); + var x162: u32 = undefined; + var x163: u32 = undefined; + fiatP256MulxU32(&x162, &x163, x2, (arg2[2])); + var x164: u32 = undefined; + var x165: u32 = undefined; + fiatP256MulxU32(&x164, &x165, x2, (arg2[1])); + var x166: u32 = undefined; + var x167: u32 = undefined; + fiatP256MulxU32(&x166, &x167, x2, (arg2[0])); + var x168: u32 = undefined; + var x169: u1 = undefined; + fiatP256AddcarryxU32(&x168, &x169, 0x0, x167, x164); + var x170: u32 = undefined; + var x171: u1 = undefined; + fiatP256AddcarryxU32(&x170, &x171, x169, x165, x162); + var x172: u32 = undefined; + var x173: u1 = undefined; + fiatP256AddcarryxU32(&x172, &x173, x171, x163, x160); + var x174: u32 = undefined; + var x175: u1 = undefined; + fiatP256AddcarryxU32(&x174, &x175, x173, x161, x158); + var x176: u32 = undefined; + var x177: u1 = undefined; + fiatP256AddcarryxU32(&x176, &x177, x175, x159, x156); + var x178: u32 = undefined; + var x179: u1 = undefined; + fiatP256AddcarryxU32(&x178, &x179, x177, x157, x154); + var x180: u32 = undefined; + var x181: u1 = undefined; + fiatP256AddcarryxU32(&x180, &x181, x179, x155, x152); + const x182: u32 = (@intCast(u32, x181) + x153); + var x183: u32 = undefined; + var x184: u1 = undefined; + fiatP256AddcarryxU32(&x183, &x184, 0x0, x135, x166); + var x185: u32 = undefined; + var x186: u1 = undefined; + fiatP256AddcarryxU32(&x185, &x186, x184, x137, x168); + var x187: u32 = undefined; + var x188: u1 = undefined; + fiatP256AddcarryxU32(&x187, &x188, x186, x139, x170); + var x189: u32 = undefined; + var x190: u1 = undefined; + fiatP256AddcarryxU32(&x189, &x190, x188, x141, x172); + var x191: u32 = undefined; + var x192: u1 = undefined; + fiatP256AddcarryxU32(&x191, &x192, x190, x143, x174); + var x193: u32 = undefined; + var x194: u1 = undefined; + fiatP256AddcarryxU32(&x193, &x194, x192, x145, x176); + var x195: u32 = undefined; + var x196: u1 = undefined; + fiatP256AddcarryxU32(&x195, &x196, x194, x147, x178); + var x197: u32 = undefined; + var x198: u1 = undefined; + fiatP256AddcarryxU32(&x197, &x198, x196, x149, x180); + var x199: u32 = undefined; + var x200: u1 = undefined; + fiatP256AddcarryxU32(&x199, &x200, x198, x151, x182); + var x201: u32 = undefined; + var x202: u32 = undefined; + fiatP256MulxU32(&x201, &x202, x183, 0xffffffff); + var x203: u32 = undefined; + var x204: u32 = undefined; + fiatP256MulxU32(&x203, &x204, x183, 0xffffffff); + var x205: u32 = undefined; + var x206: u32 = undefined; + fiatP256MulxU32(&x205, &x206, x183, 0xffffffff); + var x207: u32 = undefined; + var x208: u32 = undefined; + fiatP256MulxU32(&x207, &x208, x183, 0xffffffff); + var x209: u32 = undefined; + var x210: u1 = undefined; + fiatP256AddcarryxU32(&x209, &x210, 0x0, x208, x205); + var x211: u32 = undefined; + var x212: u1 = undefined; + fiatP256AddcarryxU32(&x211, &x212, x210, x206, x203); + const x213: u32 = (@intCast(u32, x212) + x204); + var x214: u32 = undefined; + var x215: u1 = undefined; + fiatP256AddcarryxU32(&x214, &x215, 0x0, x183, x207); + var x216: u32 = undefined; + var x217: u1 = undefined; + fiatP256AddcarryxU32(&x216, &x217, x215, x185, x209); + var x218: u32 = undefined; + var x219: u1 = undefined; + fiatP256AddcarryxU32(&x218, &x219, x217, x187, x211); + var x220: u32 = undefined; + var x221: u1 = undefined; + fiatP256AddcarryxU32(&x220, &x221, x219, x189, x213); + var x222: u32 = undefined; + var x223: u1 = undefined; + fiatP256AddcarryxU32(&x222, &x223, x221, x191, @intCast(u32, 0x0)); + var x224: u32 = undefined; + var x225: u1 = undefined; + fiatP256AddcarryxU32(&x224, &x225, x223, x193, @intCast(u32, 0x0)); + var x226: u32 = undefined; + var x227: u1 = undefined; + fiatP256AddcarryxU32(&x226, &x227, x225, x195, x183); + var x228: u32 = undefined; + var x229: u1 = undefined; + fiatP256AddcarryxU32(&x228, &x229, x227, x197, x201); + var x230: u32 = undefined; + var x231: u1 = undefined; + fiatP256AddcarryxU32(&x230, &x231, x229, x199, x202); + const x232: u32 = (@intCast(u32, x231) + @intCast(u32, x200)); + var x233: u32 = undefined; + var x234: u32 = undefined; + fiatP256MulxU32(&x233, &x234, x3, (arg2[7])); + var x235: u32 = undefined; + var x236: u32 = undefined; + fiatP256MulxU32(&x235, &x236, x3, (arg2[6])); + var x237: u32 = undefined; + var x238: u32 = undefined; + fiatP256MulxU32(&x237, &x238, x3, (arg2[5])); + var x239: u32 = undefined; + var x240: u32 = undefined; + fiatP256MulxU32(&x239, &x240, x3, (arg2[4])); + var x241: u32 = undefined; + var x242: u32 = undefined; + fiatP256MulxU32(&x241, &x242, x3, (arg2[3])); + var x243: u32 = undefined; + var x244: u32 = undefined; + fiatP256MulxU32(&x243, &x244, x3, (arg2[2])); + var x245: u32 = undefined; + var x246: u32 = undefined; + fiatP256MulxU32(&x245, &x246, x3, (arg2[1])); + var x247: u32 = undefined; + var x248: u32 = undefined; + fiatP256MulxU32(&x247, &x248, x3, (arg2[0])); + var x249: u32 = undefined; + var x250: u1 = undefined; + fiatP256AddcarryxU32(&x249, &x250, 0x0, x248, x245); + var x251: u32 = undefined; + var x252: u1 = undefined; + fiatP256AddcarryxU32(&x251, &x252, x250, x246, x243); + var x253: u32 = undefined; + var x254: u1 = undefined; + fiatP256AddcarryxU32(&x253, &x254, x252, x244, x241); + var x255: u32 = undefined; + var x256: u1 = undefined; + fiatP256AddcarryxU32(&x255, &x256, x254, x242, x239); + var x257: u32 = undefined; + var x258: u1 = undefined; + fiatP256AddcarryxU32(&x257, &x258, x256, x240, x237); + var x259: u32 = undefined; + var x260: u1 = undefined; + fiatP256AddcarryxU32(&x259, &x260, x258, x238, x235); + var x261: u32 = undefined; + var x262: u1 = undefined; + fiatP256AddcarryxU32(&x261, &x262, x260, x236, x233); + const x263: u32 = (@intCast(u32, x262) + x234); + var x264: u32 = undefined; + var x265: u1 = undefined; + fiatP256AddcarryxU32(&x264, &x265, 0x0, x216, x247); + var x266: u32 = undefined; + var x267: u1 = undefined; + fiatP256AddcarryxU32(&x266, &x267, x265, x218, x249); + var x268: u32 = undefined; + var x269: u1 = undefined; + fiatP256AddcarryxU32(&x268, &x269, x267, x220, x251); + var x270: u32 = undefined; + var x271: u1 = undefined; + fiatP256AddcarryxU32(&x270, &x271, x269, x222, x253); + var x272: u32 = undefined; + var x273: u1 = undefined; + fiatP256AddcarryxU32(&x272, &x273, x271, x224, x255); + var x274: u32 = undefined; + var x275: u1 = undefined; + fiatP256AddcarryxU32(&x274, &x275, x273, x226, x257); + var x276: u32 = undefined; + var x277: u1 = undefined; + fiatP256AddcarryxU32(&x276, &x277, x275, x228, x259); + var x278: u32 = undefined; + var x279: u1 = undefined; + fiatP256AddcarryxU32(&x278, &x279, x277, x230, x261); + var x280: u32 = undefined; + var x281: u1 = undefined; + fiatP256AddcarryxU32(&x280, &x281, x279, x232, x263); + var x282: u32 = undefined; + var x283: u32 = undefined; + fiatP256MulxU32(&x282, &x283, x264, 0xffffffff); + var x284: u32 = undefined; + var x285: u32 = undefined; + fiatP256MulxU32(&x284, &x285, x264, 0xffffffff); + var x286: u32 = undefined; + var x287: u32 = undefined; + fiatP256MulxU32(&x286, &x287, x264, 0xffffffff); + var x288: u32 = undefined; + var x289: u32 = undefined; + fiatP256MulxU32(&x288, &x289, x264, 0xffffffff); + var x290: u32 = undefined; + var x291: u1 = undefined; + fiatP256AddcarryxU32(&x290, &x291, 0x0, x289, x286); + var x292: u32 = undefined; + var x293: u1 = undefined; + fiatP256AddcarryxU32(&x292, &x293, x291, x287, x284); + const x294: u32 = (@intCast(u32, x293) + x285); + var x295: u32 = undefined; + var x296: u1 = undefined; + fiatP256AddcarryxU32(&x295, &x296, 0x0, x264, x288); + var x297: u32 = undefined; + var x298: u1 = undefined; + fiatP256AddcarryxU32(&x297, &x298, x296, x266, x290); + var x299: u32 = undefined; + var x300: u1 = undefined; + fiatP256AddcarryxU32(&x299, &x300, x298, x268, x292); + var x301: u32 = undefined; + var x302: u1 = undefined; + fiatP256AddcarryxU32(&x301, &x302, x300, x270, x294); + var x303: u32 = undefined; + var x304: u1 = undefined; + fiatP256AddcarryxU32(&x303, &x304, x302, x272, @intCast(u32, 0x0)); + var x305: u32 = undefined; + var x306: u1 = undefined; + fiatP256AddcarryxU32(&x305, &x306, x304, x274, @intCast(u32, 0x0)); + var x307: u32 = undefined; + var x308: u1 = undefined; + fiatP256AddcarryxU32(&x307, &x308, x306, x276, x264); + var x309: u32 = undefined; + var x310: u1 = undefined; + fiatP256AddcarryxU32(&x309, &x310, x308, x278, x282); + var x311: u32 = undefined; + var x312: u1 = undefined; + fiatP256AddcarryxU32(&x311, &x312, x310, x280, x283); + const x313: u32 = (@intCast(u32, x312) + @intCast(u32, x281)); + var x314: u32 = undefined; + var x315: u32 = undefined; + fiatP256MulxU32(&x314, &x315, x4, (arg2[7])); + var x316: u32 = undefined; + var x317: u32 = undefined; + fiatP256MulxU32(&x316, &x317, x4, (arg2[6])); + var x318: u32 = undefined; + var x319: u32 = undefined; + fiatP256MulxU32(&x318, &x319, x4, (arg2[5])); + var x320: u32 = undefined; + var x321: u32 = undefined; + fiatP256MulxU32(&x320, &x321, x4, (arg2[4])); + var x322: u32 = undefined; + var x323: u32 = undefined; + fiatP256MulxU32(&x322, &x323, x4, (arg2[3])); + var x324: u32 = undefined; + var x325: u32 = undefined; + fiatP256MulxU32(&x324, &x325, x4, (arg2[2])); + var x326: u32 = undefined; + var x327: u32 = undefined; + fiatP256MulxU32(&x326, &x327, x4, (arg2[1])); + var x328: u32 = undefined; + var x329: u32 = undefined; + fiatP256MulxU32(&x328, &x329, x4, (arg2[0])); + var x330: u32 = undefined; + var x331: u1 = undefined; + fiatP256AddcarryxU32(&x330, &x331, 0x0, x329, x326); + var x332: u32 = undefined; + var x333: u1 = undefined; + fiatP256AddcarryxU32(&x332, &x333, x331, x327, x324); + var x334: u32 = undefined; + var x335: u1 = undefined; + fiatP256AddcarryxU32(&x334, &x335, x333, x325, x322); + var x336: u32 = undefined; + var x337: u1 = undefined; + fiatP256AddcarryxU32(&x336, &x337, x335, x323, x320); + var x338: u32 = undefined; + var x339: u1 = undefined; + fiatP256AddcarryxU32(&x338, &x339, x337, x321, x318); + var x340: u32 = undefined; + var x341: u1 = undefined; + fiatP256AddcarryxU32(&x340, &x341, x339, x319, x316); + var x342: u32 = undefined; + var x343: u1 = undefined; + fiatP256AddcarryxU32(&x342, &x343, x341, x317, x314); + const x344: u32 = (@intCast(u32, x343) + x315); + var x345: u32 = undefined; + var x346: u1 = undefined; + fiatP256AddcarryxU32(&x345, &x346, 0x0, x297, x328); + var x347: u32 = undefined; + var x348: u1 = undefined; + fiatP256AddcarryxU32(&x347, &x348, x346, x299, x330); + var x349: u32 = undefined; + var x350: u1 = undefined; + fiatP256AddcarryxU32(&x349, &x350, x348, x301, x332); + var x351: u32 = undefined; + var x352: u1 = undefined; + fiatP256AddcarryxU32(&x351, &x352, x350, x303, x334); + var x353: u32 = undefined; + var x354: u1 = undefined; + fiatP256AddcarryxU32(&x353, &x354, x352, x305, x336); + var x355: u32 = undefined; + var x356: u1 = undefined; + fiatP256AddcarryxU32(&x355, &x356, x354, x307, x338); + var x357: u32 = undefined; + var x358: u1 = undefined; + fiatP256AddcarryxU32(&x357, &x358, x356, x309, x340); + var x359: u32 = undefined; + var x360: u1 = undefined; + fiatP256AddcarryxU32(&x359, &x360, x358, x311, x342); + var x361: u32 = undefined; + var x362: u1 = undefined; + fiatP256AddcarryxU32(&x361, &x362, x360, x313, x344); + var x363: u32 = undefined; + var x364: u32 = undefined; + fiatP256MulxU32(&x363, &x364, x345, 0xffffffff); + var x365: u32 = undefined; + var x366: u32 = undefined; + fiatP256MulxU32(&x365, &x366, x345, 0xffffffff); + var x367: u32 = undefined; + var x368: u32 = undefined; + fiatP256MulxU32(&x367, &x368, x345, 0xffffffff); + var x369: u32 = undefined; + var x370: u32 = undefined; + fiatP256MulxU32(&x369, &x370, x345, 0xffffffff); + var x371: u32 = undefined; + var x372: u1 = undefined; + fiatP256AddcarryxU32(&x371, &x372, 0x0, x370, x367); + var x373: u32 = undefined; + var x374: u1 = undefined; + fiatP256AddcarryxU32(&x373, &x374, x372, x368, x365); + const x375: u32 = (@intCast(u32, x374) + x366); + var x376: u32 = undefined; + var x377: u1 = undefined; + fiatP256AddcarryxU32(&x376, &x377, 0x0, x345, x369); + var x378: u32 = undefined; + var x379: u1 = undefined; + fiatP256AddcarryxU32(&x378, &x379, x377, x347, x371); + var x380: u32 = undefined; + var x381: u1 = undefined; + fiatP256AddcarryxU32(&x380, &x381, x379, x349, x373); + var x382: u32 = undefined; + var x383: u1 = undefined; + fiatP256AddcarryxU32(&x382, &x383, x381, x351, x375); + var x384: u32 = undefined; + var x385: u1 = undefined; + fiatP256AddcarryxU32(&x384, &x385, x383, x353, @intCast(u32, 0x0)); + var x386: u32 = undefined; + var x387: u1 = undefined; + fiatP256AddcarryxU32(&x386, &x387, x385, x355, @intCast(u32, 0x0)); + var x388: u32 = undefined; + var x389: u1 = undefined; + fiatP256AddcarryxU32(&x388, &x389, x387, x357, x345); + var x390: u32 = undefined; + var x391: u1 = undefined; + fiatP256AddcarryxU32(&x390, &x391, x389, x359, x363); + var x392: u32 = undefined; + var x393: u1 = undefined; + fiatP256AddcarryxU32(&x392, &x393, x391, x361, x364); + const x394: u32 = (@intCast(u32, x393) + @intCast(u32, x362)); + var x395: u32 = undefined; + var x396: u32 = undefined; + fiatP256MulxU32(&x395, &x396, x5, (arg2[7])); + var x397: u32 = undefined; + var x398: u32 = undefined; + fiatP256MulxU32(&x397, &x398, x5, (arg2[6])); + var x399: u32 = undefined; + var x400: u32 = undefined; + fiatP256MulxU32(&x399, &x400, x5, (arg2[5])); + var x401: u32 = undefined; + var x402: u32 = undefined; + fiatP256MulxU32(&x401, &x402, x5, (arg2[4])); + var x403: u32 = undefined; + var x404: u32 = undefined; + fiatP256MulxU32(&x403, &x404, x5, (arg2[3])); + var x405: u32 = undefined; + var x406: u32 = undefined; + fiatP256MulxU32(&x405, &x406, x5, (arg2[2])); + var x407: u32 = undefined; + var x408: u32 = undefined; + fiatP256MulxU32(&x407, &x408, x5, (arg2[1])); + var x409: u32 = undefined; + var x410: u32 = undefined; + fiatP256MulxU32(&x409, &x410, x5, (arg2[0])); + var x411: u32 = undefined; + var x412: u1 = undefined; + fiatP256AddcarryxU32(&x411, &x412, 0x0, x410, x407); + var x413: u32 = undefined; + var x414: u1 = undefined; + fiatP256AddcarryxU32(&x413, &x414, x412, x408, x405); + var x415: u32 = undefined; + var x416: u1 = undefined; + fiatP256AddcarryxU32(&x415, &x416, x414, x406, x403); + var x417: u32 = undefined; + var x418: u1 = undefined; + fiatP256AddcarryxU32(&x417, &x418, x416, x404, x401); + var x419: u32 = undefined; + var x420: u1 = undefined; + fiatP256AddcarryxU32(&x419, &x420, x418, x402, x399); + var x421: u32 = undefined; + var x422: u1 = undefined; + fiatP256AddcarryxU32(&x421, &x422, x420, x400, x397); + var x423: u32 = undefined; + var x424: u1 = undefined; + fiatP256AddcarryxU32(&x423, &x424, x422, x398, x395); + const x425: u32 = (@intCast(u32, x424) + x396); + var x426: u32 = undefined; + var x427: u1 = undefined; + fiatP256AddcarryxU32(&x426, &x427, 0x0, x378, x409); + var x428: u32 = undefined; + var x429: u1 = undefined; + fiatP256AddcarryxU32(&x428, &x429, x427, x380, x411); + var x430: u32 = undefined; + var x431: u1 = undefined; + fiatP256AddcarryxU32(&x430, &x431, x429, x382, x413); + var x432: u32 = undefined; + var x433: u1 = undefined; + fiatP256AddcarryxU32(&x432, &x433, x431, x384, x415); + var x434: u32 = undefined; + var x435: u1 = undefined; + fiatP256AddcarryxU32(&x434, &x435, x433, x386, x417); + var x436: u32 = undefined; + var x437: u1 = undefined; + fiatP256AddcarryxU32(&x436, &x437, x435, x388, x419); + var x438: u32 = undefined; + var x439: u1 = undefined; + fiatP256AddcarryxU32(&x438, &x439, x437, x390, x421); + var x440: u32 = undefined; + var x441: u1 = undefined; + fiatP256AddcarryxU32(&x440, &x441, x439, x392, x423); + var x442: u32 = undefined; + var x443: u1 = undefined; + fiatP256AddcarryxU32(&x442, &x443, x441, x394, x425); + var x444: u32 = undefined; + var x445: u32 = undefined; + fiatP256MulxU32(&x444, &x445, x426, 0xffffffff); + var x446: u32 = undefined; + var x447: u32 = undefined; + fiatP256MulxU32(&x446, &x447, x426, 0xffffffff); + var x448: u32 = undefined; + var x449: u32 = undefined; + fiatP256MulxU32(&x448, &x449, x426, 0xffffffff); + var x450: u32 = undefined; + var x451: u32 = undefined; + fiatP256MulxU32(&x450, &x451, x426, 0xffffffff); + var x452: u32 = undefined; + var x453: u1 = undefined; + fiatP256AddcarryxU32(&x452, &x453, 0x0, x451, x448); + var x454: u32 = undefined; + var x455: u1 = undefined; + fiatP256AddcarryxU32(&x454, &x455, x453, x449, x446); + const x456: u32 = (@intCast(u32, x455) + x447); + var x457: u32 = undefined; + var x458: u1 = undefined; + fiatP256AddcarryxU32(&x457, &x458, 0x0, x426, x450); + var x459: u32 = undefined; + var x460: u1 = undefined; + fiatP256AddcarryxU32(&x459, &x460, x458, x428, x452); + var x461: u32 = undefined; + var x462: u1 = undefined; + fiatP256AddcarryxU32(&x461, &x462, x460, x430, x454); + var x463: u32 = undefined; + var x464: u1 = undefined; + fiatP256AddcarryxU32(&x463, &x464, x462, x432, x456); + var x465: u32 = undefined; + var x466: u1 = undefined; + fiatP256AddcarryxU32(&x465, &x466, x464, x434, @intCast(u32, 0x0)); + var x467: u32 = undefined; + var x468: u1 = undefined; + fiatP256AddcarryxU32(&x467, &x468, x466, x436, @intCast(u32, 0x0)); + var x469: u32 = undefined; + var x470: u1 = undefined; + fiatP256AddcarryxU32(&x469, &x470, x468, x438, x426); + var x471: u32 = undefined; + var x472: u1 = undefined; + fiatP256AddcarryxU32(&x471, &x472, x470, x440, x444); + var x473: u32 = undefined; + var x474: u1 = undefined; + fiatP256AddcarryxU32(&x473, &x474, x472, x442, x445); + const x475: u32 = (@intCast(u32, x474) + @intCast(u32, x443)); + var x476: u32 = undefined; + var x477: u32 = undefined; + fiatP256MulxU32(&x476, &x477, x6, (arg2[7])); + var x478: u32 = undefined; + var x479: u32 = undefined; + fiatP256MulxU32(&x478, &x479, x6, (arg2[6])); + var x480: u32 = undefined; + var x481: u32 = undefined; + fiatP256MulxU32(&x480, &x481, x6, (arg2[5])); + var x482: u32 = undefined; + var x483: u32 = undefined; + fiatP256MulxU32(&x482, &x483, x6, (arg2[4])); + var x484: u32 = undefined; + var x485: u32 = undefined; + fiatP256MulxU32(&x484, &x485, x6, (arg2[3])); + var x486: u32 = undefined; + var x487: u32 = undefined; + fiatP256MulxU32(&x486, &x487, x6, (arg2[2])); + var x488: u32 = undefined; + var x489: u32 = undefined; + fiatP256MulxU32(&x488, &x489, x6, (arg2[1])); + var x490: u32 = undefined; + var x491: u32 = undefined; + fiatP256MulxU32(&x490, &x491, x6, (arg2[0])); + var x492: u32 = undefined; + var x493: u1 = undefined; + fiatP256AddcarryxU32(&x492, &x493, 0x0, x491, x488); + var x494: u32 = undefined; + var x495: u1 = undefined; + fiatP256AddcarryxU32(&x494, &x495, x493, x489, x486); + var x496: u32 = undefined; + var x497: u1 = undefined; + fiatP256AddcarryxU32(&x496, &x497, x495, x487, x484); + var x498: u32 = undefined; + var x499: u1 = undefined; + fiatP256AddcarryxU32(&x498, &x499, x497, x485, x482); + var x500: u32 = undefined; + var x501: u1 = undefined; + fiatP256AddcarryxU32(&x500, &x501, x499, x483, x480); + var x502: u32 = undefined; + var x503: u1 = undefined; + fiatP256AddcarryxU32(&x502, &x503, x501, x481, x478); + var x504: u32 = undefined; + var x505: u1 = undefined; + fiatP256AddcarryxU32(&x504, &x505, x503, x479, x476); + const x506: u32 = (@intCast(u32, x505) + x477); + var x507: u32 = undefined; + var x508: u1 = undefined; + fiatP256AddcarryxU32(&x507, &x508, 0x0, x459, x490); + var x509: u32 = undefined; + var x510: u1 = undefined; + fiatP256AddcarryxU32(&x509, &x510, x508, x461, x492); + var x511: u32 = undefined; + var x512: u1 = undefined; + fiatP256AddcarryxU32(&x511, &x512, x510, x463, x494); + var x513: u32 = undefined; + var x514: u1 = undefined; + fiatP256AddcarryxU32(&x513, &x514, x512, x465, x496); + var x515: u32 = undefined; + var x516: u1 = undefined; + fiatP256AddcarryxU32(&x515, &x516, x514, x467, x498); + var x517: u32 = undefined; + var x518: u1 = undefined; + fiatP256AddcarryxU32(&x517, &x518, x516, x469, x500); + var x519: u32 = undefined; + var x520: u1 = undefined; + fiatP256AddcarryxU32(&x519, &x520, x518, x471, x502); + var x521: u32 = undefined; + var x522: u1 = undefined; + fiatP256AddcarryxU32(&x521, &x522, x520, x473, x504); + var x523: u32 = undefined; + var x524: u1 = undefined; + fiatP256AddcarryxU32(&x523, &x524, x522, x475, x506); + var x525: u32 = undefined; + var x526: u32 = undefined; + fiatP256MulxU32(&x525, &x526, x507, 0xffffffff); + var x527: u32 = undefined; + var x528: u32 = undefined; + fiatP256MulxU32(&x527, &x528, x507, 0xffffffff); + var x529: u32 = undefined; + var x530: u32 = undefined; + fiatP256MulxU32(&x529, &x530, x507, 0xffffffff); + var x531: u32 = undefined; + var x532: u32 = undefined; + fiatP256MulxU32(&x531, &x532, x507, 0xffffffff); + var x533: u32 = undefined; + var x534: u1 = undefined; + fiatP256AddcarryxU32(&x533, &x534, 0x0, x532, x529); + var x535: u32 = undefined; + var x536: u1 = undefined; + fiatP256AddcarryxU32(&x535, &x536, x534, x530, x527); + const x537: u32 = (@intCast(u32, x536) + x528); + var x538: u32 = undefined; + var x539: u1 = undefined; + fiatP256AddcarryxU32(&x538, &x539, 0x0, x507, x531); + var x540: u32 = undefined; + var x541: u1 = undefined; + fiatP256AddcarryxU32(&x540, &x541, x539, x509, x533); + var x542: u32 = undefined; + var x543: u1 = undefined; + fiatP256AddcarryxU32(&x542, &x543, x541, x511, x535); + var x544: u32 = undefined; + var x545: u1 = undefined; + fiatP256AddcarryxU32(&x544, &x545, x543, x513, x537); + var x546: u32 = undefined; + var x547: u1 = undefined; + fiatP256AddcarryxU32(&x546, &x547, x545, x515, @intCast(u32, 0x0)); + var x548: u32 = undefined; + var x549: u1 = undefined; + fiatP256AddcarryxU32(&x548, &x549, x547, x517, @intCast(u32, 0x0)); + var x550: u32 = undefined; + var x551: u1 = undefined; + fiatP256AddcarryxU32(&x550, &x551, x549, x519, x507); + var x552: u32 = undefined; + var x553: u1 = undefined; + fiatP256AddcarryxU32(&x552, &x553, x551, x521, x525); + var x554: u32 = undefined; + var x555: u1 = undefined; + fiatP256AddcarryxU32(&x554, &x555, x553, x523, x526); + const x556: u32 = (@intCast(u32, x555) + @intCast(u32, x524)); + var x557: u32 = undefined; + var x558: u32 = undefined; + fiatP256MulxU32(&x557, &x558, x7, (arg2[7])); + var x559: u32 = undefined; + var x560: u32 = undefined; + fiatP256MulxU32(&x559, &x560, x7, (arg2[6])); + var x561: u32 = undefined; + var x562: u32 = undefined; + fiatP256MulxU32(&x561, &x562, x7, (arg2[5])); + var x563: u32 = undefined; + var x564: u32 = undefined; + fiatP256MulxU32(&x563, &x564, x7, (arg2[4])); + var x565: u32 = undefined; + var x566: u32 = undefined; + fiatP256MulxU32(&x565, &x566, x7, (arg2[3])); + var x567: u32 = undefined; + var x568: u32 = undefined; + fiatP256MulxU32(&x567, &x568, x7, (arg2[2])); + var x569: u32 = undefined; + var x570: u32 = undefined; + fiatP256MulxU32(&x569, &x570, x7, (arg2[1])); + var x571: u32 = undefined; + var x572: u32 = undefined; + fiatP256MulxU32(&x571, &x572, x7, (arg2[0])); + var x573: u32 = undefined; + var x574: u1 = undefined; + fiatP256AddcarryxU32(&x573, &x574, 0x0, x572, x569); + var x575: u32 = undefined; + var x576: u1 = undefined; + fiatP256AddcarryxU32(&x575, &x576, x574, x570, x567); + var x577: u32 = undefined; + var x578: u1 = undefined; + fiatP256AddcarryxU32(&x577, &x578, x576, x568, x565); + var x579: u32 = undefined; + var x580: u1 = undefined; + fiatP256AddcarryxU32(&x579, &x580, x578, x566, x563); + var x581: u32 = undefined; + var x582: u1 = undefined; + fiatP256AddcarryxU32(&x581, &x582, x580, x564, x561); + var x583: u32 = undefined; + var x584: u1 = undefined; + fiatP256AddcarryxU32(&x583, &x584, x582, x562, x559); + var x585: u32 = undefined; + var x586: u1 = undefined; + fiatP256AddcarryxU32(&x585, &x586, x584, x560, x557); + const x587: u32 = (@intCast(u32, x586) + x558); + var x588: u32 = undefined; + var x589: u1 = undefined; + fiatP256AddcarryxU32(&x588, &x589, 0x0, x540, x571); + var x590: u32 = undefined; + var x591: u1 = undefined; + fiatP256AddcarryxU32(&x590, &x591, x589, x542, x573); + var x592: u32 = undefined; + var x593: u1 = undefined; + fiatP256AddcarryxU32(&x592, &x593, x591, x544, x575); + var x594: u32 = undefined; + var x595: u1 = undefined; + fiatP256AddcarryxU32(&x594, &x595, x593, x546, x577); + var x596: u32 = undefined; + var x597: u1 = undefined; + fiatP256AddcarryxU32(&x596, &x597, x595, x548, x579); + var x598: u32 = undefined; + var x599: u1 = undefined; + fiatP256AddcarryxU32(&x598, &x599, x597, x550, x581); + var x600: u32 = undefined; + var x601: u1 = undefined; + fiatP256AddcarryxU32(&x600, &x601, x599, x552, x583); + var x602: u32 = undefined; + var x603: u1 = undefined; + fiatP256AddcarryxU32(&x602, &x603, x601, x554, x585); + var x604: u32 = undefined; + var x605: u1 = undefined; + fiatP256AddcarryxU32(&x604, &x605, x603, x556, x587); + var x606: u32 = undefined; + var x607: u32 = undefined; + fiatP256MulxU32(&x606, &x607, x588, 0xffffffff); + var x608: u32 = undefined; + var x609: u32 = undefined; + fiatP256MulxU32(&x608, &x609, x588, 0xffffffff); + var x610: u32 = undefined; + var x611: u32 = undefined; + fiatP256MulxU32(&x610, &x611, x588, 0xffffffff); + var x612: u32 = undefined; + var x613: u32 = undefined; + fiatP256MulxU32(&x612, &x613, x588, 0xffffffff); + var x614: u32 = undefined; + var x615: u1 = undefined; + fiatP256AddcarryxU32(&x614, &x615, 0x0, x613, x610); + var x616: u32 = undefined; + var x617: u1 = undefined; + fiatP256AddcarryxU32(&x616, &x617, x615, x611, x608); + const x618: u32 = (@intCast(u32, x617) + x609); + var x619: u32 = undefined; + var x620: u1 = undefined; + fiatP256AddcarryxU32(&x619, &x620, 0x0, x588, x612); + var x621: u32 = undefined; + var x622: u1 = undefined; + fiatP256AddcarryxU32(&x621, &x622, x620, x590, x614); + var x623: u32 = undefined; + var x624: u1 = undefined; + fiatP256AddcarryxU32(&x623, &x624, x622, x592, x616); + var x625: u32 = undefined; + var x626: u1 = undefined; + fiatP256AddcarryxU32(&x625, &x626, x624, x594, x618); + var x627: u32 = undefined; + var x628: u1 = undefined; + fiatP256AddcarryxU32(&x627, &x628, x626, x596, @intCast(u32, 0x0)); + var x629: u32 = undefined; + var x630: u1 = undefined; + fiatP256AddcarryxU32(&x629, &x630, x628, x598, @intCast(u32, 0x0)); + var x631: u32 = undefined; + var x632: u1 = undefined; + fiatP256AddcarryxU32(&x631, &x632, x630, x600, x588); + var x633: u32 = undefined; + var x634: u1 = undefined; + fiatP256AddcarryxU32(&x633, &x634, x632, x602, x606); + var x635: u32 = undefined; + var x636: u1 = undefined; + fiatP256AddcarryxU32(&x635, &x636, x634, x604, x607); + const x637: u32 = (@intCast(u32, x636) + @intCast(u32, x605)); + var x638: u32 = undefined; + var x639: u1 = undefined; + fiatP256SubborrowxU32(&x638, &x639, 0x0, x621, 0xffffffff); + var x640: u32 = undefined; + var x641: u1 = undefined; + fiatP256SubborrowxU32(&x640, &x641, x639, x623, 0xffffffff); + var x642: u32 = undefined; + var x643: u1 = undefined; + fiatP256SubborrowxU32(&x642, &x643, x641, x625, 0xffffffff); + var x644: u32 = undefined; + var x645: u1 = undefined; + fiatP256SubborrowxU32(&x644, &x645, x643, x627, @intCast(u32, 0x0)); + var x646: u32 = undefined; + var x647: u1 = undefined; + fiatP256SubborrowxU32(&x646, &x647, x645, x629, @intCast(u32, 0x0)); + var x648: u32 = undefined; + var x649: u1 = undefined; + fiatP256SubborrowxU32(&x648, &x649, x647, x631, @intCast(u32, 0x0)); + var x650: u32 = undefined; + var x651: u1 = undefined; + fiatP256SubborrowxU32(&x650, &x651, x649, x633, @intCast(u32, 0x1)); + var x652: u32 = undefined; + var x653: u1 = undefined; + fiatP256SubborrowxU32(&x652, &x653, x651, x635, 0xffffffff); + var x654: u32 = undefined; + var x655: u1 = undefined; + fiatP256SubborrowxU32(&x654, &x655, x653, x637, @intCast(u32, 0x0)); + var x656: u32 = undefined; + fiatP256CmovznzU32(&x656, x655, x638, x621); + var x657: u32 = undefined; + fiatP256CmovznzU32(&x657, x655, x640, x623); + var x658: u32 = undefined; + fiatP256CmovznzU32(&x658, x655, x642, x625); + var x659: u32 = undefined; + fiatP256CmovznzU32(&x659, x655, x644, x627); + var x660: u32 = undefined; + fiatP256CmovznzU32(&x660, x655, x646, x629); + var x661: u32 = undefined; + fiatP256CmovznzU32(&x661, x655, x648, x631); + var x662: u32 = undefined; + fiatP256CmovznzU32(&x662, x655, x650, x633); + var x663: u32 = undefined; + fiatP256CmovznzU32(&x663, x655, x652, x635); + out1[0] = x656; + out1[1] = x657; + out1[2] = x658; + out1[3] = x659; + out1[4] = x660; + out1[5] = x661; + out1[6] = x662; + out1[7] = x663; +} + +/// The function fiatP256Square squares a field element in the Montgomery domain. +/// Preconditions: +/// 0 ≤ eval arg1 < m +/// Postconditions: +/// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg1)) mod m +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +pub fn fiatP256Square(out1: *[8]u32, arg1: [8]u32) void { + const x1: u32 = (arg1[1]); + const x2: u32 = (arg1[2]); + const x3: u32 = (arg1[3]); + const x4: u32 = (arg1[4]); + const x5: u32 = (arg1[5]); + const x6: u32 = (arg1[6]); + const x7: u32 = (arg1[7]); + const x8: u32 = (arg1[0]); + var x9: u32 = undefined; + var x10: u32 = undefined; + fiatP256MulxU32(&x9, &x10, x8, (arg1[7])); + var x11: u32 = undefined; + var x12: u32 = undefined; + fiatP256MulxU32(&x11, &x12, x8, (arg1[6])); + var x13: u32 = undefined; + var x14: u32 = undefined; + fiatP256MulxU32(&x13, &x14, x8, (arg1[5])); + var x15: u32 = undefined; + var x16: u32 = undefined; + fiatP256MulxU32(&x15, &x16, x8, (arg1[4])); + var x17: u32 = undefined; + var x18: u32 = undefined; + fiatP256MulxU32(&x17, &x18, x8, (arg1[3])); + var x19: u32 = undefined; + var x20: u32 = undefined; + fiatP256MulxU32(&x19, &x20, x8, (arg1[2])); + var x21: u32 = undefined; + var x22: u32 = undefined; + fiatP256MulxU32(&x21, &x22, x8, (arg1[1])); + var x23: u32 = undefined; + var x24: u32 = undefined; + fiatP256MulxU32(&x23, &x24, x8, (arg1[0])); + var x25: u32 = undefined; + var x26: u1 = undefined; + fiatP256AddcarryxU32(&x25, &x26, 0x0, x24, x21); + var x27: u32 = undefined; + var x28: u1 = undefined; + fiatP256AddcarryxU32(&x27, &x28, x26, x22, x19); + var x29: u32 = undefined; + var x30: u1 = undefined; + fiatP256AddcarryxU32(&x29, &x30, x28, x20, x17); + var x31: u32 = undefined; + var x32: u1 = undefined; + fiatP256AddcarryxU32(&x31, &x32, x30, x18, x15); + var x33: u32 = undefined; + var x34: u1 = undefined; + fiatP256AddcarryxU32(&x33, &x34, x32, x16, x13); + var x35: u32 = undefined; + var x36: u1 = undefined; + fiatP256AddcarryxU32(&x35, &x36, x34, x14, x11); + var x37: u32 = undefined; + var x38: u1 = undefined; + fiatP256AddcarryxU32(&x37, &x38, x36, x12, x9); + const x39: u32 = (@intCast(u32, x38) + x10); + var x40: u32 = undefined; + var x41: u32 = undefined; + fiatP256MulxU32(&x40, &x41, x23, 0xffffffff); + var x42: u32 = undefined; + var x43: u32 = undefined; + fiatP256MulxU32(&x42, &x43, x23, 0xffffffff); + var x44: u32 = undefined; + var x45: u32 = undefined; + fiatP256MulxU32(&x44, &x45, x23, 0xffffffff); + var x46: u32 = undefined; + var x47: u32 = undefined; + fiatP256MulxU32(&x46, &x47, x23, 0xffffffff); + var x48: u32 = undefined; + var x49: u1 = undefined; + fiatP256AddcarryxU32(&x48, &x49, 0x0, x47, x44); + var x50: u32 = undefined; + var x51: u1 = undefined; + fiatP256AddcarryxU32(&x50, &x51, x49, x45, x42); + const x52: u32 = (@intCast(u32, x51) + x43); + var x53: u32 = undefined; + var x54: u1 = undefined; + fiatP256AddcarryxU32(&x53, &x54, 0x0, x23, x46); + var x55: u32 = undefined; + var x56: u1 = undefined; + fiatP256AddcarryxU32(&x55, &x56, x54, x25, x48); + var x57: u32 = undefined; + var x58: u1 = undefined; + fiatP256AddcarryxU32(&x57, &x58, x56, x27, x50); + var x59: u32 = undefined; + var x60: u1 = undefined; + fiatP256AddcarryxU32(&x59, &x60, x58, x29, x52); + var x61: u32 = undefined; + var x62: u1 = undefined; + fiatP256AddcarryxU32(&x61, &x62, x60, x31, @intCast(u32, 0x0)); + var x63: u32 = undefined; + var x64: u1 = undefined; + fiatP256AddcarryxU32(&x63, &x64, x62, x33, @intCast(u32, 0x0)); + var x65: u32 = undefined; + var x66: u1 = undefined; + fiatP256AddcarryxU32(&x65, &x66, x64, x35, x23); + var x67: u32 = undefined; + var x68: u1 = undefined; + fiatP256AddcarryxU32(&x67, &x68, x66, x37, x40); + var x69: u32 = undefined; + var x70: u1 = undefined; + fiatP256AddcarryxU32(&x69, &x70, x68, x39, x41); + var x71: u32 = undefined; + var x72: u32 = undefined; + fiatP256MulxU32(&x71, &x72, x1, (arg1[7])); + var x73: u32 = undefined; + var x74: u32 = undefined; + fiatP256MulxU32(&x73, &x74, x1, (arg1[6])); + var x75: u32 = undefined; + var x76: u32 = undefined; + fiatP256MulxU32(&x75, &x76, x1, (arg1[5])); + var x77: u32 = undefined; + var x78: u32 = undefined; + fiatP256MulxU32(&x77, &x78, x1, (arg1[4])); + var x79: u32 = undefined; + var x80: u32 = undefined; + fiatP256MulxU32(&x79, &x80, x1, (arg1[3])); + var x81: u32 = undefined; + var x82: u32 = undefined; + fiatP256MulxU32(&x81, &x82, x1, (arg1[2])); + var x83: u32 = undefined; + var x84: u32 = undefined; + fiatP256MulxU32(&x83, &x84, x1, (arg1[1])); + var x85: u32 = undefined; + var x86: u32 = undefined; + fiatP256MulxU32(&x85, &x86, x1, (arg1[0])); + var x87: u32 = undefined; + var x88: u1 = undefined; + fiatP256AddcarryxU32(&x87, &x88, 0x0, x86, x83); + var x89: u32 = undefined; + var x90: u1 = undefined; + fiatP256AddcarryxU32(&x89, &x90, x88, x84, x81); + var x91: u32 = undefined; + var x92: u1 = undefined; + fiatP256AddcarryxU32(&x91, &x92, x90, x82, x79); + var x93: u32 = undefined; + var x94: u1 = undefined; + fiatP256AddcarryxU32(&x93, &x94, x92, x80, x77); + var x95: u32 = undefined; + var x96: u1 = undefined; + fiatP256AddcarryxU32(&x95, &x96, x94, x78, x75); + var x97: u32 = undefined; + var x98: u1 = undefined; + fiatP256AddcarryxU32(&x97, &x98, x96, x76, x73); + var x99: u32 = undefined; + var x100: u1 = undefined; + fiatP256AddcarryxU32(&x99, &x100, x98, x74, x71); + const x101: u32 = (@intCast(u32, x100) + x72); + var x102: u32 = undefined; + var x103: u1 = undefined; + fiatP256AddcarryxU32(&x102, &x103, 0x0, x55, x85); + var x104: u32 = undefined; + var x105: u1 = undefined; + fiatP256AddcarryxU32(&x104, &x105, x103, x57, x87); + var x106: u32 = undefined; + var x107: u1 = undefined; + fiatP256AddcarryxU32(&x106, &x107, x105, x59, x89); + var x108: u32 = undefined; + var x109: u1 = undefined; + fiatP256AddcarryxU32(&x108, &x109, x107, x61, x91); + var x110: u32 = undefined; + var x111: u1 = undefined; + fiatP256AddcarryxU32(&x110, &x111, x109, x63, x93); + var x112: u32 = undefined; + var x113: u1 = undefined; + fiatP256AddcarryxU32(&x112, &x113, x111, x65, x95); + var x114: u32 = undefined; + var x115: u1 = undefined; + fiatP256AddcarryxU32(&x114, &x115, x113, x67, x97); + var x116: u32 = undefined; + var x117: u1 = undefined; + fiatP256AddcarryxU32(&x116, &x117, x115, x69, x99); + var x118: u32 = undefined; + var x119: u1 = undefined; + fiatP256AddcarryxU32(&x118, &x119, x117, @intCast(u32, x70), x101); + var x120: u32 = undefined; + var x121: u32 = undefined; + fiatP256MulxU32(&x120, &x121, x102, 0xffffffff); + var x122: u32 = undefined; + var x123: u32 = undefined; + fiatP256MulxU32(&x122, &x123, x102, 0xffffffff); + var x124: u32 = undefined; + var x125: u32 = undefined; + fiatP256MulxU32(&x124, &x125, x102, 0xffffffff); + var x126: u32 = undefined; + var x127: u32 = undefined; + fiatP256MulxU32(&x126, &x127, x102, 0xffffffff); + var x128: u32 = undefined; + var x129: u1 = undefined; + fiatP256AddcarryxU32(&x128, &x129, 0x0, x127, x124); + var x130: u32 = undefined; + var x131: u1 = undefined; + fiatP256AddcarryxU32(&x130, &x131, x129, x125, x122); + const x132: u32 = (@intCast(u32, x131) + x123); + var x133: u32 = undefined; + var x134: u1 = undefined; + fiatP256AddcarryxU32(&x133, &x134, 0x0, x102, x126); + var x135: u32 = undefined; + var x136: u1 = undefined; + fiatP256AddcarryxU32(&x135, &x136, x134, x104, x128); + var x137: u32 = undefined; + var x138: u1 = undefined; + fiatP256AddcarryxU32(&x137, &x138, x136, x106, x130); + var x139: u32 = undefined; + var x140: u1 = undefined; + fiatP256AddcarryxU32(&x139, &x140, x138, x108, x132); + var x141: u32 = undefined; + var x142: u1 = undefined; + fiatP256AddcarryxU32(&x141, &x142, x140, x110, @intCast(u32, 0x0)); + var x143: u32 = undefined; + var x144: u1 = undefined; + fiatP256AddcarryxU32(&x143, &x144, x142, x112, @intCast(u32, 0x0)); + var x145: u32 = undefined; + var x146: u1 = undefined; + fiatP256AddcarryxU32(&x145, &x146, x144, x114, x102); + var x147: u32 = undefined; + var x148: u1 = undefined; + fiatP256AddcarryxU32(&x147, &x148, x146, x116, x120); + var x149: u32 = undefined; + var x150: u1 = undefined; + fiatP256AddcarryxU32(&x149, &x150, x148, x118, x121); + const x151: u32 = (@intCast(u32, x150) + @intCast(u32, x119)); + var x152: u32 = undefined; + var x153: u32 = undefined; + fiatP256MulxU32(&x152, &x153, x2, (arg1[7])); + var x154: u32 = undefined; + var x155: u32 = undefined; + fiatP256MulxU32(&x154, &x155, x2, (arg1[6])); + var x156: u32 = undefined; + var x157: u32 = undefined; + fiatP256MulxU32(&x156, &x157, x2, (arg1[5])); + var x158: u32 = undefined; + var x159: u32 = undefined; + fiatP256MulxU32(&x158, &x159, x2, (arg1[4])); + var x160: u32 = undefined; + var x161: u32 = undefined; + fiatP256MulxU32(&x160, &x161, x2, (arg1[3])); + var x162: u32 = undefined; + var x163: u32 = undefined; + fiatP256MulxU32(&x162, &x163, x2, (arg1[2])); + var x164: u32 = undefined; + var x165: u32 = undefined; + fiatP256MulxU32(&x164, &x165, x2, (arg1[1])); + var x166: u32 = undefined; + var x167: u32 = undefined; + fiatP256MulxU32(&x166, &x167, x2, (arg1[0])); + var x168: u32 = undefined; + var x169: u1 = undefined; + fiatP256AddcarryxU32(&x168, &x169, 0x0, x167, x164); + var x170: u32 = undefined; + var x171: u1 = undefined; + fiatP256AddcarryxU32(&x170, &x171, x169, x165, x162); + var x172: u32 = undefined; + var x173: u1 = undefined; + fiatP256AddcarryxU32(&x172, &x173, x171, x163, x160); + var x174: u32 = undefined; + var x175: u1 = undefined; + fiatP256AddcarryxU32(&x174, &x175, x173, x161, x158); + var x176: u32 = undefined; + var x177: u1 = undefined; + fiatP256AddcarryxU32(&x176, &x177, x175, x159, x156); + var x178: u32 = undefined; + var x179: u1 = undefined; + fiatP256AddcarryxU32(&x178, &x179, x177, x157, x154); + var x180: u32 = undefined; + var x181: u1 = undefined; + fiatP256AddcarryxU32(&x180, &x181, x179, x155, x152); + const x182: u32 = (@intCast(u32, x181) + x153); + var x183: u32 = undefined; + var x184: u1 = undefined; + fiatP256AddcarryxU32(&x183, &x184, 0x0, x135, x166); + var x185: u32 = undefined; + var x186: u1 = undefined; + fiatP256AddcarryxU32(&x185, &x186, x184, x137, x168); + var x187: u32 = undefined; + var x188: u1 = undefined; + fiatP256AddcarryxU32(&x187, &x188, x186, x139, x170); + var x189: u32 = undefined; + var x190: u1 = undefined; + fiatP256AddcarryxU32(&x189, &x190, x188, x141, x172); + var x191: u32 = undefined; + var x192: u1 = undefined; + fiatP256AddcarryxU32(&x191, &x192, x190, x143, x174); + var x193: u32 = undefined; + var x194: u1 = undefined; + fiatP256AddcarryxU32(&x193, &x194, x192, x145, x176); + var x195: u32 = undefined; + var x196: u1 = undefined; + fiatP256AddcarryxU32(&x195, &x196, x194, x147, x178); + var x197: u32 = undefined; + var x198: u1 = undefined; + fiatP256AddcarryxU32(&x197, &x198, x196, x149, x180); + var x199: u32 = undefined; + var x200: u1 = undefined; + fiatP256AddcarryxU32(&x199, &x200, x198, x151, x182); + var x201: u32 = undefined; + var x202: u32 = undefined; + fiatP256MulxU32(&x201, &x202, x183, 0xffffffff); + var x203: u32 = undefined; + var x204: u32 = undefined; + fiatP256MulxU32(&x203, &x204, x183, 0xffffffff); + var x205: u32 = undefined; + var x206: u32 = undefined; + fiatP256MulxU32(&x205, &x206, x183, 0xffffffff); + var x207: u32 = undefined; + var x208: u32 = undefined; + fiatP256MulxU32(&x207, &x208, x183, 0xffffffff); + var x209: u32 = undefined; + var x210: u1 = undefined; + fiatP256AddcarryxU32(&x209, &x210, 0x0, x208, x205); + var x211: u32 = undefined; + var x212: u1 = undefined; + fiatP256AddcarryxU32(&x211, &x212, x210, x206, x203); + const x213: u32 = (@intCast(u32, x212) + x204); + var x214: u32 = undefined; + var x215: u1 = undefined; + fiatP256AddcarryxU32(&x214, &x215, 0x0, x183, x207); + var x216: u32 = undefined; + var x217: u1 = undefined; + fiatP256AddcarryxU32(&x216, &x217, x215, x185, x209); + var x218: u32 = undefined; + var x219: u1 = undefined; + fiatP256AddcarryxU32(&x218, &x219, x217, x187, x211); + var x220: u32 = undefined; + var x221: u1 = undefined; + fiatP256AddcarryxU32(&x220, &x221, x219, x189, x213); + var x222: u32 = undefined; + var x223: u1 = undefined; + fiatP256AddcarryxU32(&x222, &x223, x221, x191, @intCast(u32, 0x0)); + var x224: u32 = undefined; + var x225: u1 = undefined; + fiatP256AddcarryxU32(&x224, &x225, x223, x193, @intCast(u32, 0x0)); + var x226: u32 = undefined; + var x227: u1 = undefined; + fiatP256AddcarryxU32(&x226, &x227, x225, x195, x183); + var x228: u32 = undefined; + var x229: u1 = undefined; + fiatP256AddcarryxU32(&x228, &x229, x227, x197, x201); + var x230: u32 = undefined; + var x231: u1 = undefined; + fiatP256AddcarryxU32(&x230, &x231, x229, x199, x202); + const x232: u32 = (@intCast(u32, x231) + @intCast(u32, x200)); + var x233: u32 = undefined; + var x234: u32 = undefined; + fiatP256MulxU32(&x233, &x234, x3, (arg1[7])); + var x235: u32 = undefined; + var x236: u32 = undefined; + fiatP256MulxU32(&x235, &x236, x3, (arg1[6])); + var x237: u32 = undefined; + var x238: u32 = undefined; + fiatP256MulxU32(&x237, &x238, x3, (arg1[5])); + var x239: u32 = undefined; + var x240: u32 = undefined; + fiatP256MulxU32(&x239, &x240, x3, (arg1[4])); + var x241: u32 = undefined; + var x242: u32 = undefined; + fiatP256MulxU32(&x241, &x242, x3, (arg1[3])); + var x243: u32 = undefined; + var x244: u32 = undefined; + fiatP256MulxU32(&x243, &x244, x3, (arg1[2])); + var x245: u32 = undefined; + var x246: u32 = undefined; + fiatP256MulxU32(&x245, &x246, x3, (arg1[1])); + var x247: u32 = undefined; + var x248: u32 = undefined; + fiatP256MulxU32(&x247, &x248, x3, (arg1[0])); + var x249: u32 = undefined; + var x250: u1 = undefined; + fiatP256AddcarryxU32(&x249, &x250, 0x0, x248, x245); + var x251: u32 = undefined; + var x252: u1 = undefined; + fiatP256AddcarryxU32(&x251, &x252, x250, x246, x243); + var x253: u32 = undefined; + var x254: u1 = undefined; + fiatP256AddcarryxU32(&x253, &x254, x252, x244, x241); + var x255: u32 = undefined; + var x256: u1 = undefined; + fiatP256AddcarryxU32(&x255, &x256, x254, x242, x239); + var x257: u32 = undefined; + var x258: u1 = undefined; + fiatP256AddcarryxU32(&x257, &x258, x256, x240, x237); + var x259: u32 = undefined; + var x260: u1 = undefined; + fiatP256AddcarryxU32(&x259, &x260, x258, x238, x235); + var x261: u32 = undefined; + var x262: u1 = undefined; + fiatP256AddcarryxU32(&x261, &x262, x260, x236, x233); + const x263: u32 = (@intCast(u32, x262) + x234); + var x264: u32 = undefined; + var x265: u1 = undefined; + fiatP256AddcarryxU32(&x264, &x265, 0x0, x216, x247); + var x266: u32 = undefined; + var x267: u1 = undefined; + fiatP256AddcarryxU32(&x266, &x267, x265, x218, x249); + var x268: u32 = undefined; + var x269: u1 = undefined; + fiatP256AddcarryxU32(&x268, &x269, x267, x220, x251); + var x270: u32 = undefined; + var x271: u1 = undefined; + fiatP256AddcarryxU32(&x270, &x271, x269, x222, x253); + var x272: u32 = undefined; + var x273: u1 = undefined; + fiatP256AddcarryxU32(&x272, &x273, x271, x224, x255); + var x274: u32 = undefined; + var x275: u1 = undefined; + fiatP256AddcarryxU32(&x274, &x275, x273, x226, x257); + var x276: u32 = undefined; + var x277: u1 = undefined; + fiatP256AddcarryxU32(&x276, &x277, x275, x228, x259); + var x278: u32 = undefined; + var x279: u1 = undefined; + fiatP256AddcarryxU32(&x278, &x279, x277, x230, x261); + var x280: u32 = undefined; + var x281: u1 = undefined; + fiatP256AddcarryxU32(&x280, &x281, x279, x232, x263); + var x282: u32 = undefined; + var x283: u32 = undefined; + fiatP256MulxU32(&x282, &x283, x264, 0xffffffff); + var x284: u32 = undefined; + var x285: u32 = undefined; + fiatP256MulxU32(&x284, &x285, x264, 0xffffffff); + var x286: u32 = undefined; + var x287: u32 = undefined; + fiatP256MulxU32(&x286, &x287, x264, 0xffffffff); + var x288: u32 = undefined; + var x289: u32 = undefined; + fiatP256MulxU32(&x288, &x289, x264, 0xffffffff); + var x290: u32 = undefined; + var x291: u1 = undefined; + fiatP256AddcarryxU32(&x290, &x291, 0x0, x289, x286); + var x292: u32 = undefined; + var x293: u1 = undefined; + fiatP256AddcarryxU32(&x292, &x293, x291, x287, x284); + const x294: u32 = (@intCast(u32, x293) + x285); + var x295: u32 = undefined; + var x296: u1 = undefined; + fiatP256AddcarryxU32(&x295, &x296, 0x0, x264, x288); + var x297: u32 = undefined; + var x298: u1 = undefined; + fiatP256AddcarryxU32(&x297, &x298, x296, x266, x290); + var x299: u32 = undefined; + var x300: u1 = undefined; + fiatP256AddcarryxU32(&x299, &x300, x298, x268, x292); + var x301: u32 = undefined; + var x302: u1 = undefined; + fiatP256AddcarryxU32(&x301, &x302, x300, x270, x294); + var x303: u32 = undefined; + var x304: u1 = undefined; + fiatP256AddcarryxU32(&x303, &x304, x302, x272, @intCast(u32, 0x0)); + var x305: u32 = undefined; + var x306: u1 = undefined; + fiatP256AddcarryxU32(&x305, &x306, x304, x274, @intCast(u32, 0x0)); + var x307: u32 = undefined; + var x308: u1 = undefined; + fiatP256AddcarryxU32(&x307, &x308, x306, x276, x264); + var x309: u32 = undefined; + var x310: u1 = undefined; + fiatP256AddcarryxU32(&x309, &x310, x308, x278, x282); + var x311: u32 = undefined; + var x312: u1 = undefined; + fiatP256AddcarryxU32(&x311, &x312, x310, x280, x283); + const x313: u32 = (@intCast(u32, x312) + @intCast(u32, x281)); + var x314: u32 = undefined; + var x315: u32 = undefined; + fiatP256MulxU32(&x314, &x315, x4, (arg1[7])); + var x316: u32 = undefined; + var x317: u32 = undefined; + fiatP256MulxU32(&x316, &x317, x4, (arg1[6])); + var x318: u32 = undefined; + var x319: u32 = undefined; + fiatP256MulxU32(&x318, &x319, x4, (arg1[5])); + var x320: u32 = undefined; + var x321: u32 = undefined; + fiatP256MulxU32(&x320, &x321, x4, (arg1[4])); + var x322: u32 = undefined; + var x323: u32 = undefined; + fiatP256MulxU32(&x322, &x323, x4, (arg1[3])); + var x324: u32 = undefined; + var x325: u32 = undefined; + fiatP256MulxU32(&x324, &x325, x4, (arg1[2])); + var x326: u32 = undefined; + var x327: u32 = undefined; + fiatP256MulxU32(&x326, &x327, x4, (arg1[1])); + var x328: u32 = undefined; + var x329: u32 = undefined; + fiatP256MulxU32(&x328, &x329, x4, (arg1[0])); + var x330: u32 = undefined; + var x331: u1 = undefined; + fiatP256AddcarryxU32(&x330, &x331, 0x0, x329, x326); + var x332: u32 = undefined; + var x333: u1 = undefined; + fiatP256AddcarryxU32(&x332, &x333, x331, x327, x324); + var x334: u32 = undefined; + var x335: u1 = undefined; + fiatP256AddcarryxU32(&x334, &x335, x333, x325, x322); + var x336: u32 = undefined; + var x337: u1 = undefined; + fiatP256AddcarryxU32(&x336, &x337, x335, x323, x320); + var x338: u32 = undefined; + var x339: u1 = undefined; + fiatP256AddcarryxU32(&x338, &x339, x337, x321, x318); + var x340: u32 = undefined; + var x341: u1 = undefined; + fiatP256AddcarryxU32(&x340, &x341, x339, x319, x316); + var x342: u32 = undefined; + var x343: u1 = undefined; + fiatP256AddcarryxU32(&x342, &x343, x341, x317, x314); + const x344: u32 = (@intCast(u32, x343) + x315); + var x345: u32 = undefined; + var x346: u1 = undefined; + fiatP256AddcarryxU32(&x345, &x346, 0x0, x297, x328); + var x347: u32 = undefined; + var x348: u1 = undefined; + fiatP256AddcarryxU32(&x347, &x348, x346, x299, x330); + var x349: u32 = undefined; + var x350: u1 = undefined; + fiatP256AddcarryxU32(&x349, &x350, x348, x301, x332); + var x351: u32 = undefined; + var x352: u1 = undefined; + fiatP256AddcarryxU32(&x351, &x352, x350, x303, x334); + var x353: u32 = undefined; + var x354: u1 = undefined; + fiatP256AddcarryxU32(&x353, &x354, x352, x305, x336); + var x355: u32 = undefined; + var x356: u1 = undefined; + fiatP256AddcarryxU32(&x355, &x356, x354, x307, x338); + var x357: u32 = undefined; + var x358: u1 = undefined; + fiatP256AddcarryxU32(&x357, &x358, x356, x309, x340); + var x359: u32 = undefined; + var x360: u1 = undefined; + fiatP256AddcarryxU32(&x359, &x360, x358, x311, x342); + var x361: u32 = undefined; + var x362: u1 = undefined; + fiatP256AddcarryxU32(&x361, &x362, x360, x313, x344); + var x363: u32 = undefined; + var x364: u32 = undefined; + fiatP256MulxU32(&x363, &x364, x345, 0xffffffff); + var x365: u32 = undefined; + var x366: u32 = undefined; + fiatP256MulxU32(&x365, &x366, x345, 0xffffffff); + var x367: u32 = undefined; + var x368: u32 = undefined; + fiatP256MulxU32(&x367, &x368, x345, 0xffffffff); + var x369: u32 = undefined; + var x370: u32 = undefined; + fiatP256MulxU32(&x369, &x370, x345, 0xffffffff); + var x371: u32 = undefined; + var x372: u1 = undefined; + fiatP256AddcarryxU32(&x371, &x372, 0x0, x370, x367); + var x373: u32 = undefined; + var x374: u1 = undefined; + fiatP256AddcarryxU32(&x373, &x374, x372, x368, x365); + const x375: u32 = (@intCast(u32, x374) + x366); + var x376: u32 = undefined; + var x377: u1 = undefined; + fiatP256AddcarryxU32(&x376, &x377, 0x0, x345, x369); + var x378: u32 = undefined; + var x379: u1 = undefined; + fiatP256AddcarryxU32(&x378, &x379, x377, x347, x371); + var x380: u32 = undefined; + var x381: u1 = undefined; + fiatP256AddcarryxU32(&x380, &x381, x379, x349, x373); + var x382: u32 = undefined; + var x383: u1 = undefined; + fiatP256AddcarryxU32(&x382, &x383, x381, x351, x375); + var x384: u32 = undefined; + var x385: u1 = undefined; + fiatP256AddcarryxU32(&x384, &x385, x383, x353, @intCast(u32, 0x0)); + var x386: u32 = undefined; + var x387: u1 = undefined; + fiatP256AddcarryxU32(&x386, &x387, x385, x355, @intCast(u32, 0x0)); + var x388: u32 = undefined; + var x389: u1 = undefined; + fiatP256AddcarryxU32(&x388, &x389, x387, x357, x345); + var x390: u32 = undefined; + var x391: u1 = undefined; + fiatP256AddcarryxU32(&x390, &x391, x389, x359, x363); + var x392: u32 = undefined; + var x393: u1 = undefined; + fiatP256AddcarryxU32(&x392, &x393, x391, x361, x364); + const x394: u32 = (@intCast(u32, x393) + @intCast(u32, x362)); + var x395: u32 = undefined; + var x396: u32 = undefined; + fiatP256MulxU32(&x395, &x396, x5, (arg1[7])); + var x397: u32 = undefined; + var x398: u32 = undefined; + fiatP256MulxU32(&x397, &x398, x5, (arg1[6])); + var x399: u32 = undefined; + var x400: u32 = undefined; + fiatP256MulxU32(&x399, &x400, x5, (arg1[5])); + var x401: u32 = undefined; + var x402: u32 = undefined; + fiatP256MulxU32(&x401, &x402, x5, (arg1[4])); + var x403: u32 = undefined; + var x404: u32 = undefined; + fiatP256MulxU32(&x403, &x404, x5, (arg1[3])); + var x405: u32 = undefined; + var x406: u32 = undefined; + fiatP256MulxU32(&x405, &x406, x5, (arg1[2])); + var x407: u32 = undefined; + var x408: u32 = undefined; + fiatP256MulxU32(&x407, &x408, x5, (arg1[1])); + var x409: u32 = undefined; + var x410: u32 = undefined; + fiatP256MulxU32(&x409, &x410, x5, (arg1[0])); + var x411: u32 = undefined; + var x412: u1 = undefined; + fiatP256AddcarryxU32(&x411, &x412, 0x0, x410, x407); + var x413: u32 = undefined; + var x414: u1 = undefined; + fiatP256AddcarryxU32(&x413, &x414, x412, x408, x405); + var x415: u32 = undefined; + var x416: u1 = undefined; + fiatP256AddcarryxU32(&x415, &x416, x414, x406, x403); + var x417: u32 = undefined; + var x418: u1 = undefined; + fiatP256AddcarryxU32(&x417, &x418, x416, x404, x401); + var x419: u32 = undefined; + var x420: u1 = undefined; + fiatP256AddcarryxU32(&x419, &x420, x418, x402, x399); + var x421: u32 = undefined; + var x422: u1 = undefined; + fiatP256AddcarryxU32(&x421, &x422, x420, x400, x397); + var x423: u32 = undefined; + var x424: u1 = undefined; + fiatP256AddcarryxU32(&x423, &x424, x422, x398, x395); + const x425: u32 = (@intCast(u32, x424) + x396); + var x426: u32 = undefined; + var x427: u1 = undefined; + fiatP256AddcarryxU32(&x426, &x427, 0x0, x378, x409); + var x428: u32 = undefined; + var x429: u1 = undefined; + fiatP256AddcarryxU32(&x428, &x429, x427, x380, x411); + var x430: u32 = undefined; + var x431: u1 = undefined; + fiatP256AddcarryxU32(&x430, &x431, x429, x382, x413); + var x432: u32 = undefined; + var x433: u1 = undefined; + fiatP256AddcarryxU32(&x432, &x433, x431, x384, x415); + var x434: u32 = undefined; + var x435: u1 = undefined; + fiatP256AddcarryxU32(&x434, &x435, x433, x386, x417); + var x436: u32 = undefined; + var x437: u1 = undefined; + fiatP256AddcarryxU32(&x436, &x437, x435, x388, x419); + var x438: u32 = undefined; + var x439: u1 = undefined; + fiatP256AddcarryxU32(&x438, &x439, x437, x390, x421); + var x440: u32 = undefined; + var x441: u1 = undefined; + fiatP256AddcarryxU32(&x440, &x441, x439, x392, x423); + var x442: u32 = undefined; + var x443: u1 = undefined; + fiatP256AddcarryxU32(&x442, &x443, x441, x394, x425); + var x444: u32 = undefined; + var x445: u32 = undefined; + fiatP256MulxU32(&x444, &x445, x426, 0xffffffff); + var x446: u32 = undefined; + var x447: u32 = undefined; + fiatP256MulxU32(&x446, &x447, x426, 0xffffffff); + var x448: u32 = undefined; + var x449: u32 = undefined; + fiatP256MulxU32(&x448, &x449, x426, 0xffffffff); + var x450: u32 = undefined; + var x451: u32 = undefined; + fiatP256MulxU32(&x450, &x451, x426, 0xffffffff); + var x452: u32 = undefined; + var x453: u1 = undefined; + fiatP256AddcarryxU32(&x452, &x453, 0x0, x451, x448); + var x454: u32 = undefined; + var x455: u1 = undefined; + fiatP256AddcarryxU32(&x454, &x455, x453, x449, x446); + const x456: u32 = (@intCast(u32, x455) + x447); + var x457: u32 = undefined; + var x458: u1 = undefined; + fiatP256AddcarryxU32(&x457, &x458, 0x0, x426, x450); + var x459: u32 = undefined; + var x460: u1 = undefined; + fiatP256AddcarryxU32(&x459, &x460, x458, x428, x452); + var x461: u32 = undefined; + var x462: u1 = undefined; + fiatP256AddcarryxU32(&x461, &x462, x460, x430, x454); + var x463: u32 = undefined; + var x464: u1 = undefined; + fiatP256AddcarryxU32(&x463, &x464, x462, x432, x456); + var x465: u32 = undefined; + var x466: u1 = undefined; + fiatP256AddcarryxU32(&x465, &x466, x464, x434, @intCast(u32, 0x0)); + var x467: u32 = undefined; + var x468: u1 = undefined; + fiatP256AddcarryxU32(&x467, &x468, x466, x436, @intCast(u32, 0x0)); + var x469: u32 = undefined; + var x470: u1 = undefined; + fiatP256AddcarryxU32(&x469, &x470, x468, x438, x426); + var x471: u32 = undefined; + var x472: u1 = undefined; + fiatP256AddcarryxU32(&x471, &x472, x470, x440, x444); + var x473: u32 = undefined; + var x474: u1 = undefined; + fiatP256AddcarryxU32(&x473, &x474, x472, x442, x445); + const x475: u32 = (@intCast(u32, x474) + @intCast(u32, x443)); + var x476: u32 = undefined; + var x477: u32 = undefined; + fiatP256MulxU32(&x476, &x477, x6, (arg1[7])); + var x478: u32 = undefined; + var x479: u32 = undefined; + fiatP256MulxU32(&x478, &x479, x6, (arg1[6])); + var x480: u32 = undefined; + var x481: u32 = undefined; + fiatP256MulxU32(&x480, &x481, x6, (arg1[5])); + var x482: u32 = undefined; + var x483: u32 = undefined; + fiatP256MulxU32(&x482, &x483, x6, (arg1[4])); + var x484: u32 = undefined; + var x485: u32 = undefined; + fiatP256MulxU32(&x484, &x485, x6, (arg1[3])); + var x486: u32 = undefined; + var x487: u32 = undefined; + fiatP256MulxU32(&x486, &x487, x6, (arg1[2])); + var x488: u32 = undefined; + var x489: u32 = undefined; + fiatP256MulxU32(&x488, &x489, x6, (arg1[1])); + var x490: u32 = undefined; + var x491: u32 = undefined; + fiatP256MulxU32(&x490, &x491, x6, (arg1[0])); + var x492: u32 = undefined; + var x493: u1 = undefined; + fiatP256AddcarryxU32(&x492, &x493, 0x0, x491, x488); + var x494: u32 = undefined; + var x495: u1 = undefined; + fiatP256AddcarryxU32(&x494, &x495, x493, x489, x486); + var x496: u32 = undefined; + var x497: u1 = undefined; + fiatP256AddcarryxU32(&x496, &x497, x495, x487, x484); + var x498: u32 = undefined; + var x499: u1 = undefined; + fiatP256AddcarryxU32(&x498, &x499, x497, x485, x482); + var x500: u32 = undefined; + var x501: u1 = undefined; + fiatP256AddcarryxU32(&x500, &x501, x499, x483, x480); + var x502: u32 = undefined; + var x503: u1 = undefined; + fiatP256AddcarryxU32(&x502, &x503, x501, x481, x478); + var x504: u32 = undefined; + var x505: u1 = undefined; + fiatP256AddcarryxU32(&x504, &x505, x503, x479, x476); + const x506: u32 = (@intCast(u32, x505) + x477); + var x507: u32 = undefined; + var x508: u1 = undefined; + fiatP256AddcarryxU32(&x507, &x508, 0x0, x459, x490); + var x509: u32 = undefined; + var x510: u1 = undefined; + fiatP256AddcarryxU32(&x509, &x510, x508, x461, x492); + var x511: u32 = undefined; + var x512: u1 = undefined; + fiatP256AddcarryxU32(&x511, &x512, x510, x463, x494); + var x513: u32 = undefined; + var x514: u1 = undefined; + fiatP256AddcarryxU32(&x513, &x514, x512, x465, x496); + var x515: u32 = undefined; + var x516: u1 = undefined; + fiatP256AddcarryxU32(&x515, &x516, x514, x467, x498); + var x517: u32 = undefined; + var x518: u1 = undefined; + fiatP256AddcarryxU32(&x517, &x518, x516, x469, x500); + var x519: u32 = undefined; + var x520: u1 = undefined; + fiatP256AddcarryxU32(&x519, &x520, x518, x471, x502); + var x521: u32 = undefined; + var x522: u1 = undefined; + fiatP256AddcarryxU32(&x521, &x522, x520, x473, x504); + var x523: u32 = undefined; + var x524: u1 = undefined; + fiatP256AddcarryxU32(&x523, &x524, x522, x475, x506); + var x525: u32 = undefined; + var x526: u32 = undefined; + fiatP256MulxU32(&x525, &x526, x507, 0xffffffff); + var x527: u32 = undefined; + var x528: u32 = undefined; + fiatP256MulxU32(&x527, &x528, x507, 0xffffffff); + var x529: u32 = undefined; + var x530: u32 = undefined; + fiatP256MulxU32(&x529, &x530, x507, 0xffffffff); + var x531: u32 = undefined; + var x532: u32 = undefined; + fiatP256MulxU32(&x531, &x532, x507, 0xffffffff); + var x533: u32 = undefined; + var x534: u1 = undefined; + fiatP256AddcarryxU32(&x533, &x534, 0x0, x532, x529); + var x535: u32 = undefined; + var x536: u1 = undefined; + fiatP256AddcarryxU32(&x535, &x536, x534, x530, x527); + const x537: u32 = (@intCast(u32, x536) + x528); + var x538: u32 = undefined; + var x539: u1 = undefined; + fiatP256AddcarryxU32(&x538, &x539, 0x0, x507, x531); + var x540: u32 = undefined; + var x541: u1 = undefined; + fiatP256AddcarryxU32(&x540, &x541, x539, x509, x533); + var x542: u32 = undefined; + var x543: u1 = undefined; + fiatP256AddcarryxU32(&x542, &x543, x541, x511, x535); + var x544: u32 = undefined; + var x545: u1 = undefined; + fiatP256AddcarryxU32(&x544, &x545, x543, x513, x537); + var x546: u32 = undefined; + var x547: u1 = undefined; + fiatP256AddcarryxU32(&x546, &x547, x545, x515, @intCast(u32, 0x0)); + var x548: u32 = undefined; + var x549: u1 = undefined; + fiatP256AddcarryxU32(&x548, &x549, x547, x517, @intCast(u32, 0x0)); + var x550: u32 = undefined; + var x551: u1 = undefined; + fiatP256AddcarryxU32(&x550, &x551, x549, x519, x507); + var x552: u32 = undefined; + var x553: u1 = undefined; + fiatP256AddcarryxU32(&x552, &x553, x551, x521, x525); + var x554: u32 = undefined; + var x555: u1 = undefined; + fiatP256AddcarryxU32(&x554, &x555, x553, x523, x526); + const x556: u32 = (@intCast(u32, x555) + @intCast(u32, x524)); + var x557: u32 = undefined; + var x558: u32 = undefined; + fiatP256MulxU32(&x557, &x558, x7, (arg1[7])); + var x559: u32 = undefined; + var x560: u32 = undefined; + fiatP256MulxU32(&x559, &x560, x7, (arg1[6])); + var x561: u32 = undefined; + var x562: u32 = undefined; + fiatP256MulxU32(&x561, &x562, x7, (arg1[5])); + var x563: u32 = undefined; + var x564: u32 = undefined; + fiatP256MulxU32(&x563, &x564, x7, (arg1[4])); + var x565: u32 = undefined; + var x566: u32 = undefined; + fiatP256MulxU32(&x565, &x566, x7, (arg1[3])); + var x567: u32 = undefined; + var x568: u32 = undefined; + fiatP256MulxU32(&x567, &x568, x7, (arg1[2])); + var x569: u32 = undefined; + var x570: u32 = undefined; + fiatP256MulxU32(&x569, &x570, x7, (arg1[1])); + var x571: u32 = undefined; + var x572: u32 = undefined; + fiatP256MulxU32(&x571, &x572, x7, (arg1[0])); + var x573: u32 = undefined; + var x574: u1 = undefined; + fiatP256AddcarryxU32(&x573, &x574, 0x0, x572, x569); + var x575: u32 = undefined; + var x576: u1 = undefined; + fiatP256AddcarryxU32(&x575, &x576, x574, x570, x567); + var x577: u32 = undefined; + var x578: u1 = undefined; + fiatP256AddcarryxU32(&x577, &x578, x576, x568, x565); + var x579: u32 = undefined; + var x580: u1 = undefined; + fiatP256AddcarryxU32(&x579, &x580, x578, x566, x563); + var x581: u32 = undefined; + var x582: u1 = undefined; + fiatP256AddcarryxU32(&x581, &x582, x580, x564, x561); + var x583: u32 = undefined; + var x584: u1 = undefined; + fiatP256AddcarryxU32(&x583, &x584, x582, x562, x559); + var x585: u32 = undefined; + var x586: u1 = undefined; + fiatP256AddcarryxU32(&x585, &x586, x584, x560, x557); + const x587: u32 = (@intCast(u32, x586) + x558); + var x588: u32 = undefined; + var x589: u1 = undefined; + fiatP256AddcarryxU32(&x588, &x589, 0x0, x540, x571); + var x590: u32 = undefined; + var x591: u1 = undefined; + fiatP256AddcarryxU32(&x590, &x591, x589, x542, x573); + var x592: u32 = undefined; + var x593: u1 = undefined; + fiatP256AddcarryxU32(&x592, &x593, x591, x544, x575); + var x594: u32 = undefined; + var x595: u1 = undefined; + fiatP256AddcarryxU32(&x594, &x595, x593, x546, x577); + var x596: u32 = undefined; + var x597: u1 = undefined; + fiatP256AddcarryxU32(&x596, &x597, x595, x548, x579); + var x598: u32 = undefined; + var x599: u1 = undefined; + fiatP256AddcarryxU32(&x598, &x599, x597, x550, x581); + var x600: u32 = undefined; + var x601: u1 = undefined; + fiatP256AddcarryxU32(&x600, &x601, x599, x552, x583); + var x602: u32 = undefined; + var x603: u1 = undefined; + fiatP256AddcarryxU32(&x602, &x603, x601, x554, x585); + var x604: u32 = undefined; + var x605: u1 = undefined; + fiatP256AddcarryxU32(&x604, &x605, x603, x556, x587); + var x606: u32 = undefined; + var x607: u32 = undefined; + fiatP256MulxU32(&x606, &x607, x588, 0xffffffff); + var x608: u32 = undefined; + var x609: u32 = undefined; + fiatP256MulxU32(&x608, &x609, x588, 0xffffffff); + var x610: u32 = undefined; + var x611: u32 = undefined; + fiatP256MulxU32(&x610, &x611, x588, 0xffffffff); + var x612: u32 = undefined; + var x613: u32 = undefined; + fiatP256MulxU32(&x612, &x613, x588, 0xffffffff); + var x614: u32 = undefined; + var x615: u1 = undefined; + fiatP256AddcarryxU32(&x614, &x615, 0x0, x613, x610); + var x616: u32 = undefined; + var x617: u1 = undefined; + fiatP256AddcarryxU32(&x616, &x617, x615, x611, x608); + const x618: u32 = (@intCast(u32, x617) + x609); + var x619: u32 = undefined; + var x620: u1 = undefined; + fiatP256AddcarryxU32(&x619, &x620, 0x0, x588, x612); + var x621: u32 = undefined; + var x622: u1 = undefined; + fiatP256AddcarryxU32(&x621, &x622, x620, x590, x614); + var x623: u32 = undefined; + var x624: u1 = undefined; + fiatP256AddcarryxU32(&x623, &x624, x622, x592, x616); + var x625: u32 = undefined; + var x626: u1 = undefined; + fiatP256AddcarryxU32(&x625, &x626, x624, x594, x618); + var x627: u32 = undefined; + var x628: u1 = undefined; + fiatP256AddcarryxU32(&x627, &x628, x626, x596, @intCast(u32, 0x0)); + var x629: u32 = undefined; + var x630: u1 = undefined; + fiatP256AddcarryxU32(&x629, &x630, x628, x598, @intCast(u32, 0x0)); + var x631: u32 = undefined; + var x632: u1 = undefined; + fiatP256AddcarryxU32(&x631, &x632, x630, x600, x588); + var x633: u32 = undefined; + var x634: u1 = undefined; + fiatP256AddcarryxU32(&x633, &x634, x632, x602, x606); + var x635: u32 = undefined; + var x636: u1 = undefined; + fiatP256AddcarryxU32(&x635, &x636, x634, x604, x607); + const x637: u32 = (@intCast(u32, x636) + @intCast(u32, x605)); + var x638: u32 = undefined; + var x639: u1 = undefined; + fiatP256SubborrowxU32(&x638, &x639, 0x0, x621, 0xffffffff); + var x640: u32 = undefined; + var x641: u1 = undefined; + fiatP256SubborrowxU32(&x640, &x641, x639, x623, 0xffffffff); + var x642: u32 = undefined; + var x643: u1 = undefined; + fiatP256SubborrowxU32(&x642, &x643, x641, x625, 0xffffffff); + var x644: u32 = undefined; + var x645: u1 = undefined; + fiatP256SubborrowxU32(&x644, &x645, x643, x627, @intCast(u32, 0x0)); + var x646: u32 = undefined; + var x647: u1 = undefined; + fiatP256SubborrowxU32(&x646, &x647, x645, x629, @intCast(u32, 0x0)); + var x648: u32 = undefined; + var x649: u1 = undefined; + fiatP256SubborrowxU32(&x648, &x649, x647, x631, @intCast(u32, 0x0)); + var x650: u32 = undefined; + var x651: u1 = undefined; + fiatP256SubborrowxU32(&x650, &x651, x649, x633, @intCast(u32, 0x1)); + var x652: u32 = undefined; + var x653: u1 = undefined; + fiatP256SubborrowxU32(&x652, &x653, x651, x635, 0xffffffff); + var x654: u32 = undefined; + var x655: u1 = undefined; + fiatP256SubborrowxU32(&x654, &x655, x653, x637, @intCast(u32, 0x0)); + var x656: u32 = undefined; + fiatP256CmovznzU32(&x656, x655, x638, x621); + var x657: u32 = undefined; + fiatP256CmovznzU32(&x657, x655, x640, x623); + var x658: u32 = undefined; + fiatP256CmovznzU32(&x658, x655, x642, x625); + var x659: u32 = undefined; + fiatP256CmovznzU32(&x659, x655, x644, x627); + var x660: u32 = undefined; + fiatP256CmovznzU32(&x660, x655, x646, x629); + var x661: u32 = undefined; + fiatP256CmovznzU32(&x661, x655, x648, x631); + var x662: u32 = undefined; + fiatP256CmovznzU32(&x662, x655, x650, x633); + var x663: u32 = undefined; + fiatP256CmovznzU32(&x663, x655, x652, x635); + out1[0] = x656; + out1[1] = x657; + out1[2] = x658; + out1[3] = x659; + out1[4] = x660; + out1[5] = x661; + out1[6] = x662; + out1[7] = x663; +} + +/// The function fiatP256Add adds two field elements in the Montgomery domain. +/// Preconditions: +/// 0 ≤ eval arg1 < m +/// 0 ≤ eval arg2 < m +/// Postconditions: +/// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) + eval (from_montgomery arg2)) mod m +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +/// arg2: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +pub fn fiatP256Add(out1: *[8]u32, arg1: [8]u32, arg2: [8]u32) void { + var x1: u32 = undefined; + var x2: u1 = undefined; + fiatP256AddcarryxU32(&x1, &x2, 0x0, (arg1[0]), (arg2[0])); + var x3: u32 = undefined; + var x4: u1 = undefined; + fiatP256AddcarryxU32(&x3, &x4, x2, (arg1[1]), (arg2[1])); + var x5: u32 = undefined; + var x6: u1 = undefined; + fiatP256AddcarryxU32(&x5, &x6, x4, (arg1[2]), (arg2[2])); + var x7: u32 = undefined; + var x8: u1 = undefined; + fiatP256AddcarryxU32(&x7, &x8, x6, (arg1[3]), (arg2[3])); + var x9: u32 = undefined; + var x10: u1 = undefined; + fiatP256AddcarryxU32(&x9, &x10, x8, (arg1[4]), (arg2[4])); + var x11: u32 = undefined; + var x12: u1 = undefined; + fiatP256AddcarryxU32(&x11, &x12, x10, (arg1[5]), (arg2[5])); + var x13: u32 = undefined; + var x14: u1 = undefined; + fiatP256AddcarryxU32(&x13, &x14, x12, (arg1[6]), (arg2[6])); + var x15: u32 = undefined; + var x16: u1 = undefined; + fiatP256AddcarryxU32(&x15, &x16, x14, (arg1[7]), (arg2[7])); + var x17: u32 = undefined; + var x18: u1 = undefined; + fiatP256SubborrowxU32(&x17, &x18, 0x0, x1, 0xffffffff); + var x19: u32 = undefined; + var x20: u1 = undefined; + fiatP256SubborrowxU32(&x19, &x20, x18, x3, 0xffffffff); + var x21: u32 = undefined; + var x22: u1 = undefined; + fiatP256SubborrowxU32(&x21, &x22, x20, x5, 0xffffffff); + var x23: u32 = undefined; + var x24: u1 = undefined; + fiatP256SubborrowxU32(&x23, &x24, x22, x7, @intCast(u32, 0x0)); + var x25: u32 = undefined; + var x26: u1 = undefined; + fiatP256SubborrowxU32(&x25, &x26, x24, x9, @intCast(u32, 0x0)); + var x27: u32 = undefined; + var x28: u1 = undefined; + fiatP256SubborrowxU32(&x27, &x28, x26, x11, @intCast(u32, 0x0)); + var x29: u32 = undefined; + var x30: u1 = undefined; + fiatP256SubborrowxU32(&x29, &x30, x28, x13, @intCast(u32, 0x1)); + var x31: u32 = undefined; + var x32: u1 = undefined; + fiatP256SubborrowxU32(&x31, &x32, x30, x15, 0xffffffff); + var x33: u32 = undefined; + var x34: u1 = undefined; + fiatP256SubborrowxU32(&x33, &x34, x32, @intCast(u32, x16), @intCast(u32, 0x0)); + var x35: u32 = undefined; + fiatP256CmovznzU32(&x35, x34, x17, x1); + var x36: u32 = undefined; + fiatP256CmovznzU32(&x36, x34, x19, x3); + var x37: u32 = undefined; + fiatP256CmovznzU32(&x37, x34, x21, x5); + var x38: u32 = undefined; + fiatP256CmovznzU32(&x38, x34, x23, x7); + var x39: u32 = undefined; + fiatP256CmovznzU32(&x39, x34, x25, x9); + var x40: u32 = undefined; + fiatP256CmovznzU32(&x40, x34, x27, x11); + var x41: u32 = undefined; + fiatP256CmovznzU32(&x41, x34, x29, x13); + var x42: u32 = undefined; + fiatP256CmovznzU32(&x42, x34, x31, x15); + out1[0] = x35; + out1[1] = x36; + out1[2] = x37; + out1[3] = x38; + out1[4] = x39; + out1[5] = x40; + out1[6] = x41; + out1[7] = x42; +} + +/// The function fiatP256Sub subtracts two field elements in the Montgomery domain. +/// Preconditions: +/// 0 ≤ eval arg1 < m +/// 0 ≤ eval arg2 < m +/// Postconditions: +/// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) - eval (from_montgomery arg2)) mod m +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +/// arg2: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +pub fn fiatP256Sub(out1: *[8]u32, arg1: [8]u32, arg2: [8]u32) void { + var x1: u32 = undefined; + var x2: u1 = undefined; + fiatP256SubborrowxU32(&x1, &x2, 0x0, (arg1[0]), (arg2[0])); + var x3: u32 = undefined; + var x4: u1 = undefined; + fiatP256SubborrowxU32(&x3, &x4, x2, (arg1[1]), (arg2[1])); + var x5: u32 = undefined; + var x6: u1 = undefined; + fiatP256SubborrowxU32(&x5, &x6, x4, (arg1[2]), (arg2[2])); + var x7: u32 = undefined; + var x8: u1 = undefined; + fiatP256SubborrowxU32(&x7, &x8, x6, (arg1[3]), (arg2[3])); + var x9: u32 = undefined; + var x10: u1 = undefined; + fiatP256SubborrowxU32(&x9, &x10, x8, (arg1[4]), (arg2[4])); + var x11: u32 = undefined; + var x12: u1 = undefined; + fiatP256SubborrowxU32(&x11, &x12, x10, (arg1[5]), (arg2[5])); + var x13: u32 = undefined; + var x14: u1 = undefined; + fiatP256SubborrowxU32(&x13, &x14, x12, (arg1[6]), (arg2[6])); + var x15: u32 = undefined; + var x16: u1 = undefined; + fiatP256SubborrowxU32(&x15, &x16, x14, (arg1[7]), (arg2[7])); + var x17: u32 = undefined; + fiatP256CmovznzU32(&x17, x16, @intCast(u32, 0x0), 0xffffffff); + var x18: u32 = undefined; + var x19: u1 = undefined; + fiatP256AddcarryxU32(&x18, &x19, 0x0, x1, x17); + var x20: u32 = undefined; + var x21: u1 = undefined; + fiatP256AddcarryxU32(&x20, &x21, x19, x3, x17); + var x22: u32 = undefined; + var x23: u1 = undefined; + fiatP256AddcarryxU32(&x22, &x23, x21, x5, x17); + var x24: u32 = undefined; + var x25: u1 = undefined; + fiatP256AddcarryxU32(&x24, &x25, x23, x7, @intCast(u32, 0x0)); + var x26: u32 = undefined; + var x27: u1 = undefined; + fiatP256AddcarryxU32(&x26, &x27, x25, x9, @intCast(u32, 0x0)); + var x28: u32 = undefined; + var x29: u1 = undefined; + fiatP256AddcarryxU32(&x28, &x29, x27, x11, @intCast(u32, 0x0)); + var x30: u32 = undefined; + var x31: u1 = undefined; + fiatP256AddcarryxU32(&x30, &x31, x29, x13, @intCast(u32, @intCast(u1, (x17 & @intCast(u32, 0x1))))); + var x32: u32 = undefined; + var x33: u1 = undefined; + fiatP256AddcarryxU32(&x32, &x33, x31, x15, x17); + out1[0] = x18; + out1[1] = x20; + out1[2] = x22; + out1[3] = x24; + out1[4] = x26; + out1[5] = x28; + out1[6] = x30; + out1[7] = x32; +} + +/// The function fiatP256Opp negates a field element in the Montgomery domain. +/// Preconditions: +/// 0 ≤ eval arg1 < m +/// Postconditions: +/// eval (from_montgomery out1) mod m = -eval (from_montgomery arg1) mod m +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +pub fn fiatP256Opp(out1: *[8]u32, arg1: [8]u32) void { + var x1: u32 = undefined; + var x2: u1 = undefined; + fiatP256SubborrowxU32(&x1, &x2, 0x0, @intCast(u32, 0x0), (arg1[0])); + var x3: u32 = undefined; + var x4: u1 = undefined; + fiatP256SubborrowxU32(&x3, &x4, x2, @intCast(u32, 0x0), (arg1[1])); + var x5: u32 = undefined; + var x6: u1 = undefined; + fiatP256SubborrowxU32(&x5, &x6, x4, @intCast(u32, 0x0), (arg1[2])); + var x7: u32 = undefined; + var x8: u1 = undefined; + fiatP256SubborrowxU32(&x7, &x8, x6, @intCast(u32, 0x0), (arg1[3])); + var x9: u32 = undefined; + var x10: u1 = undefined; + fiatP256SubborrowxU32(&x9, &x10, x8, @intCast(u32, 0x0), (arg1[4])); + var x11: u32 = undefined; + var x12: u1 = undefined; + fiatP256SubborrowxU32(&x11, &x12, x10, @intCast(u32, 0x0), (arg1[5])); + var x13: u32 = undefined; + var x14: u1 = undefined; + fiatP256SubborrowxU32(&x13, &x14, x12, @intCast(u32, 0x0), (arg1[6])); + var x15: u32 = undefined; + var x16: u1 = undefined; + fiatP256SubborrowxU32(&x15, &x16, x14, @intCast(u32, 0x0), (arg1[7])); + var x17: u32 = undefined; + fiatP256CmovznzU32(&x17, x16, @intCast(u32, 0x0), 0xffffffff); + var x18: u32 = undefined; + var x19: u1 = undefined; + fiatP256AddcarryxU32(&x18, &x19, 0x0, x1, x17); + var x20: u32 = undefined; + var x21: u1 = undefined; + fiatP256AddcarryxU32(&x20, &x21, x19, x3, x17); + var x22: u32 = undefined; + var x23: u1 = undefined; + fiatP256AddcarryxU32(&x22, &x23, x21, x5, x17); + var x24: u32 = undefined; + var x25: u1 = undefined; + fiatP256AddcarryxU32(&x24, &x25, x23, x7, @intCast(u32, 0x0)); + var x26: u32 = undefined; + var x27: u1 = undefined; + fiatP256AddcarryxU32(&x26, &x27, x25, x9, @intCast(u32, 0x0)); + var x28: u32 = undefined; + var x29: u1 = undefined; + fiatP256AddcarryxU32(&x28, &x29, x27, x11, @intCast(u32, 0x0)); + var x30: u32 = undefined; + var x31: u1 = undefined; + fiatP256AddcarryxU32(&x30, &x31, x29, x13, @intCast(u32, @intCast(u1, (x17 & @intCast(u32, 0x1))))); + var x32: u32 = undefined; + var x33: u1 = undefined; + fiatP256AddcarryxU32(&x32, &x33, x31, x15, x17); + out1[0] = x18; + out1[1] = x20; + out1[2] = x22; + out1[3] = x24; + out1[4] = x26; + out1[5] = x28; + out1[6] = x30; + out1[7] = x32; +} + +/// The function fiatP256FromMontgomery translates a field element out of the Montgomery domain. +/// Preconditions: +/// 0 ≤ eval arg1 < m +/// Postconditions: +/// eval out1 mod m = (eval arg1 * ((2^32)⁻¹ mod m)^8) mod m +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +pub fn fiatP256FromMontgomery(out1: *[8]u32, arg1: [8]u32) void { + const x1: u32 = (arg1[0]); + var x2: u32 = undefined; + var x3: u32 = undefined; + fiatP256MulxU32(&x2, &x3, x1, 0xffffffff); + var x4: u32 = undefined; + var x5: u32 = undefined; + fiatP256MulxU32(&x4, &x5, x1, 0xffffffff); + var x6: u32 = undefined; + var x7: u32 = undefined; + fiatP256MulxU32(&x6, &x7, x1, 0xffffffff); + var x8: u32 = undefined; + var x9: u32 = undefined; + fiatP256MulxU32(&x8, &x9, x1, 0xffffffff); + var x10: u32 = undefined; + var x11: u1 = undefined; + fiatP256AddcarryxU32(&x10, &x11, 0x0, x9, x6); + var x12: u32 = undefined; + var x13: u1 = undefined; + fiatP256AddcarryxU32(&x12, &x13, x11, x7, x4); + var x14: u32 = undefined; + var x15: u1 = undefined; + fiatP256AddcarryxU32(&x14, &x15, 0x0, x1, x8); + var x16: u32 = undefined; + var x17: u1 = undefined; + fiatP256AddcarryxU32(&x16, &x17, x15, @intCast(u32, 0x0), x10); + var x18: u32 = undefined; + var x19: u1 = undefined; + fiatP256AddcarryxU32(&x18, &x19, x17, @intCast(u32, 0x0), x12); + var x20: u32 = undefined; + var x21: u1 = undefined; + fiatP256AddcarryxU32(&x20, &x21, x19, @intCast(u32, 0x0), (@intCast(u32, x13) + x5)); + var x22: u32 = undefined; + var x23: u1 = undefined; + fiatP256AddcarryxU32(&x22, &x23, 0x0, x16, (arg1[1])); + var x24: u32 = undefined; + var x25: u1 = undefined; + fiatP256AddcarryxU32(&x24, &x25, x23, x18, @intCast(u32, 0x0)); + var x26: u32 = undefined; + var x27: u1 = undefined; + fiatP256AddcarryxU32(&x26, &x27, x25, x20, @intCast(u32, 0x0)); + var x28: u32 = undefined; + var x29: u32 = undefined; + fiatP256MulxU32(&x28, &x29, x22, 0xffffffff); + var x30: u32 = undefined; + var x31: u32 = undefined; + fiatP256MulxU32(&x30, &x31, x22, 0xffffffff); + var x32: u32 = undefined; + var x33: u32 = undefined; + fiatP256MulxU32(&x32, &x33, x22, 0xffffffff); + var x34: u32 = undefined; + var x35: u32 = undefined; + fiatP256MulxU32(&x34, &x35, x22, 0xffffffff); + var x36: u32 = undefined; + var x37: u1 = undefined; + fiatP256AddcarryxU32(&x36, &x37, 0x0, x35, x32); + var x38: u32 = undefined; + var x39: u1 = undefined; + fiatP256AddcarryxU32(&x38, &x39, x37, x33, x30); + var x40: u32 = undefined; + var x41: u1 = undefined; + fiatP256AddcarryxU32(&x40, &x41, 0x0, x22, x34); + var x42: u32 = undefined; + var x43: u1 = undefined; + fiatP256AddcarryxU32(&x42, &x43, x41, x24, x36); + var x44: u32 = undefined; + var x45: u1 = undefined; + fiatP256AddcarryxU32(&x44, &x45, x43, x26, x38); + var x46: u32 = undefined; + var x47: u1 = undefined; + fiatP256AddcarryxU32(&x46, &x47, x45, (@intCast(u32, x27) + @intCast(u32, x21)), (@intCast(u32, x39) + x31)); + var x48: u32 = undefined; + var x49: u1 = undefined; + fiatP256AddcarryxU32(&x48, &x49, 0x0, x2, x22); + var x50: u32 = undefined; + var x51: u1 = undefined; + fiatP256AddcarryxU32(&x50, &x51, x49, x3, x28); + var x52: u32 = undefined; + var x53: u1 = undefined; + fiatP256AddcarryxU32(&x52, &x53, 0x0, x42, (arg1[2])); + var x54: u32 = undefined; + var x55: u1 = undefined; + fiatP256AddcarryxU32(&x54, &x55, x53, x44, @intCast(u32, 0x0)); + var x56: u32 = undefined; + var x57: u1 = undefined; + fiatP256AddcarryxU32(&x56, &x57, x55, x46, @intCast(u32, 0x0)); + var x58: u32 = undefined; + var x59: u32 = undefined; + fiatP256MulxU32(&x58, &x59, x52, 0xffffffff); + var x60: u32 = undefined; + var x61: u32 = undefined; + fiatP256MulxU32(&x60, &x61, x52, 0xffffffff); + var x62: u32 = undefined; + var x63: u32 = undefined; + fiatP256MulxU32(&x62, &x63, x52, 0xffffffff); + var x64: u32 = undefined; + var x65: u32 = undefined; + fiatP256MulxU32(&x64, &x65, x52, 0xffffffff); + var x66: u32 = undefined; + var x67: u1 = undefined; + fiatP256AddcarryxU32(&x66, &x67, 0x0, x65, x62); + var x68: u32 = undefined; + var x69: u1 = undefined; + fiatP256AddcarryxU32(&x68, &x69, x67, x63, x60); + var x70: u32 = undefined; + var x71: u1 = undefined; + fiatP256AddcarryxU32(&x70, &x71, 0x0, x52, x64); + var x72: u32 = undefined; + var x73: u1 = undefined; + fiatP256AddcarryxU32(&x72, &x73, x71, x54, x66); + var x74: u32 = undefined; + var x75: u1 = undefined; + fiatP256AddcarryxU32(&x74, &x75, x73, x56, x68); + var x76: u32 = undefined; + var x77: u1 = undefined; + fiatP256AddcarryxU32(&x76, &x77, x75, (@intCast(u32, x57) + @intCast(u32, x47)), (@intCast(u32, x69) + x61)); + var x78: u32 = undefined; + var x79: u1 = undefined; + fiatP256AddcarryxU32(&x78, &x79, x77, x1, @intCast(u32, 0x0)); + var x80: u32 = undefined; + var x81: u1 = undefined; + fiatP256AddcarryxU32(&x80, &x81, x79, x48, @intCast(u32, 0x0)); + var x82: u32 = undefined; + var x83: u1 = undefined; + fiatP256AddcarryxU32(&x82, &x83, x81, x50, x52); + var x84: u32 = undefined; + var x85: u1 = undefined; + fiatP256AddcarryxU32(&x84, &x85, x83, (@intCast(u32, x51) + x29), x58); + var x86: u32 = undefined; + var x87: u1 = undefined; + fiatP256AddcarryxU32(&x86, &x87, 0x0, x72, (arg1[3])); + var x88: u32 = undefined; + var x89: u1 = undefined; + fiatP256AddcarryxU32(&x88, &x89, x87, x74, @intCast(u32, 0x0)); + var x90: u32 = undefined; + var x91: u1 = undefined; + fiatP256AddcarryxU32(&x90, &x91, x89, x76, @intCast(u32, 0x0)); + var x92: u32 = undefined; + var x93: u1 = undefined; + fiatP256AddcarryxU32(&x92, &x93, x91, x78, @intCast(u32, 0x0)); + var x94: u32 = undefined; + var x95: u1 = undefined; + fiatP256AddcarryxU32(&x94, &x95, x93, x80, @intCast(u32, 0x0)); + var x96: u32 = undefined; + var x97: u1 = undefined; + fiatP256AddcarryxU32(&x96, &x97, x95, x82, @intCast(u32, 0x0)); + var x98: u32 = undefined; + var x99: u1 = undefined; + fiatP256AddcarryxU32(&x98, &x99, x97, x84, @intCast(u32, 0x0)); + var x100: u32 = undefined; + var x101: u1 = undefined; + fiatP256AddcarryxU32(&x100, &x101, x99, (@intCast(u32, x85) + x59), @intCast(u32, 0x0)); + var x102: u32 = undefined; + var x103: u32 = undefined; + fiatP256MulxU32(&x102, &x103, x86, 0xffffffff); + var x104: u32 = undefined; + var x105: u32 = undefined; + fiatP256MulxU32(&x104, &x105, x86, 0xffffffff); + var x106: u32 = undefined; + var x107: u32 = undefined; + fiatP256MulxU32(&x106, &x107, x86, 0xffffffff); + var x108: u32 = undefined; + var x109: u32 = undefined; + fiatP256MulxU32(&x108, &x109, x86, 0xffffffff); + var x110: u32 = undefined; + var x111: u1 = undefined; + fiatP256AddcarryxU32(&x110, &x111, 0x0, x109, x106); + var x112: u32 = undefined; + var x113: u1 = undefined; + fiatP256AddcarryxU32(&x112, &x113, x111, x107, x104); + var x114: u32 = undefined; + var x115: u1 = undefined; + fiatP256AddcarryxU32(&x114, &x115, 0x0, x86, x108); + var x116: u32 = undefined; + var x117: u1 = undefined; + fiatP256AddcarryxU32(&x116, &x117, x115, x88, x110); + var x118: u32 = undefined; + var x119: u1 = undefined; + fiatP256AddcarryxU32(&x118, &x119, x117, x90, x112); + var x120: u32 = undefined; + var x121: u1 = undefined; + fiatP256AddcarryxU32(&x120, &x121, x119, x92, (@intCast(u32, x113) + x105)); + var x122: u32 = undefined; + var x123: u1 = undefined; + fiatP256AddcarryxU32(&x122, &x123, x121, x94, @intCast(u32, 0x0)); + var x124: u32 = undefined; + var x125: u1 = undefined; + fiatP256AddcarryxU32(&x124, &x125, x123, x96, @intCast(u32, 0x0)); + var x126: u32 = undefined; + var x127: u1 = undefined; + fiatP256AddcarryxU32(&x126, &x127, x125, x98, x86); + var x128: u32 = undefined; + var x129: u1 = undefined; + fiatP256AddcarryxU32(&x128, &x129, x127, x100, x102); + var x130: u32 = undefined; + var x131: u1 = undefined; + fiatP256AddcarryxU32(&x130, &x131, x129, @intCast(u32, x101), x103); + var x132: u32 = undefined; + var x133: u1 = undefined; + fiatP256AddcarryxU32(&x132, &x133, 0x0, x116, (arg1[4])); + var x134: u32 = undefined; + var x135: u1 = undefined; + fiatP256AddcarryxU32(&x134, &x135, x133, x118, @intCast(u32, 0x0)); + var x136: u32 = undefined; + var x137: u1 = undefined; + fiatP256AddcarryxU32(&x136, &x137, x135, x120, @intCast(u32, 0x0)); + var x138: u32 = undefined; + var x139: u1 = undefined; + fiatP256AddcarryxU32(&x138, &x139, x137, x122, @intCast(u32, 0x0)); + var x140: u32 = undefined; + var x141: u1 = undefined; + fiatP256AddcarryxU32(&x140, &x141, x139, x124, @intCast(u32, 0x0)); + var x142: u32 = undefined; + var x143: u1 = undefined; + fiatP256AddcarryxU32(&x142, &x143, x141, x126, @intCast(u32, 0x0)); + var x144: u32 = undefined; + var x145: u1 = undefined; + fiatP256AddcarryxU32(&x144, &x145, x143, x128, @intCast(u32, 0x0)); + var x146: u32 = undefined; + var x147: u1 = undefined; + fiatP256AddcarryxU32(&x146, &x147, x145, x130, @intCast(u32, 0x0)); + var x148: u32 = undefined; + var x149: u32 = undefined; + fiatP256MulxU32(&x148, &x149, x132, 0xffffffff); + var x150: u32 = undefined; + var x151: u32 = undefined; + fiatP256MulxU32(&x150, &x151, x132, 0xffffffff); + var x152: u32 = undefined; + var x153: u32 = undefined; + fiatP256MulxU32(&x152, &x153, x132, 0xffffffff); + var x154: u32 = undefined; + var x155: u32 = undefined; + fiatP256MulxU32(&x154, &x155, x132, 0xffffffff); + var x156: u32 = undefined; + var x157: u1 = undefined; + fiatP256AddcarryxU32(&x156, &x157, 0x0, x155, x152); + var x158: u32 = undefined; + var x159: u1 = undefined; + fiatP256AddcarryxU32(&x158, &x159, x157, x153, x150); + var x160: u32 = undefined; + var x161: u1 = undefined; + fiatP256AddcarryxU32(&x160, &x161, 0x0, x132, x154); + var x162: u32 = undefined; + var x163: u1 = undefined; + fiatP256AddcarryxU32(&x162, &x163, x161, x134, x156); + var x164: u32 = undefined; + var x165: u1 = undefined; + fiatP256AddcarryxU32(&x164, &x165, x163, x136, x158); + var x166: u32 = undefined; + var x167: u1 = undefined; + fiatP256AddcarryxU32(&x166, &x167, x165, x138, (@intCast(u32, x159) + x151)); + var x168: u32 = undefined; + var x169: u1 = undefined; + fiatP256AddcarryxU32(&x168, &x169, x167, x140, @intCast(u32, 0x0)); + var x170: u32 = undefined; + var x171: u1 = undefined; + fiatP256AddcarryxU32(&x170, &x171, x169, x142, @intCast(u32, 0x0)); + var x172: u32 = undefined; + var x173: u1 = undefined; + fiatP256AddcarryxU32(&x172, &x173, x171, x144, x132); + var x174: u32 = undefined; + var x175: u1 = undefined; + fiatP256AddcarryxU32(&x174, &x175, x173, x146, x148); + var x176: u32 = undefined; + var x177: u1 = undefined; + fiatP256AddcarryxU32(&x176, &x177, x175, (@intCast(u32, x147) + @intCast(u32, x131)), x149); + var x178: u32 = undefined; + var x179: u1 = undefined; + fiatP256AddcarryxU32(&x178, &x179, 0x0, x162, (arg1[5])); + var x180: u32 = undefined; + var x181: u1 = undefined; + fiatP256AddcarryxU32(&x180, &x181, x179, x164, @intCast(u32, 0x0)); + var x182: u32 = undefined; + var x183: u1 = undefined; + fiatP256AddcarryxU32(&x182, &x183, x181, x166, @intCast(u32, 0x0)); + var x184: u32 = undefined; + var x185: u1 = undefined; + fiatP256AddcarryxU32(&x184, &x185, x183, x168, @intCast(u32, 0x0)); + var x186: u32 = undefined; + var x187: u1 = undefined; + fiatP256AddcarryxU32(&x186, &x187, x185, x170, @intCast(u32, 0x0)); + var x188: u32 = undefined; + var x189: u1 = undefined; + fiatP256AddcarryxU32(&x188, &x189, x187, x172, @intCast(u32, 0x0)); + var x190: u32 = undefined; + var x191: u1 = undefined; + fiatP256AddcarryxU32(&x190, &x191, x189, x174, @intCast(u32, 0x0)); + var x192: u32 = undefined; + var x193: u1 = undefined; + fiatP256AddcarryxU32(&x192, &x193, x191, x176, @intCast(u32, 0x0)); + var x194: u32 = undefined; + var x195: u32 = undefined; + fiatP256MulxU32(&x194, &x195, x178, 0xffffffff); + var x196: u32 = undefined; + var x197: u32 = undefined; + fiatP256MulxU32(&x196, &x197, x178, 0xffffffff); + var x198: u32 = undefined; + var x199: u32 = undefined; + fiatP256MulxU32(&x198, &x199, x178, 0xffffffff); + var x200: u32 = undefined; + var x201: u32 = undefined; + fiatP256MulxU32(&x200, &x201, x178, 0xffffffff); + var x202: u32 = undefined; + var x203: u1 = undefined; + fiatP256AddcarryxU32(&x202, &x203, 0x0, x201, x198); + var x204: u32 = undefined; + var x205: u1 = undefined; + fiatP256AddcarryxU32(&x204, &x205, x203, x199, x196); + var x206: u32 = undefined; + var x207: u1 = undefined; + fiatP256AddcarryxU32(&x206, &x207, 0x0, x178, x200); + var x208: u32 = undefined; + var x209: u1 = undefined; + fiatP256AddcarryxU32(&x208, &x209, x207, x180, x202); + var x210: u32 = undefined; + var x211: u1 = undefined; + fiatP256AddcarryxU32(&x210, &x211, x209, x182, x204); + var x212: u32 = undefined; + var x213: u1 = undefined; + fiatP256AddcarryxU32(&x212, &x213, x211, x184, (@intCast(u32, x205) + x197)); + var x214: u32 = undefined; + var x215: u1 = undefined; + fiatP256AddcarryxU32(&x214, &x215, x213, x186, @intCast(u32, 0x0)); + var x216: u32 = undefined; + var x217: u1 = undefined; + fiatP256AddcarryxU32(&x216, &x217, x215, x188, @intCast(u32, 0x0)); + var x218: u32 = undefined; + var x219: u1 = undefined; + fiatP256AddcarryxU32(&x218, &x219, x217, x190, x178); + var x220: u32 = undefined; + var x221: u1 = undefined; + fiatP256AddcarryxU32(&x220, &x221, x219, x192, x194); + var x222: u32 = undefined; + var x223: u1 = undefined; + fiatP256AddcarryxU32(&x222, &x223, x221, (@intCast(u32, x193) + @intCast(u32, x177)), x195); + var x224: u32 = undefined; + var x225: u1 = undefined; + fiatP256AddcarryxU32(&x224, &x225, 0x0, x208, (arg1[6])); + var x226: u32 = undefined; + var x227: u1 = undefined; + fiatP256AddcarryxU32(&x226, &x227, x225, x210, @intCast(u32, 0x0)); + var x228: u32 = undefined; + var x229: u1 = undefined; + fiatP256AddcarryxU32(&x228, &x229, x227, x212, @intCast(u32, 0x0)); + var x230: u32 = undefined; + var x231: u1 = undefined; + fiatP256AddcarryxU32(&x230, &x231, x229, x214, @intCast(u32, 0x0)); + var x232: u32 = undefined; + var x233: u1 = undefined; + fiatP256AddcarryxU32(&x232, &x233, x231, x216, @intCast(u32, 0x0)); + var x234: u32 = undefined; + var x235: u1 = undefined; + fiatP256AddcarryxU32(&x234, &x235, x233, x218, @intCast(u32, 0x0)); + var x236: u32 = undefined; + var x237: u1 = undefined; + fiatP256AddcarryxU32(&x236, &x237, x235, x220, @intCast(u32, 0x0)); + var x238: u32 = undefined; + var x239: u1 = undefined; + fiatP256AddcarryxU32(&x238, &x239, x237, x222, @intCast(u32, 0x0)); + var x240: u32 = undefined; + var x241: u32 = undefined; + fiatP256MulxU32(&x240, &x241, x224, 0xffffffff); + var x242: u32 = undefined; + var x243: u32 = undefined; + fiatP256MulxU32(&x242, &x243, x224, 0xffffffff); + var x244: u32 = undefined; + var x245: u32 = undefined; + fiatP256MulxU32(&x244, &x245, x224, 0xffffffff); + var x246: u32 = undefined; + var x247: u32 = undefined; + fiatP256MulxU32(&x246, &x247, x224, 0xffffffff); + var x248: u32 = undefined; + var x249: u1 = undefined; + fiatP256AddcarryxU32(&x248, &x249, 0x0, x247, x244); + var x250: u32 = undefined; + var x251: u1 = undefined; + fiatP256AddcarryxU32(&x250, &x251, x249, x245, x242); + var x252: u32 = undefined; + var x253: u1 = undefined; + fiatP256AddcarryxU32(&x252, &x253, 0x0, x224, x246); + var x254: u32 = undefined; + var x255: u1 = undefined; + fiatP256AddcarryxU32(&x254, &x255, x253, x226, x248); + var x256: u32 = undefined; + var x257: u1 = undefined; + fiatP256AddcarryxU32(&x256, &x257, x255, x228, x250); + var x258: u32 = undefined; + var x259: u1 = undefined; + fiatP256AddcarryxU32(&x258, &x259, x257, x230, (@intCast(u32, x251) + x243)); + var x260: u32 = undefined; + var x261: u1 = undefined; + fiatP256AddcarryxU32(&x260, &x261, x259, x232, @intCast(u32, 0x0)); + var x262: u32 = undefined; + var x263: u1 = undefined; + fiatP256AddcarryxU32(&x262, &x263, x261, x234, @intCast(u32, 0x0)); + var x264: u32 = undefined; + var x265: u1 = undefined; + fiatP256AddcarryxU32(&x264, &x265, x263, x236, x224); + var x266: u32 = undefined; + var x267: u1 = undefined; + fiatP256AddcarryxU32(&x266, &x267, x265, x238, x240); + var x268: u32 = undefined; + var x269: u1 = undefined; + fiatP256AddcarryxU32(&x268, &x269, x267, (@intCast(u32, x239) + @intCast(u32, x223)), x241); + var x270: u32 = undefined; + var x271: u1 = undefined; + fiatP256AddcarryxU32(&x270, &x271, 0x0, x254, (arg1[7])); + var x272: u32 = undefined; + var x273: u1 = undefined; + fiatP256AddcarryxU32(&x272, &x273, x271, x256, @intCast(u32, 0x0)); + var x274: u32 = undefined; + var x275: u1 = undefined; + fiatP256AddcarryxU32(&x274, &x275, x273, x258, @intCast(u32, 0x0)); + var x276: u32 = undefined; + var x277: u1 = undefined; + fiatP256AddcarryxU32(&x276, &x277, x275, x260, @intCast(u32, 0x0)); + var x278: u32 = undefined; + var x279: u1 = undefined; + fiatP256AddcarryxU32(&x278, &x279, x277, x262, @intCast(u32, 0x0)); + var x280: u32 = undefined; + var x281: u1 = undefined; + fiatP256AddcarryxU32(&x280, &x281, x279, x264, @intCast(u32, 0x0)); + var x282: u32 = undefined; + var x283: u1 = undefined; + fiatP256AddcarryxU32(&x282, &x283, x281, x266, @intCast(u32, 0x0)); + var x284: u32 = undefined; + var x285: u1 = undefined; + fiatP256AddcarryxU32(&x284, &x285, x283, x268, @intCast(u32, 0x0)); + var x286: u32 = undefined; + var x287: u32 = undefined; + fiatP256MulxU32(&x286, &x287, x270, 0xffffffff); + var x288: u32 = undefined; + var x289: u32 = undefined; + fiatP256MulxU32(&x288, &x289, x270, 0xffffffff); + var x290: u32 = undefined; + var x291: u32 = undefined; + fiatP256MulxU32(&x290, &x291, x270, 0xffffffff); + var x292: u32 = undefined; + var x293: u32 = undefined; + fiatP256MulxU32(&x292, &x293, x270, 0xffffffff); + var x294: u32 = undefined; + var x295: u1 = undefined; + fiatP256AddcarryxU32(&x294, &x295, 0x0, x293, x290); + var x296: u32 = undefined; + var x297: u1 = undefined; + fiatP256AddcarryxU32(&x296, &x297, x295, x291, x288); + var x298: u32 = undefined; + var x299: u1 = undefined; + fiatP256AddcarryxU32(&x298, &x299, 0x0, x270, x292); + var x300: u32 = undefined; + var x301: u1 = undefined; + fiatP256AddcarryxU32(&x300, &x301, x299, x272, x294); + var x302: u32 = undefined; + var x303: u1 = undefined; + fiatP256AddcarryxU32(&x302, &x303, x301, x274, x296); + var x304: u32 = undefined; + var x305: u1 = undefined; + fiatP256AddcarryxU32(&x304, &x305, x303, x276, (@intCast(u32, x297) + x289)); + var x306: u32 = undefined; + var x307: u1 = undefined; + fiatP256AddcarryxU32(&x306, &x307, x305, x278, @intCast(u32, 0x0)); + var x308: u32 = undefined; + var x309: u1 = undefined; + fiatP256AddcarryxU32(&x308, &x309, x307, x280, @intCast(u32, 0x0)); + var x310: u32 = undefined; + var x311: u1 = undefined; + fiatP256AddcarryxU32(&x310, &x311, x309, x282, x270); + var x312: u32 = undefined; + var x313: u1 = undefined; + fiatP256AddcarryxU32(&x312, &x313, x311, x284, x286); + var x314: u32 = undefined; + var x315: u1 = undefined; + fiatP256AddcarryxU32(&x314, &x315, x313, (@intCast(u32, x285) + @intCast(u32, x269)), x287); + var x316: u32 = undefined; + var x317: u1 = undefined; + fiatP256SubborrowxU32(&x316, &x317, 0x0, x300, 0xffffffff); + var x318: u32 = undefined; + var x319: u1 = undefined; + fiatP256SubborrowxU32(&x318, &x319, x317, x302, 0xffffffff); + var x320: u32 = undefined; + var x321: u1 = undefined; + fiatP256SubborrowxU32(&x320, &x321, x319, x304, 0xffffffff); + var x322: u32 = undefined; + var x323: u1 = undefined; + fiatP256SubborrowxU32(&x322, &x323, x321, x306, @intCast(u32, 0x0)); + var x324: u32 = undefined; + var x325: u1 = undefined; + fiatP256SubborrowxU32(&x324, &x325, x323, x308, @intCast(u32, 0x0)); + var x326: u32 = undefined; + var x327: u1 = undefined; + fiatP256SubborrowxU32(&x326, &x327, x325, x310, @intCast(u32, 0x0)); + var x328: u32 = undefined; + var x329: u1 = undefined; + fiatP256SubborrowxU32(&x328, &x329, x327, x312, @intCast(u32, 0x1)); + var x330: u32 = undefined; + var x331: u1 = undefined; + fiatP256SubborrowxU32(&x330, &x331, x329, x314, 0xffffffff); + var x332: u32 = undefined; + var x333: u1 = undefined; + fiatP256SubborrowxU32(&x332, &x333, x331, @intCast(u32, x315), @intCast(u32, 0x0)); + var x334: u32 = undefined; + fiatP256CmovznzU32(&x334, x333, x316, x300); + var x335: u32 = undefined; + fiatP256CmovznzU32(&x335, x333, x318, x302); + var x336: u32 = undefined; + fiatP256CmovznzU32(&x336, x333, x320, x304); + var x337: u32 = undefined; + fiatP256CmovznzU32(&x337, x333, x322, x306); + var x338: u32 = undefined; + fiatP256CmovznzU32(&x338, x333, x324, x308); + var x339: u32 = undefined; + fiatP256CmovznzU32(&x339, x333, x326, x310); + var x340: u32 = undefined; + fiatP256CmovznzU32(&x340, x333, x328, x312); + var x341: u32 = undefined; + fiatP256CmovznzU32(&x341, x333, x330, x314); + out1[0] = x334; + out1[1] = x335; + out1[2] = x336; + out1[3] = x337; + out1[4] = x338; + out1[5] = x339; + out1[6] = x340; + out1[7] = x341; +} + +/// The function fiatP256ToMontgomery translates a field element into the Montgomery domain. +/// Preconditions: +/// 0 ≤ eval arg1 < m +/// Postconditions: +/// eval (from_montgomery out1) mod m = eval arg1 mod m +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +pub fn fiatP256ToMontgomery(out1: *[8]u32, arg1: [8]u32) void { + const x1: u32 = (arg1[1]); + const x2: u32 = (arg1[2]); + const x3: u32 = (arg1[3]); + const x4: u32 = (arg1[4]); + const x5: u32 = (arg1[5]); + const x6: u32 = (arg1[6]); + const x7: u32 = (arg1[7]); + const x8: u32 = (arg1[0]); + var x9: u32 = undefined; + var x10: u32 = undefined; + fiatP256MulxU32(&x9, &x10, x8, 0x4); + var x11: u32 = undefined; + var x12: u32 = undefined; + fiatP256MulxU32(&x11, &x12, x8, 0xfffffffd); + var x13: u32 = undefined; + var x14: u32 = undefined; + fiatP256MulxU32(&x13, &x14, x8, 0xffffffff); + var x15: u32 = undefined; + var x16: u32 = undefined; + fiatP256MulxU32(&x15, &x16, x8, 0xfffffffe); + var x17: u32 = undefined; + var x18: u32 = undefined; + fiatP256MulxU32(&x17, &x18, x8, 0xfffffffb); + var x19: u32 = undefined; + var x20: u32 = undefined; + fiatP256MulxU32(&x19, &x20, x8, 0xffffffff); + var x21: u32 = undefined; + var x22: u32 = undefined; + fiatP256MulxU32(&x21, &x22, x8, 0x3); + var x23: u32 = undefined; + var x24: u1 = undefined; + fiatP256AddcarryxU32(&x23, &x24, 0x0, x20, x17); + var x25: u32 = undefined; + var x26: u1 = undefined; + fiatP256AddcarryxU32(&x25, &x26, x24, x18, x15); + var x27: u32 = undefined; + var x28: u1 = undefined; + fiatP256AddcarryxU32(&x27, &x28, x26, x16, x13); + var x29: u32 = undefined; + var x30: u1 = undefined; + fiatP256AddcarryxU32(&x29, &x30, x28, x14, x11); + var x31: u32 = undefined; + var x32: u1 = undefined; + fiatP256AddcarryxU32(&x31, &x32, x30, x12, x9); + var x33: u32 = undefined; + var x34: u32 = undefined; + fiatP256MulxU32(&x33, &x34, x21, 0xffffffff); + var x35: u32 = undefined; + var x36: u32 = undefined; + fiatP256MulxU32(&x35, &x36, x21, 0xffffffff); + var x37: u32 = undefined; + var x38: u32 = undefined; + fiatP256MulxU32(&x37, &x38, x21, 0xffffffff); + var x39: u32 = undefined; + var x40: u32 = undefined; + fiatP256MulxU32(&x39, &x40, x21, 0xffffffff); + var x41: u32 = undefined; + var x42: u1 = undefined; + fiatP256AddcarryxU32(&x41, &x42, 0x0, x40, x37); + var x43: u32 = undefined; + var x44: u1 = undefined; + fiatP256AddcarryxU32(&x43, &x44, x42, x38, x35); + var x45: u32 = undefined; + var x46: u1 = undefined; + fiatP256AddcarryxU32(&x45, &x46, 0x0, x21, x39); + var x47: u32 = undefined; + var x48: u1 = undefined; + fiatP256AddcarryxU32(&x47, &x48, x46, x22, x41); + var x49: u32 = undefined; + var x50: u1 = undefined; + fiatP256AddcarryxU32(&x49, &x50, x48, x19, x43); + var x51: u32 = undefined; + var x52: u1 = undefined; + fiatP256AddcarryxU32(&x51, &x52, x50, x23, (@intCast(u32, x44) + x36)); + var x53: u32 = undefined; + var x54: u1 = undefined; + fiatP256AddcarryxU32(&x53, &x54, x52, x25, @intCast(u32, 0x0)); + var x55: u32 = undefined; + var x56: u1 = undefined; + fiatP256AddcarryxU32(&x55, &x56, x54, x27, @intCast(u32, 0x0)); + var x57: u32 = undefined; + var x58: u1 = undefined; + fiatP256AddcarryxU32(&x57, &x58, x56, x29, x21); + var x59: u32 = undefined; + var x60: u1 = undefined; + fiatP256AddcarryxU32(&x59, &x60, x58, x31, x33); + var x61: u32 = undefined; + var x62: u1 = undefined; + fiatP256AddcarryxU32(&x61, &x62, x60, (@intCast(u32, x32) + x10), x34); + var x63: u32 = undefined; + var x64: u32 = undefined; + fiatP256MulxU32(&x63, &x64, x1, 0x4); + var x65: u32 = undefined; + var x66: u32 = undefined; + fiatP256MulxU32(&x65, &x66, x1, 0xfffffffd); + var x67: u32 = undefined; + var x68: u32 = undefined; + fiatP256MulxU32(&x67, &x68, x1, 0xffffffff); + var x69: u32 = undefined; + var x70: u32 = undefined; + fiatP256MulxU32(&x69, &x70, x1, 0xfffffffe); + var x71: u32 = undefined; + var x72: u32 = undefined; + fiatP256MulxU32(&x71, &x72, x1, 0xfffffffb); + var x73: u32 = undefined; + var x74: u32 = undefined; + fiatP256MulxU32(&x73, &x74, x1, 0xffffffff); + var x75: u32 = undefined; + var x76: u32 = undefined; + fiatP256MulxU32(&x75, &x76, x1, 0x3); + var x77: u32 = undefined; + var x78: u1 = undefined; + fiatP256AddcarryxU32(&x77, &x78, 0x0, x74, x71); + var x79: u32 = undefined; + var x80: u1 = undefined; + fiatP256AddcarryxU32(&x79, &x80, x78, x72, x69); + var x81: u32 = undefined; + var x82: u1 = undefined; + fiatP256AddcarryxU32(&x81, &x82, x80, x70, x67); + var x83: u32 = undefined; + var x84: u1 = undefined; + fiatP256AddcarryxU32(&x83, &x84, x82, x68, x65); + var x85: u32 = undefined; + var x86: u1 = undefined; + fiatP256AddcarryxU32(&x85, &x86, x84, x66, x63); + var x87: u32 = undefined; + var x88: u1 = undefined; + fiatP256AddcarryxU32(&x87, &x88, 0x0, x47, x75); + var x89: u32 = undefined; + var x90: u1 = undefined; + fiatP256AddcarryxU32(&x89, &x90, x88, x49, x76); + var x91: u32 = undefined; + var x92: u1 = undefined; + fiatP256AddcarryxU32(&x91, &x92, x90, x51, x73); + var x93: u32 = undefined; + var x94: u1 = undefined; + fiatP256AddcarryxU32(&x93, &x94, x92, x53, x77); + var x95: u32 = undefined; + var x96: u1 = undefined; + fiatP256AddcarryxU32(&x95, &x96, x94, x55, x79); + var x97: u32 = undefined; + var x98: u1 = undefined; + fiatP256AddcarryxU32(&x97, &x98, x96, x57, x81); + var x99: u32 = undefined; + var x100: u1 = undefined; + fiatP256AddcarryxU32(&x99, &x100, x98, x59, x83); + var x101: u32 = undefined; + var x102: u1 = undefined; + fiatP256AddcarryxU32(&x101, &x102, x100, x61, x85); + var x103: u32 = undefined; + var x104: u32 = undefined; + fiatP256MulxU32(&x103, &x104, x87, 0xffffffff); + var x105: u32 = undefined; + var x106: u32 = undefined; + fiatP256MulxU32(&x105, &x106, x87, 0xffffffff); + var x107: u32 = undefined; + var x108: u32 = undefined; + fiatP256MulxU32(&x107, &x108, x87, 0xffffffff); + var x109: u32 = undefined; + var x110: u32 = undefined; + fiatP256MulxU32(&x109, &x110, x87, 0xffffffff); + var x111: u32 = undefined; + var x112: u1 = undefined; + fiatP256AddcarryxU32(&x111, &x112, 0x0, x110, x107); + var x113: u32 = undefined; + var x114: u1 = undefined; + fiatP256AddcarryxU32(&x113, &x114, x112, x108, x105); + var x115: u32 = undefined; + var x116: u1 = undefined; + fiatP256AddcarryxU32(&x115, &x116, 0x0, x87, x109); + var x117: u32 = undefined; + var x118: u1 = undefined; + fiatP256AddcarryxU32(&x117, &x118, x116, x89, x111); + var x119: u32 = undefined; + var x120: u1 = undefined; + fiatP256AddcarryxU32(&x119, &x120, x118, x91, x113); + var x121: u32 = undefined; + var x122: u1 = undefined; + fiatP256AddcarryxU32(&x121, &x122, x120, x93, (@intCast(u32, x114) + x106)); + var x123: u32 = undefined; + var x124: u1 = undefined; + fiatP256AddcarryxU32(&x123, &x124, x122, x95, @intCast(u32, 0x0)); + var x125: u32 = undefined; + var x126: u1 = undefined; + fiatP256AddcarryxU32(&x125, &x126, x124, x97, @intCast(u32, 0x0)); + var x127: u32 = undefined; + var x128: u1 = undefined; + fiatP256AddcarryxU32(&x127, &x128, x126, x99, x87); + var x129: u32 = undefined; + var x130: u1 = undefined; + fiatP256AddcarryxU32(&x129, &x130, x128, x101, x103); + var x131: u32 = undefined; + var x132: u1 = undefined; + fiatP256AddcarryxU32(&x131, &x132, x130, ((@intCast(u32, x102) + @intCast(u32, x62)) + (@intCast(u32, x86) + x64)), x104); + var x133: u32 = undefined; + var x134: u32 = undefined; + fiatP256MulxU32(&x133, &x134, x2, 0x4); + var x135: u32 = undefined; + var x136: u32 = undefined; + fiatP256MulxU32(&x135, &x136, x2, 0xfffffffd); + var x137: u32 = undefined; + var x138: u32 = undefined; + fiatP256MulxU32(&x137, &x138, x2, 0xffffffff); + var x139: u32 = undefined; + var x140: u32 = undefined; + fiatP256MulxU32(&x139, &x140, x2, 0xfffffffe); + var x141: u32 = undefined; + var x142: u32 = undefined; + fiatP256MulxU32(&x141, &x142, x2, 0xfffffffb); + var x143: u32 = undefined; + var x144: u32 = undefined; + fiatP256MulxU32(&x143, &x144, x2, 0xffffffff); + var x145: u32 = undefined; + var x146: u32 = undefined; + fiatP256MulxU32(&x145, &x146, x2, 0x3); + var x147: u32 = undefined; + var x148: u1 = undefined; + fiatP256AddcarryxU32(&x147, &x148, 0x0, x144, x141); + var x149: u32 = undefined; + var x150: u1 = undefined; + fiatP256AddcarryxU32(&x149, &x150, x148, x142, x139); + var x151: u32 = undefined; + var x152: u1 = undefined; + fiatP256AddcarryxU32(&x151, &x152, x150, x140, x137); + var x153: u32 = undefined; + var x154: u1 = undefined; + fiatP256AddcarryxU32(&x153, &x154, x152, x138, x135); + var x155: u32 = undefined; + var x156: u1 = undefined; + fiatP256AddcarryxU32(&x155, &x156, x154, x136, x133); + var x157: u32 = undefined; + var x158: u1 = undefined; + fiatP256AddcarryxU32(&x157, &x158, 0x0, x117, x145); + var x159: u32 = undefined; + var x160: u1 = undefined; + fiatP256AddcarryxU32(&x159, &x160, x158, x119, x146); + var x161: u32 = undefined; + var x162: u1 = undefined; + fiatP256AddcarryxU32(&x161, &x162, x160, x121, x143); + var x163: u32 = undefined; + var x164: u1 = undefined; + fiatP256AddcarryxU32(&x163, &x164, x162, x123, x147); + var x165: u32 = undefined; + var x166: u1 = undefined; + fiatP256AddcarryxU32(&x165, &x166, x164, x125, x149); + var x167: u32 = undefined; + var x168: u1 = undefined; + fiatP256AddcarryxU32(&x167, &x168, x166, x127, x151); + var x169: u32 = undefined; + var x170: u1 = undefined; + fiatP256AddcarryxU32(&x169, &x170, x168, x129, x153); + var x171: u32 = undefined; + var x172: u1 = undefined; + fiatP256AddcarryxU32(&x171, &x172, x170, x131, x155); + var x173: u32 = undefined; + var x174: u32 = undefined; + fiatP256MulxU32(&x173, &x174, x157, 0xffffffff); + var x175: u32 = undefined; + var x176: u32 = undefined; + fiatP256MulxU32(&x175, &x176, x157, 0xffffffff); + var x177: u32 = undefined; + var x178: u32 = undefined; + fiatP256MulxU32(&x177, &x178, x157, 0xffffffff); + var x179: u32 = undefined; + var x180: u32 = undefined; + fiatP256MulxU32(&x179, &x180, x157, 0xffffffff); + var x181: u32 = undefined; + var x182: u1 = undefined; + fiatP256AddcarryxU32(&x181, &x182, 0x0, x180, x177); + var x183: u32 = undefined; + var x184: u1 = undefined; + fiatP256AddcarryxU32(&x183, &x184, x182, x178, x175); + var x185: u32 = undefined; + var x186: u1 = undefined; + fiatP256AddcarryxU32(&x185, &x186, 0x0, x157, x179); + var x187: u32 = undefined; + var x188: u1 = undefined; + fiatP256AddcarryxU32(&x187, &x188, x186, x159, x181); + var x189: u32 = undefined; + var x190: u1 = undefined; + fiatP256AddcarryxU32(&x189, &x190, x188, x161, x183); + var x191: u32 = undefined; + var x192: u1 = undefined; + fiatP256AddcarryxU32(&x191, &x192, x190, x163, (@intCast(u32, x184) + x176)); + var x193: u32 = undefined; + var x194: u1 = undefined; + fiatP256AddcarryxU32(&x193, &x194, x192, x165, @intCast(u32, 0x0)); + var x195: u32 = undefined; + var x196: u1 = undefined; + fiatP256AddcarryxU32(&x195, &x196, x194, x167, @intCast(u32, 0x0)); + var x197: u32 = undefined; + var x198: u1 = undefined; + fiatP256AddcarryxU32(&x197, &x198, x196, x169, x157); + var x199: u32 = undefined; + var x200: u1 = undefined; + fiatP256AddcarryxU32(&x199, &x200, x198, x171, x173); + var x201: u32 = undefined; + var x202: u1 = undefined; + fiatP256AddcarryxU32(&x201, &x202, x200, ((@intCast(u32, x172) + @intCast(u32, x132)) + (@intCast(u32, x156) + x134)), x174); + var x203: u32 = undefined; + var x204: u32 = undefined; + fiatP256MulxU32(&x203, &x204, x3, 0x4); + var x205: u32 = undefined; + var x206: u32 = undefined; + fiatP256MulxU32(&x205, &x206, x3, 0xfffffffd); + var x207: u32 = undefined; + var x208: u32 = undefined; + fiatP256MulxU32(&x207, &x208, x3, 0xffffffff); + var x209: u32 = undefined; + var x210: u32 = undefined; + fiatP256MulxU32(&x209, &x210, x3, 0xfffffffe); + var x211: u32 = undefined; + var x212: u32 = undefined; + fiatP256MulxU32(&x211, &x212, x3, 0xfffffffb); + var x213: u32 = undefined; + var x214: u32 = undefined; + fiatP256MulxU32(&x213, &x214, x3, 0xffffffff); + var x215: u32 = undefined; + var x216: u32 = undefined; + fiatP256MulxU32(&x215, &x216, x3, 0x3); + var x217: u32 = undefined; + var x218: u1 = undefined; + fiatP256AddcarryxU32(&x217, &x218, 0x0, x214, x211); + var x219: u32 = undefined; + var x220: u1 = undefined; + fiatP256AddcarryxU32(&x219, &x220, x218, x212, x209); + var x221: u32 = undefined; + var x222: u1 = undefined; + fiatP256AddcarryxU32(&x221, &x222, x220, x210, x207); + var x223: u32 = undefined; + var x224: u1 = undefined; + fiatP256AddcarryxU32(&x223, &x224, x222, x208, x205); + var x225: u32 = undefined; + var x226: u1 = undefined; + fiatP256AddcarryxU32(&x225, &x226, x224, x206, x203); + var x227: u32 = undefined; + var x228: u1 = undefined; + fiatP256AddcarryxU32(&x227, &x228, 0x0, x187, x215); + var x229: u32 = undefined; + var x230: u1 = undefined; + fiatP256AddcarryxU32(&x229, &x230, x228, x189, x216); + var x231: u32 = undefined; + var x232: u1 = undefined; + fiatP256AddcarryxU32(&x231, &x232, x230, x191, x213); + var x233: u32 = undefined; + var x234: u1 = undefined; + fiatP256AddcarryxU32(&x233, &x234, x232, x193, x217); + var x235: u32 = undefined; + var x236: u1 = undefined; + fiatP256AddcarryxU32(&x235, &x236, x234, x195, x219); + var x237: u32 = undefined; + var x238: u1 = undefined; + fiatP256AddcarryxU32(&x237, &x238, x236, x197, x221); + var x239: u32 = undefined; + var x240: u1 = undefined; + fiatP256AddcarryxU32(&x239, &x240, x238, x199, x223); + var x241: u32 = undefined; + var x242: u1 = undefined; + fiatP256AddcarryxU32(&x241, &x242, x240, x201, x225); + var x243: u32 = undefined; + var x244: u32 = undefined; + fiatP256MulxU32(&x243, &x244, x227, 0xffffffff); + var x245: u32 = undefined; + var x246: u32 = undefined; + fiatP256MulxU32(&x245, &x246, x227, 0xffffffff); + var x247: u32 = undefined; + var x248: u32 = undefined; + fiatP256MulxU32(&x247, &x248, x227, 0xffffffff); + var x249: u32 = undefined; + var x250: u32 = undefined; + fiatP256MulxU32(&x249, &x250, x227, 0xffffffff); + var x251: u32 = undefined; + var x252: u1 = undefined; + fiatP256AddcarryxU32(&x251, &x252, 0x0, x250, x247); + var x253: u32 = undefined; + var x254: u1 = undefined; + fiatP256AddcarryxU32(&x253, &x254, x252, x248, x245); + var x255: u32 = undefined; + var x256: u1 = undefined; + fiatP256AddcarryxU32(&x255, &x256, 0x0, x227, x249); + var x257: u32 = undefined; + var x258: u1 = undefined; + fiatP256AddcarryxU32(&x257, &x258, x256, x229, x251); + var x259: u32 = undefined; + var x260: u1 = undefined; + fiatP256AddcarryxU32(&x259, &x260, x258, x231, x253); + var x261: u32 = undefined; + var x262: u1 = undefined; + fiatP256AddcarryxU32(&x261, &x262, x260, x233, (@intCast(u32, x254) + x246)); + var x263: u32 = undefined; + var x264: u1 = undefined; + fiatP256AddcarryxU32(&x263, &x264, x262, x235, @intCast(u32, 0x0)); + var x265: u32 = undefined; + var x266: u1 = undefined; + fiatP256AddcarryxU32(&x265, &x266, x264, x237, @intCast(u32, 0x0)); + var x267: u32 = undefined; + var x268: u1 = undefined; + fiatP256AddcarryxU32(&x267, &x268, x266, x239, x227); + var x269: u32 = undefined; + var x270: u1 = undefined; + fiatP256AddcarryxU32(&x269, &x270, x268, x241, x243); + var x271: u32 = undefined; + var x272: u1 = undefined; + fiatP256AddcarryxU32(&x271, &x272, x270, ((@intCast(u32, x242) + @intCast(u32, x202)) + (@intCast(u32, x226) + x204)), x244); + var x273: u32 = undefined; + var x274: u32 = undefined; + fiatP256MulxU32(&x273, &x274, x4, 0x4); + var x275: u32 = undefined; + var x276: u32 = undefined; + fiatP256MulxU32(&x275, &x276, x4, 0xfffffffd); + var x277: u32 = undefined; + var x278: u32 = undefined; + fiatP256MulxU32(&x277, &x278, x4, 0xffffffff); + var x279: u32 = undefined; + var x280: u32 = undefined; + fiatP256MulxU32(&x279, &x280, x4, 0xfffffffe); + var x281: u32 = undefined; + var x282: u32 = undefined; + fiatP256MulxU32(&x281, &x282, x4, 0xfffffffb); + var x283: u32 = undefined; + var x284: u32 = undefined; + fiatP256MulxU32(&x283, &x284, x4, 0xffffffff); + var x285: u32 = undefined; + var x286: u32 = undefined; + fiatP256MulxU32(&x285, &x286, x4, 0x3); + var x287: u32 = undefined; + var x288: u1 = undefined; + fiatP256AddcarryxU32(&x287, &x288, 0x0, x284, x281); + var x289: u32 = undefined; + var x290: u1 = undefined; + fiatP256AddcarryxU32(&x289, &x290, x288, x282, x279); + var x291: u32 = undefined; + var x292: u1 = undefined; + fiatP256AddcarryxU32(&x291, &x292, x290, x280, x277); + var x293: u32 = undefined; + var x294: u1 = undefined; + fiatP256AddcarryxU32(&x293, &x294, x292, x278, x275); + var x295: u32 = undefined; + var x296: u1 = undefined; + fiatP256AddcarryxU32(&x295, &x296, x294, x276, x273); + var x297: u32 = undefined; + var x298: u1 = undefined; + fiatP256AddcarryxU32(&x297, &x298, 0x0, x257, x285); + var x299: u32 = undefined; + var x300: u1 = undefined; + fiatP256AddcarryxU32(&x299, &x300, x298, x259, x286); + var x301: u32 = undefined; + var x302: u1 = undefined; + fiatP256AddcarryxU32(&x301, &x302, x300, x261, x283); + var x303: u32 = undefined; + var x304: u1 = undefined; + fiatP256AddcarryxU32(&x303, &x304, x302, x263, x287); + var x305: u32 = undefined; + var x306: u1 = undefined; + fiatP256AddcarryxU32(&x305, &x306, x304, x265, x289); + var x307: u32 = undefined; + var x308: u1 = undefined; + fiatP256AddcarryxU32(&x307, &x308, x306, x267, x291); + var x309: u32 = undefined; + var x310: u1 = undefined; + fiatP256AddcarryxU32(&x309, &x310, x308, x269, x293); + var x311: u32 = undefined; + var x312: u1 = undefined; + fiatP256AddcarryxU32(&x311, &x312, x310, x271, x295); + var x313: u32 = undefined; + var x314: u32 = undefined; + fiatP256MulxU32(&x313, &x314, x297, 0xffffffff); + var x315: u32 = undefined; + var x316: u32 = undefined; + fiatP256MulxU32(&x315, &x316, x297, 0xffffffff); + var x317: u32 = undefined; + var x318: u32 = undefined; + fiatP256MulxU32(&x317, &x318, x297, 0xffffffff); + var x319: u32 = undefined; + var x320: u32 = undefined; + fiatP256MulxU32(&x319, &x320, x297, 0xffffffff); + var x321: u32 = undefined; + var x322: u1 = undefined; + fiatP256AddcarryxU32(&x321, &x322, 0x0, x320, x317); + var x323: u32 = undefined; + var x324: u1 = undefined; + fiatP256AddcarryxU32(&x323, &x324, x322, x318, x315); + var x325: u32 = undefined; + var x326: u1 = undefined; + fiatP256AddcarryxU32(&x325, &x326, 0x0, x297, x319); + var x327: u32 = undefined; + var x328: u1 = undefined; + fiatP256AddcarryxU32(&x327, &x328, x326, x299, x321); + var x329: u32 = undefined; + var x330: u1 = undefined; + fiatP256AddcarryxU32(&x329, &x330, x328, x301, x323); + var x331: u32 = undefined; + var x332: u1 = undefined; + fiatP256AddcarryxU32(&x331, &x332, x330, x303, (@intCast(u32, x324) + x316)); + var x333: u32 = undefined; + var x334: u1 = undefined; + fiatP256AddcarryxU32(&x333, &x334, x332, x305, @intCast(u32, 0x0)); + var x335: u32 = undefined; + var x336: u1 = undefined; + fiatP256AddcarryxU32(&x335, &x336, x334, x307, @intCast(u32, 0x0)); + var x337: u32 = undefined; + var x338: u1 = undefined; + fiatP256AddcarryxU32(&x337, &x338, x336, x309, x297); + var x339: u32 = undefined; + var x340: u1 = undefined; + fiatP256AddcarryxU32(&x339, &x340, x338, x311, x313); + var x341: u32 = undefined; + var x342: u1 = undefined; + fiatP256AddcarryxU32(&x341, &x342, x340, ((@intCast(u32, x312) + @intCast(u32, x272)) + (@intCast(u32, x296) + x274)), x314); + var x343: u32 = undefined; + var x344: u32 = undefined; + fiatP256MulxU32(&x343, &x344, x5, 0x4); + var x345: u32 = undefined; + var x346: u32 = undefined; + fiatP256MulxU32(&x345, &x346, x5, 0xfffffffd); + var x347: u32 = undefined; + var x348: u32 = undefined; + fiatP256MulxU32(&x347, &x348, x5, 0xffffffff); + var x349: u32 = undefined; + var x350: u32 = undefined; + fiatP256MulxU32(&x349, &x350, x5, 0xfffffffe); + var x351: u32 = undefined; + var x352: u32 = undefined; + fiatP256MulxU32(&x351, &x352, x5, 0xfffffffb); + var x353: u32 = undefined; + var x354: u32 = undefined; + fiatP256MulxU32(&x353, &x354, x5, 0xffffffff); + var x355: u32 = undefined; + var x356: u32 = undefined; + fiatP256MulxU32(&x355, &x356, x5, 0x3); + var x357: u32 = undefined; + var x358: u1 = undefined; + fiatP256AddcarryxU32(&x357, &x358, 0x0, x354, x351); + var x359: u32 = undefined; + var x360: u1 = undefined; + fiatP256AddcarryxU32(&x359, &x360, x358, x352, x349); + var x361: u32 = undefined; + var x362: u1 = undefined; + fiatP256AddcarryxU32(&x361, &x362, x360, x350, x347); + var x363: u32 = undefined; + var x364: u1 = undefined; + fiatP256AddcarryxU32(&x363, &x364, x362, x348, x345); + var x365: u32 = undefined; + var x366: u1 = undefined; + fiatP256AddcarryxU32(&x365, &x366, x364, x346, x343); + var x367: u32 = undefined; + var x368: u1 = undefined; + fiatP256AddcarryxU32(&x367, &x368, 0x0, x327, x355); + var x369: u32 = undefined; + var x370: u1 = undefined; + fiatP256AddcarryxU32(&x369, &x370, x368, x329, x356); + var x371: u32 = undefined; + var x372: u1 = undefined; + fiatP256AddcarryxU32(&x371, &x372, x370, x331, x353); + var x373: u32 = undefined; + var x374: u1 = undefined; + fiatP256AddcarryxU32(&x373, &x374, x372, x333, x357); + var x375: u32 = undefined; + var x376: u1 = undefined; + fiatP256AddcarryxU32(&x375, &x376, x374, x335, x359); + var x377: u32 = undefined; + var x378: u1 = undefined; + fiatP256AddcarryxU32(&x377, &x378, x376, x337, x361); + var x379: u32 = undefined; + var x380: u1 = undefined; + fiatP256AddcarryxU32(&x379, &x380, x378, x339, x363); + var x381: u32 = undefined; + var x382: u1 = undefined; + fiatP256AddcarryxU32(&x381, &x382, x380, x341, x365); + var x383: u32 = undefined; + var x384: u32 = undefined; + fiatP256MulxU32(&x383, &x384, x367, 0xffffffff); + var x385: u32 = undefined; + var x386: u32 = undefined; + fiatP256MulxU32(&x385, &x386, x367, 0xffffffff); + var x387: u32 = undefined; + var x388: u32 = undefined; + fiatP256MulxU32(&x387, &x388, x367, 0xffffffff); + var x389: u32 = undefined; + var x390: u32 = undefined; + fiatP256MulxU32(&x389, &x390, x367, 0xffffffff); + var x391: u32 = undefined; + var x392: u1 = undefined; + fiatP256AddcarryxU32(&x391, &x392, 0x0, x390, x387); + var x393: u32 = undefined; + var x394: u1 = undefined; + fiatP256AddcarryxU32(&x393, &x394, x392, x388, x385); + var x395: u32 = undefined; + var x396: u1 = undefined; + fiatP256AddcarryxU32(&x395, &x396, 0x0, x367, x389); + var x397: u32 = undefined; + var x398: u1 = undefined; + fiatP256AddcarryxU32(&x397, &x398, x396, x369, x391); + var x399: u32 = undefined; + var x400: u1 = undefined; + fiatP256AddcarryxU32(&x399, &x400, x398, x371, x393); + var x401: u32 = undefined; + var x402: u1 = undefined; + fiatP256AddcarryxU32(&x401, &x402, x400, x373, (@intCast(u32, x394) + x386)); + var x403: u32 = undefined; + var x404: u1 = undefined; + fiatP256AddcarryxU32(&x403, &x404, x402, x375, @intCast(u32, 0x0)); + var x405: u32 = undefined; + var x406: u1 = undefined; + fiatP256AddcarryxU32(&x405, &x406, x404, x377, @intCast(u32, 0x0)); + var x407: u32 = undefined; + var x408: u1 = undefined; + fiatP256AddcarryxU32(&x407, &x408, x406, x379, x367); + var x409: u32 = undefined; + var x410: u1 = undefined; + fiatP256AddcarryxU32(&x409, &x410, x408, x381, x383); + var x411: u32 = undefined; + var x412: u1 = undefined; + fiatP256AddcarryxU32(&x411, &x412, x410, ((@intCast(u32, x382) + @intCast(u32, x342)) + (@intCast(u32, x366) + x344)), x384); + var x413: u32 = undefined; + var x414: u32 = undefined; + fiatP256MulxU32(&x413, &x414, x6, 0x4); + var x415: u32 = undefined; + var x416: u32 = undefined; + fiatP256MulxU32(&x415, &x416, x6, 0xfffffffd); + var x417: u32 = undefined; + var x418: u32 = undefined; + fiatP256MulxU32(&x417, &x418, x6, 0xffffffff); + var x419: u32 = undefined; + var x420: u32 = undefined; + fiatP256MulxU32(&x419, &x420, x6, 0xfffffffe); + var x421: u32 = undefined; + var x422: u32 = undefined; + fiatP256MulxU32(&x421, &x422, x6, 0xfffffffb); + var x423: u32 = undefined; + var x424: u32 = undefined; + fiatP256MulxU32(&x423, &x424, x6, 0xffffffff); + var x425: u32 = undefined; + var x426: u32 = undefined; + fiatP256MulxU32(&x425, &x426, x6, 0x3); + var x427: u32 = undefined; + var x428: u1 = undefined; + fiatP256AddcarryxU32(&x427, &x428, 0x0, x424, x421); + var x429: u32 = undefined; + var x430: u1 = undefined; + fiatP256AddcarryxU32(&x429, &x430, x428, x422, x419); + var x431: u32 = undefined; + var x432: u1 = undefined; + fiatP256AddcarryxU32(&x431, &x432, x430, x420, x417); + var x433: u32 = undefined; + var x434: u1 = undefined; + fiatP256AddcarryxU32(&x433, &x434, x432, x418, x415); + var x435: u32 = undefined; + var x436: u1 = undefined; + fiatP256AddcarryxU32(&x435, &x436, x434, x416, x413); + var x437: u32 = undefined; + var x438: u1 = undefined; + fiatP256AddcarryxU32(&x437, &x438, 0x0, x397, x425); + var x439: u32 = undefined; + var x440: u1 = undefined; + fiatP256AddcarryxU32(&x439, &x440, x438, x399, x426); + var x441: u32 = undefined; + var x442: u1 = undefined; + fiatP256AddcarryxU32(&x441, &x442, x440, x401, x423); + var x443: u32 = undefined; + var x444: u1 = undefined; + fiatP256AddcarryxU32(&x443, &x444, x442, x403, x427); + var x445: u32 = undefined; + var x446: u1 = undefined; + fiatP256AddcarryxU32(&x445, &x446, x444, x405, x429); + var x447: u32 = undefined; + var x448: u1 = undefined; + fiatP256AddcarryxU32(&x447, &x448, x446, x407, x431); + var x449: u32 = undefined; + var x450: u1 = undefined; + fiatP256AddcarryxU32(&x449, &x450, x448, x409, x433); + var x451: u32 = undefined; + var x452: u1 = undefined; + fiatP256AddcarryxU32(&x451, &x452, x450, x411, x435); + var x453: u32 = undefined; + var x454: u32 = undefined; + fiatP256MulxU32(&x453, &x454, x437, 0xffffffff); + var x455: u32 = undefined; + var x456: u32 = undefined; + fiatP256MulxU32(&x455, &x456, x437, 0xffffffff); + var x457: u32 = undefined; + var x458: u32 = undefined; + fiatP256MulxU32(&x457, &x458, x437, 0xffffffff); + var x459: u32 = undefined; + var x460: u32 = undefined; + fiatP256MulxU32(&x459, &x460, x437, 0xffffffff); + var x461: u32 = undefined; + var x462: u1 = undefined; + fiatP256AddcarryxU32(&x461, &x462, 0x0, x460, x457); + var x463: u32 = undefined; + var x464: u1 = undefined; + fiatP256AddcarryxU32(&x463, &x464, x462, x458, x455); + var x465: u32 = undefined; + var x466: u1 = undefined; + fiatP256AddcarryxU32(&x465, &x466, 0x0, x437, x459); + var x467: u32 = undefined; + var x468: u1 = undefined; + fiatP256AddcarryxU32(&x467, &x468, x466, x439, x461); + var x469: u32 = undefined; + var x470: u1 = undefined; + fiatP256AddcarryxU32(&x469, &x470, x468, x441, x463); + var x471: u32 = undefined; + var x472: u1 = undefined; + fiatP256AddcarryxU32(&x471, &x472, x470, x443, (@intCast(u32, x464) + x456)); + var x473: u32 = undefined; + var x474: u1 = undefined; + fiatP256AddcarryxU32(&x473, &x474, x472, x445, @intCast(u32, 0x0)); + var x475: u32 = undefined; + var x476: u1 = undefined; + fiatP256AddcarryxU32(&x475, &x476, x474, x447, @intCast(u32, 0x0)); + var x477: u32 = undefined; + var x478: u1 = undefined; + fiatP256AddcarryxU32(&x477, &x478, x476, x449, x437); + var x479: u32 = undefined; + var x480: u1 = undefined; + fiatP256AddcarryxU32(&x479, &x480, x478, x451, x453); + var x481: u32 = undefined; + var x482: u1 = undefined; + fiatP256AddcarryxU32(&x481, &x482, x480, ((@intCast(u32, x452) + @intCast(u32, x412)) + (@intCast(u32, x436) + x414)), x454); + var x483: u32 = undefined; + var x484: u32 = undefined; + fiatP256MulxU32(&x483, &x484, x7, 0x4); + var x485: u32 = undefined; + var x486: u32 = undefined; + fiatP256MulxU32(&x485, &x486, x7, 0xfffffffd); + var x487: u32 = undefined; + var x488: u32 = undefined; + fiatP256MulxU32(&x487, &x488, x7, 0xffffffff); + var x489: u32 = undefined; + var x490: u32 = undefined; + fiatP256MulxU32(&x489, &x490, x7, 0xfffffffe); + var x491: u32 = undefined; + var x492: u32 = undefined; + fiatP256MulxU32(&x491, &x492, x7, 0xfffffffb); + var x493: u32 = undefined; + var x494: u32 = undefined; + fiatP256MulxU32(&x493, &x494, x7, 0xffffffff); + var x495: u32 = undefined; + var x496: u32 = undefined; + fiatP256MulxU32(&x495, &x496, x7, 0x3); + var x497: u32 = undefined; + var x498: u1 = undefined; + fiatP256AddcarryxU32(&x497, &x498, 0x0, x494, x491); + var x499: u32 = undefined; + var x500: u1 = undefined; + fiatP256AddcarryxU32(&x499, &x500, x498, x492, x489); + var x501: u32 = undefined; + var x502: u1 = undefined; + fiatP256AddcarryxU32(&x501, &x502, x500, x490, x487); + var x503: u32 = undefined; + var x504: u1 = undefined; + fiatP256AddcarryxU32(&x503, &x504, x502, x488, x485); + var x505: u32 = undefined; + var x506: u1 = undefined; + fiatP256AddcarryxU32(&x505, &x506, x504, x486, x483); + var x507: u32 = undefined; + var x508: u1 = undefined; + fiatP256AddcarryxU32(&x507, &x508, 0x0, x467, x495); + var x509: u32 = undefined; + var x510: u1 = undefined; + fiatP256AddcarryxU32(&x509, &x510, x508, x469, x496); + var x511: u32 = undefined; + var x512: u1 = undefined; + fiatP256AddcarryxU32(&x511, &x512, x510, x471, x493); + var x513: u32 = undefined; + var x514: u1 = undefined; + fiatP256AddcarryxU32(&x513, &x514, x512, x473, x497); + var x515: u32 = undefined; + var x516: u1 = undefined; + fiatP256AddcarryxU32(&x515, &x516, x514, x475, x499); + var x517: u32 = undefined; + var x518: u1 = undefined; + fiatP256AddcarryxU32(&x517, &x518, x516, x477, x501); + var x519: u32 = undefined; + var x520: u1 = undefined; + fiatP256AddcarryxU32(&x519, &x520, x518, x479, x503); + var x521: u32 = undefined; + var x522: u1 = undefined; + fiatP256AddcarryxU32(&x521, &x522, x520, x481, x505); + var x523: u32 = undefined; + var x524: u32 = undefined; + fiatP256MulxU32(&x523, &x524, x507, 0xffffffff); + var x525: u32 = undefined; + var x526: u32 = undefined; + fiatP256MulxU32(&x525, &x526, x507, 0xffffffff); + var x527: u32 = undefined; + var x528: u32 = undefined; + fiatP256MulxU32(&x527, &x528, x507, 0xffffffff); + var x529: u32 = undefined; + var x530: u32 = undefined; + fiatP256MulxU32(&x529, &x530, x507, 0xffffffff); + var x531: u32 = undefined; + var x532: u1 = undefined; + fiatP256AddcarryxU32(&x531, &x532, 0x0, x530, x527); + var x533: u32 = undefined; + var x534: u1 = undefined; + fiatP256AddcarryxU32(&x533, &x534, x532, x528, x525); + var x535: u32 = undefined; + var x536: u1 = undefined; + fiatP256AddcarryxU32(&x535, &x536, 0x0, x507, x529); + var x537: u32 = undefined; + var x538: u1 = undefined; + fiatP256AddcarryxU32(&x537, &x538, x536, x509, x531); + var x539: u32 = undefined; + var x540: u1 = undefined; + fiatP256AddcarryxU32(&x539, &x540, x538, x511, x533); + var x541: u32 = undefined; + var x542: u1 = undefined; + fiatP256AddcarryxU32(&x541, &x542, x540, x513, (@intCast(u32, x534) + x526)); + var x543: u32 = undefined; + var x544: u1 = undefined; + fiatP256AddcarryxU32(&x543, &x544, x542, x515, @intCast(u32, 0x0)); + var x545: u32 = undefined; + var x546: u1 = undefined; + fiatP256AddcarryxU32(&x545, &x546, x544, x517, @intCast(u32, 0x0)); + var x547: u32 = undefined; + var x548: u1 = undefined; + fiatP256AddcarryxU32(&x547, &x548, x546, x519, x507); + var x549: u32 = undefined; + var x550: u1 = undefined; + fiatP256AddcarryxU32(&x549, &x550, x548, x521, x523); + var x551: u32 = undefined; + var x552: u1 = undefined; + fiatP256AddcarryxU32(&x551, &x552, x550, ((@intCast(u32, x522) + @intCast(u32, x482)) + (@intCast(u32, x506) + x484)), x524); + var x553: u32 = undefined; + var x554: u1 = undefined; + fiatP256SubborrowxU32(&x553, &x554, 0x0, x537, 0xffffffff); + var x555: u32 = undefined; + var x556: u1 = undefined; + fiatP256SubborrowxU32(&x555, &x556, x554, x539, 0xffffffff); + var x557: u32 = undefined; + var x558: u1 = undefined; + fiatP256SubborrowxU32(&x557, &x558, x556, x541, 0xffffffff); + var x559: u32 = undefined; + var x560: u1 = undefined; + fiatP256SubborrowxU32(&x559, &x560, x558, x543, @intCast(u32, 0x0)); + var x561: u32 = undefined; + var x562: u1 = undefined; + fiatP256SubborrowxU32(&x561, &x562, x560, x545, @intCast(u32, 0x0)); + var x563: u32 = undefined; + var x564: u1 = undefined; + fiatP256SubborrowxU32(&x563, &x564, x562, x547, @intCast(u32, 0x0)); + var x565: u32 = undefined; + var x566: u1 = undefined; + fiatP256SubborrowxU32(&x565, &x566, x564, x549, @intCast(u32, 0x1)); + var x567: u32 = undefined; + var x568: u1 = undefined; + fiatP256SubborrowxU32(&x567, &x568, x566, x551, 0xffffffff); + var x569: u32 = undefined; + var x570: u1 = undefined; + fiatP256SubborrowxU32(&x569, &x570, x568, @intCast(u32, x552), @intCast(u32, 0x0)); + var x571: u32 = undefined; + fiatP256CmovznzU32(&x571, x570, x553, x537); + var x572: u32 = undefined; + fiatP256CmovznzU32(&x572, x570, x555, x539); + var x573: u32 = undefined; + fiatP256CmovznzU32(&x573, x570, x557, x541); + var x574: u32 = undefined; + fiatP256CmovznzU32(&x574, x570, x559, x543); + var x575: u32 = undefined; + fiatP256CmovznzU32(&x575, x570, x561, x545); + var x576: u32 = undefined; + fiatP256CmovznzU32(&x576, x570, x563, x547); + var x577: u32 = undefined; + fiatP256CmovznzU32(&x577, x570, x565, x549); + var x578: u32 = undefined; + fiatP256CmovznzU32(&x578, x570, x567, x551); + out1[0] = x571; + out1[1] = x572; + out1[2] = x573; + out1[3] = x574; + out1[4] = x575; + out1[5] = x576; + out1[6] = x577; + out1[7] = x578; +} + +/// The function fiatP256Nonzero outputs a single non-zero word if the input is non-zero and zero otherwise. +/// Preconditions: +/// 0 ≤ eval arg1 < m +/// Postconditions: +/// out1 = 0 ↔ eval (from_montgomery arg1) mod m = 0 +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +/// Output Bounds: +/// out1: [0x0 ~> 0xffffffff] +pub fn fiatP256Nonzero(out1: *u32, arg1: [8]u32) void { + const x1: u32 = ((arg1[0]) | ((arg1[1]) | ((arg1[2]) | ((arg1[3]) | ((arg1[4]) | ((arg1[5]) | ((arg1[6]) | (arg1[7])))))))); + out1.* = x1; +} + +/// The function fiatP256Selectznz is a multi-limb conditional select. +/// Postconditions: +/// eval out1 = (if arg1 = 0 then eval arg2 else eval arg3) +/// +/// Input Bounds: +/// arg1: [0x0 ~> 0x1] +/// arg2: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +/// arg3: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +pub fn fiatP256Selectznz(out1: *[8]u32, arg1: u1, arg2: [8]u32, arg3: [8]u32) void { + var x1: u32 = undefined; + fiatP256CmovznzU32(&x1, arg1, (arg2[0]), (arg3[0])); + var x2: u32 = undefined; + fiatP256CmovznzU32(&x2, arg1, (arg2[1]), (arg3[1])); + var x3: u32 = undefined; + fiatP256CmovznzU32(&x3, arg1, (arg2[2]), (arg3[2])); + var x4: u32 = undefined; + fiatP256CmovznzU32(&x4, arg1, (arg2[3]), (arg3[3])); + var x5: u32 = undefined; + fiatP256CmovznzU32(&x5, arg1, (arg2[4]), (arg3[4])); + var x6: u32 = undefined; + fiatP256CmovznzU32(&x6, arg1, (arg2[5]), (arg3[5])); + var x7: u32 = undefined; + fiatP256CmovznzU32(&x7, arg1, (arg2[6]), (arg3[6])); + var x8: u32 = undefined; + fiatP256CmovznzU32(&x8, arg1, (arg2[7]), (arg3[7])); + out1[0] = x1; + out1[1] = x2; + out1[2] = x3; + out1[3] = x4; + out1[4] = x5; + out1[5] = x6; + out1[6] = x7; + out1[7] = x8; +} + +/// The function fiatP256ToBytes serializes a field element NOT in the Montgomery domain to bytes in little-endian order. +/// Preconditions: +/// 0 ≤ eval arg1 < m +/// Postconditions: +/// out1 = map (λ x, ⌊((eval arg1 mod m) mod 2^(8 * (x + 1))) / 2^(8 * x)⌋) [0..31] +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff]] +pub fn fiatP256ToBytes(out1: *[32]u8, arg1: [8]u32) void { + const x1: u32 = (arg1[7]); + const x2: u32 = (arg1[6]); + const x3: u32 = (arg1[5]); + const x4: u32 = (arg1[4]); + const x5: u32 = (arg1[3]); + const x6: u32 = (arg1[2]); + const x7: u32 = (arg1[1]); + const x8: u32 = (arg1[0]); + const x9: u8 = @intCast(u8, (x8 & @intCast(u32, 0xff))); + const x10: u32 = (x8 >> 8); + const x11: u8 = @intCast(u8, (x10 & @intCast(u32, 0xff))); + const x12: u32 = (x10 >> 8); + const x13: u8 = @intCast(u8, (x12 & @intCast(u32, 0xff))); + const x14: u8 = @intCast(u8, (x12 >> 8)); + const x15: u8 = @intCast(u8, (x7 & @intCast(u32, 0xff))); + const x16: u32 = (x7 >> 8); + const x17: u8 = @intCast(u8, (x16 & @intCast(u32, 0xff))); + const x18: u32 = (x16 >> 8); + const x19: u8 = @intCast(u8, (x18 & @intCast(u32, 0xff))); + const x20: u8 = @intCast(u8, (x18 >> 8)); + const x21: u8 = @intCast(u8, (x6 & @intCast(u32, 0xff))); + const x22: u32 = (x6 >> 8); + const x23: u8 = @intCast(u8, (x22 & @intCast(u32, 0xff))); + const x24: u32 = (x22 >> 8); + const x25: u8 = @intCast(u8, (x24 & @intCast(u32, 0xff))); + const x26: u8 = @intCast(u8, (x24 >> 8)); + const x27: u8 = @intCast(u8, (x5 & @intCast(u32, 0xff))); + const x28: u32 = (x5 >> 8); + const x29: u8 = @intCast(u8, (x28 & @intCast(u32, 0xff))); + const x30: u32 = (x28 >> 8); + const x31: u8 = @intCast(u8, (x30 & @intCast(u32, 0xff))); + const x32: u8 = @intCast(u8, (x30 >> 8)); + const x33: u8 = @intCast(u8, (x4 & @intCast(u32, 0xff))); + const x34: u32 = (x4 >> 8); + const x35: u8 = @intCast(u8, (x34 & @intCast(u32, 0xff))); + const x36: u32 = (x34 >> 8); + const x37: u8 = @intCast(u8, (x36 & @intCast(u32, 0xff))); + const x38: u8 = @intCast(u8, (x36 >> 8)); + const x39: u8 = @intCast(u8, (x3 & @intCast(u32, 0xff))); + const x40: u32 = (x3 >> 8); + const x41: u8 = @intCast(u8, (x40 & @intCast(u32, 0xff))); + const x42: u32 = (x40 >> 8); + const x43: u8 = @intCast(u8, (x42 & @intCast(u32, 0xff))); + const x44: u8 = @intCast(u8, (x42 >> 8)); + const x45: u8 = @intCast(u8, (x2 & @intCast(u32, 0xff))); + const x46: u32 = (x2 >> 8); + const x47: u8 = @intCast(u8, (x46 & @intCast(u32, 0xff))); + const x48: u32 = (x46 >> 8); + const x49: u8 = @intCast(u8, (x48 & @intCast(u32, 0xff))); + const x50: u8 = @intCast(u8, (x48 >> 8)); + const x51: u8 = @intCast(u8, (x1 & @intCast(u32, 0xff))); + const x52: u32 = (x1 >> 8); + const x53: u8 = @intCast(u8, (x52 & @intCast(u32, 0xff))); + const x54: u32 = (x52 >> 8); + const x55: u8 = @intCast(u8, (x54 & @intCast(u32, 0xff))); + const x56: u8 = @intCast(u8, (x54 >> 8)); + out1[0] = x9; + out1[1] = x11; + out1[2] = x13; + out1[3] = x14; + out1[4] = x15; + out1[5] = x17; + out1[6] = x19; + out1[7] = x20; + out1[8] = x21; + out1[9] = x23; + out1[10] = x25; + out1[11] = x26; + out1[12] = x27; + out1[13] = x29; + out1[14] = x31; + out1[15] = x32; + out1[16] = x33; + out1[17] = x35; + out1[18] = x37; + out1[19] = x38; + out1[20] = x39; + out1[21] = x41; + out1[22] = x43; + out1[23] = x44; + out1[24] = x45; + out1[25] = x47; + out1[26] = x49; + out1[27] = x50; + out1[28] = x51; + out1[29] = x53; + out1[30] = x55; + out1[31] = x56; +} + +/// The function fiatP256FromBytes deserializes a field element NOT in the Montgomery domain from bytes in little-endian order. +/// Preconditions: +/// 0 ≤ bytes_eval arg1 < m +/// Postconditions: +/// eval out1 mod m = bytes_eval arg1 mod m +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +pub fn fiatP256FromBytes(out1: *[8]u32, arg1: [32]u8) void { + const x1: u32 = (@intCast(u32, (arg1[31])) << 24); + const x2: u32 = (@intCast(u32, (arg1[30])) << 16); + const x3: u32 = (@intCast(u32, (arg1[29])) << 8); + const x4: u8 = (arg1[28]); + const x5: u32 = (@intCast(u32, (arg1[27])) << 24); + const x6: u32 = (@intCast(u32, (arg1[26])) << 16); + const x7: u32 = (@intCast(u32, (arg1[25])) << 8); + const x8: u8 = (arg1[24]); + const x9: u32 = (@intCast(u32, (arg1[23])) << 24); + const x10: u32 = (@intCast(u32, (arg1[22])) << 16); + const x11: u32 = (@intCast(u32, (arg1[21])) << 8); + const x12: u8 = (arg1[20]); + const x13: u32 = (@intCast(u32, (arg1[19])) << 24); + const x14: u32 = (@intCast(u32, (arg1[18])) << 16); + const x15: u32 = (@intCast(u32, (arg1[17])) << 8); + const x16: u8 = (arg1[16]); + const x17: u32 = (@intCast(u32, (arg1[15])) << 24); + const x18: u32 = (@intCast(u32, (arg1[14])) << 16); + const x19: u32 = (@intCast(u32, (arg1[13])) << 8); + const x20: u8 = (arg1[12]); + const x21: u32 = (@intCast(u32, (arg1[11])) << 24); + const x22: u32 = (@intCast(u32, (arg1[10])) << 16); + const x23: u32 = (@intCast(u32, (arg1[9])) << 8); + const x24: u8 = (arg1[8]); + const x25: u32 = (@intCast(u32, (arg1[7])) << 24); + const x26: u32 = (@intCast(u32, (arg1[6])) << 16); + const x27: u32 = (@intCast(u32, (arg1[5])) << 8); + const x28: u8 = (arg1[4]); + const x29: u32 = (@intCast(u32, (arg1[3])) << 24); + const x30: u32 = (@intCast(u32, (arg1[2])) << 16); + const x31: u32 = (@intCast(u32, (arg1[1])) << 8); + const x32: u8 = (arg1[0]); + const x33: u32 = (x31 + @intCast(u32, x32)); + const x34: u32 = (x30 + x33); + const x35: u32 = (x29 + x34); + const x36: u32 = (x27 + @intCast(u32, x28)); + const x37: u32 = (x26 + x36); + const x38: u32 = (x25 + x37); + const x39: u32 = (x23 + @intCast(u32, x24)); + const x40: u32 = (x22 + x39); + const x41: u32 = (x21 + x40); + const x42: u32 = (x19 + @intCast(u32, x20)); + const x43: u32 = (x18 + x42); + const x44: u32 = (x17 + x43); + const x45: u32 = (x15 + @intCast(u32, x16)); + const x46: u32 = (x14 + x45); + const x47: u32 = (x13 + x46); + const x48: u32 = (x11 + @intCast(u32, x12)); + const x49: u32 = (x10 + x48); + const x50: u32 = (x9 + x49); + const x51: u32 = (x7 + @intCast(u32, x8)); + const x52: u32 = (x6 + x51); + const x53: u32 = (x5 + x52); + const x54: u32 = (x3 + @intCast(u32, x4)); + const x55: u32 = (x2 + x54); + const x56: u32 = (x1 + x55); + out1[0] = x35; + out1[1] = x38; + out1[2] = x41; + out1[3] = x44; + out1[4] = x47; + out1[5] = x50; + out1[6] = x53; + out1[7] = x56; +} + +/// The function fiatP256SetOne returns the field element one in the Montgomery domain. +/// Postconditions: +/// eval (from_montgomery out1) mod m = 1 mod m +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +pub fn fiatP256SetOne(out1: *[8]u32) void { + out1[0] = @intCast(u32, 0x1); + out1[1] = @intCast(u32, 0x0); + out1[2] = @intCast(u32, 0x0); + out1[3] = 0xffffffff; + out1[4] = 0xffffffff; + out1[5] = 0xffffffff; + out1[6] = 0xfffffffe; + out1[7] = @intCast(u32, 0x0); +} + +/// The function fiatP256Msat returns the saturated representation of the prime modulus. +/// Postconditions: +/// twos_complement_eval out1 = m +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +pub fn fiatP256Msat(out1: *[9]u32) void { + out1[0] = 0xffffffff; + out1[1] = 0xffffffff; + out1[2] = 0xffffffff; + out1[3] = @intCast(u32, 0x0); + out1[4] = @intCast(u32, 0x0); + out1[5] = @intCast(u32, 0x0); + out1[6] = @intCast(u32, 0x1); + out1[7] = 0xffffffff; + out1[8] = @intCast(u32, 0x0); +} + +/// The function fiatP256Divstep computes a divstep. +/// Preconditions: +/// 0 ≤ eval arg4 < m +/// 0 ≤ eval arg5 < m +/// Postconditions: +/// out1 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then 1 - arg1 else 1 + arg1) +/// twos_complement_eval out2 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then twos_complement_eval arg3 else twos_complement_eval arg2) +/// twos_complement_eval out3 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then ⌊(twos_complement_eval arg3 - twos_complement_eval arg2) / 2⌋ else ⌊(twos_complement_eval arg3 + (twos_complement_eval arg3 mod 2) * twos_complement_eval arg2) / 2⌋) +/// eval (from_montgomery out4) mod m = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then (2 * eval (from_montgomery arg5)) mod m else (2 * eval (from_montgomery arg4)) mod m) +/// eval (from_montgomery out5) mod m = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then (eval (from_montgomery arg4) - eval (from_montgomery arg4)) mod m else (eval (from_montgomery arg5) + (twos_complement_eval arg3 mod 2) * eval (from_montgomery arg4)) mod m) +/// 0 ≤ eval out5 < m +/// 0 ≤ eval out5 < m +/// 0 ≤ eval out2 < m +/// 0 ≤ eval out3 < m +/// +/// Input Bounds: +/// arg1: [0x0 ~> 0xffffffff] +/// arg2: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +/// arg3: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +/// arg4: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +/// arg5: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +/// Output Bounds: +/// out1: [0x0 ~> 0xffffffff] +/// out2: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +/// out3: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +/// out4: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +/// out5: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +pub fn fiatP256Divstep(out1: *u32, out2: *[9]u32, out3: *[9]u32, out4: *[8]u32, out5: *[8]u32, arg1: u32, arg2: [9]u32, arg3: [9]u32, arg4: [8]u32, arg5: [8]u32) void { + var x1: u32 = undefined; + var x2: u1 = undefined; + fiatP256AddcarryxU32(&x1, &x2, 0x0, (~arg1), @intCast(u32, 0x1)); + const x3: u1 = (@intCast(u1, (x1 >> 31)) & @intCast(u1, ((arg3[0]) & @intCast(u32, 0x1)))); + var x4: u32 = undefined; + var x5: u1 = undefined; + fiatP256AddcarryxU32(&x4, &x5, 0x0, (~arg1), @intCast(u32, 0x1)); + var x6: u32 = undefined; + fiatP256CmovznzU32(&x6, x3, arg1, x4); + var x7: u32 = undefined; + fiatP256CmovznzU32(&x7, x3, (arg2[0]), (arg3[0])); + var x8: u32 = undefined; + fiatP256CmovznzU32(&x8, x3, (arg2[1]), (arg3[1])); + var x9: u32 = undefined; + fiatP256CmovznzU32(&x9, x3, (arg2[2]), (arg3[2])); + var x10: u32 = undefined; + fiatP256CmovznzU32(&x10, x3, (arg2[3]), (arg3[3])); + var x11: u32 = undefined; + fiatP256CmovznzU32(&x11, x3, (arg2[4]), (arg3[4])); + var x12: u32 = undefined; + fiatP256CmovznzU32(&x12, x3, (arg2[5]), (arg3[5])); + var x13: u32 = undefined; + fiatP256CmovznzU32(&x13, x3, (arg2[6]), (arg3[6])); + var x14: u32 = undefined; + fiatP256CmovznzU32(&x14, x3, (arg2[7]), (arg3[7])); + var x15: u32 = undefined; + fiatP256CmovznzU32(&x15, x3, (arg2[8]), (arg3[8])); + var x16: u32 = undefined; + var x17: u1 = undefined; + fiatP256AddcarryxU32(&x16, &x17, 0x0, @intCast(u32, 0x1), (~(arg2[0]))); + var x18: u32 = undefined; + var x19: u1 = undefined; + fiatP256AddcarryxU32(&x18, &x19, x17, @intCast(u32, 0x0), (~(arg2[1]))); + var x20: u32 = undefined; + var x21: u1 = undefined; + fiatP256AddcarryxU32(&x20, &x21, x19, @intCast(u32, 0x0), (~(arg2[2]))); + var x22: u32 = undefined; + var x23: u1 = undefined; + fiatP256AddcarryxU32(&x22, &x23, x21, @intCast(u32, 0x0), (~(arg2[3]))); + var x24: u32 = undefined; + var x25: u1 = undefined; + fiatP256AddcarryxU32(&x24, &x25, x23, @intCast(u32, 0x0), (~(arg2[4]))); + var x26: u32 = undefined; + var x27: u1 = undefined; + fiatP256AddcarryxU32(&x26, &x27, x25, @intCast(u32, 0x0), (~(arg2[5]))); + var x28: u32 = undefined; + var x29: u1 = undefined; + fiatP256AddcarryxU32(&x28, &x29, x27, @intCast(u32, 0x0), (~(arg2[6]))); + var x30: u32 = undefined; + var x31: u1 = undefined; + fiatP256AddcarryxU32(&x30, &x31, x29, @intCast(u32, 0x0), (~(arg2[7]))); + var x32: u32 = undefined; + var x33: u1 = undefined; + fiatP256AddcarryxU32(&x32, &x33, x31, @intCast(u32, 0x0), (~(arg2[8]))); + var x34: u32 = undefined; + fiatP256CmovznzU32(&x34, x3, (arg3[0]), x16); + var x35: u32 = undefined; + fiatP256CmovznzU32(&x35, x3, (arg3[1]), x18); + var x36: u32 = undefined; + fiatP256CmovznzU32(&x36, x3, (arg3[2]), x20); + var x37: u32 = undefined; + fiatP256CmovznzU32(&x37, x3, (arg3[3]), x22); + var x38: u32 = undefined; + fiatP256CmovznzU32(&x38, x3, (arg3[4]), x24); + var x39: u32 = undefined; + fiatP256CmovznzU32(&x39, x3, (arg3[5]), x26); + var x40: u32 = undefined; + fiatP256CmovznzU32(&x40, x3, (arg3[6]), x28); + var x41: u32 = undefined; + fiatP256CmovznzU32(&x41, x3, (arg3[7]), x30); + var x42: u32 = undefined; + fiatP256CmovznzU32(&x42, x3, (arg3[8]), x32); + var x43: u32 = undefined; + fiatP256CmovznzU32(&x43, x3, (arg4[0]), (arg5[0])); + var x44: u32 = undefined; + fiatP256CmovznzU32(&x44, x3, (arg4[1]), (arg5[1])); + var x45: u32 = undefined; + fiatP256CmovznzU32(&x45, x3, (arg4[2]), (arg5[2])); + var x46: u32 = undefined; + fiatP256CmovznzU32(&x46, x3, (arg4[3]), (arg5[3])); + var x47: u32 = undefined; + fiatP256CmovznzU32(&x47, x3, (arg4[4]), (arg5[4])); + var x48: u32 = undefined; + fiatP256CmovznzU32(&x48, x3, (arg4[5]), (arg5[5])); + var x49: u32 = undefined; + fiatP256CmovznzU32(&x49, x3, (arg4[6]), (arg5[6])); + var x50: u32 = undefined; + fiatP256CmovznzU32(&x50, x3, (arg4[7]), (arg5[7])); + var x51: u32 = undefined; + var x52: u1 = undefined; + fiatP256AddcarryxU32(&x51, &x52, 0x0, x43, x43); + var x53: u32 = undefined; + var x54: u1 = undefined; + fiatP256AddcarryxU32(&x53, &x54, x52, x44, x44); + var x55: u32 = undefined; + var x56: u1 = undefined; + fiatP256AddcarryxU32(&x55, &x56, x54, x45, x45); + var x57: u32 = undefined; + var x58: u1 = undefined; + fiatP256AddcarryxU32(&x57, &x58, x56, x46, x46); + var x59: u32 = undefined; + var x60: u1 = undefined; + fiatP256AddcarryxU32(&x59, &x60, x58, x47, x47); + var x61: u32 = undefined; + var x62: u1 = undefined; + fiatP256AddcarryxU32(&x61, &x62, x60, x48, x48); + var x63: u32 = undefined; + var x64: u1 = undefined; + fiatP256AddcarryxU32(&x63, &x64, x62, x49, x49); + var x65: u32 = undefined; + var x66: u1 = undefined; + fiatP256AddcarryxU32(&x65, &x66, x64, x50, x50); + var x67: u32 = undefined; + var x68: u1 = undefined; + fiatP256SubborrowxU32(&x67, &x68, 0x0, x51, 0xffffffff); + var x69: u32 = undefined; + var x70: u1 = undefined; + fiatP256SubborrowxU32(&x69, &x70, x68, x53, 0xffffffff); + var x71: u32 = undefined; + var x72: u1 = undefined; + fiatP256SubborrowxU32(&x71, &x72, x70, x55, 0xffffffff); + var x73: u32 = undefined; + var x74: u1 = undefined; + fiatP256SubborrowxU32(&x73, &x74, x72, x57, @intCast(u32, 0x0)); + var x75: u32 = undefined; + var x76: u1 = undefined; + fiatP256SubborrowxU32(&x75, &x76, x74, x59, @intCast(u32, 0x0)); + var x77: u32 = undefined; + var x78: u1 = undefined; + fiatP256SubborrowxU32(&x77, &x78, x76, x61, @intCast(u32, 0x0)); + var x79: u32 = undefined; + var x80: u1 = undefined; + fiatP256SubborrowxU32(&x79, &x80, x78, x63, @intCast(u32, 0x1)); + var x81: u32 = undefined; + var x82: u1 = undefined; + fiatP256SubborrowxU32(&x81, &x82, x80, x65, 0xffffffff); + var x83: u32 = undefined; + var x84: u1 = undefined; + fiatP256SubborrowxU32(&x83, &x84, x82, @intCast(u32, x66), @intCast(u32, 0x0)); + const x85: u32 = (arg4[7]); + const x86: u32 = (arg4[6]); + const x87: u32 = (arg4[5]); + const x88: u32 = (arg4[4]); + const x89: u32 = (arg4[3]); + const x90: u32 = (arg4[2]); + const x91: u32 = (arg4[1]); + const x92: u32 = (arg4[0]); + var x93: u32 = undefined; + var x94: u1 = undefined; + fiatP256SubborrowxU32(&x93, &x94, 0x0, @intCast(u32, 0x0), x92); + var x95: u32 = undefined; + var x96: u1 = undefined; + fiatP256SubborrowxU32(&x95, &x96, x94, @intCast(u32, 0x0), x91); + var x97: u32 = undefined; + var x98: u1 = undefined; + fiatP256SubborrowxU32(&x97, &x98, x96, @intCast(u32, 0x0), x90); + var x99: u32 = undefined; + var x100: u1 = undefined; + fiatP256SubborrowxU32(&x99, &x100, x98, @intCast(u32, 0x0), x89); + var x101: u32 = undefined; + var x102: u1 = undefined; + fiatP256SubborrowxU32(&x101, &x102, x100, @intCast(u32, 0x0), x88); + var x103: u32 = undefined; + var x104: u1 = undefined; + fiatP256SubborrowxU32(&x103, &x104, x102, @intCast(u32, 0x0), x87); + var x105: u32 = undefined; + var x106: u1 = undefined; + fiatP256SubborrowxU32(&x105, &x106, x104, @intCast(u32, 0x0), x86); + var x107: u32 = undefined; + var x108: u1 = undefined; + fiatP256SubborrowxU32(&x107, &x108, x106, @intCast(u32, 0x0), x85); + var x109: u32 = undefined; + fiatP256CmovznzU32(&x109, x108, @intCast(u32, 0x0), 0xffffffff); + var x110: u32 = undefined; + var x111: u1 = undefined; + fiatP256AddcarryxU32(&x110, &x111, 0x0, x93, x109); + var x112: u32 = undefined; + var x113: u1 = undefined; + fiatP256AddcarryxU32(&x112, &x113, x111, x95, x109); + var x114: u32 = undefined; + var x115: u1 = undefined; + fiatP256AddcarryxU32(&x114, &x115, x113, x97, x109); + var x116: u32 = undefined; + var x117: u1 = undefined; + fiatP256AddcarryxU32(&x116, &x117, x115, x99, @intCast(u32, 0x0)); + var x118: u32 = undefined; + var x119: u1 = undefined; + fiatP256AddcarryxU32(&x118, &x119, x117, x101, @intCast(u32, 0x0)); + var x120: u32 = undefined; + var x121: u1 = undefined; + fiatP256AddcarryxU32(&x120, &x121, x119, x103, @intCast(u32, 0x0)); + var x122: u32 = undefined; + var x123: u1 = undefined; + fiatP256AddcarryxU32(&x122, &x123, x121, x105, @intCast(u32, @intCast(u1, (x109 & @intCast(u32, 0x1))))); + var x124: u32 = undefined; + var x125: u1 = undefined; + fiatP256AddcarryxU32(&x124, &x125, x123, x107, x109); + var x126: u32 = undefined; + fiatP256CmovznzU32(&x126, x3, (arg5[0]), x110); + var x127: u32 = undefined; + fiatP256CmovznzU32(&x127, x3, (arg5[1]), x112); + var x128: u32 = undefined; + fiatP256CmovznzU32(&x128, x3, (arg5[2]), x114); + var x129: u32 = undefined; + fiatP256CmovznzU32(&x129, x3, (arg5[3]), x116); + var x130: u32 = undefined; + fiatP256CmovznzU32(&x130, x3, (arg5[4]), x118); + var x131: u32 = undefined; + fiatP256CmovznzU32(&x131, x3, (arg5[5]), x120); + var x132: u32 = undefined; + fiatP256CmovznzU32(&x132, x3, (arg5[6]), x122); + var x133: u32 = undefined; + fiatP256CmovznzU32(&x133, x3, (arg5[7]), x124); + const x134: u1 = @intCast(u1, (x34 & @intCast(u32, 0x1))); + var x135: u32 = undefined; + fiatP256CmovznzU32(&x135, x134, @intCast(u32, 0x0), x7); + var x136: u32 = undefined; + fiatP256CmovznzU32(&x136, x134, @intCast(u32, 0x0), x8); + var x137: u32 = undefined; + fiatP256CmovznzU32(&x137, x134, @intCast(u32, 0x0), x9); + var x138: u32 = undefined; + fiatP256CmovznzU32(&x138, x134, @intCast(u32, 0x0), x10); + var x139: u32 = undefined; + fiatP256CmovznzU32(&x139, x134, @intCast(u32, 0x0), x11); + var x140: u32 = undefined; + fiatP256CmovznzU32(&x140, x134, @intCast(u32, 0x0), x12); + var x141: u32 = undefined; + fiatP256CmovznzU32(&x141, x134, @intCast(u32, 0x0), x13); + var x142: u32 = undefined; + fiatP256CmovznzU32(&x142, x134, @intCast(u32, 0x0), x14); + var x143: u32 = undefined; + fiatP256CmovznzU32(&x143, x134, @intCast(u32, 0x0), x15); + var x144: u32 = undefined; + var x145: u1 = undefined; + fiatP256AddcarryxU32(&x144, &x145, 0x0, x34, x135); + var x146: u32 = undefined; + var x147: u1 = undefined; + fiatP256AddcarryxU32(&x146, &x147, x145, x35, x136); + var x148: u32 = undefined; + var x149: u1 = undefined; + fiatP256AddcarryxU32(&x148, &x149, x147, x36, x137); + var x150: u32 = undefined; + var x151: u1 = undefined; + fiatP256AddcarryxU32(&x150, &x151, x149, x37, x138); + var x152: u32 = undefined; + var x153: u1 = undefined; + fiatP256AddcarryxU32(&x152, &x153, x151, x38, x139); + var x154: u32 = undefined; + var x155: u1 = undefined; + fiatP256AddcarryxU32(&x154, &x155, x153, x39, x140); + var x156: u32 = undefined; + var x157: u1 = undefined; + fiatP256AddcarryxU32(&x156, &x157, x155, x40, x141); + var x158: u32 = undefined; + var x159: u1 = undefined; + fiatP256AddcarryxU32(&x158, &x159, x157, x41, x142); + var x160: u32 = undefined; + var x161: u1 = undefined; + fiatP256AddcarryxU32(&x160, &x161, x159, x42, x143); + var x162: u32 = undefined; + fiatP256CmovznzU32(&x162, x134, @intCast(u32, 0x0), x43); + var x163: u32 = undefined; + fiatP256CmovznzU32(&x163, x134, @intCast(u32, 0x0), x44); + var x164: u32 = undefined; + fiatP256CmovznzU32(&x164, x134, @intCast(u32, 0x0), x45); + var x165: u32 = undefined; + fiatP256CmovznzU32(&x165, x134, @intCast(u32, 0x0), x46); + var x166: u32 = undefined; + fiatP256CmovznzU32(&x166, x134, @intCast(u32, 0x0), x47); + var x167: u32 = undefined; + fiatP256CmovznzU32(&x167, x134, @intCast(u32, 0x0), x48); + var x168: u32 = undefined; + fiatP256CmovznzU32(&x168, x134, @intCast(u32, 0x0), x49); + var x169: u32 = undefined; + fiatP256CmovznzU32(&x169, x134, @intCast(u32, 0x0), x50); + var x170: u32 = undefined; + var x171: u1 = undefined; + fiatP256AddcarryxU32(&x170, &x171, 0x0, x126, x162); + var x172: u32 = undefined; + var x173: u1 = undefined; + fiatP256AddcarryxU32(&x172, &x173, x171, x127, x163); + var x174: u32 = undefined; + var x175: u1 = undefined; + fiatP256AddcarryxU32(&x174, &x175, x173, x128, x164); + var x176: u32 = undefined; + var x177: u1 = undefined; + fiatP256AddcarryxU32(&x176, &x177, x175, x129, x165); + var x178: u32 = undefined; + var x179: u1 = undefined; + fiatP256AddcarryxU32(&x178, &x179, x177, x130, x166); + var x180: u32 = undefined; + var x181: u1 = undefined; + fiatP256AddcarryxU32(&x180, &x181, x179, x131, x167); + var x182: u32 = undefined; + var x183: u1 = undefined; + fiatP256AddcarryxU32(&x182, &x183, x181, x132, x168); + var x184: u32 = undefined; + var x185: u1 = undefined; + fiatP256AddcarryxU32(&x184, &x185, x183, x133, x169); + var x186: u32 = undefined; + var x187: u1 = undefined; + fiatP256SubborrowxU32(&x186, &x187, 0x0, x170, 0xffffffff); + var x188: u32 = undefined; + var x189: u1 = undefined; + fiatP256SubborrowxU32(&x188, &x189, x187, x172, 0xffffffff); + var x190: u32 = undefined; + var x191: u1 = undefined; + fiatP256SubborrowxU32(&x190, &x191, x189, x174, 0xffffffff); + var x192: u32 = undefined; + var x193: u1 = undefined; + fiatP256SubborrowxU32(&x192, &x193, x191, x176, @intCast(u32, 0x0)); + var x194: u32 = undefined; + var x195: u1 = undefined; + fiatP256SubborrowxU32(&x194, &x195, x193, x178, @intCast(u32, 0x0)); + var x196: u32 = undefined; + var x197: u1 = undefined; + fiatP256SubborrowxU32(&x196, &x197, x195, x180, @intCast(u32, 0x0)); + var x198: u32 = undefined; + var x199: u1 = undefined; + fiatP256SubborrowxU32(&x198, &x199, x197, x182, @intCast(u32, 0x1)); + var x200: u32 = undefined; + var x201: u1 = undefined; + fiatP256SubborrowxU32(&x200, &x201, x199, x184, 0xffffffff); + var x202: u32 = undefined; + var x203: u1 = undefined; + fiatP256SubborrowxU32(&x202, &x203, x201, @intCast(u32, x185), @intCast(u32, 0x0)); + var x204: u32 = undefined; + var x205: u1 = undefined; + fiatP256AddcarryxU32(&x204, &x205, 0x0, x6, @intCast(u32, 0x1)); + const x206: u32 = ((x144 >> 1) | ((x146 << 31) & 0xffffffff)); + const x207: u32 = ((x146 >> 1) | ((x148 << 31) & 0xffffffff)); + const x208: u32 = ((x148 >> 1) | ((x150 << 31) & 0xffffffff)); + const x209: u32 = ((x150 >> 1) | ((x152 << 31) & 0xffffffff)); + const x210: u32 = ((x152 >> 1) | ((x154 << 31) & 0xffffffff)); + const x211: u32 = ((x154 >> 1) | ((x156 << 31) & 0xffffffff)); + const x212: u32 = ((x156 >> 1) | ((x158 << 31) & 0xffffffff)); + const x213: u32 = ((x158 >> 1) | ((x160 << 31) & 0xffffffff)); + const x214: u32 = ((x160 & 0x80000000) | (x160 >> 1)); + var x215: u32 = undefined; + fiatP256CmovznzU32(&x215, x84, x67, x51); + var x216: u32 = undefined; + fiatP256CmovznzU32(&x216, x84, x69, x53); + var x217: u32 = undefined; + fiatP256CmovznzU32(&x217, x84, x71, x55); + var x218: u32 = undefined; + fiatP256CmovznzU32(&x218, x84, x73, x57); + var x219: u32 = undefined; + fiatP256CmovznzU32(&x219, x84, x75, x59); + var x220: u32 = undefined; + fiatP256CmovznzU32(&x220, x84, x77, x61); + var x221: u32 = undefined; + fiatP256CmovznzU32(&x221, x84, x79, x63); + var x222: u32 = undefined; + fiatP256CmovznzU32(&x222, x84, x81, x65); + var x223: u32 = undefined; + fiatP256CmovznzU32(&x223, x203, x186, x170); + var x224: u32 = undefined; + fiatP256CmovznzU32(&x224, x203, x188, x172); + var x225: u32 = undefined; + fiatP256CmovznzU32(&x225, x203, x190, x174); + var x226: u32 = undefined; + fiatP256CmovznzU32(&x226, x203, x192, x176); + var x227: u32 = undefined; + fiatP256CmovznzU32(&x227, x203, x194, x178); + var x228: u32 = undefined; + fiatP256CmovznzU32(&x228, x203, x196, x180); + var x229: u32 = undefined; + fiatP256CmovznzU32(&x229, x203, x198, x182); + var x230: u32 = undefined; + fiatP256CmovznzU32(&x230, x203, x200, x184); + out1.* = x204; + out2[0] = x7; + out2[1] = x8; + out2[2] = x9; + out2[3] = x10; + out2[4] = x11; + out2[5] = x12; + out2[6] = x13; + out2[7] = x14; + out2[8] = x15; + out3[0] = x206; + out3[1] = x207; + out3[2] = x208; + out3[3] = x209; + out3[4] = x210; + out3[5] = x211; + out3[6] = x212; + out3[7] = x213; + out3[8] = x214; + out4[0] = x215; + out4[1] = x216; + out4[2] = x217; + out4[3] = x218; + out4[4] = x219; + out4[5] = x220; + out4[6] = x221; + out4[7] = x222; + out5[0] = x223; + out5[1] = x224; + out5[2] = x225; + out5[3] = x226; + out5[4] = x227; + out5[5] = x228; + out5[6] = x229; + out5[7] = x230; +} + +/// The function fiatP256DivstepPrecomp returns the precomputed value for Bernstein-Yang-inversion (in montgomery form). +/// Postconditions: +/// eval (from_montgomery out1) = ⌊(m - 1) / 2⌋^(if (log2 m) + 1 < 46 then ⌊(49 * ((log2 m) + 1) + 80) / 17⌋ else ⌊(49 * ((log2 m) + 1) + 57) / 17⌋) +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +pub fn fiatP256DivstepPrecomp(out1: *[8]u32) void { + out1[0] = 0xb8000000; + out1[1] = 0x67ffffff; + out1[2] = 0x38000000; + out1[3] = 0xc0000000; + out1[4] = 0x7fffffff; + out1[5] = 0xd8000000; + out1[6] = 0xffffffff; + out1[7] = 0x2fffffff; +} + diff --git a/fiat-zig/src/p256_64.zig b/fiat-zig/src/p256_64.zig new file mode 100644 index 0000000000..8c5dc565ae --- /dev/null +++ b/fiat-zig/src/p256_64.zig @@ -0,0 +1,1774 @@ +/// Autogenerated: 'src/ExtractionOCaml/word_by_word_montgomery' --lang Zig --internal-static --public-function-case camelCase --private-function-case camelCase p256 64 '2^256 - 2^224 + 2^192 + 2^96 - 1' mul square add sub opp from_montgomery to_montgomery nonzero selectznz to_bytes from_bytes one msat divstep divstep_precomp +/// curve description: p256 +/// machine_wordsize = 64 (from "64") +/// requested operations: mul, square, add, sub, opp, from_montgomery, to_montgomery, nonzero, selectznz, to_bytes, from_bytes, one, msat, divstep, divstep_precomp +/// m = 0xffffffff00000001000000000000000000000000ffffffffffffffffffffffff (from "2^256 - 2^224 + 2^192 + 2^96 - 1") +/// +/// NOTE: In addition to the bounds specified above each function, all +/// functions synthesized for this Montgomery arithmetic require the +/// input to be strictly less than the prime modulus (m), and also +/// require the input to be in the unique saturated representation. +/// All functions also ensure that these two properties are true of +/// return values. +/// +/// Computed values: +/// eval z = z[0] + (z[1] << 64) + (z[2] << 128) + (z[3] << 192) +/// bytes_eval z = z[0] + (z[1] << 8) + (z[2] << 16) + (z[3] << 24) + (z[4] << 32) + (z[5] << 40) + (z[6] << 48) + (z[7] << 56) + (z[8] << 64) + (z[9] << 72) + (z[10] << 80) + (z[11] << 88) + (z[12] << 96) + (z[13] << 104) + (z[14] << 112) + (z[15] << 120) + (z[16] << 128) + (z[17] << 136) + (z[18] << 144) + (z[19] << 152) + (z[20] << 160) + (z[21] << 168) + (z[22] << 176) + (z[23] << 184) + (z[24] << 192) + (z[25] << 200) + (z[26] << 208) + (z[27] << 216) + (z[28] << 224) + (z[29] << 232) + (z[30] << 240) + (z[31] << 248) + + +/// The function fiatP256AddcarryxU64 is an addition with carry. +/// Postconditions: +/// out1 = (arg1 + arg2 + arg3) mod 2^64 +/// out2 = ⌊(arg1 + arg2 + arg3) / 2^64⌋ +/// +/// Input Bounds: +/// arg1: [0x0 ~> 0x1] +/// arg2: [0x0 ~> 0xffffffffffffffff] +/// arg3: [0x0 ~> 0xffffffffffffffff] +/// Output Bounds: +/// out1: [0x0 ~> 0xffffffffffffffff] +/// out2: [0x0 ~> 0x1] +fn fiatP256AddcarryxU64(out1: *u64, out2: *u1, arg1: u1, arg2: u64, arg3: u64) callconv(.Inline) void { + const x1: u128 = ((@intCast(u128, arg1) + @intCast(u128, arg2)) + @intCast(u128, arg3)); + const x2: u64 = @intCast(u64, (x1 & @intCast(u128, 0xffffffffffffffff))); + const x3: u1 = @intCast(u1, (x1 >> 64)); + out1.* = x2; + out2.* = x3; +} + +/// The function fiatP256SubborrowxU64 is a subtraction with borrow. +/// Postconditions: +/// out1 = (-arg1 + arg2 + -arg3) mod 2^64 +/// out2 = -⌊(-arg1 + arg2 + -arg3) / 2^64⌋ +/// +/// Input Bounds: +/// arg1: [0x0 ~> 0x1] +/// arg2: [0x0 ~> 0xffffffffffffffff] +/// arg3: [0x0 ~> 0xffffffffffffffff] +/// Output Bounds: +/// out1: [0x0 ~> 0xffffffffffffffff] +/// out2: [0x0 ~> 0x1] +fn fiatP256SubborrowxU64(out1: *u64, out2: *u1, arg1: u1, arg2: u64, arg3: u64) callconv(.Inline) void { + const x1: i128 = ((@intCast(i128, arg2) - @intCast(i128, arg1)) - @intCast(i128, arg3)); + const x2: i1 = @intCast(i1, (x1 >> 64)); + const x3: u64 = @intCast(u64, (x1 & @intCast(i128, 0xffffffffffffffff))); + out1.* = x3; + out2.* = @intCast(u1, (@intCast(i2, 0x0) - @intCast(i2, x2))); +} + +/// The function fiatP256MulxU64 is a multiplication, returning the full double-width result. +/// Postconditions: +/// out1 = (arg1 * arg2) mod 2^64 +/// out2 = ⌊arg1 * arg2 / 2^64⌋ +/// +/// Input Bounds: +/// arg1: [0x0 ~> 0xffffffffffffffff] +/// arg2: [0x0 ~> 0xffffffffffffffff] +/// Output Bounds: +/// out1: [0x0 ~> 0xffffffffffffffff] +/// out2: [0x0 ~> 0xffffffffffffffff] +fn fiatP256MulxU64(out1: *u64, out2: *u64, arg1: u64, arg2: u64) callconv(.Inline) void { + const x1: u128 = (@intCast(u128, arg1) * @intCast(u128, arg2)); + const x2: u64 = @intCast(u64, (x1 & @intCast(u128, 0xffffffffffffffff))); + const x3: u64 = @intCast(u64, (x1 >> 64)); + out1.* = x2; + out2.* = x3; +} + +/// The function fiatP256CmovznzU64 is a single-word conditional move. +/// Postconditions: +/// out1 = (if arg1 = 0 then arg2 else arg3) +/// +/// Input Bounds: +/// arg1: [0x0 ~> 0x1] +/// arg2: [0x0 ~> 0xffffffffffffffff] +/// arg3: [0x0 ~> 0xffffffffffffffff] +/// Output Bounds: +/// out1: [0x0 ~> 0xffffffffffffffff] +fn fiatP256CmovznzU64(out1: *u64, arg1: u1, arg2: u64, arg3: u64) callconv(.Inline) void { + const x1: u1 = (~(~arg1)); + const x2: u64 = @intCast(u64, (@intCast(i128, @intCast(i1, (@intCast(i2, 0x0) - @intCast(i2, x1)))) & @intCast(i128, 0xffffffffffffffff))); + const x3: u64 = ((x2 & arg3) | ((~x2) & arg2)); + out1.* = x3; +} + +/// The function fiatP256Mul multiplies two field elements in the Montgomery domain. +/// Preconditions: +/// 0 ≤ eval arg1 < m +/// 0 ≤ eval arg2 < m +/// Postconditions: +/// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg2)) mod m +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +pub fn fiatP256Mul(out1: *[4]u64, arg1: [4]u64, arg2: [4]u64) void { + const x1: u64 = (arg1[1]); + const x2: u64 = (arg1[2]); + const x3: u64 = (arg1[3]); + const x4: u64 = (arg1[0]); + var x5: u64 = undefined; + var x6: u64 = undefined; + fiatP256MulxU64(&x5, &x6, x4, (arg2[3])); + var x7: u64 = undefined; + var x8: u64 = undefined; + fiatP256MulxU64(&x7, &x8, x4, (arg2[2])); + var x9: u64 = undefined; + var x10: u64 = undefined; + fiatP256MulxU64(&x9, &x10, x4, (arg2[1])); + var x11: u64 = undefined; + var x12: u64 = undefined; + fiatP256MulxU64(&x11, &x12, x4, (arg2[0])); + var x13: u64 = undefined; + var x14: u1 = undefined; + fiatP256AddcarryxU64(&x13, &x14, 0x0, x12, x9); + var x15: u64 = undefined; + var x16: u1 = undefined; + fiatP256AddcarryxU64(&x15, &x16, x14, x10, x7); + var x17: u64 = undefined; + var x18: u1 = undefined; + fiatP256AddcarryxU64(&x17, &x18, x16, x8, x5); + const x19: u64 = (@intCast(u64, x18) + x6); + var x20: u64 = undefined; + var x21: u64 = undefined; + fiatP256MulxU64(&x20, &x21, x11, 0xffffffff00000001); + var x22: u64 = undefined; + var x23: u64 = undefined; + fiatP256MulxU64(&x22, &x23, x11, 0xffffffff); + var x24: u64 = undefined; + var x25: u64 = undefined; + fiatP256MulxU64(&x24, &x25, x11, 0xffffffffffffffff); + var x26: u64 = undefined; + var x27: u1 = undefined; + fiatP256AddcarryxU64(&x26, &x27, 0x0, x25, x22); + const x28: u64 = (@intCast(u64, x27) + x23); + var x29: u64 = undefined; + var x30: u1 = undefined; + fiatP256AddcarryxU64(&x29, &x30, 0x0, x11, x24); + var x31: u64 = undefined; + var x32: u1 = undefined; + fiatP256AddcarryxU64(&x31, &x32, x30, x13, x26); + var x33: u64 = undefined; + var x34: u1 = undefined; + fiatP256AddcarryxU64(&x33, &x34, x32, x15, x28); + var x35: u64 = undefined; + var x36: u1 = undefined; + fiatP256AddcarryxU64(&x35, &x36, x34, x17, x20); + var x37: u64 = undefined; + var x38: u1 = undefined; + fiatP256AddcarryxU64(&x37, &x38, x36, x19, x21); + var x39: u64 = undefined; + var x40: u64 = undefined; + fiatP256MulxU64(&x39, &x40, x1, (arg2[3])); + var x41: u64 = undefined; + var x42: u64 = undefined; + fiatP256MulxU64(&x41, &x42, x1, (arg2[2])); + var x43: u64 = undefined; + var x44: u64 = undefined; + fiatP256MulxU64(&x43, &x44, x1, (arg2[1])); + var x45: u64 = undefined; + var x46: u64 = undefined; + fiatP256MulxU64(&x45, &x46, x1, (arg2[0])); + var x47: u64 = undefined; + var x48: u1 = undefined; + fiatP256AddcarryxU64(&x47, &x48, 0x0, x46, x43); + var x49: u64 = undefined; + var x50: u1 = undefined; + fiatP256AddcarryxU64(&x49, &x50, x48, x44, x41); + var x51: u64 = undefined; + var x52: u1 = undefined; + fiatP256AddcarryxU64(&x51, &x52, x50, x42, x39); + const x53: u64 = (@intCast(u64, x52) + x40); + var x54: u64 = undefined; + var x55: u1 = undefined; + fiatP256AddcarryxU64(&x54, &x55, 0x0, x31, x45); + var x56: u64 = undefined; + var x57: u1 = undefined; + fiatP256AddcarryxU64(&x56, &x57, x55, x33, x47); + var x58: u64 = undefined; + var x59: u1 = undefined; + fiatP256AddcarryxU64(&x58, &x59, x57, x35, x49); + var x60: u64 = undefined; + var x61: u1 = undefined; + fiatP256AddcarryxU64(&x60, &x61, x59, x37, x51); + var x62: u64 = undefined; + var x63: u1 = undefined; + fiatP256AddcarryxU64(&x62, &x63, x61, @intCast(u64, x38), x53); + var x64: u64 = undefined; + var x65: u64 = undefined; + fiatP256MulxU64(&x64, &x65, x54, 0xffffffff00000001); + var x66: u64 = undefined; + var x67: u64 = undefined; + fiatP256MulxU64(&x66, &x67, x54, 0xffffffff); + var x68: u64 = undefined; + var x69: u64 = undefined; + fiatP256MulxU64(&x68, &x69, x54, 0xffffffffffffffff); + var x70: u64 = undefined; + var x71: u1 = undefined; + fiatP256AddcarryxU64(&x70, &x71, 0x0, x69, x66); + const x72: u64 = (@intCast(u64, x71) + x67); + var x73: u64 = undefined; + var x74: u1 = undefined; + fiatP256AddcarryxU64(&x73, &x74, 0x0, x54, x68); + var x75: u64 = undefined; + var x76: u1 = undefined; + fiatP256AddcarryxU64(&x75, &x76, x74, x56, x70); + var x77: u64 = undefined; + var x78: u1 = undefined; + fiatP256AddcarryxU64(&x77, &x78, x76, x58, x72); + var x79: u64 = undefined; + var x80: u1 = undefined; + fiatP256AddcarryxU64(&x79, &x80, x78, x60, x64); + var x81: u64 = undefined; + var x82: u1 = undefined; + fiatP256AddcarryxU64(&x81, &x82, x80, x62, x65); + const x83: u64 = (@intCast(u64, x82) + @intCast(u64, x63)); + var x84: u64 = undefined; + var x85: u64 = undefined; + fiatP256MulxU64(&x84, &x85, x2, (arg2[3])); + var x86: u64 = undefined; + var x87: u64 = undefined; + fiatP256MulxU64(&x86, &x87, x2, (arg2[2])); + var x88: u64 = undefined; + var x89: u64 = undefined; + fiatP256MulxU64(&x88, &x89, x2, (arg2[1])); + var x90: u64 = undefined; + var x91: u64 = undefined; + fiatP256MulxU64(&x90, &x91, x2, (arg2[0])); + var x92: u64 = undefined; + var x93: u1 = undefined; + fiatP256AddcarryxU64(&x92, &x93, 0x0, x91, x88); + var x94: u64 = undefined; + var x95: u1 = undefined; + fiatP256AddcarryxU64(&x94, &x95, x93, x89, x86); + var x96: u64 = undefined; + var x97: u1 = undefined; + fiatP256AddcarryxU64(&x96, &x97, x95, x87, x84); + const x98: u64 = (@intCast(u64, x97) + x85); + var x99: u64 = undefined; + var x100: u1 = undefined; + fiatP256AddcarryxU64(&x99, &x100, 0x0, x75, x90); + var x101: u64 = undefined; + var x102: u1 = undefined; + fiatP256AddcarryxU64(&x101, &x102, x100, x77, x92); + var x103: u64 = undefined; + var x104: u1 = undefined; + fiatP256AddcarryxU64(&x103, &x104, x102, x79, x94); + var x105: u64 = undefined; + var x106: u1 = undefined; + fiatP256AddcarryxU64(&x105, &x106, x104, x81, x96); + var x107: u64 = undefined; + var x108: u1 = undefined; + fiatP256AddcarryxU64(&x107, &x108, x106, x83, x98); + var x109: u64 = undefined; + var x110: u64 = undefined; + fiatP256MulxU64(&x109, &x110, x99, 0xffffffff00000001); + var x111: u64 = undefined; + var x112: u64 = undefined; + fiatP256MulxU64(&x111, &x112, x99, 0xffffffff); + var x113: u64 = undefined; + var x114: u64 = undefined; + fiatP256MulxU64(&x113, &x114, x99, 0xffffffffffffffff); + var x115: u64 = undefined; + var x116: u1 = undefined; + fiatP256AddcarryxU64(&x115, &x116, 0x0, x114, x111); + const x117: u64 = (@intCast(u64, x116) + x112); + var x118: u64 = undefined; + var x119: u1 = undefined; + fiatP256AddcarryxU64(&x118, &x119, 0x0, x99, x113); + var x120: u64 = undefined; + var x121: u1 = undefined; + fiatP256AddcarryxU64(&x120, &x121, x119, x101, x115); + var x122: u64 = undefined; + var x123: u1 = undefined; + fiatP256AddcarryxU64(&x122, &x123, x121, x103, x117); + var x124: u64 = undefined; + var x125: u1 = undefined; + fiatP256AddcarryxU64(&x124, &x125, x123, x105, x109); + var x126: u64 = undefined; + var x127: u1 = undefined; + fiatP256AddcarryxU64(&x126, &x127, x125, x107, x110); + const x128: u64 = (@intCast(u64, x127) + @intCast(u64, x108)); + var x129: u64 = undefined; + var x130: u64 = undefined; + fiatP256MulxU64(&x129, &x130, x3, (arg2[3])); + var x131: u64 = undefined; + var x132: u64 = undefined; + fiatP256MulxU64(&x131, &x132, x3, (arg2[2])); + var x133: u64 = undefined; + var x134: u64 = undefined; + fiatP256MulxU64(&x133, &x134, x3, (arg2[1])); + var x135: u64 = undefined; + var x136: u64 = undefined; + fiatP256MulxU64(&x135, &x136, x3, (arg2[0])); + var x137: u64 = undefined; + var x138: u1 = undefined; + fiatP256AddcarryxU64(&x137, &x138, 0x0, x136, x133); + var x139: u64 = undefined; + var x140: u1 = undefined; + fiatP256AddcarryxU64(&x139, &x140, x138, x134, x131); + var x141: u64 = undefined; + var x142: u1 = undefined; + fiatP256AddcarryxU64(&x141, &x142, x140, x132, x129); + const x143: u64 = (@intCast(u64, x142) + x130); + var x144: u64 = undefined; + var x145: u1 = undefined; + fiatP256AddcarryxU64(&x144, &x145, 0x0, x120, x135); + var x146: u64 = undefined; + var x147: u1 = undefined; + fiatP256AddcarryxU64(&x146, &x147, x145, x122, x137); + var x148: u64 = undefined; + var x149: u1 = undefined; + fiatP256AddcarryxU64(&x148, &x149, x147, x124, x139); + var x150: u64 = undefined; + var x151: u1 = undefined; + fiatP256AddcarryxU64(&x150, &x151, x149, x126, x141); + var x152: u64 = undefined; + var x153: u1 = undefined; + fiatP256AddcarryxU64(&x152, &x153, x151, x128, x143); + var x154: u64 = undefined; + var x155: u64 = undefined; + fiatP256MulxU64(&x154, &x155, x144, 0xffffffff00000001); + var x156: u64 = undefined; + var x157: u64 = undefined; + fiatP256MulxU64(&x156, &x157, x144, 0xffffffff); + var x158: u64 = undefined; + var x159: u64 = undefined; + fiatP256MulxU64(&x158, &x159, x144, 0xffffffffffffffff); + var x160: u64 = undefined; + var x161: u1 = undefined; + fiatP256AddcarryxU64(&x160, &x161, 0x0, x159, x156); + const x162: u64 = (@intCast(u64, x161) + x157); + var x163: u64 = undefined; + var x164: u1 = undefined; + fiatP256AddcarryxU64(&x163, &x164, 0x0, x144, x158); + var x165: u64 = undefined; + var x166: u1 = undefined; + fiatP256AddcarryxU64(&x165, &x166, x164, x146, x160); + var x167: u64 = undefined; + var x168: u1 = undefined; + fiatP256AddcarryxU64(&x167, &x168, x166, x148, x162); + var x169: u64 = undefined; + var x170: u1 = undefined; + fiatP256AddcarryxU64(&x169, &x170, x168, x150, x154); + var x171: u64 = undefined; + var x172: u1 = undefined; + fiatP256AddcarryxU64(&x171, &x172, x170, x152, x155); + const x173: u64 = (@intCast(u64, x172) + @intCast(u64, x153)); + var x174: u64 = undefined; + var x175: u1 = undefined; + fiatP256SubborrowxU64(&x174, &x175, 0x0, x165, 0xffffffffffffffff); + var x176: u64 = undefined; + var x177: u1 = undefined; + fiatP256SubborrowxU64(&x176, &x177, x175, x167, 0xffffffff); + var x178: u64 = undefined; + var x179: u1 = undefined; + fiatP256SubborrowxU64(&x178, &x179, x177, x169, @intCast(u64, 0x0)); + var x180: u64 = undefined; + var x181: u1 = undefined; + fiatP256SubborrowxU64(&x180, &x181, x179, x171, 0xffffffff00000001); + var x182: u64 = undefined; + var x183: u1 = undefined; + fiatP256SubborrowxU64(&x182, &x183, x181, x173, @intCast(u64, 0x0)); + var x184: u64 = undefined; + fiatP256CmovznzU64(&x184, x183, x174, x165); + var x185: u64 = undefined; + fiatP256CmovznzU64(&x185, x183, x176, x167); + var x186: u64 = undefined; + fiatP256CmovznzU64(&x186, x183, x178, x169); + var x187: u64 = undefined; + fiatP256CmovznzU64(&x187, x183, x180, x171); + out1[0] = x184; + out1[1] = x185; + out1[2] = x186; + out1[3] = x187; +} + +/// The function fiatP256Square squares a field element in the Montgomery domain. +/// Preconditions: +/// 0 ≤ eval arg1 < m +/// Postconditions: +/// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg1)) mod m +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +pub fn fiatP256Square(out1: *[4]u64, arg1: [4]u64) void { + const x1: u64 = (arg1[1]); + const x2: u64 = (arg1[2]); + const x3: u64 = (arg1[3]); + const x4: u64 = (arg1[0]); + var x5: u64 = undefined; + var x6: u64 = undefined; + fiatP256MulxU64(&x5, &x6, x4, (arg1[3])); + var x7: u64 = undefined; + var x8: u64 = undefined; + fiatP256MulxU64(&x7, &x8, x4, (arg1[2])); + var x9: u64 = undefined; + var x10: u64 = undefined; + fiatP256MulxU64(&x9, &x10, x4, (arg1[1])); + var x11: u64 = undefined; + var x12: u64 = undefined; + fiatP256MulxU64(&x11, &x12, x4, (arg1[0])); + var x13: u64 = undefined; + var x14: u1 = undefined; + fiatP256AddcarryxU64(&x13, &x14, 0x0, x12, x9); + var x15: u64 = undefined; + var x16: u1 = undefined; + fiatP256AddcarryxU64(&x15, &x16, x14, x10, x7); + var x17: u64 = undefined; + var x18: u1 = undefined; + fiatP256AddcarryxU64(&x17, &x18, x16, x8, x5); + const x19: u64 = (@intCast(u64, x18) + x6); + var x20: u64 = undefined; + var x21: u64 = undefined; + fiatP256MulxU64(&x20, &x21, x11, 0xffffffff00000001); + var x22: u64 = undefined; + var x23: u64 = undefined; + fiatP256MulxU64(&x22, &x23, x11, 0xffffffff); + var x24: u64 = undefined; + var x25: u64 = undefined; + fiatP256MulxU64(&x24, &x25, x11, 0xffffffffffffffff); + var x26: u64 = undefined; + var x27: u1 = undefined; + fiatP256AddcarryxU64(&x26, &x27, 0x0, x25, x22); + const x28: u64 = (@intCast(u64, x27) + x23); + var x29: u64 = undefined; + var x30: u1 = undefined; + fiatP256AddcarryxU64(&x29, &x30, 0x0, x11, x24); + var x31: u64 = undefined; + var x32: u1 = undefined; + fiatP256AddcarryxU64(&x31, &x32, x30, x13, x26); + var x33: u64 = undefined; + var x34: u1 = undefined; + fiatP256AddcarryxU64(&x33, &x34, x32, x15, x28); + var x35: u64 = undefined; + var x36: u1 = undefined; + fiatP256AddcarryxU64(&x35, &x36, x34, x17, x20); + var x37: u64 = undefined; + var x38: u1 = undefined; + fiatP256AddcarryxU64(&x37, &x38, x36, x19, x21); + var x39: u64 = undefined; + var x40: u64 = undefined; + fiatP256MulxU64(&x39, &x40, x1, (arg1[3])); + var x41: u64 = undefined; + var x42: u64 = undefined; + fiatP256MulxU64(&x41, &x42, x1, (arg1[2])); + var x43: u64 = undefined; + var x44: u64 = undefined; + fiatP256MulxU64(&x43, &x44, x1, (arg1[1])); + var x45: u64 = undefined; + var x46: u64 = undefined; + fiatP256MulxU64(&x45, &x46, x1, (arg1[0])); + var x47: u64 = undefined; + var x48: u1 = undefined; + fiatP256AddcarryxU64(&x47, &x48, 0x0, x46, x43); + var x49: u64 = undefined; + var x50: u1 = undefined; + fiatP256AddcarryxU64(&x49, &x50, x48, x44, x41); + var x51: u64 = undefined; + var x52: u1 = undefined; + fiatP256AddcarryxU64(&x51, &x52, x50, x42, x39); + const x53: u64 = (@intCast(u64, x52) + x40); + var x54: u64 = undefined; + var x55: u1 = undefined; + fiatP256AddcarryxU64(&x54, &x55, 0x0, x31, x45); + var x56: u64 = undefined; + var x57: u1 = undefined; + fiatP256AddcarryxU64(&x56, &x57, x55, x33, x47); + var x58: u64 = undefined; + var x59: u1 = undefined; + fiatP256AddcarryxU64(&x58, &x59, x57, x35, x49); + var x60: u64 = undefined; + var x61: u1 = undefined; + fiatP256AddcarryxU64(&x60, &x61, x59, x37, x51); + var x62: u64 = undefined; + var x63: u1 = undefined; + fiatP256AddcarryxU64(&x62, &x63, x61, @intCast(u64, x38), x53); + var x64: u64 = undefined; + var x65: u64 = undefined; + fiatP256MulxU64(&x64, &x65, x54, 0xffffffff00000001); + var x66: u64 = undefined; + var x67: u64 = undefined; + fiatP256MulxU64(&x66, &x67, x54, 0xffffffff); + var x68: u64 = undefined; + var x69: u64 = undefined; + fiatP256MulxU64(&x68, &x69, x54, 0xffffffffffffffff); + var x70: u64 = undefined; + var x71: u1 = undefined; + fiatP256AddcarryxU64(&x70, &x71, 0x0, x69, x66); + const x72: u64 = (@intCast(u64, x71) + x67); + var x73: u64 = undefined; + var x74: u1 = undefined; + fiatP256AddcarryxU64(&x73, &x74, 0x0, x54, x68); + var x75: u64 = undefined; + var x76: u1 = undefined; + fiatP256AddcarryxU64(&x75, &x76, x74, x56, x70); + var x77: u64 = undefined; + var x78: u1 = undefined; + fiatP256AddcarryxU64(&x77, &x78, x76, x58, x72); + var x79: u64 = undefined; + var x80: u1 = undefined; + fiatP256AddcarryxU64(&x79, &x80, x78, x60, x64); + var x81: u64 = undefined; + var x82: u1 = undefined; + fiatP256AddcarryxU64(&x81, &x82, x80, x62, x65); + const x83: u64 = (@intCast(u64, x82) + @intCast(u64, x63)); + var x84: u64 = undefined; + var x85: u64 = undefined; + fiatP256MulxU64(&x84, &x85, x2, (arg1[3])); + var x86: u64 = undefined; + var x87: u64 = undefined; + fiatP256MulxU64(&x86, &x87, x2, (arg1[2])); + var x88: u64 = undefined; + var x89: u64 = undefined; + fiatP256MulxU64(&x88, &x89, x2, (arg1[1])); + var x90: u64 = undefined; + var x91: u64 = undefined; + fiatP256MulxU64(&x90, &x91, x2, (arg1[0])); + var x92: u64 = undefined; + var x93: u1 = undefined; + fiatP256AddcarryxU64(&x92, &x93, 0x0, x91, x88); + var x94: u64 = undefined; + var x95: u1 = undefined; + fiatP256AddcarryxU64(&x94, &x95, x93, x89, x86); + var x96: u64 = undefined; + var x97: u1 = undefined; + fiatP256AddcarryxU64(&x96, &x97, x95, x87, x84); + const x98: u64 = (@intCast(u64, x97) + x85); + var x99: u64 = undefined; + var x100: u1 = undefined; + fiatP256AddcarryxU64(&x99, &x100, 0x0, x75, x90); + var x101: u64 = undefined; + var x102: u1 = undefined; + fiatP256AddcarryxU64(&x101, &x102, x100, x77, x92); + var x103: u64 = undefined; + var x104: u1 = undefined; + fiatP256AddcarryxU64(&x103, &x104, x102, x79, x94); + var x105: u64 = undefined; + var x106: u1 = undefined; + fiatP256AddcarryxU64(&x105, &x106, x104, x81, x96); + var x107: u64 = undefined; + var x108: u1 = undefined; + fiatP256AddcarryxU64(&x107, &x108, x106, x83, x98); + var x109: u64 = undefined; + var x110: u64 = undefined; + fiatP256MulxU64(&x109, &x110, x99, 0xffffffff00000001); + var x111: u64 = undefined; + var x112: u64 = undefined; + fiatP256MulxU64(&x111, &x112, x99, 0xffffffff); + var x113: u64 = undefined; + var x114: u64 = undefined; + fiatP256MulxU64(&x113, &x114, x99, 0xffffffffffffffff); + var x115: u64 = undefined; + var x116: u1 = undefined; + fiatP256AddcarryxU64(&x115, &x116, 0x0, x114, x111); + const x117: u64 = (@intCast(u64, x116) + x112); + var x118: u64 = undefined; + var x119: u1 = undefined; + fiatP256AddcarryxU64(&x118, &x119, 0x0, x99, x113); + var x120: u64 = undefined; + var x121: u1 = undefined; + fiatP256AddcarryxU64(&x120, &x121, x119, x101, x115); + var x122: u64 = undefined; + var x123: u1 = undefined; + fiatP256AddcarryxU64(&x122, &x123, x121, x103, x117); + var x124: u64 = undefined; + var x125: u1 = undefined; + fiatP256AddcarryxU64(&x124, &x125, x123, x105, x109); + var x126: u64 = undefined; + var x127: u1 = undefined; + fiatP256AddcarryxU64(&x126, &x127, x125, x107, x110); + const x128: u64 = (@intCast(u64, x127) + @intCast(u64, x108)); + var x129: u64 = undefined; + var x130: u64 = undefined; + fiatP256MulxU64(&x129, &x130, x3, (arg1[3])); + var x131: u64 = undefined; + var x132: u64 = undefined; + fiatP256MulxU64(&x131, &x132, x3, (arg1[2])); + var x133: u64 = undefined; + var x134: u64 = undefined; + fiatP256MulxU64(&x133, &x134, x3, (arg1[1])); + var x135: u64 = undefined; + var x136: u64 = undefined; + fiatP256MulxU64(&x135, &x136, x3, (arg1[0])); + var x137: u64 = undefined; + var x138: u1 = undefined; + fiatP256AddcarryxU64(&x137, &x138, 0x0, x136, x133); + var x139: u64 = undefined; + var x140: u1 = undefined; + fiatP256AddcarryxU64(&x139, &x140, x138, x134, x131); + var x141: u64 = undefined; + var x142: u1 = undefined; + fiatP256AddcarryxU64(&x141, &x142, x140, x132, x129); + const x143: u64 = (@intCast(u64, x142) + x130); + var x144: u64 = undefined; + var x145: u1 = undefined; + fiatP256AddcarryxU64(&x144, &x145, 0x0, x120, x135); + var x146: u64 = undefined; + var x147: u1 = undefined; + fiatP256AddcarryxU64(&x146, &x147, x145, x122, x137); + var x148: u64 = undefined; + var x149: u1 = undefined; + fiatP256AddcarryxU64(&x148, &x149, x147, x124, x139); + var x150: u64 = undefined; + var x151: u1 = undefined; + fiatP256AddcarryxU64(&x150, &x151, x149, x126, x141); + var x152: u64 = undefined; + var x153: u1 = undefined; + fiatP256AddcarryxU64(&x152, &x153, x151, x128, x143); + var x154: u64 = undefined; + var x155: u64 = undefined; + fiatP256MulxU64(&x154, &x155, x144, 0xffffffff00000001); + var x156: u64 = undefined; + var x157: u64 = undefined; + fiatP256MulxU64(&x156, &x157, x144, 0xffffffff); + var x158: u64 = undefined; + var x159: u64 = undefined; + fiatP256MulxU64(&x158, &x159, x144, 0xffffffffffffffff); + var x160: u64 = undefined; + var x161: u1 = undefined; + fiatP256AddcarryxU64(&x160, &x161, 0x0, x159, x156); + const x162: u64 = (@intCast(u64, x161) + x157); + var x163: u64 = undefined; + var x164: u1 = undefined; + fiatP256AddcarryxU64(&x163, &x164, 0x0, x144, x158); + var x165: u64 = undefined; + var x166: u1 = undefined; + fiatP256AddcarryxU64(&x165, &x166, x164, x146, x160); + var x167: u64 = undefined; + var x168: u1 = undefined; + fiatP256AddcarryxU64(&x167, &x168, x166, x148, x162); + var x169: u64 = undefined; + var x170: u1 = undefined; + fiatP256AddcarryxU64(&x169, &x170, x168, x150, x154); + var x171: u64 = undefined; + var x172: u1 = undefined; + fiatP256AddcarryxU64(&x171, &x172, x170, x152, x155); + const x173: u64 = (@intCast(u64, x172) + @intCast(u64, x153)); + var x174: u64 = undefined; + var x175: u1 = undefined; + fiatP256SubborrowxU64(&x174, &x175, 0x0, x165, 0xffffffffffffffff); + var x176: u64 = undefined; + var x177: u1 = undefined; + fiatP256SubborrowxU64(&x176, &x177, x175, x167, 0xffffffff); + var x178: u64 = undefined; + var x179: u1 = undefined; + fiatP256SubborrowxU64(&x178, &x179, x177, x169, @intCast(u64, 0x0)); + var x180: u64 = undefined; + var x181: u1 = undefined; + fiatP256SubborrowxU64(&x180, &x181, x179, x171, 0xffffffff00000001); + var x182: u64 = undefined; + var x183: u1 = undefined; + fiatP256SubborrowxU64(&x182, &x183, x181, x173, @intCast(u64, 0x0)); + var x184: u64 = undefined; + fiatP256CmovznzU64(&x184, x183, x174, x165); + var x185: u64 = undefined; + fiatP256CmovznzU64(&x185, x183, x176, x167); + var x186: u64 = undefined; + fiatP256CmovznzU64(&x186, x183, x178, x169); + var x187: u64 = undefined; + fiatP256CmovznzU64(&x187, x183, x180, x171); + out1[0] = x184; + out1[1] = x185; + out1[2] = x186; + out1[3] = x187; +} + +/// The function fiatP256Add adds two field elements in the Montgomery domain. +/// Preconditions: +/// 0 ≤ eval arg1 < m +/// 0 ≤ eval arg2 < m +/// Postconditions: +/// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) + eval (from_montgomery arg2)) mod m +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +pub fn fiatP256Add(out1: *[4]u64, arg1: [4]u64, arg2: [4]u64) void { + var x1: u64 = undefined; + var x2: u1 = undefined; + fiatP256AddcarryxU64(&x1, &x2, 0x0, (arg1[0]), (arg2[0])); + var x3: u64 = undefined; + var x4: u1 = undefined; + fiatP256AddcarryxU64(&x3, &x4, x2, (arg1[1]), (arg2[1])); + var x5: u64 = undefined; + var x6: u1 = undefined; + fiatP256AddcarryxU64(&x5, &x6, x4, (arg1[2]), (arg2[2])); + var x7: u64 = undefined; + var x8: u1 = undefined; + fiatP256AddcarryxU64(&x7, &x8, x6, (arg1[3]), (arg2[3])); + var x9: u64 = undefined; + var x10: u1 = undefined; + fiatP256SubborrowxU64(&x9, &x10, 0x0, x1, 0xffffffffffffffff); + var x11: u64 = undefined; + var x12: u1 = undefined; + fiatP256SubborrowxU64(&x11, &x12, x10, x3, 0xffffffff); + var x13: u64 = undefined; + var x14: u1 = undefined; + fiatP256SubborrowxU64(&x13, &x14, x12, x5, @intCast(u64, 0x0)); + var x15: u64 = undefined; + var x16: u1 = undefined; + fiatP256SubborrowxU64(&x15, &x16, x14, x7, 0xffffffff00000001); + var x17: u64 = undefined; + var x18: u1 = undefined; + fiatP256SubborrowxU64(&x17, &x18, x16, @intCast(u64, x8), @intCast(u64, 0x0)); + var x19: u64 = undefined; + fiatP256CmovznzU64(&x19, x18, x9, x1); + var x20: u64 = undefined; + fiatP256CmovznzU64(&x20, x18, x11, x3); + var x21: u64 = undefined; + fiatP256CmovznzU64(&x21, x18, x13, x5); + var x22: u64 = undefined; + fiatP256CmovznzU64(&x22, x18, x15, x7); + out1[0] = x19; + out1[1] = x20; + out1[2] = x21; + out1[3] = x22; +} + +/// The function fiatP256Sub subtracts two field elements in the Montgomery domain. +/// Preconditions: +/// 0 ≤ eval arg1 < m +/// 0 ≤ eval arg2 < m +/// Postconditions: +/// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) - eval (from_montgomery arg2)) mod m +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +pub fn fiatP256Sub(out1: *[4]u64, arg1: [4]u64, arg2: [4]u64) void { + var x1: u64 = undefined; + var x2: u1 = undefined; + fiatP256SubborrowxU64(&x1, &x2, 0x0, (arg1[0]), (arg2[0])); + var x3: u64 = undefined; + var x4: u1 = undefined; + fiatP256SubborrowxU64(&x3, &x4, x2, (arg1[1]), (arg2[1])); + var x5: u64 = undefined; + var x6: u1 = undefined; + fiatP256SubborrowxU64(&x5, &x6, x4, (arg1[2]), (arg2[2])); + var x7: u64 = undefined; + var x8: u1 = undefined; + fiatP256SubborrowxU64(&x7, &x8, x6, (arg1[3]), (arg2[3])); + var x9: u64 = undefined; + fiatP256CmovznzU64(&x9, x8, @intCast(u64, 0x0), 0xffffffffffffffff); + var x10: u64 = undefined; + var x11: u1 = undefined; + fiatP256AddcarryxU64(&x10, &x11, 0x0, x1, x9); + var x12: u64 = undefined; + var x13: u1 = undefined; + fiatP256AddcarryxU64(&x12, &x13, x11, x3, (x9 & 0xffffffff)); + var x14: u64 = undefined; + var x15: u1 = undefined; + fiatP256AddcarryxU64(&x14, &x15, x13, x5, @intCast(u64, 0x0)); + var x16: u64 = undefined; + var x17: u1 = undefined; + fiatP256AddcarryxU64(&x16, &x17, x15, x7, (x9 & 0xffffffff00000001)); + out1[0] = x10; + out1[1] = x12; + out1[2] = x14; + out1[3] = x16; +} + +/// The function fiatP256Opp negates a field element in the Montgomery domain. +/// Preconditions: +/// 0 ≤ eval arg1 < m +/// Postconditions: +/// eval (from_montgomery out1) mod m = -eval (from_montgomery arg1) mod m +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +pub fn fiatP256Opp(out1: *[4]u64, arg1: [4]u64) void { + var x1: u64 = undefined; + var x2: u1 = undefined; + fiatP256SubborrowxU64(&x1, &x2, 0x0, @intCast(u64, 0x0), (arg1[0])); + var x3: u64 = undefined; + var x4: u1 = undefined; + fiatP256SubborrowxU64(&x3, &x4, x2, @intCast(u64, 0x0), (arg1[1])); + var x5: u64 = undefined; + var x6: u1 = undefined; + fiatP256SubborrowxU64(&x5, &x6, x4, @intCast(u64, 0x0), (arg1[2])); + var x7: u64 = undefined; + var x8: u1 = undefined; + fiatP256SubborrowxU64(&x7, &x8, x6, @intCast(u64, 0x0), (arg1[3])); + var x9: u64 = undefined; + fiatP256CmovznzU64(&x9, x8, @intCast(u64, 0x0), 0xffffffffffffffff); + var x10: u64 = undefined; + var x11: u1 = undefined; + fiatP256AddcarryxU64(&x10, &x11, 0x0, x1, x9); + var x12: u64 = undefined; + var x13: u1 = undefined; + fiatP256AddcarryxU64(&x12, &x13, x11, x3, (x9 & 0xffffffff)); + var x14: u64 = undefined; + var x15: u1 = undefined; + fiatP256AddcarryxU64(&x14, &x15, x13, x5, @intCast(u64, 0x0)); + var x16: u64 = undefined; + var x17: u1 = undefined; + fiatP256AddcarryxU64(&x16, &x17, x15, x7, (x9 & 0xffffffff00000001)); + out1[0] = x10; + out1[1] = x12; + out1[2] = x14; + out1[3] = x16; +} + +/// The function fiatP256FromMontgomery translates a field element out of the Montgomery domain. +/// Preconditions: +/// 0 ≤ eval arg1 < m +/// Postconditions: +/// eval out1 mod m = (eval arg1 * ((2^64)⁻¹ mod m)^4) mod m +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +pub fn fiatP256FromMontgomery(out1: *[4]u64, arg1: [4]u64) void { + const x1: u64 = (arg1[0]); + var x2: u64 = undefined; + var x3: u64 = undefined; + fiatP256MulxU64(&x2, &x3, x1, 0xffffffff00000001); + var x4: u64 = undefined; + var x5: u64 = undefined; + fiatP256MulxU64(&x4, &x5, x1, 0xffffffff); + var x6: u64 = undefined; + var x7: u64 = undefined; + fiatP256MulxU64(&x6, &x7, x1, 0xffffffffffffffff); + var x8: u64 = undefined; + var x9: u1 = undefined; + fiatP256AddcarryxU64(&x8, &x9, 0x0, x7, x4); + var x10: u64 = undefined; + var x11: u1 = undefined; + fiatP256AddcarryxU64(&x10, &x11, 0x0, x1, x6); + var x12: u64 = undefined; + var x13: u1 = undefined; + fiatP256AddcarryxU64(&x12, &x13, x11, @intCast(u64, 0x0), x8); + var x14: u64 = undefined; + var x15: u1 = undefined; + fiatP256AddcarryxU64(&x14, &x15, 0x0, x12, (arg1[1])); + var x16: u64 = undefined; + var x17: u64 = undefined; + fiatP256MulxU64(&x16, &x17, x14, 0xffffffff00000001); + var x18: u64 = undefined; + var x19: u64 = undefined; + fiatP256MulxU64(&x18, &x19, x14, 0xffffffff); + var x20: u64 = undefined; + var x21: u64 = undefined; + fiatP256MulxU64(&x20, &x21, x14, 0xffffffffffffffff); + var x22: u64 = undefined; + var x23: u1 = undefined; + fiatP256AddcarryxU64(&x22, &x23, 0x0, x21, x18); + var x24: u64 = undefined; + var x25: u1 = undefined; + fiatP256AddcarryxU64(&x24, &x25, 0x0, x14, x20); + var x26: u64 = undefined; + var x27: u1 = undefined; + fiatP256AddcarryxU64(&x26, &x27, x25, (@intCast(u64, x15) + (@intCast(u64, x13) + (@intCast(u64, x9) + x5))), x22); + var x28: u64 = undefined; + var x29: u1 = undefined; + fiatP256AddcarryxU64(&x28, &x29, x27, x2, (@intCast(u64, x23) + x19)); + var x30: u64 = undefined; + var x31: u1 = undefined; + fiatP256AddcarryxU64(&x30, &x31, x29, x3, x16); + var x32: u64 = undefined; + var x33: u1 = undefined; + fiatP256AddcarryxU64(&x32, &x33, 0x0, x26, (arg1[2])); + var x34: u64 = undefined; + var x35: u1 = undefined; + fiatP256AddcarryxU64(&x34, &x35, x33, x28, @intCast(u64, 0x0)); + var x36: u64 = undefined; + var x37: u1 = undefined; + fiatP256AddcarryxU64(&x36, &x37, x35, x30, @intCast(u64, 0x0)); + var x38: u64 = undefined; + var x39: u64 = undefined; + fiatP256MulxU64(&x38, &x39, x32, 0xffffffff00000001); + var x40: u64 = undefined; + var x41: u64 = undefined; + fiatP256MulxU64(&x40, &x41, x32, 0xffffffff); + var x42: u64 = undefined; + var x43: u64 = undefined; + fiatP256MulxU64(&x42, &x43, x32, 0xffffffffffffffff); + var x44: u64 = undefined; + var x45: u1 = undefined; + fiatP256AddcarryxU64(&x44, &x45, 0x0, x43, x40); + var x46: u64 = undefined; + var x47: u1 = undefined; + fiatP256AddcarryxU64(&x46, &x47, 0x0, x32, x42); + var x48: u64 = undefined; + var x49: u1 = undefined; + fiatP256AddcarryxU64(&x48, &x49, x47, x34, x44); + var x50: u64 = undefined; + var x51: u1 = undefined; + fiatP256AddcarryxU64(&x50, &x51, x49, x36, (@intCast(u64, x45) + x41)); + var x52: u64 = undefined; + var x53: u1 = undefined; + fiatP256AddcarryxU64(&x52, &x53, x51, (@intCast(u64, x37) + (@intCast(u64, x31) + x17)), x38); + var x54: u64 = undefined; + var x55: u1 = undefined; + fiatP256AddcarryxU64(&x54, &x55, 0x0, x48, (arg1[3])); + var x56: u64 = undefined; + var x57: u1 = undefined; + fiatP256AddcarryxU64(&x56, &x57, x55, x50, @intCast(u64, 0x0)); + var x58: u64 = undefined; + var x59: u1 = undefined; + fiatP256AddcarryxU64(&x58, &x59, x57, x52, @intCast(u64, 0x0)); + var x60: u64 = undefined; + var x61: u64 = undefined; + fiatP256MulxU64(&x60, &x61, x54, 0xffffffff00000001); + var x62: u64 = undefined; + var x63: u64 = undefined; + fiatP256MulxU64(&x62, &x63, x54, 0xffffffff); + var x64: u64 = undefined; + var x65: u64 = undefined; + fiatP256MulxU64(&x64, &x65, x54, 0xffffffffffffffff); + var x66: u64 = undefined; + var x67: u1 = undefined; + fiatP256AddcarryxU64(&x66, &x67, 0x0, x65, x62); + var x68: u64 = undefined; + var x69: u1 = undefined; + fiatP256AddcarryxU64(&x68, &x69, 0x0, x54, x64); + var x70: u64 = undefined; + var x71: u1 = undefined; + fiatP256AddcarryxU64(&x70, &x71, x69, x56, x66); + var x72: u64 = undefined; + var x73: u1 = undefined; + fiatP256AddcarryxU64(&x72, &x73, x71, x58, (@intCast(u64, x67) + x63)); + var x74: u64 = undefined; + var x75: u1 = undefined; + fiatP256AddcarryxU64(&x74, &x75, x73, (@intCast(u64, x59) + (@intCast(u64, x53) + x39)), x60); + const x76: u64 = (@intCast(u64, x75) + x61); + var x77: u64 = undefined; + var x78: u1 = undefined; + fiatP256SubborrowxU64(&x77, &x78, 0x0, x70, 0xffffffffffffffff); + var x79: u64 = undefined; + var x80: u1 = undefined; + fiatP256SubborrowxU64(&x79, &x80, x78, x72, 0xffffffff); + var x81: u64 = undefined; + var x82: u1 = undefined; + fiatP256SubborrowxU64(&x81, &x82, x80, x74, @intCast(u64, 0x0)); + var x83: u64 = undefined; + var x84: u1 = undefined; + fiatP256SubborrowxU64(&x83, &x84, x82, x76, 0xffffffff00000001); + var x85: u64 = undefined; + var x86: u1 = undefined; + fiatP256SubborrowxU64(&x85, &x86, x84, @intCast(u64, 0x0), @intCast(u64, 0x0)); + var x87: u64 = undefined; + fiatP256CmovznzU64(&x87, x86, x77, x70); + var x88: u64 = undefined; + fiatP256CmovznzU64(&x88, x86, x79, x72); + var x89: u64 = undefined; + fiatP256CmovznzU64(&x89, x86, x81, x74); + var x90: u64 = undefined; + fiatP256CmovznzU64(&x90, x86, x83, x76); + out1[0] = x87; + out1[1] = x88; + out1[2] = x89; + out1[3] = x90; +} + +/// The function fiatP256ToMontgomery translates a field element into the Montgomery domain. +/// Preconditions: +/// 0 ≤ eval arg1 < m +/// Postconditions: +/// eval (from_montgomery out1) mod m = eval arg1 mod m +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +pub fn fiatP256ToMontgomery(out1: *[4]u64, arg1: [4]u64) void { + const x1: u64 = (arg1[1]); + const x2: u64 = (arg1[2]); + const x3: u64 = (arg1[3]); + const x4: u64 = (arg1[0]); + var x5: u64 = undefined; + var x6: u64 = undefined; + fiatP256MulxU64(&x5, &x6, x4, 0x4fffffffd); + var x7: u64 = undefined; + var x8: u64 = undefined; + fiatP256MulxU64(&x7, &x8, x4, 0xfffffffffffffffe); + var x9: u64 = undefined; + var x10: u64 = undefined; + fiatP256MulxU64(&x9, &x10, x4, 0xfffffffbffffffff); + var x11: u64 = undefined; + var x12: u64 = undefined; + fiatP256MulxU64(&x11, &x12, x4, 0x3); + var x13: u64 = undefined; + var x14: u1 = undefined; + fiatP256AddcarryxU64(&x13, &x14, 0x0, x12, x9); + var x15: u64 = undefined; + var x16: u1 = undefined; + fiatP256AddcarryxU64(&x15, &x16, x14, x10, x7); + var x17: u64 = undefined; + var x18: u1 = undefined; + fiatP256AddcarryxU64(&x17, &x18, x16, x8, x5); + var x19: u64 = undefined; + var x20: u64 = undefined; + fiatP256MulxU64(&x19, &x20, x11, 0xffffffff00000001); + var x21: u64 = undefined; + var x22: u64 = undefined; + fiatP256MulxU64(&x21, &x22, x11, 0xffffffff); + var x23: u64 = undefined; + var x24: u64 = undefined; + fiatP256MulxU64(&x23, &x24, x11, 0xffffffffffffffff); + var x25: u64 = undefined; + var x26: u1 = undefined; + fiatP256AddcarryxU64(&x25, &x26, 0x0, x24, x21); + var x27: u64 = undefined; + var x28: u1 = undefined; + fiatP256AddcarryxU64(&x27, &x28, 0x0, x11, x23); + var x29: u64 = undefined; + var x30: u1 = undefined; + fiatP256AddcarryxU64(&x29, &x30, x28, x13, x25); + var x31: u64 = undefined; + var x32: u1 = undefined; + fiatP256AddcarryxU64(&x31, &x32, x30, x15, (@intCast(u64, x26) + x22)); + var x33: u64 = undefined; + var x34: u1 = undefined; + fiatP256AddcarryxU64(&x33, &x34, x32, x17, x19); + var x35: u64 = undefined; + var x36: u1 = undefined; + fiatP256AddcarryxU64(&x35, &x36, x34, (@intCast(u64, x18) + x6), x20); + var x37: u64 = undefined; + var x38: u64 = undefined; + fiatP256MulxU64(&x37, &x38, x1, 0x4fffffffd); + var x39: u64 = undefined; + var x40: u64 = undefined; + fiatP256MulxU64(&x39, &x40, x1, 0xfffffffffffffffe); + var x41: u64 = undefined; + var x42: u64 = undefined; + fiatP256MulxU64(&x41, &x42, x1, 0xfffffffbffffffff); + var x43: u64 = undefined; + var x44: u64 = undefined; + fiatP256MulxU64(&x43, &x44, x1, 0x3); + var x45: u64 = undefined; + var x46: u1 = undefined; + fiatP256AddcarryxU64(&x45, &x46, 0x0, x44, x41); + var x47: u64 = undefined; + var x48: u1 = undefined; + fiatP256AddcarryxU64(&x47, &x48, x46, x42, x39); + var x49: u64 = undefined; + var x50: u1 = undefined; + fiatP256AddcarryxU64(&x49, &x50, x48, x40, x37); + var x51: u64 = undefined; + var x52: u1 = undefined; + fiatP256AddcarryxU64(&x51, &x52, 0x0, x29, x43); + var x53: u64 = undefined; + var x54: u1 = undefined; + fiatP256AddcarryxU64(&x53, &x54, x52, x31, x45); + var x55: u64 = undefined; + var x56: u1 = undefined; + fiatP256AddcarryxU64(&x55, &x56, x54, x33, x47); + var x57: u64 = undefined; + var x58: u1 = undefined; + fiatP256AddcarryxU64(&x57, &x58, x56, x35, x49); + var x59: u64 = undefined; + var x60: u64 = undefined; + fiatP256MulxU64(&x59, &x60, x51, 0xffffffff00000001); + var x61: u64 = undefined; + var x62: u64 = undefined; + fiatP256MulxU64(&x61, &x62, x51, 0xffffffff); + var x63: u64 = undefined; + var x64: u64 = undefined; + fiatP256MulxU64(&x63, &x64, x51, 0xffffffffffffffff); + var x65: u64 = undefined; + var x66: u1 = undefined; + fiatP256AddcarryxU64(&x65, &x66, 0x0, x64, x61); + var x67: u64 = undefined; + var x68: u1 = undefined; + fiatP256AddcarryxU64(&x67, &x68, 0x0, x51, x63); + var x69: u64 = undefined; + var x70: u1 = undefined; + fiatP256AddcarryxU64(&x69, &x70, x68, x53, x65); + var x71: u64 = undefined; + var x72: u1 = undefined; + fiatP256AddcarryxU64(&x71, &x72, x70, x55, (@intCast(u64, x66) + x62)); + var x73: u64 = undefined; + var x74: u1 = undefined; + fiatP256AddcarryxU64(&x73, &x74, x72, x57, x59); + var x75: u64 = undefined; + var x76: u1 = undefined; + fiatP256AddcarryxU64(&x75, &x76, x74, ((@intCast(u64, x58) + @intCast(u64, x36)) + (@intCast(u64, x50) + x38)), x60); + var x77: u64 = undefined; + var x78: u64 = undefined; + fiatP256MulxU64(&x77, &x78, x2, 0x4fffffffd); + var x79: u64 = undefined; + var x80: u64 = undefined; + fiatP256MulxU64(&x79, &x80, x2, 0xfffffffffffffffe); + var x81: u64 = undefined; + var x82: u64 = undefined; + fiatP256MulxU64(&x81, &x82, x2, 0xfffffffbffffffff); + var x83: u64 = undefined; + var x84: u64 = undefined; + fiatP256MulxU64(&x83, &x84, x2, 0x3); + var x85: u64 = undefined; + var x86: u1 = undefined; + fiatP256AddcarryxU64(&x85, &x86, 0x0, x84, x81); + var x87: u64 = undefined; + var x88: u1 = undefined; + fiatP256AddcarryxU64(&x87, &x88, x86, x82, x79); + var x89: u64 = undefined; + var x90: u1 = undefined; + fiatP256AddcarryxU64(&x89, &x90, x88, x80, x77); + var x91: u64 = undefined; + var x92: u1 = undefined; + fiatP256AddcarryxU64(&x91, &x92, 0x0, x69, x83); + var x93: u64 = undefined; + var x94: u1 = undefined; + fiatP256AddcarryxU64(&x93, &x94, x92, x71, x85); + var x95: u64 = undefined; + var x96: u1 = undefined; + fiatP256AddcarryxU64(&x95, &x96, x94, x73, x87); + var x97: u64 = undefined; + var x98: u1 = undefined; + fiatP256AddcarryxU64(&x97, &x98, x96, x75, x89); + var x99: u64 = undefined; + var x100: u64 = undefined; + fiatP256MulxU64(&x99, &x100, x91, 0xffffffff00000001); + var x101: u64 = undefined; + var x102: u64 = undefined; + fiatP256MulxU64(&x101, &x102, x91, 0xffffffff); + var x103: u64 = undefined; + var x104: u64 = undefined; + fiatP256MulxU64(&x103, &x104, x91, 0xffffffffffffffff); + var x105: u64 = undefined; + var x106: u1 = undefined; + fiatP256AddcarryxU64(&x105, &x106, 0x0, x104, x101); + var x107: u64 = undefined; + var x108: u1 = undefined; + fiatP256AddcarryxU64(&x107, &x108, 0x0, x91, x103); + var x109: u64 = undefined; + var x110: u1 = undefined; + fiatP256AddcarryxU64(&x109, &x110, x108, x93, x105); + var x111: u64 = undefined; + var x112: u1 = undefined; + fiatP256AddcarryxU64(&x111, &x112, x110, x95, (@intCast(u64, x106) + x102)); + var x113: u64 = undefined; + var x114: u1 = undefined; + fiatP256AddcarryxU64(&x113, &x114, x112, x97, x99); + var x115: u64 = undefined; + var x116: u1 = undefined; + fiatP256AddcarryxU64(&x115, &x116, x114, ((@intCast(u64, x98) + @intCast(u64, x76)) + (@intCast(u64, x90) + x78)), x100); + var x117: u64 = undefined; + var x118: u64 = undefined; + fiatP256MulxU64(&x117, &x118, x3, 0x4fffffffd); + var x119: u64 = undefined; + var x120: u64 = undefined; + fiatP256MulxU64(&x119, &x120, x3, 0xfffffffffffffffe); + var x121: u64 = undefined; + var x122: u64 = undefined; + fiatP256MulxU64(&x121, &x122, x3, 0xfffffffbffffffff); + var x123: u64 = undefined; + var x124: u64 = undefined; + fiatP256MulxU64(&x123, &x124, x3, 0x3); + var x125: u64 = undefined; + var x126: u1 = undefined; + fiatP256AddcarryxU64(&x125, &x126, 0x0, x124, x121); + var x127: u64 = undefined; + var x128: u1 = undefined; + fiatP256AddcarryxU64(&x127, &x128, x126, x122, x119); + var x129: u64 = undefined; + var x130: u1 = undefined; + fiatP256AddcarryxU64(&x129, &x130, x128, x120, x117); + var x131: u64 = undefined; + var x132: u1 = undefined; + fiatP256AddcarryxU64(&x131, &x132, 0x0, x109, x123); + var x133: u64 = undefined; + var x134: u1 = undefined; + fiatP256AddcarryxU64(&x133, &x134, x132, x111, x125); + var x135: u64 = undefined; + var x136: u1 = undefined; + fiatP256AddcarryxU64(&x135, &x136, x134, x113, x127); + var x137: u64 = undefined; + var x138: u1 = undefined; + fiatP256AddcarryxU64(&x137, &x138, x136, x115, x129); + var x139: u64 = undefined; + var x140: u64 = undefined; + fiatP256MulxU64(&x139, &x140, x131, 0xffffffff00000001); + var x141: u64 = undefined; + var x142: u64 = undefined; + fiatP256MulxU64(&x141, &x142, x131, 0xffffffff); + var x143: u64 = undefined; + var x144: u64 = undefined; + fiatP256MulxU64(&x143, &x144, x131, 0xffffffffffffffff); + var x145: u64 = undefined; + var x146: u1 = undefined; + fiatP256AddcarryxU64(&x145, &x146, 0x0, x144, x141); + var x147: u64 = undefined; + var x148: u1 = undefined; + fiatP256AddcarryxU64(&x147, &x148, 0x0, x131, x143); + var x149: u64 = undefined; + var x150: u1 = undefined; + fiatP256AddcarryxU64(&x149, &x150, x148, x133, x145); + var x151: u64 = undefined; + var x152: u1 = undefined; + fiatP256AddcarryxU64(&x151, &x152, x150, x135, (@intCast(u64, x146) + x142)); + var x153: u64 = undefined; + var x154: u1 = undefined; + fiatP256AddcarryxU64(&x153, &x154, x152, x137, x139); + var x155: u64 = undefined; + var x156: u1 = undefined; + fiatP256AddcarryxU64(&x155, &x156, x154, ((@intCast(u64, x138) + @intCast(u64, x116)) + (@intCast(u64, x130) + x118)), x140); + var x157: u64 = undefined; + var x158: u1 = undefined; + fiatP256SubborrowxU64(&x157, &x158, 0x0, x149, 0xffffffffffffffff); + var x159: u64 = undefined; + var x160: u1 = undefined; + fiatP256SubborrowxU64(&x159, &x160, x158, x151, 0xffffffff); + var x161: u64 = undefined; + var x162: u1 = undefined; + fiatP256SubborrowxU64(&x161, &x162, x160, x153, @intCast(u64, 0x0)); + var x163: u64 = undefined; + var x164: u1 = undefined; + fiatP256SubborrowxU64(&x163, &x164, x162, x155, 0xffffffff00000001); + var x165: u64 = undefined; + var x166: u1 = undefined; + fiatP256SubborrowxU64(&x165, &x166, x164, @intCast(u64, x156), @intCast(u64, 0x0)); + var x167: u64 = undefined; + fiatP256CmovznzU64(&x167, x166, x157, x149); + var x168: u64 = undefined; + fiatP256CmovznzU64(&x168, x166, x159, x151); + var x169: u64 = undefined; + fiatP256CmovznzU64(&x169, x166, x161, x153); + var x170: u64 = undefined; + fiatP256CmovznzU64(&x170, x166, x163, x155); + out1[0] = x167; + out1[1] = x168; + out1[2] = x169; + out1[3] = x170; +} + +/// The function fiatP256Nonzero outputs a single non-zero word if the input is non-zero and zero otherwise. +/// Preconditions: +/// 0 ≤ eval arg1 < m +/// Postconditions: +/// out1 = 0 ↔ eval (from_montgomery arg1) mod m = 0 +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// Output Bounds: +/// out1: [0x0 ~> 0xffffffffffffffff] +pub fn fiatP256Nonzero(out1: *u64, arg1: [4]u64) void { + const x1: u64 = ((arg1[0]) | ((arg1[1]) | ((arg1[2]) | (arg1[3])))); + out1.* = x1; +} + +/// The function fiatP256Selectznz is a multi-limb conditional select. +/// Postconditions: +/// eval out1 = (if arg1 = 0 then eval arg2 else eval arg3) +/// +/// Input Bounds: +/// arg1: [0x0 ~> 0x1] +/// arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// arg3: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +pub fn fiatP256Selectznz(out1: *[4]u64, arg1: u1, arg2: [4]u64, arg3: [4]u64) void { + var x1: u64 = undefined; + fiatP256CmovznzU64(&x1, arg1, (arg2[0]), (arg3[0])); + var x2: u64 = undefined; + fiatP256CmovznzU64(&x2, arg1, (arg2[1]), (arg3[1])); + var x3: u64 = undefined; + fiatP256CmovznzU64(&x3, arg1, (arg2[2]), (arg3[2])); + var x4: u64 = undefined; + fiatP256CmovznzU64(&x4, arg1, (arg2[3]), (arg3[3])); + out1[0] = x1; + out1[1] = x2; + out1[2] = x3; + out1[3] = x4; +} + +/// The function fiatP256ToBytes serializes a field element NOT in the Montgomery domain to bytes in little-endian order. +/// Preconditions: +/// 0 ≤ eval arg1 < m +/// Postconditions: +/// out1 = map (λ x, ⌊((eval arg1 mod m) mod 2^(8 * (x + 1))) / 2^(8 * x)⌋) [0..31] +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff]] +pub fn fiatP256ToBytes(out1: *[32]u8, arg1: [4]u64) void { + const x1: u64 = (arg1[3]); + const x2: u64 = (arg1[2]); + const x3: u64 = (arg1[1]); + const x4: u64 = (arg1[0]); + const x5: u8 = @intCast(u8, (x4 & @intCast(u64, 0xff))); + const x6: u64 = (x4 >> 8); + const x7: u8 = @intCast(u8, (x6 & @intCast(u64, 0xff))); + const x8: u64 = (x6 >> 8); + const x9: u8 = @intCast(u8, (x8 & @intCast(u64, 0xff))); + const x10: u64 = (x8 >> 8); + const x11: u8 = @intCast(u8, (x10 & @intCast(u64, 0xff))); + const x12: u64 = (x10 >> 8); + const x13: u8 = @intCast(u8, (x12 & @intCast(u64, 0xff))); + const x14: u64 = (x12 >> 8); + const x15: u8 = @intCast(u8, (x14 & @intCast(u64, 0xff))); + const x16: u64 = (x14 >> 8); + const x17: u8 = @intCast(u8, (x16 & @intCast(u64, 0xff))); + const x18: u8 = @intCast(u8, (x16 >> 8)); + const x19: u8 = @intCast(u8, (x3 & @intCast(u64, 0xff))); + const x20: u64 = (x3 >> 8); + const x21: u8 = @intCast(u8, (x20 & @intCast(u64, 0xff))); + const x22: u64 = (x20 >> 8); + const x23: u8 = @intCast(u8, (x22 & @intCast(u64, 0xff))); + const x24: u64 = (x22 >> 8); + const x25: u8 = @intCast(u8, (x24 & @intCast(u64, 0xff))); + const x26: u64 = (x24 >> 8); + const x27: u8 = @intCast(u8, (x26 & @intCast(u64, 0xff))); + const x28: u64 = (x26 >> 8); + const x29: u8 = @intCast(u8, (x28 & @intCast(u64, 0xff))); + const x30: u64 = (x28 >> 8); + const x31: u8 = @intCast(u8, (x30 & @intCast(u64, 0xff))); + const x32: u8 = @intCast(u8, (x30 >> 8)); + const x33: u8 = @intCast(u8, (x2 & @intCast(u64, 0xff))); + const x34: u64 = (x2 >> 8); + const x35: u8 = @intCast(u8, (x34 & @intCast(u64, 0xff))); + const x36: u64 = (x34 >> 8); + const x37: u8 = @intCast(u8, (x36 & @intCast(u64, 0xff))); + const x38: u64 = (x36 >> 8); + const x39: u8 = @intCast(u8, (x38 & @intCast(u64, 0xff))); + const x40: u64 = (x38 >> 8); + const x41: u8 = @intCast(u8, (x40 & @intCast(u64, 0xff))); + const x42: u64 = (x40 >> 8); + const x43: u8 = @intCast(u8, (x42 & @intCast(u64, 0xff))); + const x44: u64 = (x42 >> 8); + const x45: u8 = @intCast(u8, (x44 & @intCast(u64, 0xff))); + const x46: u8 = @intCast(u8, (x44 >> 8)); + const x47: u8 = @intCast(u8, (x1 & @intCast(u64, 0xff))); + const x48: u64 = (x1 >> 8); + const x49: u8 = @intCast(u8, (x48 & @intCast(u64, 0xff))); + const x50: u64 = (x48 >> 8); + const x51: u8 = @intCast(u8, (x50 & @intCast(u64, 0xff))); + const x52: u64 = (x50 >> 8); + const x53: u8 = @intCast(u8, (x52 & @intCast(u64, 0xff))); + const x54: u64 = (x52 >> 8); + const x55: u8 = @intCast(u8, (x54 & @intCast(u64, 0xff))); + const x56: u64 = (x54 >> 8); + const x57: u8 = @intCast(u8, (x56 & @intCast(u64, 0xff))); + const x58: u64 = (x56 >> 8); + const x59: u8 = @intCast(u8, (x58 & @intCast(u64, 0xff))); + const x60: u8 = @intCast(u8, (x58 >> 8)); + out1[0] = x5; + out1[1] = x7; + out1[2] = x9; + out1[3] = x11; + out1[4] = x13; + out1[5] = x15; + out1[6] = x17; + out1[7] = x18; + out1[8] = x19; + out1[9] = x21; + out1[10] = x23; + out1[11] = x25; + out1[12] = x27; + out1[13] = x29; + out1[14] = x31; + out1[15] = x32; + out1[16] = x33; + out1[17] = x35; + out1[18] = x37; + out1[19] = x39; + out1[20] = x41; + out1[21] = x43; + out1[22] = x45; + out1[23] = x46; + out1[24] = x47; + out1[25] = x49; + out1[26] = x51; + out1[27] = x53; + out1[28] = x55; + out1[29] = x57; + out1[30] = x59; + out1[31] = x60; +} + +/// The function fiatP256FromBytes deserializes a field element NOT in the Montgomery domain from bytes in little-endian order. +/// Preconditions: +/// 0 ≤ bytes_eval arg1 < m +/// Postconditions: +/// eval out1 mod m = bytes_eval arg1 mod m +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +pub fn fiatP256FromBytes(out1: *[4]u64, arg1: [32]u8) void { + const x1: u64 = (@intCast(u64, (arg1[31])) << 56); + const x2: u64 = (@intCast(u64, (arg1[30])) << 48); + const x3: u64 = (@intCast(u64, (arg1[29])) << 40); + const x4: u64 = (@intCast(u64, (arg1[28])) << 32); + const x5: u64 = (@intCast(u64, (arg1[27])) << 24); + const x6: u64 = (@intCast(u64, (arg1[26])) << 16); + const x7: u64 = (@intCast(u64, (arg1[25])) << 8); + const x8: u8 = (arg1[24]); + const x9: u64 = (@intCast(u64, (arg1[23])) << 56); + const x10: u64 = (@intCast(u64, (arg1[22])) << 48); + const x11: u64 = (@intCast(u64, (arg1[21])) << 40); + const x12: u64 = (@intCast(u64, (arg1[20])) << 32); + const x13: u64 = (@intCast(u64, (arg1[19])) << 24); + const x14: u64 = (@intCast(u64, (arg1[18])) << 16); + const x15: u64 = (@intCast(u64, (arg1[17])) << 8); + const x16: u8 = (arg1[16]); + const x17: u64 = (@intCast(u64, (arg1[15])) << 56); + const x18: u64 = (@intCast(u64, (arg1[14])) << 48); + const x19: u64 = (@intCast(u64, (arg1[13])) << 40); + const x20: u64 = (@intCast(u64, (arg1[12])) << 32); + const x21: u64 = (@intCast(u64, (arg1[11])) << 24); + const x22: u64 = (@intCast(u64, (arg1[10])) << 16); + const x23: u64 = (@intCast(u64, (arg1[9])) << 8); + const x24: u8 = (arg1[8]); + const x25: u64 = (@intCast(u64, (arg1[7])) << 56); + const x26: u64 = (@intCast(u64, (arg1[6])) << 48); + const x27: u64 = (@intCast(u64, (arg1[5])) << 40); + const x28: u64 = (@intCast(u64, (arg1[4])) << 32); + const x29: u64 = (@intCast(u64, (arg1[3])) << 24); + const x30: u64 = (@intCast(u64, (arg1[2])) << 16); + const x31: u64 = (@intCast(u64, (arg1[1])) << 8); + const x32: u8 = (arg1[0]); + const x33: u64 = (x31 + @intCast(u64, x32)); + const x34: u64 = (x30 + x33); + const x35: u64 = (x29 + x34); + const x36: u64 = (x28 + x35); + const x37: u64 = (x27 + x36); + const x38: u64 = (x26 + x37); + const x39: u64 = (x25 + x38); + const x40: u64 = (x23 + @intCast(u64, x24)); + const x41: u64 = (x22 + x40); + const x42: u64 = (x21 + x41); + const x43: u64 = (x20 + x42); + const x44: u64 = (x19 + x43); + const x45: u64 = (x18 + x44); + const x46: u64 = (x17 + x45); + const x47: u64 = (x15 + @intCast(u64, x16)); + const x48: u64 = (x14 + x47); + const x49: u64 = (x13 + x48); + const x50: u64 = (x12 + x49); + const x51: u64 = (x11 + x50); + const x52: u64 = (x10 + x51); + const x53: u64 = (x9 + x52); + const x54: u64 = (x7 + @intCast(u64, x8)); + const x55: u64 = (x6 + x54); + const x56: u64 = (x5 + x55); + const x57: u64 = (x4 + x56); + const x58: u64 = (x3 + x57); + const x59: u64 = (x2 + x58); + const x60: u64 = (x1 + x59); + out1[0] = x39; + out1[1] = x46; + out1[2] = x53; + out1[3] = x60; +} + +/// The function fiatP256SetOne returns the field element one in the Montgomery domain. +/// Postconditions: +/// eval (from_montgomery out1) mod m = 1 mod m +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +pub fn fiatP256SetOne(out1: *[4]u64) void { + out1[0] = @intCast(u64, 0x1); + out1[1] = 0xffffffff00000000; + out1[2] = 0xffffffffffffffff; + out1[3] = 0xfffffffe; +} + +/// The function fiatP256Msat returns the saturated representation of the prime modulus. +/// Postconditions: +/// twos_complement_eval out1 = m +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +pub fn fiatP256Msat(out1: *[5]u64) void { + out1[0] = 0xffffffffffffffff; + out1[1] = 0xffffffff; + out1[2] = @intCast(u64, 0x0); + out1[3] = 0xffffffff00000001; + out1[4] = @intCast(u64, 0x0); +} + +/// The function fiatP256Divstep computes a divstep. +/// Preconditions: +/// 0 ≤ eval arg4 < m +/// 0 ≤ eval arg5 < m +/// Postconditions: +/// out1 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then 1 - arg1 else 1 + arg1) +/// twos_complement_eval out2 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then twos_complement_eval arg3 else twos_complement_eval arg2) +/// twos_complement_eval out3 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then ⌊(twos_complement_eval arg3 - twos_complement_eval arg2) / 2⌋ else ⌊(twos_complement_eval arg3 + (twos_complement_eval arg3 mod 2) * twos_complement_eval arg2) / 2⌋) +/// eval (from_montgomery out4) mod m = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then (2 * eval (from_montgomery arg5)) mod m else (2 * eval (from_montgomery arg4)) mod m) +/// eval (from_montgomery out5) mod m = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then (eval (from_montgomery arg4) - eval (from_montgomery arg4)) mod m else (eval (from_montgomery arg5) + (twos_complement_eval arg3 mod 2) * eval (from_montgomery arg4)) mod m) +/// 0 ≤ eval out5 < m +/// 0 ≤ eval out5 < m +/// 0 ≤ eval out2 < m +/// 0 ≤ eval out3 < m +/// +/// Input Bounds: +/// arg1: [0x0 ~> 0xffffffffffffffff] +/// arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// arg3: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// arg4: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// arg5: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// Output Bounds: +/// out1: [0x0 ~> 0xffffffffffffffff] +/// out2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// out3: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// out4: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// out5: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +pub fn fiatP256Divstep(out1: *u64, out2: *[5]u64, out3: *[5]u64, out4: *[4]u64, out5: *[4]u64, arg1: u64, arg2: [5]u64, arg3: [5]u64, arg4: [4]u64, arg5: [4]u64) void { + var x1: u64 = undefined; + var x2: u1 = undefined; + fiatP256AddcarryxU64(&x1, &x2, 0x0, (~arg1), @intCast(u64, 0x1)); + const x3: u1 = (@intCast(u1, (x1 >> 63)) & @intCast(u1, ((arg3[0]) & @intCast(u64, 0x1)))); + var x4: u64 = undefined; + var x5: u1 = undefined; + fiatP256AddcarryxU64(&x4, &x5, 0x0, (~arg1), @intCast(u64, 0x1)); + var x6: u64 = undefined; + fiatP256CmovznzU64(&x6, x3, arg1, x4); + var x7: u64 = undefined; + fiatP256CmovznzU64(&x7, x3, (arg2[0]), (arg3[0])); + var x8: u64 = undefined; + fiatP256CmovznzU64(&x8, x3, (arg2[1]), (arg3[1])); + var x9: u64 = undefined; + fiatP256CmovznzU64(&x9, x3, (arg2[2]), (arg3[2])); + var x10: u64 = undefined; + fiatP256CmovznzU64(&x10, x3, (arg2[3]), (arg3[3])); + var x11: u64 = undefined; + fiatP256CmovznzU64(&x11, x3, (arg2[4]), (arg3[4])); + var x12: u64 = undefined; + var x13: u1 = undefined; + fiatP256AddcarryxU64(&x12, &x13, 0x0, @intCast(u64, 0x1), (~(arg2[0]))); + var x14: u64 = undefined; + var x15: u1 = undefined; + fiatP256AddcarryxU64(&x14, &x15, x13, @intCast(u64, 0x0), (~(arg2[1]))); + var x16: u64 = undefined; + var x17: u1 = undefined; + fiatP256AddcarryxU64(&x16, &x17, x15, @intCast(u64, 0x0), (~(arg2[2]))); + var x18: u64 = undefined; + var x19: u1 = undefined; + fiatP256AddcarryxU64(&x18, &x19, x17, @intCast(u64, 0x0), (~(arg2[3]))); + var x20: u64 = undefined; + var x21: u1 = undefined; + fiatP256AddcarryxU64(&x20, &x21, x19, @intCast(u64, 0x0), (~(arg2[4]))); + var x22: u64 = undefined; + fiatP256CmovznzU64(&x22, x3, (arg3[0]), x12); + var x23: u64 = undefined; + fiatP256CmovznzU64(&x23, x3, (arg3[1]), x14); + var x24: u64 = undefined; + fiatP256CmovznzU64(&x24, x3, (arg3[2]), x16); + var x25: u64 = undefined; + fiatP256CmovznzU64(&x25, x3, (arg3[3]), x18); + var x26: u64 = undefined; + fiatP256CmovznzU64(&x26, x3, (arg3[4]), x20); + var x27: u64 = undefined; + fiatP256CmovznzU64(&x27, x3, (arg4[0]), (arg5[0])); + var x28: u64 = undefined; + fiatP256CmovznzU64(&x28, x3, (arg4[1]), (arg5[1])); + var x29: u64 = undefined; + fiatP256CmovznzU64(&x29, x3, (arg4[2]), (arg5[2])); + var x30: u64 = undefined; + fiatP256CmovznzU64(&x30, x3, (arg4[3]), (arg5[3])); + var x31: u64 = undefined; + var x32: u1 = undefined; + fiatP256AddcarryxU64(&x31, &x32, 0x0, x27, x27); + var x33: u64 = undefined; + var x34: u1 = undefined; + fiatP256AddcarryxU64(&x33, &x34, x32, x28, x28); + var x35: u64 = undefined; + var x36: u1 = undefined; + fiatP256AddcarryxU64(&x35, &x36, x34, x29, x29); + var x37: u64 = undefined; + var x38: u1 = undefined; + fiatP256AddcarryxU64(&x37, &x38, x36, x30, x30); + var x39: u64 = undefined; + var x40: u1 = undefined; + fiatP256SubborrowxU64(&x39, &x40, 0x0, x31, 0xffffffffffffffff); + var x41: u64 = undefined; + var x42: u1 = undefined; + fiatP256SubborrowxU64(&x41, &x42, x40, x33, 0xffffffff); + var x43: u64 = undefined; + var x44: u1 = undefined; + fiatP256SubborrowxU64(&x43, &x44, x42, x35, @intCast(u64, 0x0)); + var x45: u64 = undefined; + var x46: u1 = undefined; + fiatP256SubborrowxU64(&x45, &x46, x44, x37, 0xffffffff00000001); + var x47: u64 = undefined; + var x48: u1 = undefined; + fiatP256SubborrowxU64(&x47, &x48, x46, @intCast(u64, x38), @intCast(u64, 0x0)); + const x49: u64 = (arg4[3]); + const x50: u64 = (arg4[2]); + const x51: u64 = (arg4[1]); + const x52: u64 = (arg4[0]); + var x53: u64 = undefined; + var x54: u1 = undefined; + fiatP256SubborrowxU64(&x53, &x54, 0x0, @intCast(u64, 0x0), x52); + var x55: u64 = undefined; + var x56: u1 = undefined; + fiatP256SubborrowxU64(&x55, &x56, x54, @intCast(u64, 0x0), x51); + var x57: u64 = undefined; + var x58: u1 = undefined; + fiatP256SubborrowxU64(&x57, &x58, x56, @intCast(u64, 0x0), x50); + var x59: u64 = undefined; + var x60: u1 = undefined; + fiatP256SubborrowxU64(&x59, &x60, x58, @intCast(u64, 0x0), x49); + var x61: u64 = undefined; + fiatP256CmovznzU64(&x61, x60, @intCast(u64, 0x0), 0xffffffffffffffff); + var x62: u64 = undefined; + var x63: u1 = undefined; + fiatP256AddcarryxU64(&x62, &x63, 0x0, x53, x61); + var x64: u64 = undefined; + var x65: u1 = undefined; + fiatP256AddcarryxU64(&x64, &x65, x63, x55, (x61 & 0xffffffff)); + var x66: u64 = undefined; + var x67: u1 = undefined; + fiatP256AddcarryxU64(&x66, &x67, x65, x57, @intCast(u64, 0x0)); + var x68: u64 = undefined; + var x69: u1 = undefined; + fiatP256AddcarryxU64(&x68, &x69, x67, x59, (x61 & 0xffffffff00000001)); + var x70: u64 = undefined; + fiatP256CmovznzU64(&x70, x3, (arg5[0]), x62); + var x71: u64 = undefined; + fiatP256CmovznzU64(&x71, x3, (arg5[1]), x64); + var x72: u64 = undefined; + fiatP256CmovznzU64(&x72, x3, (arg5[2]), x66); + var x73: u64 = undefined; + fiatP256CmovznzU64(&x73, x3, (arg5[3]), x68); + const x74: u1 = @intCast(u1, (x22 & @intCast(u64, 0x1))); + var x75: u64 = undefined; + fiatP256CmovznzU64(&x75, x74, @intCast(u64, 0x0), x7); + var x76: u64 = undefined; + fiatP256CmovznzU64(&x76, x74, @intCast(u64, 0x0), x8); + var x77: u64 = undefined; + fiatP256CmovznzU64(&x77, x74, @intCast(u64, 0x0), x9); + var x78: u64 = undefined; + fiatP256CmovznzU64(&x78, x74, @intCast(u64, 0x0), x10); + var x79: u64 = undefined; + fiatP256CmovznzU64(&x79, x74, @intCast(u64, 0x0), x11); + var x80: u64 = undefined; + var x81: u1 = undefined; + fiatP256AddcarryxU64(&x80, &x81, 0x0, x22, x75); + var x82: u64 = undefined; + var x83: u1 = undefined; + fiatP256AddcarryxU64(&x82, &x83, x81, x23, x76); + var x84: u64 = undefined; + var x85: u1 = undefined; + fiatP256AddcarryxU64(&x84, &x85, x83, x24, x77); + var x86: u64 = undefined; + var x87: u1 = undefined; + fiatP256AddcarryxU64(&x86, &x87, x85, x25, x78); + var x88: u64 = undefined; + var x89: u1 = undefined; + fiatP256AddcarryxU64(&x88, &x89, x87, x26, x79); + var x90: u64 = undefined; + fiatP256CmovznzU64(&x90, x74, @intCast(u64, 0x0), x27); + var x91: u64 = undefined; + fiatP256CmovznzU64(&x91, x74, @intCast(u64, 0x0), x28); + var x92: u64 = undefined; + fiatP256CmovznzU64(&x92, x74, @intCast(u64, 0x0), x29); + var x93: u64 = undefined; + fiatP256CmovznzU64(&x93, x74, @intCast(u64, 0x0), x30); + var x94: u64 = undefined; + var x95: u1 = undefined; + fiatP256AddcarryxU64(&x94, &x95, 0x0, x70, x90); + var x96: u64 = undefined; + var x97: u1 = undefined; + fiatP256AddcarryxU64(&x96, &x97, x95, x71, x91); + var x98: u64 = undefined; + var x99: u1 = undefined; + fiatP256AddcarryxU64(&x98, &x99, x97, x72, x92); + var x100: u64 = undefined; + var x101: u1 = undefined; + fiatP256AddcarryxU64(&x100, &x101, x99, x73, x93); + var x102: u64 = undefined; + var x103: u1 = undefined; + fiatP256SubborrowxU64(&x102, &x103, 0x0, x94, 0xffffffffffffffff); + var x104: u64 = undefined; + var x105: u1 = undefined; + fiatP256SubborrowxU64(&x104, &x105, x103, x96, 0xffffffff); + var x106: u64 = undefined; + var x107: u1 = undefined; + fiatP256SubborrowxU64(&x106, &x107, x105, x98, @intCast(u64, 0x0)); + var x108: u64 = undefined; + var x109: u1 = undefined; + fiatP256SubborrowxU64(&x108, &x109, x107, x100, 0xffffffff00000001); + var x110: u64 = undefined; + var x111: u1 = undefined; + fiatP256SubborrowxU64(&x110, &x111, x109, @intCast(u64, x101), @intCast(u64, 0x0)); + var x112: u64 = undefined; + var x113: u1 = undefined; + fiatP256AddcarryxU64(&x112, &x113, 0x0, x6, @intCast(u64, 0x1)); + const x114: u64 = ((x80 >> 1) | ((x82 << 63) & 0xffffffffffffffff)); + const x115: u64 = ((x82 >> 1) | ((x84 << 63) & 0xffffffffffffffff)); + const x116: u64 = ((x84 >> 1) | ((x86 << 63) & 0xffffffffffffffff)); + const x117: u64 = ((x86 >> 1) | ((x88 << 63) & 0xffffffffffffffff)); + const x118: u64 = ((x88 & 0x8000000000000000) | (x88 >> 1)); + var x119: u64 = undefined; + fiatP256CmovznzU64(&x119, x48, x39, x31); + var x120: u64 = undefined; + fiatP256CmovznzU64(&x120, x48, x41, x33); + var x121: u64 = undefined; + fiatP256CmovznzU64(&x121, x48, x43, x35); + var x122: u64 = undefined; + fiatP256CmovznzU64(&x122, x48, x45, x37); + var x123: u64 = undefined; + fiatP256CmovznzU64(&x123, x111, x102, x94); + var x124: u64 = undefined; + fiatP256CmovznzU64(&x124, x111, x104, x96); + var x125: u64 = undefined; + fiatP256CmovznzU64(&x125, x111, x106, x98); + var x126: u64 = undefined; + fiatP256CmovznzU64(&x126, x111, x108, x100); + out1.* = x112; + out2[0] = x7; + out2[1] = x8; + out2[2] = x9; + out2[3] = x10; + out2[4] = x11; + out3[0] = x114; + out3[1] = x115; + out3[2] = x116; + out3[3] = x117; + out3[4] = x118; + out4[0] = x119; + out4[1] = x120; + out4[2] = x121; + out4[3] = x122; + out5[0] = x123; + out5[1] = x124; + out5[2] = x125; + out5[3] = x126; +} + +/// The function fiatP256DivstepPrecomp returns the precomputed value for Bernstein-Yang-inversion (in montgomery form). +/// Postconditions: +/// eval (from_montgomery out1) = ⌊(m - 1) / 2⌋^(if (log2 m) + 1 < 46 then ⌊(49 * ((log2 m) + 1) + 80) / 17⌋ else ⌊(49 * ((log2 m) + 1) + 57) / 17⌋) +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +pub fn fiatP256DivstepPrecomp(out1: *[4]u64) void { + out1[0] = 0x67ffffffb8000000; + out1[1] = 0xc000000038000000; + out1[2] = 0xd80000007fffffff; + out1[3] = 0x2fffffffffffffff; +} + diff --git a/fiat-zig/src/p384_32.zig b/fiat-zig/src/p384_32.zig new file mode 100644 index 0000000000..3de8a8db6a --- /dev/null +++ b/fiat-zig/src/p384_32.zig @@ -0,0 +1,9774 @@ +/// Autogenerated: 'src/ExtractionOCaml/word_by_word_montgomery' --lang Zig --internal-static --public-function-case camelCase --private-function-case camelCase p384 32 '2^384 - 2^128 - 2^96 + 2^32 - 1' mul square add sub opp from_montgomery to_montgomery nonzero selectznz to_bytes from_bytes one msat divstep divstep_precomp +/// curve description: p384 +/// machine_wordsize = 32 (from "32") +/// requested operations: mul, square, add, sub, opp, from_montgomery, to_montgomery, nonzero, selectznz, to_bytes, from_bytes, one, msat, divstep, divstep_precomp +/// m = 0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff (from "2^384 - 2^128 - 2^96 + 2^32 - 1") +/// +/// NOTE: In addition to the bounds specified above each function, all +/// functions synthesized for this Montgomery arithmetic require the +/// input to be strictly less than the prime modulus (m), and also +/// require the input to be in the unique saturated representation. +/// All functions also ensure that these two properties are true of +/// return values. +/// +/// Computed values: +/// eval z = z[0] + (z[1] << 32) + (z[2] << 64) + (z[3] << 96) + (z[4] << 128) + (z[5] << 160) + (z[6] << 192) + (z[7] << 224) + (z[8] << 256) + (z[9] << 0x120) + (z[10] << 0x140) + (z[11] << 0x160) +/// bytes_eval z = z[0] + (z[1] << 8) + (z[2] << 16) + (z[3] << 24) + (z[4] << 32) + (z[5] << 40) + (z[6] << 48) + (z[7] << 56) + (z[8] << 64) + (z[9] << 72) + (z[10] << 80) + (z[11] << 88) + (z[12] << 96) + (z[13] << 104) + (z[14] << 112) + (z[15] << 120) + (z[16] << 128) + (z[17] << 136) + (z[18] << 144) + (z[19] << 152) + (z[20] << 160) + (z[21] << 168) + (z[22] << 176) + (z[23] << 184) + (z[24] << 192) + (z[25] << 200) + (z[26] << 208) + (z[27] << 216) + (z[28] << 224) + (z[29] << 232) + (z[30] << 240) + (z[31] << 248) + (z[32] << 256) + (z[33] << 0x108) + (z[34] << 0x110) + (z[35] << 0x118) + (z[36] << 0x120) + (z[37] << 0x128) + (z[38] << 0x130) + (z[39] << 0x138) + (z[40] << 0x140) + (z[41] << 0x148) + (z[42] << 0x150) + (z[43] << 0x158) + (z[44] << 0x160) + (z[45] << 0x168) + (z[46] << 0x170) + (z[47] << 0x178) + + +/// The function fiatP384AddcarryxU32 is an addition with carry. +/// Postconditions: +/// out1 = (arg1 + arg2 + arg3) mod 2^32 +/// out2 = ⌊(arg1 + arg2 + arg3) / 2^32⌋ +/// +/// Input Bounds: +/// arg1: [0x0 ~> 0x1] +/// arg2: [0x0 ~> 0xffffffff] +/// arg3: [0x0 ~> 0xffffffff] +/// Output Bounds: +/// out1: [0x0 ~> 0xffffffff] +/// out2: [0x0 ~> 0x1] +fn fiatP384AddcarryxU32(out1: *u32, out2: *u1, arg1: u1, arg2: u32, arg3: u32) callconv(.Inline) void { + const x1: u64 = ((@intCast(u64, arg1) + @intCast(u64, arg2)) + @intCast(u64, arg3)); + const x2: u32 = @intCast(u32, (x1 & @intCast(u64, 0xffffffff))); + const x3: u1 = @intCast(u1, (x1 >> 32)); + out1.* = x2; + out2.* = x3; +} + +/// The function fiatP384SubborrowxU32 is a subtraction with borrow. +/// Postconditions: +/// out1 = (-arg1 + arg2 + -arg3) mod 2^32 +/// out2 = -⌊(-arg1 + arg2 + -arg3) / 2^32⌋ +/// +/// Input Bounds: +/// arg1: [0x0 ~> 0x1] +/// arg2: [0x0 ~> 0xffffffff] +/// arg3: [0x0 ~> 0xffffffff] +/// Output Bounds: +/// out1: [0x0 ~> 0xffffffff] +/// out2: [0x0 ~> 0x1] +fn fiatP384SubborrowxU32(out1: *u32, out2: *u1, arg1: u1, arg2: u32, arg3: u32) callconv(.Inline) void { + const x1: i64 = ((@intCast(i64, arg2) - @intCast(i64, arg1)) - @intCast(i64, arg3)); + const x2: i1 = @intCast(i1, (x1 >> 32)); + const x3: u32 = @intCast(u32, (x1 & @intCast(i64, 0xffffffff))); + out1.* = x3; + out2.* = @intCast(u1, (@intCast(i2, 0x0) - @intCast(i2, x2))); +} + +/// The function fiatP384MulxU32 is a multiplication, returning the full double-width result. +/// Postconditions: +/// out1 = (arg1 * arg2) mod 2^32 +/// out2 = ⌊arg1 * arg2 / 2^32⌋ +/// +/// Input Bounds: +/// arg1: [0x0 ~> 0xffffffff] +/// arg2: [0x0 ~> 0xffffffff] +/// Output Bounds: +/// out1: [0x0 ~> 0xffffffff] +/// out2: [0x0 ~> 0xffffffff] +fn fiatP384MulxU32(out1: *u32, out2: *u32, arg1: u32, arg2: u32) callconv(.Inline) void { + const x1: u64 = (@intCast(u64, arg1) * @intCast(u64, arg2)); + const x2: u32 = @intCast(u32, (x1 & @intCast(u64, 0xffffffff))); + const x3: u32 = @intCast(u32, (x1 >> 32)); + out1.* = x2; + out2.* = x3; +} + +/// The function fiatP384CmovznzU32 is a single-word conditional move. +/// Postconditions: +/// out1 = (if arg1 = 0 then arg2 else arg3) +/// +/// Input Bounds: +/// arg1: [0x0 ~> 0x1] +/// arg2: [0x0 ~> 0xffffffff] +/// arg3: [0x0 ~> 0xffffffff] +/// Output Bounds: +/// out1: [0x0 ~> 0xffffffff] +fn fiatP384CmovznzU32(out1: *u32, arg1: u1, arg2: u32, arg3: u32) callconv(.Inline) void { + const x1: u1 = (~(~arg1)); + const x2: u32 = @intCast(u32, (@intCast(i64, @intCast(i1, (@intCast(i2, 0x0) - @intCast(i2, x1)))) & @intCast(i64, 0xffffffff))); + const x3: u32 = ((x2 & arg3) | ((~x2) & arg2)); + out1.* = x3; +} + +/// The function fiatP384Mul multiplies two field elements in the Montgomery domain. +/// Preconditions: +/// 0 ≤ eval arg1 < m +/// 0 ≤ eval arg2 < m +/// Postconditions: +/// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg2)) mod m +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +/// arg2: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +pub fn fiatP384Mul(out1: *[12]u32, arg1: [12]u32, arg2: [12]u32) void { + const x1: u32 = (arg1[1]); + const x2: u32 = (arg1[2]); + const x3: u32 = (arg1[3]); + const x4: u32 = (arg1[4]); + const x5: u32 = (arg1[5]); + const x6: u32 = (arg1[6]); + const x7: u32 = (arg1[7]); + const x8: u32 = (arg1[8]); + const x9: u32 = (arg1[9]); + const x10: u32 = (arg1[10]); + const x11: u32 = (arg1[11]); + const x12: u32 = (arg1[0]); + var x13: u32 = undefined; + var x14: u32 = undefined; + fiatP384MulxU32(&x13, &x14, x12, (arg2[11])); + var x15: u32 = undefined; + var x16: u32 = undefined; + fiatP384MulxU32(&x15, &x16, x12, (arg2[10])); + var x17: u32 = undefined; + var x18: u32 = undefined; + fiatP384MulxU32(&x17, &x18, x12, (arg2[9])); + var x19: u32 = undefined; + var x20: u32 = undefined; + fiatP384MulxU32(&x19, &x20, x12, (arg2[8])); + var x21: u32 = undefined; + var x22: u32 = undefined; + fiatP384MulxU32(&x21, &x22, x12, (arg2[7])); + var x23: u32 = undefined; + var x24: u32 = undefined; + fiatP384MulxU32(&x23, &x24, x12, (arg2[6])); + var x25: u32 = undefined; + var x26: u32 = undefined; + fiatP384MulxU32(&x25, &x26, x12, (arg2[5])); + var x27: u32 = undefined; + var x28: u32 = undefined; + fiatP384MulxU32(&x27, &x28, x12, (arg2[4])); + var x29: u32 = undefined; + var x30: u32 = undefined; + fiatP384MulxU32(&x29, &x30, x12, (arg2[3])); + var x31: u32 = undefined; + var x32: u32 = undefined; + fiatP384MulxU32(&x31, &x32, x12, (arg2[2])); + var x33: u32 = undefined; + var x34: u32 = undefined; + fiatP384MulxU32(&x33, &x34, x12, (arg2[1])); + var x35: u32 = undefined; + var x36: u32 = undefined; + fiatP384MulxU32(&x35, &x36, x12, (arg2[0])); + var x37: u32 = undefined; + var x38: u1 = undefined; + fiatP384AddcarryxU32(&x37, &x38, 0x0, x36, x33); + var x39: u32 = undefined; + var x40: u1 = undefined; + fiatP384AddcarryxU32(&x39, &x40, x38, x34, x31); + var x41: u32 = undefined; + var x42: u1 = undefined; + fiatP384AddcarryxU32(&x41, &x42, x40, x32, x29); + var x43: u32 = undefined; + var x44: u1 = undefined; + fiatP384AddcarryxU32(&x43, &x44, x42, x30, x27); + var x45: u32 = undefined; + var x46: u1 = undefined; + fiatP384AddcarryxU32(&x45, &x46, x44, x28, x25); + var x47: u32 = undefined; + var x48: u1 = undefined; + fiatP384AddcarryxU32(&x47, &x48, x46, x26, x23); + var x49: u32 = undefined; + var x50: u1 = undefined; + fiatP384AddcarryxU32(&x49, &x50, x48, x24, x21); + var x51: u32 = undefined; + var x52: u1 = undefined; + fiatP384AddcarryxU32(&x51, &x52, x50, x22, x19); + var x53: u32 = undefined; + var x54: u1 = undefined; + fiatP384AddcarryxU32(&x53, &x54, x52, x20, x17); + var x55: u32 = undefined; + var x56: u1 = undefined; + fiatP384AddcarryxU32(&x55, &x56, x54, x18, x15); + var x57: u32 = undefined; + var x58: u1 = undefined; + fiatP384AddcarryxU32(&x57, &x58, x56, x16, x13); + const x59: u32 = (@intCast(u32, x58) + x14); + var x60: u32 = undefined; + var x61: u32 = undefined; + fiatP384MulxU32(&x60, &x61, x35, 0xffffffff); + var x62: u32 = undefined; + var x63: u32 = undefined; + fiatP384MulxU32(&x62, &x63, x35, 0xffffffff); + var x64: u32 = undefined; + var x65: u32 = undefined; + fiatP384MulxU32(&x64, &x65, x35, 0xffffffff); + var x66: u32 = undefined; + var x67: u32 = undefined; + fiatP384MulxU32(&x66, &x67, x35, 0xffffffff); + var x68: u32 = undefined; + var x69: u32 = undefined; + fiatP384MulxU32(&x68, &x69, x35, 0xffffffff); + var x70: u32 = undefined; + var x71: u32 = undefined; + fiatP384MulxU32(&x70, &x71, x35, 0xffffffff); + var x72: u32 = undefined; + var x73: u32 = undefined; + fiatP384MulxU32(&x72, &x73, x35, 0xffffffff); + var x74: u32 = undefined; + var x75: u32 = undefined; + fiatP384MulxU32(&x74, &x75, x35, 0xfffffffe); + var x76: u32 = undefined; + var x77: u32 = undefined; + fiatP384MulxU32(&x76, &x77, x35, 0xffffffff); + var x78: u32 = undefined; + var x79: u32 = undefined; + fiatP384MulxU32(&x78, &x79, x35, 0xffffffff); + var x80: u32 = undefined; + var x81: u1 = undefined; + fiatP384AddcarryxU32(&x80, &x81, 0x0, x77, x74); + var x82: u32 = undefined; + var x83: u1 = undefined; + fiatP384AddcarryxU32(&x82, &x83, x81, x75, x72); + var x84: u32 = undefined; + var x85: u1 = undefined; + fiatP384AddcarryxU32(&x84, &x85, x83, x73, x70); + var x86: u32 = undefined; + var x87: u1 = undefined; + fiatP384AddcarryxU32(&x86, &x87, x85, x71, x68); + var x88: u32 = undefined; + var x89: u1 = undefined; + fiatP384AddcarryxU32(&x88, &x89, x87, x69, x66); + var x90: u32 = undefined; + var x91: u1 = undefined; + fiatP384AddcarryxU32(&x90, &x91, x89, x67, x64); + var x92: u32 = undefined; + var x93: u1 = undefined; + fiatP384AddcarryxU32(&x92, &x93, x91, x65, x62); + var x94: u32 = undefined; + var x95: u1 = undefined; + fiatP384AddcarryxU32(&x94, &x95, x93, x63, x60); + const x96: u32 = (@intCast(u32, x95) + x61); + var x97: u32 = undefined; + var x98: u1 = undefined; + fiatP384AddcarryxU32(&x97, &x98, 0x0, x35, x78); + var x99: u32 = undefined; + var x100: u1 = undefined; + fiatP384AddcarryxU32(&x99, &x100, x98, x37, x79); + var x101: u32 = undefined; + var x102: u1 = undefined; + fiatP384AddcarryxU32(&x101, &x102, x100, x39, @intCast(u32, 0x0)); + var x103: u32 = undefined; + var x104: u1 = undefined; + fiatP384AddcarryxU32(&x103, &x104, x102, x41, x76); + var x105: u32 = undefined; + var x106: u1 = undefined; + fiatP384AddcarryxU32(&x105, &x106, x104, x43, x80); + var x107: u32 = undefined; + var x108: u1 = undefined; + fiatP384AddcarryxU32(&x107, &x108, x106, x45, x82); + var x109: u32 = undefined; + var x110: u1 = undefined; + fiatP384AddcarryxU32(&x109, &x110, x108, x47, x84); + var x111: u32 = undefined; + var x112: u1 = undefined; + fiatP384AddcarryxU32(&x111, &x112, x110, x49, x86); + var x113: u32 = undefined; + var x114: u1 = undefined; + fiatP384AddcarryxU32(&x113, &x114, x112, x51, x88); + var x115: u32 = undefined; + var x116: u1 = undefined; + fiatP384AddcarryxU32(&x115, &x116, x114, x53, x90); + var x117: u32 = undefined; + var x118: u1 = undefined; + fiatP384AddcarryxU32(&x117, &x118, x116, x55, x92); + var x119: u32 = undefined; + var x120: u1 = undefined; + fiatP384AddcarryxU32(&x119, &x120, x118, x57, x94); + var x121: u32 = undefined; + var x122: u1 = undefined; + fiatP384AddcarryxU32(&x121, &x122, x120, x59, x96); + var x123: u32 = undefined; + var x124: u32 = undefined; + fiatP384MulxU32(&x123, &x124, x1, (arg2[11])); + var x125: u32 = undefined; + var x126: u32 = undefined; + fiatP384MulxU32(&x125, &x126, x1, (arg2[10])); + var x127: u32 = undefined; + var x128: u32 = undefined; + fiatP384MulxU32(&x127, &x128, x1, (arg2[9])); + var x129: u32 = undefined; + var x130: u32 = undefined; + fiatP384MulxU32(&x129, &x130, x1, (arg2[8])); + var x131: u32 = undefined; + var x132: u32 = undefined; + fiatP384MulxU32(&x131, &x132, x1, (arg2[7])); + var x133: u32 = undefined; + var x134: u32 = undefined; + fiatP384MulxU32(&x133, &x134, x1, (arg2[6])); + var x135: u32 = undefined; + var x136: u32 = undefined; + fiatP384MulxU32(&x135, &x136, x1, (arg2[5])); + var x137: u32 = undefined; + var x138: u32 = undefined; + fiatP384MulxU32(&x137, &x138, x1, (arg2[4])); + var x139: u32 = undefined; + var x140: u32 = undefined; + fiatP384MulxU32(&x139, &x140, x1, (arg2[3])); + var x141: u32 = undefined; + var x142: u32 = undefined; + fiatP384MulxU32(&x141, &x142, x1, (arg2[2])); + var x143: u32 = undefined; + var x144: u32 = undefined; + fiatP384MulxU32(&x143, &x144, x1, (arg2[1])); + var x145: u32 = undefined; + var x146: u32 = undefined; + fiatP384MulxU32(&x145, &x146, x1, (arg2[0])); + var x147: u32 = undefined; + var x148: u1 = undefined; + fiatP384AddcarryxU32(&x147, &x148, 0x0, x146, x143); + var x149: u32 = undefined; + var x150: u1 = undefined; + fiatP384AddcarryxU32(&x149, &x150, x148, x144, x141); + var x151: u32 = undefined; + var x152: u1 = undefined; + fiatP384AddcarryxU32(&x151, &x152, x150, x142, x139); + var x153: u32 = undefined; + var x154: u1 = undefined; + fiatP384AddcarryxU32(&x153, &x154, x152, x140, x137); + var x155: u32 = undefined; + var x156: u1 = undefined; + fiatP384AddcarryxU32(&x155, &x156, x154, x138, x135); + var x157: u32 = undefined; + var x158: u1 = undefined; + fiatP384AddcarryxU32(&x157, &x158, x156, x136, x133); + var x159: u32 = undefined; + var x160: u1 = undefined; + fiatP384AddcarryxU32(&x159, &x160, x158, x134, x131); + var x161: u32 = undefined; + var x162: u1 = undefined; + fiatP384AddcarryxU32(&x161, &x162, x160, x132, x129); + var x163: u32 = undefined; + var x164: u1 = undefined; + fiatP384AddcarryxU32(&x163, &x164, x162, x130, x127); + var x165: u32 = undefined; + var x166: u1 = undefined; + fiatP384AddcarryxU32(&x165, &x166, x164, x128, x125); + var x167: u32 = undefined; + var x168: u1 = undefined; + fiatP384AddcarryxU32(&x167, &x168, x166, x126, x123); + const x169: u32 = (@intCast(u32, x168) + x124); + var x170: u32 = undefined; + var x171: u1 = undefined; + fiatP384AddcarryxU32(&x170, &x171, 0x0, x99, x145); + var x172: u32 = undefined; + var x173: u1 = undefined; + fiatP384AddcarryxU32(&x172, &x173, x171, x101, x147); + var x174: u32 = undefined; + var x175: u1 = undefined; + fiatP384AddcarryxU32(&x174, &x175, x173, x103, x149); + var x176: u32 = undefined; + var x177: u1 = undefined; + fiatP384AddcarryxU32(&x176, &x177, x175, x105, x151); + var x178: u32 = undefined; + var x179: u1 = undefined; + fiatP384AddcarryxU32(&x178, &x179, x177, x107, x153); + var x180: u32 = undefined; + var x181: u1 = undefined; + fiatP384AddcarryxU32(&x180, &x181, x179, x109, x155); + var x182: u32 = undefined; + var x183: u1 = undefined; + fiatP384AddcarryxU32(&x182, &x183, x181, x111, x157); + var x184: u32 = undefined; + var x185: u1 = undefined; + fiatP384AddcarryxU32(&x184, &x185, x183, x113, x159); + var x186: u32 = undefined; + var x187: u1 = undefined; + fiatP384AddcarryxU32(&x186, &x187, x185, x115, x161); + var x188: u32 = undefined; + var x189: u1 = undefined; + fiatP384AddcarryxU32(&x188, &x189, x187, x117, x163); + var x190: u32 = undefined; + var x191: u1 = undefined; + fiatP384AddcarryxU32(&x190, &x191, x189, x119, x165); + var x192: u32 = undefined; + var x193: u1 = undefined; + fiatP384AddcarryxU32(&x192, &x193, x191, x121, x167); + var x194: u32 = undefined; + var x195: u1 = undefined; + fiatP384AddcarryxU32(&x194, &x195, x193, @intCast(u32, x122), x169); + var x196: u32 = undefined; + var x197: u32 = undefined; + fiatP384MulxU32(&x196, &x197, x170, 0xffffffff); + var x198: u32 = undefined; + var x199: u32 = undefined; + fiatP384MulxU32(&x198, &x199, x170, 0xffffffff); + var x200: u32 = undefined; + var x201: u32 = undefined; + fiatP384MulxU32(&x200, &x201, x170, 0xffffffff); + var x202: u32 = undefined; + var x203: u32 = undefined; + fiatP384MulxU32(&x202, &x203, x170, 0xffffffff); + var x204: u32 = undefined; + var x205: u32 = undefined; + fiatP384MulxU32(&x204, &x205, x170, 0xffffffff); + var x206: u32 = undefined; + var x207: u32 = undefined; + fiatP384MulxU32(&x206, &x207, x170, 0xffffffff); + var x208: u32 = undefined; + var x209: u32 = undefined; + fiatP384MulxU32(&x208, &x209, x170, 0xffffffff); + var x210: u32 = undefined; + var x211: u32 = undefined; + fiatP384MulxU32(&x210, &x211, x170, 0xfffffffe); + var x212: u32 = undefined; + var x213: u32 = undefined; + fiatP384MulxU32(&x212, &x213, x170, 0xffffffff); + var x214: u32 = undefined; + var x215: u32 = undefined; + fiatP384MulxU32(&x214, &x215, x170, 0xffffffff); + var x216: u32 = undefined; + var x217: u1 = undefined; + fiatP384AddcarryxU32(&x216, &x217, 0x0, x213, x210); + var x218: u32 = undefined; + var x219: u1 = undefined; + fiatP384AddcarryxU32(&x218, &x219, x217, x211, x208); + var x220: u32 = undefined; + var x221: u1 = undefined; + fiatP384AddcarryxU32(&x220, &x221, x219, x209, x206); + var x222: u32 = undefined; + var x223: u1 = undefined; + fiatP384AddcarryxU32(&x222, &x223, x221, x207, x204); + var x224: u32 = undefined; + var x225: u1 = undefined; + fiatP384AddcarryxU32(&x224, &x225, x223, x205, x202); + var x226: u32 = undefined; + var x227: u1 = undefined; + fiatP384AddcarryxU32(&x226, &x227, x225, x203, x200); + var x228: u32 = undefined; + var x229: u1 = undefined; + fiatP384AddcarryxU32(&x228, &x229, x227, x201, x198); + var x230: u32 = undefined; + var x231: u1 = undefined; + fiatP384AddcarryxU32(&x230, &x231, x229, x199, x196); + const x232: u32 = (@intCast(u32, x231) + x197); + var x233: u32 = undefined; + var x234: u1 = undefined; + fiatP384AddcarryxU32(&x233, &x234, 0x0, x170, x214); + var x235: u32 = undefined; + var x236: u1 = undefined; + fiatP384AddcarryxU32(&x235, &x236, x234, x172, x215); + var x237: u32 = undefined; + var x238: u1 = undefined; + fiatP384AddcarryxU32(&x237, &x238, x236, x174, @intCast(u32, 0x0)); + var x239: u32 = undefined; + var x240: u1 = undefined; + fiatP384AddcarryxU32(&x239, &x240, x238, x176, x212); + var x241: u32 = undefined; + var x242: u1 = undefined; + fiatP384AddcarryxU32(&x241, &x242, x240, x178, x216); + var x243: u32 = undefined; + var x244: u1 = undefined; + fiatP384AddcarryxU32(&x243, &x244, x242, x180, x218); + var x245: u32 = undefined; + var x246: u1 = undefined; + fiatP384AddcarryxU32(&x245, &x246, x244, x182, x220); + var x247: u32 = undefined; + var x248: u1 = undefined; + fiatP384AddcarryxU32(&x247, &x248, x246, x184, x222); + var x249: u32 = undefined; + var x250: u1 = undefined; + fiatP384AddcarryxU32(&x249, &x250, x248, x186, x224); + var x251: u32 = undefined; + var x252: u1 = undefined; + fiatP384AddcarryxU32(&x251, &x252, x250, x188, x226); + var x253: u32 = undefined; + var x254: u1 = undefined; + fiatP384AddcarryxU32(&x253, &x254, x252, x190, x228); + var x255: u32 = undefined; + var x256: u1 = undefined; + fiatP384AddcarryxU32(&x255, &x256, x254, x192, x230); + var x257: u32 = undefined; + var x258: u1 = undefined; + fiatP384AddcarryxU32(&x257, &x258, x256, x194, x232); + const x259: u32 = (@intCast(u32, x258) + @intCast(u32, x195)); + var x260: u32 = undefined; + var x261: u32 = undefined; + fiatP384MulxU32(&x260, &x261, x2, (arg2[11])); + var x262: u32 = undefined; + var x263: u32 = undefined; + fiatP384MulxU32(&x262, &x263, x2, (arg2[10])); + var x264: u32 = undefined; + var x265: u32 = undefined; + fiatP384MulxU32(&x264, &x265, x2, (arg2[9])); + var x266: u32 = undefined; + var x267: u32 = undefined; + fiatP384MulxU32(&x266, &x267, x2, (arg2[8])); + var x268: u32 = undefined; + var x269: u32 = undefined; + fiatP384MulxU32(&x268, &x269, x2, (arg2[7])); + var x270: u32 = undefined; + var x271: u32 = undefined; + fiatP384MulxU32(&x270, &x271, x2, (arg2[6])); + var x272: u32 = undefined; + var x273: u32 = undefined; + fiatP384MulxU32(&x272, &x273, x2, (arg2[5])); + var x274: u32 = undefined; + var x275: u32 = undefined; + fiatP384MulxU32(&x274, &x275, x2, (arg2[4])); + var x276: u32 = undefined; + var x277: u32 = undefined; + fiatP384MulxU32(&x276, &x277, x2, (arg2[3])); + var x278: u32 = undefined; + var x279: u32 = undefined; + fiatP384MulxU32(&x278, &x279, x2, (arg2[2])); + var x280: u32 = undefined; + var x281: u32 = undefined; + fiatP384MulxU32(&x280, &x281, x2, (arg2[1])); + var x282: u32 = undefined; + var x283: u32 = undefined; + fiatP384MulxU32(&x282, &x283, x2, (arg2[0])); + var x284: u32 = undefined; + var x285: u1 = undefined; + fiatP384AddcarryxU32(&x284, &x285, 0x0, x283, x280); + var x286: u32 = undefined; + var x287: u1 = undefined; + fiatP384AddcarryxU32(&x286, &x287, x285, x281, x278); + var x288: u32 = undefined; + var x289: u1 = undefined; + fiatP384AddcarryxU32(&x288, &x289, x287, x279, x276); + var x290: u32 = undefined; + var x291: u1 = undefined; + fiatP384AddcarryxU32(&x290, &x291, x289, x277, x274); + var x292: u32 = undefined; + var x293: u1 = undefined; + fiatP384AddcarryxU32(&x292, &x293, x291, x275, x272); + var x294: u32 = undefined; + var x295: u1 = undefined; + fiatP384AddcarryxU32(&x294, &x295, x293, x273, x270); + var x296: u32 = undefined; + var x297: u1 = undefined; + fiatP384AddcarryxU32(&x296, &x297, x295, x271, x268); + var x298: u32 = undefined; + var x299: u1 = undefined; + fiatP384AddcarryxU32(&x298, &x299, x297, x269, x266); + var x300: u32 = undefined; + var x301: u1 = undefined; + fiatP384AddcarryxU32(&x300, &x301, x299, x267, x264); + var x302: u32 = undefined; + var x303: u1 = undefined; + fiatP384AddcarryxU32(&x302, &x303, x301, x265, x262); + var x304: u32 = undefined; + var x305: u1 = undefined; + fiatP384AddcarryxU32(&x304, &x305, x303, x263, x260); + const x306: u32 = (@intCast(u32, x305) + x261); + var x307: u32 = undefined; + var x308: u1 = undefined; + fiatP384AddcarryxU32(&x307, &x308, 0x0, x235, x282); + var x309: u32 = undefined; + var x310: u1 = undefined; + fiatP384AddcarryxU32(&x309, &x310, x308, x237, x284); + var x311: u32 = undefined; + var x312: u1 = undefined; + fiatP384AddcarryxU32(&x311, &x312, x310, x239, x286); + var x313: u32 = undefined; + var x314: u1 = undefined; + fiatP384AddcarryxU32(&x313, &x314, x312, x241, x288); + var x315: u32 = undefined; + var x316: u1 = undefined; + fiatP384AddcarryxU32(&x315, &x316, x314, x243, x290); + var x317: u32 = undefined; + var x318: u1 = undefined; + fiatP384AddcarryxU32(&x317, &x318, x316, x245, x292); + var x319: u32 = undefined; + var x320: u1 = undefined; + fiatP384AddcarryxU32(&x319, &x320, x318, x247, x294); + var x321: u32 = undefined; + var x322: u1 = undefined; + fiatP384AddcarryxU32(&x321, &x322, x320, x249, x296); + var x323: u32 = undefined; + var x324: u1 = undefined; + fiatP384AddcarryxU32(&x323, &x324, x322, x251, x298); + var x325: u32 = undefined; + var x326: u1 = undefined; + fiatP384AddcarryxU32(&x325, &x326, x324, x253, x300); + var x327: u32 = undefined; + var x328: u1 = undefined; + fiatP384AddcarryxU32(&x327, &x328, x326, x255, x302); + var x329: u32 = undefined; + var x330: u1 = undefined; + fiatP384AddcarryxU32(&x329, &x330, x328, x257, x304); + var x331: u32 = undefined; + var x332: u1 = undefined; + fiatP384AddcarryxU32(&x331, &x332, x330, x259, x306); + var x333: u32 = undefined; + var x334: u32 = undefined; + fiatP384MulxU32(&x333, &x334, x307, 0xffffffff); + var x335: u32 = undefined; + var x336: u32 = undefined; + fiatP384MulxU32(&x335, &x336, x307, 0xffffffff); + var x337: u32 = undefined; + var x338: u32 = undefined; + fiatP384MulxU32(&x337, &x338, x307, 0xffffffff); + var x339: u32 = undefined; + var x340: u32 = undefined; + fiatP384MulxU32(&x339, &x340, x307, 0xffffffff); + var x341: u32 = undefined; + var x342: u32 = undefined; + fiatP384MulxU32(&x341, &x342, x307, 0xffffffff); + var x343: u32 = undefined; + var x344: u32 = undefined; + fiatP384MulxU32(&x343, &x344, x307, 0xffffffff); + var x345: u32 = undefined; + var x346: u32 = undefined; + fiatP384MulxU32(&x345, &x346, x307, 0xffffffff); + var x347: u32 = undefined; + var x348: u32 = undefined; + fiatP384MulxU32(&x347, &x348, x307, 0xfffffffe); + var x349: u32 = undefined; + var x350: u32 = undefined; + fiatP384MulxU32(&x349, &x350, x307, 0xffffffff); + var x351: u32 = undefined; + var x352: u32 = undefined; + fiatP384MulxU32(&x351, &x352, x307, 0xffffffff); + var x353: u32 = undefined; + var x354: u1 = undefined; + fiatP384AddcarryxU32(&x353, &x354, 0x0, x350, x347); + var x355: u32 = undefined; + var x356: u1 = undefined; + fiatP384AddcarryxU32(&x355, &x356, x354, x348, x345); + var x357: u32 = undefined; + var x358: u1 = undefined; + fiatP384AddcarryxU32(&x357, &x358, x356, x346, x343); + var x359: u32 = undefined; + var x360: u1 = undefined; + fiatP384AddcarryxU32(&x359, &x360, x358, x344, x341); + var x361: u32 = undefined; + var x362: u1 = undefined; + fiatP384AddcarryxU32(&x361, &x362, x360, x342, x339); + var x363: u32 = undefined; + var x364: u1 = undefined; + fiatP384AddcarryxU32(&x363, &x364, x362, x340, x337); + var x365: u32 = undefined; + var x366: u1 = undefined; + fiatP384AddcarryxU32(&x365, &x366, x364, x338, x335); + var x367: u32 = undefined; + var x368: u1 = undefined; + fiatP384AddcarryxU32(&x367, &x368, x366, x336, x333); + const x369: u32 = (@intCast(u32, x368) + x334); + var x370: u32 = undefined; + var x371: u1 = undefined; + fiatP384AddcarryxU32(&x370, &x371, 0x0, x307, x351); + var x372: u32 = undefined; + var x373: u1 = undefined; + fiatP384AddcarryxU32(&x372, &x373, x371, x309, x352); + var x374: u32 = undefined; + var x375: u1 = undefined; + fiatP384AddcarryxU32(&x374, &x375, x373, x311, @intCast(u32, 0x0)); + var x376: u32 = undefined; + var x377: u1 = undefined; + fiatP384AddcarryxU32(&x376, &x377, x375, x313, x349); + var x378: u32 = undefined; + var x379: u1 = undefined; + fiatP384AddcarryxU32(&x378, &x379, x377, x315, x353); + var x380: u32 = undefined; + var x381: u1 = undefined; + fiatP384AddcarryxU32(&x380, &x381, x379, x317, x355); + var x382: u32 = undefined; + var x383: u1 = undefined; + fiatP384AddcarryxU32(&x382, &x383, x381, x319, x357); + var x384: u32 = undefined; + var x385: u1 = undefined; + fiatP384AddcarryxU32(&x384, &x385, x383, x321, x359); + var x386: u32 = undefined; + var x387: u1 = undefined; + fiatP384AddcarryxU32(&x386, &x387, x385, x323, x361); + var x388: u32 = undefined; + var x389: u1 = undefined; + fiatP384AddcarryxU32(&x388, &x389, x387, x325, x363); + var x390: u32 = undefined; + var x391: u1 = undefined; + fiatP384AddcarryxU32(&x390, &x391, x389, x327, x365); + var x392: u32 = undefined; + var x393: u1 = undefined; + fiatP384AddcarryxU32(&x392, &x393, x391, x329, x367); + var x394: u32 = undefined; + var x395: u1 = undefined; + fiatP384AddcarryxU32(&x394, &x395, x393, x331, x369); + const x396: u32 = (@intCast(u32, x395) + @intCast(u32, x332)); + var x397: u32 = undefined; + var x398: u32 = undefined; + fiatP384MulxU32(&x397, &x398, x3, (arg2[11])); + var x399: u32 = undefined; + var x400: u32 = undefined; + fiatP384MulxU32(&x399, &x400, x3, (arg2[10])); + var x401: u32 = undefined; + var x402: u32 = undefined; + fiatP384MulxU32(&x401, &x402, x3, (arg2[9])); + var x403: u32 = undefined; + var x404: u32 = undefined; + fiatP384MulxU32(&x403, &x404, x3, (arg2[8])); + var x405: u32 = undefined; + var x406: u32 = undefined; + fiatP384MulxU32(&x405, &x406, x3, (arg2[7])); + var x407: u32 = undefined; + var x408: u32 = undefined; + fiatP384MulxU32(&x407, &x408, x3, (arg2[6])); + var x409: u32 = undefined; + var x410: u32 = undefined; + fiatP384MulxU32(&x409, &x410, x3, (arg2[5])); + var x411: u32 = undefined; + var x412: u32 = undefined; + fiatP384MulxU32(&x411, &x412, x3, (arg2[4])); + var x413: u32 = undefined; + var x414: u32 = undefined; + fiatP384MulxU32(&x413, &x414, x3, (arg2[3])); + var x415: u32 = undefined; + var x416: u32 = undefined; + fiatP384MulxU32(&x415, &x416, x3, (arg2[2])); + var x417: u32 = undefined; + var x418: u32 = undefined; + fiatP384MulxU32(&x417, &x418, x3, (arg2[1])); + var x419: u32 = undefined; + var x420: u32 = undefined; + fiatP384MulxU32(&x419, &x420, x3, (arg2[0])); + var x421: u32 = undefined; + var x422: u1 = undefined; + fiatP384AddcarryxU32(&x421, &x422, 0x0, x420, x417); + var x423: u32 = undefined; + var x424: u1 = undefined; + fiatP384AddcarryxU32(&x423, &x424, x422, x418, x415); + var x425: u32 = undefined; + var x426: u1 = undefined; + fiatP384AddcarryxU32(&x425, &x426, x424, x416, x413); + var x427: u32 = undefined; + var x428: u1 = undefined; + fiatP384AddcarryxU32(&x427, &x428, x426, x414, x411); + var x429: u32 = undefined; + var x430: u1 = undefined; + fiatP384AddcarryxU32(&x429, &x430, x428, x412, x409); + var x431: u32 = undefined; + var x432: u1 = undefined; + fiatP384AddcarryxU32(&x431, &x432, x430, x410, x407); + var x433: u32 = undefined; + var x434: u1 = undefined; + fiatP384AddcarryxU32(&x433, &x434, x432, x408, x405); + var x435: u32 = undefined; + var x436: u1 = undefined; + fiatP384AddcarryxU32(&x435, &x436, x434, x406, x403); + var x437: u32 = undefined; + var x438: u1 = undefined; + fiatP384AddcarryxU32(&x437, &x438, x436, x404, x401); + var x439: u32 = undefined; + var x440: u1 = undefined; + fiatP384AddcarryxU32(&x439, &x440, x438, x402, x399); + var x441: u32 = undefined; + var x442: u1 = undefined; + fiatP384AddcarryxU32(&x441, &x442, x440, x400, x397); + const x443: u32 = (@intCast(u32, x442) + x398); + var x444: u32 = undefined; + var x445: u1 = undefined; + fiatP384AddcarryxU32(&x444, &x445, 0x0, x372, x419); + var x446: u32 = undefined; + var x447: u1 = undefined; + fiatP384AddcarryxU32(&x446, &x447, x445, x374, x421); + var x448: u32 = undefined; + var x449: u1 = undefined; + fiatP384AddcarryxU32(&x448, &x449, x447, x376, x423); + var x450: u32 = undefined; + var x451: u1 = undefined; + fiatP384AddcarryxU32(&x450, &x451, x449, x378, x425); + var x452: u32 = undefined; + var x453: u1 = undefined; + fiatP384AddcarryxU32(&x452, &x453, x451, x380, x427); + var x454: u32 = undefined; + var x455: u1 = undefined; + fiatP384AddcarryxU32(&x454, &x455, x453, x382, x429); + var x456: u32 = undefined; + var x457: u1 = undefined; + fiatP384AddcarryxU32(&x456, &x457, x455, x384, x431); + var x458: u32 = undefined; + var x459: u1 = undefined; + fiatP384AddcarryxU32(&x458, &x459, x457, x386, x433); + var x460: u32 = undefined; + var x461: u1 = undefined; + fiatP384AddcarryxU32(&x460, &x461, x459, x388, x435); + var x462: u32 = undefined; + var x463: u1 = undefined; + fiatP384AddcarryxU32(&x462, &x463, x461, x390, x437); + var x464: u32 = undefined; + var x465: u1 = undefined; + fiatP384AddcarryxU32(&x464, &x465, x463, x392, x439); + var x466: u32 = undefined; + var x467: u1 = undefined; + fiatP384AddcarryxU32(&x466, &x467, x465, x394, x441); + var x468: u32 = undefined; + var x469: u1 = undefined; + fiatP384AddcarryxU32(&x468, &x469, x467, x396, x443); + var x470: u32 = undefined; + var x471: u32 = undefined; + fiatP384MulxU32(&x470, &x471, x444, 0xffffffff); + var x472: u32 = undefined; + var x473: u32 = undefined; + fiatP384MulxU32(&x472, &x473, x444, 0xffffffff); + var x474: u32 = undefined; + var x475: u32 = undefined; + fiatP384MulxU32(&x474, &x475, x444, 0xffffffff); + var x476: u32 = undefined; + var x477: u32 = undefined; + fiatP384MulxU32(&x476, &x477, x444, 0xffffffff); + var x478: u32 = undefined; + var x479: u32 = undefined; + fiatP384MulxU32(&x478, &x479, x444, 0xffffffff); + var x480: u32 = undefined; + var x481: u32 = undefined; + fiatP384MulxU32(&x480, &x481, x444, 0xffffffff); + var x482: u32 = undefined; + var x483: u32 = undefined; + fiatP384MulxU32(&x482, &x483, x444, 0xffffffff); + var x484: u32 = undefined; + var x485: u32 = undefined; + fiatP384MulxU32(&x484, &x485, x444, 0xfffffffe); + var x486: u32 = undefined; + var x487: u32 = undefined; + fiatP384MulxU32(&x486, &x487, x444, 0xffffffff); + var x488: u32 = undefined; + var x489: u32 = undefined; + fiatP384MulxU32(&x488, &x489, x444, 0xffffffff); + var x490: u32 = undefined; + var x491: u1 = undefined; + fiatP384AddcarryxU32(&x490, &x491, 0x0, x487, x484); + var x492: u32 = undefined; + var x493: u1 = undefined; + fiatP384AddcarryxU32(&x492, &x493, x491, x485, x482); + var x494: u32 = undefined; + var x495: u1 = undefined; + fiatP384AddcarryxU32(&x494, &x495, x493, x483, x480); + var x496: u32 = undefined; + var x497: u1 = undefined; + fiatP384AddcarryxU32(&x496, &x497, x495, x481, x478); + var x498: u32 = undefined; + var x499: u1 = undefined; + fiatP384AddcarryxU32(&x498, &x499, x497, x479, x476); + var x500: u32 = undefined; + var x501: u1 = undefined; + fiatP384AddcarryxU32(&x500, &x501, x499, x477, x474); + var x502: u32 = undefined; + var x503: u1 = undefined; + fiatP384AddcarryxU32(&x502, &x503, x501, x475, x472); + var x504: u32 = undefined; + var x505: u1 = undefined; + fiatP384AddcarryxU32(&x504, &x505, x503, x473, x470); + const x506: u32 = (@intCast(u32, x505) + x471); + var x507: u32 = undefined; + var x508: u1 = undefined; + fiatP384AddcarryxU32(&x507, &x508, 0x0, x444, x488); + var x509: u32 = undefined; + var x510: u1 = undefined; + fiatP384AddcarryxU32(&x509, &x510, x508, x446, x489); + var x511: u32 = undefined; + var x512: u1 = undefined; + fiatP384AddcarryxU32(&x511, &x512, x510, x448, @intCast(u32, 0x0)); + var x513: u32 = undefined; + var x514: u1 = undefined; + fiatP384AddcarryxU32(&x513, &x514, x512, x450, x486); + var x515: u32 = undefined; + var x516: u1 = undefined; + fiatP384AddcarryxU32(&x515, &x516, x514, x452, x490); + var x517: u32 = undefined; + var x518: u1 = undefined; + fiatP384AddcarryxU32(&x517, &x518, x516, x454, x492); + var x519: u32 = undefined; + var x520: u1 = undefined; + fiatP384AddcarryxU32(&x519, &x520, x518, x456, x494); + var x521: u32 = undefined; + var x522: u1 = undefined; + fiatP384AddcarryxU32(&x521, &x522, x520, x458, x496); + var x523: u32 = undefined; + var x524: u1 = undefined; + fiatP384AddcarryxU32(&x523, &x524, x522, x460, x498); + var x525: u32 = undefined; + var x526: u1 = undefined; + fiatP384AddcarryxU32(&x525, &x526, x524, x462, x500); + var x527: u32 = undefined; + var x528: u1 = undefined; + fiatP384AddcarryxU32(&x527, &x528, x526, x464, x502); + var x529: u32 = undefined; + var x530: u1 = undefined; + fiatP384AddcarryxU32(&x529, &x530, x528, x466, x504); + var x531: u32 = undefined; + var x532: u1 = undefined; + fiatP384AddcarryxU32(&x531, &x532, x530, x468, x506); + const x533: u32 = (@intCast(u32, x532) + @intCast(u32, x469)); + var x534: u32 = undefined; + var x535: u32 = undefined; + fiatP384MulxU32(&x534, &x535, x4, (arg2[11])); + var x536: u32 = undefined; + var x537: u32 = undefined; + fiatP384MulxU32(&x536, &x537, x4, (arg2[10])); + var x538: u32 = undefined; + var x539: u32 = undefined; + fiatP384MulxU32(&x538, &x539, x4, (arg2[9])); + var x540: u32 = undefined; + var x541: u32 = undefined; + fiatP384MulxU32(&x540, &x541, x4, (arg2[8])); + var x542: u32 = undefined; + var x543: u32 = undefined; + fiatP384MulxU32(&x542, &x543, x4, (arg2[7])); + var x544: u32 = undefined; + var x545: u32 = undefined; + fiatP384MulxU32(&x544, &x545, x4, (arg2[6])); + var x546: u32 = undefined; + var x547: u32 = undefined; + fiatP384MulxU32(&x546, &x547, x4, (arg2[5])); + var x548: u32 = undefined; + var x549: u32 = undefined; + fiatP384MulxU32(&x548, &x549, x4, (arg2[4])); + var x550: u32 = undefined; + var x551: u32 = undefined; + fiatP384MulxU32(&x550, &x551, x4, (arg2[3])); + var x552: u32 = undefined; + var x553: u32 = undefined; + fiatP384MulxU32(&x552, &x553, x4, (arg2[2])); + var x554: u32 = undefined; + var x555: u32 = undefined; + fiatP384MulxU32(&x554, &x555, x4, (arg2[1])); + var x556: u32 = undefined; + var x557: u32 = undefined; + fiatP384MulxU32(&x556, &x557, x4, (arg2[0])); + var x558: u32 = undefined; + var x559: u1 = undefined; + fiatP384AddcarryxU32(&x558, &x559, 0x0, x557, x554); + var x560: u32 = undefined; + var x561: u1 = undefined; + fiatP384AddcarryxU32(&x560, &x561, x559, x555, x552); + var x562: u32 = undefined; + var x563: u1 = undefined; + fiatP384AddcarryxU32(&x562, &x563, x561, x553, x550); + var x564: u32 = undefined; + var x565: u1 = undefined; + fiatP384AddcarryxU32(&x564, &x565, x563, x551, x548); + var x566: u32 = undefined; + var x567: u1 = undefined; + fiatP384AddcarryxU32(&x566, &x567, x565, x549, x546); + var x568: u32 = undefined; + var x569: u1 = undefined; + fiatP384AddcarryxU32(&x568, &x569, x567, x547, x544); + var x570: u32 = undefined; + var x571: u1 = undefined; + fiatP384AddcarryxU32(&x570, &x571, x569, x545, x542); + var x572: u32 = undefined; + var x573: u1 = undefined; + fiatP384AddcarryxU32(&x572, &x573, x571, x543, x540); + var x574: u32 = undefined; + var x575: u1 = undefined; + fiatP384AddcarryxU32(&x574, &x575, x573, x541, x538); + var x576: u32 = undefined; + var x577: u1 = undefined; + fiatP384AddcarryxU32(&x576, &x577, x575, x539, x536); + var x578: u32 = undefined; + var x579: u1 = undefined; + fiatP384AddcarryxU32(&x578, &x579, x577, x537, x534); + const x580: u32 = (@intCast(u32, x579) + x535); + var x581: u32 = undefined; + var x582: u1 = undefined; + fiatP384AddcarryxU32(&x581, &x582, 0x0, x509, x556); + var x583: u32 = undefined; + var x584: u1 = undefined; + fiatP384AddcarryxU32(&x583, &x584, x582, x511, x558); + var x585: u32 = undefined; + var x586: u1 = undefined; + fiatP384AddcarryxU32(&x585, &x586, x584, x513, x560); + var x587: u32 = undefined; + var x588: u1 = undefined; + fiatP384AddcarryxU32(&x587, &x588, x586, x515, x562); + var x589: u32 = undefined; + var x590: u1 = undefined; + fiatP384AddcarryxU32(&x589, &x590, x588, x517, x564); + var x591: u32 = undefined; + var x592: u1 = undefined; + fiatP384AddcarryxU32(&x591, &x592, x590, x519, x566); + var x593: u32 = undefined; + var x594: u1 = undefined; + fiatP384AddcarryxU32(&x593, &x594, x592, x521, x568); + var x595: u32 = undefined; + var x596: u1 = undefined; + fiatP384AddcarryxU32(&x595, &x596, x594, x523, x570); + var x597: u32 = undefined; + var x598: u1 = undefined; + fiatP384AddcarryxU32(&x597, &x598, x596, x525, x572); + var x599: u32 = undefined; + var x600: u1 = undefined; + fiatP384AddcarryxU32(&x599, &x600, x598, x527, x574); + var x601: u32 = undefined; + var x602: u1 = undefined; + fiatP384AddcarryxU32(&x601, &x602, x600, x529, x576); + var x603: u32 = undefined; + var x604: u1 = undefined; + fiatP384AddcarryxU32(&x603, &x604, x602, x531, x578); + var x605: u32 = undefined; + var x606: u1 = undefined; + fiatP384AddcarryxU32(&x605, &x606, x604, x533, x580); + var x607: u32 = undefined; + var x608: u32 = undefined; + fiatP384MulxU32(&x607, &x608, x581, 0xffffffff); + var x609: u32 = undefined; + var x610: u32 = undefined; + fiatP384MulxU32(&x609, &x610, x581, 0xffffffff); + var x611: u32 = undefined; + var x612: u32 = undefined; + fiatP384MulxU32(&x611, &x612, x581, 0xffffffff); + var x613: u32 = undefined; + var x614: u32 = undefined; + fiatP384MulxU32(&x613, &x614, x581, 0xffffffff); + var x615: u32 = undefined; + var x616: u32 = undefined; + fiatP384MulxU32(&x615, &x616, x581, 0xffffffff); + var x617: u32 = undefined; + var x618: u32 = undefined; + fiatP384MulxU32(&x617, &x618, x581, 0xffffffff); + var x619: u32 = undefined; + var x620: u32 = undefined; + fiatP384MulxU32(&x619, &x620, x581, 0xffffffff); + var x621: u32 = undefined; + var x622: u32 = undefined; + fiatP384MulxU32(&x621, &x622, x581, 0xfffffffe); + var x623: u32 = undefined; + var x624: u32 = undefined; + fiatP384MulxU32(&x623, &x624, x581, 0xffffffff); + var x625: u32 = undefined; + var x626: u32 = undefined; + fiatP384MulxU32(&x625, &x626, x581, 0xffffffff); + var x627: u32 = undefined; + var x628: u1 = undefined; + fiatP384AddcarryxU32(&x627, &x628, 0x0, x624, x621); + var x629: u32 = undefined; + var x630: u1 = undefined; + fiatP384AddcarryxU32(&x629, &x630, x628, x622, x619); + var x631: u32 = undefined; + var x632: u1 = undefined; + fiatP384AddcarryxU32(&x631, &x632, x630, x620, x617); + var x633: u32 = undefined; + var x634: u1 = undefined; + fiatP384AddcarryxU32(&x633, &x634, x632, x618, x615); + var x635: u32 = undefined; + var x636: u1 = undefined; + fiatP384AddcarryxU32(&x635, &x636, x634, x616, x613); + var x637: u32 = undefined; + var x638: u1 = undefined; + fiatP384AddcarryxU32(&x637, &x638, x636, x614, x611); + var x639: u32 = undefined; + var x640: u1 = undefined; + fiatP384AddcarryxU32(&x639, &x640, x638, x612, x609); + var x641: u32 = undefined; + var x642: u1 = undefined; + fiatP384AddcarryxU32(&x641, &x642, x640, x610, x607); + const x643: u32 = (@intCast(u32, x642) + x608); + var x644: u32 = undefined; + var x645: u1 = undefined; + fiatP384AddcarryxU32(&x644, &x645, 0x0, x581, x625); + var x646: u32 = undefined; + var x647: u1 = undefined; + fiatP384AddcarryxU32(&x646, &x647, x645, x583, x626); + var x648: u32 = undefined; + var x649: u1 = undefined; + fiatP384AddcarryxU32(&x648, &x649, x647, x585, @intCast(u32, 0x0)); + var x650: u32 = undefined; + var x651: u1 = undefined; + fiatP384AddcarryxU32(&x650, &x651, x649, x587, x623); + var x652: u32 = undefined; + var x653: u1 = undefined; + fiatP384AddcarryxU32(&x652, &x653, x651, x589, x627); + var x654: u32 = undefined; + var x655: u1 = undefined; + fiatP384AddcarryxU32(&x654, &x655, x653, x591, x629); + var x656: u32 = undefined; + var x657: u1 = undefined; + fiatP384AddcarryxU32(&x656, &x657, x655, x593, x631); + var x658: u32 = undefined; + var x659: u1 = undefined; + fiatP384AddcarryxU32(&x658, &x659, x657, x595, x633); + var x660: u32 = undefined; + var x661: u1 = undefined; + fiatP384AddcarryxU32(&x660, &x661, x659, x597, x635); + var x662: u32 = undefined; + var x663: u1 = undefined; + fiatP384AddcarryxU32(&x662, &x663, x661, x599, x637); + var x664: u32 = undefined; + var x665: u1 = undefined; + fiatP384AddcarryxU32(&x664, &x665, x663, x601, x639); + var x666: u32 = undefined; + var x667: u1 = undefined; + fiatP384AddcarryxU32(&x666, &x667, x665, x603, x641); + var x668: u32 = undefined; + var x669: u1 = undefined; + fiatP384AddcarryxU32(&x668, &x669, x667, x605, x643); + const x670: u32 = (@intCast(u32, x669) + @intCast(u32, x606)); + var x671: u32 = undefined; + var x672: u32 = undefined; + fiatP384MulxU32(&x671, &x672, x5, (arg2[11])); + var x673: u32 = undefined; + var x674: u32 = undefined; + fiatP384MulxU32(&x673, &x674, x5, (arg2[10])); + var x675: u32 = undefined; + var x676: u32 = undefined; + fiatP384MulxU32(&x675, &x676, x5, (arg2[9])); + var x677: u32 = undefined; + var x678: u32 = undefined; + fiatP384MulxU32(&x677, &x678, x5, (arg2[8])); + var x679: u32 = undefined; + var x680: u32 = undefined; + fiatP384MulxU32(&x679, &x680, x5, (arg2[7])); + var x681: u32 = undefined; + var x682: u32 = undefined; + fiatP384MulxU32(&x681, &x682, x5, (arg2[6])); + var x683: u32 = undefined; + var x684: u32 = undefined; + fiatP384MulxU32(&x683, &x684, x5, (arg2[5])); + var x685: u32 = undefined; + var x686: u32 = undefined; + fiatP384MulxU32(&x685, &x686, x5, (arg2[4])); + var x687: u32 = undefined; + var x688: u32 = undefined; + fiatP384MulxU32(&x687, &x688, x5, (arg2[3])); + var x689: u32 = undefined; + var x690: u32 = undefined; + fiatP384MulxU32(&x689, &x690, x5, (arg2[2])); + var x691: u32 = undefined; + var x692: u32 = undefined; + fiatP384MulxU32(&x691, &x692, x5, (arg2[1])); + var x693: u32 = undefined; + var x694: u32 = undefined; + fiatP384MulxU32(&x693, &x694, x5, (arg2[0])); + var x695: u32 = undefined; + var x696: u1 = undefined; + fiatP384AddcarryxU32(&x695, &x696, 0x0, x694, x691); + var x697: u32 = undefined; + var x698: u1 = undefined; + fiatP384AddcarryxU32(&x697, &x698, x696, x692, x689); + var x699: u32 = undefined; + var x700: u1 = undefined; + fiatP384AddcarryxU32(&x699, &x700, x698, x690, x687); + var x701: u32 = undefined; + var x702: u1 = undefined; + fiatP384AddcarryxU32(&x701, &x702, x700, x688, x685); + var x703: u32 = undefined; + var x704: u1 = undefined; + fiatP384AddcarryxU32(&x703, &x704, x702, x686, x683); + var x705: u32 = undefined; + var x706: u1 = undefined; + fiatP384AddcarryxU32(&x705, &x706, x704, x684, x681); + var x707: u32 = undefined; + var x708: u1 = undefined; + fiatP384AddcarryxU32(&x707, &x708, x706, x682, x679); + var x709: u32 = undefined; + var x710: u1 = undefined; + fiatP384AddcarryxU32(&x709, &x710, x708, x680, x677); + var x711: u32 = undefined; + var x712: u1 = undefined; + fiatP384AddcarryxU32(&x711, &x712, x710, x678, x675); + var x713: u32 = undefined; + var x714: u1 = undefined; + fiatP384AddcarryxU32(&x713, &x714, x712, x676, x673); + var x715: u32 = undefined; + var x716: u1 = undefined; + fiatP384AddcarryxU32(&x715, &x716, x714, x674, x671); + const x717: u32 = (@intCast(u32, x716) + x672); + var x718: u32 = undefined; + var x719: u1 = undefined; + fiatP384AddcarryxU32(&x718, &x719, 0x0, x646, x693); + var x720: u32 = undefined; + var x721: u1 = undefined; + fiatP384AddcarryxU32(&x720, &x721, x719, x648, x695); + var x722: u32 = undefined; + var x723: u1 = undefined; + fiatP384AddcarryxU32(&x722, &x723, x721, x650, x697); + var x724: u32 = undefined; + var x725: u1 = undefined; + fiatP384AddcarryxU32(&x724, &x725, x723, x652, x699); + var x726: u32 = undefined; + var x727: u1 = undefined; + fiatP384AddcarryxU32(&x726, &x727, x725, x654, x701); + var x728: u32 = undefined; + var x729: u1 = undefined; + fiatP384AddcarryxU32(&x728, &x729, x727, x656, x703); + var x730: u32 = undefined; + var x731: u1 = undefined; + fiatP384AddcarryxU32(&x730, &x731, x729, x658, x705); + var x732: u32 = undefined; + var x733: u1 = undefined; + fiatP384AddcarryxU32(&x732, &x733, x731, x660, x707); + var x734: u32 = undefined; + var x735: u1 = undefined; + fiatP384AddcarryxU32(&x734, &x735, x733, x662, x709); + var x736: u32 = undefined; + var x737: u1 = undefined; + fiatP384AddcarryxU32(&x736, &x737, x735, x664, x711); + var x738: u32 = undefined; + var x739: u1 = undefined; + fiatP384AddcarryxU32(&x738, &x739, x737, x666, x713); + var x740: u32 = undefined; + var x741: u1 = undefined; + fiatP384AddcarryxU32(&x740, &x741, x739, x668, x715); + var x742: u32 = undefined; + var x743: u1 = undefined; + fiatP384AddcarryxU32(&x742, &x743, x741, x670, x717); + var x744: u32 = undefined; + var x745: u32 = undefined; + fiatP384MulxU32(&x744, &x745, x718, 0xffffffff); + var x746: u32 = undefined; + var x747: u32 = undefined; + fiatP384MulxU32(&x746, &x747, x718, 0xffffffff); + var x748: u32 = undefined; + var x749: u32 = undefined; + fiatP384MulxU32(&x748, &x749, x718, 0xffffffff); + var x750: u32 = undefined; + var x751: u32 = undefined; + fiatP384MulxU32(&x750, &x751, x718, 0xffffffff); + var x752: u32 = undefined; + var x753: u32 = undefined; + fiatP384MulxU32(&x752, &x753, x718, 0xffffffff); + var x754: u32 = undefined; + var x755: u32 = undefined; + fiatP384MulxU32(&x754, &x755, x718, 0xffffffff); + var x756: u32 = undefined; + var x757: u32 = undefined; + fiatP384MulxU32(&x756, &x757, x718, 0xffffffff); + var x758: u32 = undefined; + var x759: u32 = undefined; + fiatP384MulxU32(&x758, &x759, x718, 0xfffffffe); + var x760: u32 = undefined; + var x761: u32 = undefined; + fiatP384MulxU32(&x760, &x761, x718, 0xffffffff); + var x762: u32 = undefined; + var x763: u32 = undefined; + fiatP384MulxU32(&x762, &x763, x718, 0xffffffff); + var x764: u32 = undefined; + var x765: u1 = undefined; + fiatP384AddcarryxU32(&x764, &x765, 0x0, x761, x758); + var x766: u32 = undefined; + var x767: u1 = undefined; + fiatP384AddcarryxU32(&x766, &x767, x765, x759, x756); + var x768: u32 = undefined; + var x769: u1 = undefined; + fiatP384AddcarryxU32(&x768, &x769, x767, x757, x754); + var x770: u32 = undefined; + var x771: u1 = undefined; + fiatP384AddcarryxU32(&x770, &x771, x769, x755, x752); + var x772: u32 = undefined; + var x773: u1 = undefined; + fiatP384AddcarryxU32(&x772, &x773, x771, x753, x750); + var x774: u32 = undefined; + var x775: u1 = undefined; + fiatP384AddcarryxU32(&x774, &x775, x773, x751, x748); + var x776: u32 = undefined; + var x777: u1 = undefined; + fiatP384AddcarryxU32(&x776, &x777, x775, x749, x746); + var x778: u32 = undefined; + var x779: u1 = undefined; + fiatP384AddcarryxU32(&x778, &x779, x777, x747, x744); + const x780: u32 = (@intCast(u32, x779) + x745); + var x781: u32 = undefined; + var x782: u1 = undefined; + fiatP384AddcarryxU32(&x781, &x782, 0x0, x718, x762); + var x783: u32 = undefined; + var x784: u1 = undefined; + fiatP384AddcarryxU32(&x783, &x784, x782, x720, x763); + var x785: u32 = undefined; + var x786: u1 = undefined; + fiatP384AddcarryxU32(&x785, &x786, x784, x722, @intCast(u32, 0x0)); + var x787: u32 = undefined; + var x788: u1 = undefined; + fiatP384AddcarryxU32(&x787, &x788, x786, x724, x760); + var x789: u32 = undefined; + var x790: u1 = undefined; + fiatP384AddcarryxU32(&x789, &x790, x788, x726, x764); + var x791: u32 = undefined; + var x792: u1 = undefined; + fiatP384AddcarryxU32(&x791, &x792, x790, x728, x766); + var x793: u32 = undefined; + var x794: u1 = undefined; + fiatP384AddcarryxU32(&x793, &x794, x792, x730, x768); + var x795: u32 = undefined; + var x796: u1 = undefined; + fiatP384AddcarryxU32(&x795, &x796, x794, x732, x770); + var x797: u32 = undefined; + var x798: u1 = undefined; + fiatP384AddcarryxU32(&x797, &x798, x796, x734, x772); + var x799: u32 = undefined; + var x800: u1 = undefined; + fiatP384AddcarryxU32(&x799, &x800, x798, x736, x774); + var x801: u32 = undefined; + var x802: u1 = undefined; + fiatP384AddcarryxU32(&x801, &x802, x800, x738, x776); + var x803: u32 = undefined; + var x804: u1 = undefined; + fiatP384AddcarryxU32(&x803, &x804, x802, x740, x778); + var x805: u32 = undefined; + var x806: u1 = undefined; + fiatP384AddcarryxU32(&x805, &x806, x804, x742, x780); + const x807: u32 = (@intCast(u32, x806) + @intCast(u32, x743)); + var x808: u32 = undefined; + var x809: u32 = undefined; + fiatP384MulxU32(&x808, &x809, x6, (arg2[11])); + var x810: u32 = undefined; + var x811: u32 = undefined; + fiatP384MulxU32(&x810, &x811, x6, (arg2[10])); + var x812: u32 = undefined; + var x813: u32 = undefined; + fiatP384MulxU32(&x812, &x813, x6, (arg2[9])); + var x814: u32 = undefined; + var x815: u32 = undefined; + fiatP384MulxU32(&x814, &x815, x6, (arg2[8])); + var x816: u32 = undefined; + var x817: u32 = undefined; + fiatP384MulxU32(&x816, &x817, x6, (arg2[7])); + var x818: u32 = undefined; + var x819: u32 = undefined; + fiatP384MulxU32(&x818, &x819, x6, (arg2[6])); + var x820: u32 = undefined; + var x821: u32 = undefined; + fiatP384MulxU32(&x820, &x821, x6, (arg2[5])); + var x822: u32 = undefined; + var x823: u32 = undefined; + fiatP384MulxU32(&x822, &x823, x6, (arg2[4])); + var x824: u32 = undefined; + var x825: u32 = undefined; + fiatP384MulxU32(&x824, &x825, x6, (arg2[3])); + var x826: u32 = undefined; + var x827: u32 = undefined; + fiatP384MulxU32(&x826, &x827, x6, (arg2[2])); + var x828: u32 = undefined; + var x829: u32 = undefined; + fiatP384MulxU32(&x828, &x829, x6, (arg2[1])); + var x830: u32 = undefined; + var x831: u32 = undefined; + fiatP384MulxU32(&x830, &x831, x6, (arg2[0])); + var x832: u32 = undefined; + var x833: u1 = undefined; + fiatP384AddcarryxU32(&x832, &x833, 0x0, x831, x828); + var x834: u32 = undefined; + var x835: u1 = undefined; + fiatP384AddcarryxU32(&x834, &x835, x833, x829, x826); + var x836: u32 = undefined; + var x837: u1 = undefined; + fiatP384AddcarryxU32(&x836, &x837, x835, x827, x824); + var x838: u32 = undefined; + var x839: u1 = undefined; + fiatP384AddcarryxU32(&x838, &x839, x837, x825, x822); + var x840: u32 = undefined; + var x841: u1 = undefined; + fiatP384AddcarryxU32(&x840, &x841, x839, x823, x820); + var x842: u32 = undefined; + var x843: u1 = undefined; + fiatP384AddcarryxU32(&x842, &x843, x841, x821, x818); + var x844: u32 = undefined; + var x845: u1 = undefined; + fiatP384AddcarryxU32(&x844, &x845, x843, x819, x816); + var x846: u32 = undefined; + var x847: u1 = undefined; + fiatP384AddcarryxU32(&x846, &x847, x845, x817, x814); + var x848: u32 = undefined; + var x849: u1 = undefined; + fiatP384AddcarryxU32(&x848, &x849, x847, x815, x812); + var x850: u32 = undefined; + var x851: u1 = undefined; + fiatP384AddcarryxU32(&x850, &x851, x849, x813, x810); + var x852: u32 = undefined; + var x853: u1 = undefined; + fiatP384AddcarryxU32(&x852, &x853, x851, x811, x808); + const x854: u32 = (@intCast(u32, x853) + x809); + var x855: u32 = undefined; + var x856: u1 = undefined; + fiatP384AddcarryxU32(&x855, &x856, 0x0, x783, x830); + var x857: u32 = undefined; + var x858: u1 = undefined; + fiatP384AddcarryxU32(&x857, &x858, x856, x785, x832); + var x859: u32 = undefined; + var x860: u1 = undefined; + fiatP384AddcarryxU32(&x859, &x860, x858, x787, x834); + var x861: u32 = undefined; + var x862: u1 = undefined; + fiatP384AddcarryxU32(&x861, &x862, x860, x789, x836); + var x863: u32 = undefined; + var x864: u1 = undefined; + fiatP384AddcarryxU32(&x863, &x864, x862, x791, x838); + var x865: u32 = undefined; + var x866: u1 = undefined; + fiatP384AddcarryxU32(&x865, &x866, x864, x793, x840); + var x867: u32 = undefined; + var x868: u1 = undefined; + fiatP384AddcarryxU32(&x867, &x868, x866, x795, x842); + var x869: u32 = undefined; + var x870: u1 = undefined; + fiatP384AddcarryxU32(&x869, &x870, x868, x797, x844); + var x871: u32 = undefined; + var x872: u1 = undefined; + fiatP384AddcarryxU32(&x871, &x872, x870, x799, x846); + var x873: u32 = undefined; + var x874: u1 = undefined; + fiatP384AddcarryxU32(&x873, &x874, x872, x801, x848); + var x875: u32 = undefined; + var x876: u1 = undefined; + fiatP384AddcarryxU32(&x875, &x876, x874, x803, x850); + var x877: u32 = undefined; + var x878: u1 = undefined; + fiatP384AddcarryxU32(&x877, &x878, x876, x805, x852); + var x879: u32 = undefined; + var x880: u1 = undefined; + fiatP384AddcarryxU32(&x879, &x880, x878, x807, x854); + var x881: u32 = undefined; + var x882: u32 = undefined; + fiatP384MulxU32(&x881, &x882, x855, 0xffffffff); + var x883: u32 = undefined; + var x884: u32 = undefined; + fiatP384MulxU32(&x883, &x884, x855, 0xffffffff); + var x885: u32 = undefined; + var x886: u32 = undefined; + fiatP384MulxU32(&x885, &x886, x855, 0xffffffff); + var x887: u32 = undefined; + var x888: u32 = undefined; + fiatP384MulxU32(&x887, &x888, x855, 0xffffffff); + var x889: u32 = undefined; + var x890: u32 = undefined; + fiatP384MulxU32(&x889, &x890, x855, 0xffffffff); + var x891: u32 = undefined; + var x892: u32 = undefined; + fiatP384MulxU32(&x891, &x892, x855, 0xffffffff); + var x893: u32 = undefined; + var x894: u32 = undefined; + fiatP384MulxU32(&x893, &x894, x855, 0xffffffff); + var x895: u32 = undefined; + var x896: u32 = undefined; + fiatP384MulxU32(&x895, &x896, x855, 0xfffffffe); + var x897: u32 = undefined; + var x898: u32 = undefined; + fiatP384MulxU32(&x897, &x898, x855, 0xffffffff); + var x899: u32 = undefined; + var x900: u32 = undefined; + fiatP384MulxU32(&x899, &x900, x855, 0xffffffff); + var x901: u32 = undefined; + var x902: u1 = undefined; + fiatP384AddcarryxU32(&x901, &x902, 0x0, x898, x895); + var x903: u32 = undefined; + var x904: u1 = undefined; + fiatP384AddcarryxU32(&x903, &x904, x902, x896, x893); + var x905: u32 = undefined; + var x906: u1 = undefined; + fiatP384AddcarryxU32(&x905, &x906, x904, x894, x891); + var x907: u32 = undefined; + var x908: u1 = undefined; + fiatP384AddcarryxU32(&x907, &x908, x906, x892, x889); + var x909: u32 = undefined; + var x910: u1 = undefined; + fiatP384AddcarryxU32(&x909, &x910, x908, x890, x887); + var x911: u32 = undefined; + var x912: u1 = undefined; + fiatP384AddcarryxU32(&x911, &x912, x910, x888, x885); + var x913: u32 = undefined; + var x914: u1 = undefined; + fiatP384AddcarryxU32(&x913, &x914, x912, x886, x883); + var x915: u32 = undefined; + var x916: u1 = undefined; + fiatP384AddcarryxU32(&x915, &x916, x914, x884, x881); + const x917: u32 = (@intCast(u32, x916) + x882); + var x918: u32 = undefined; + var x919: u1 = undefined; + fiatP384AddcarryxU32(&x918, &x919, 0x0, x855, x899); + var x920: u32 = undefined; + var x921: u1 = undefined; + fiatP384AddcarryxU32(&x920, &x921, x919, x857, x900); + var x922: u32 = undefined; + var x923: u1 = undefined; + fiatP384AddcarryxU32(&x922, &x923, x921, x859, @intCast(u32, 0x0)); + var x924: u32 = undefined; + var x925: u1 = undefined; + fiatP384AddcarryxU32(&x924, &x925, x923, x861, x897); + var x926: u32 = undefined; + var x927: u1 = undefined; + fiatP384AddcarryxU32(&x926, &x927, x925, x863, x901); + var x928: u32 = undefined; + var x929: u1 = undefined; + fiatP384AddcarryxU32(&x928, &x929, x927, x865, x903); + var x930: u32 = undefined; + var x931: u1 = undefined; + fiatP384AddcarryxU32(&x930, &x931, x929, x867, x905); + var x932: u32 = undefined; + var x933: u1 = undefined; + fiatP384AddcarryxU32(&x932, &x933, x931, x869, x907); + var x934: u32 = undefined; + var x935: u1 = undefined; + fiatP384AddcarryxU32(&x934, &x935, x933, x871, x909); + var x936: u32 = undefined; + var x937: u1 = undefined; + fiatP384AddcarryxU32(&x936, &x937, x935, x873, x911); + var x938: u32 = undefined; + var x939: u1 = undefined; + fiatP384AddcarryxU32(&x938, &x939, x937, x875, x913); + var x940: u32 = undefined; + var x941: u1 = undefined; + fiatP384AddcarryxU32(&x940, &x941, x939, x877, x915); + var x942: u32 = undefined; + var x943: u1 = undefined; + fiatP384AddcarryxU32(&x942, &x943, x941, x879, x917); + const x944: u32 = (@intCast(u32, x943) + @intCast(u32, x880)); + var x945: u32 = undefined; + var x946: u32 = undefined; + fiatP384MulxU32(&x945, &x946, x7, (arg2[11])); + var x947: u32 = undefined; + var x948: u32 = undefined; + fiatP384MulxU32(&x947, &x948, x7, (arg2[10])); + var x949: u32 = undefined; + var x950: u32 = undefined; + fiatP384MulxU32(&x949, &x950, x7, (arg2[9])); + var x951: u32 = undefined; + var x952: u32 = undefined; + fiatP384MulxU32(&x951, &x952, x7, (arg2[8])); + var x953: u32 = undefined; + var x954: u32 = undefined; + fiatP384MulxU32(&x953, &x954, x7, (arg2[7])); + var x955: u32 = undefined; + var x956: u32 = undefined; + fiatP384MulxU32(&x955, &x956, x7, (arg2[6])); + var x957: u32 = undefined; + var x958: u32 = undefined; + fiatP384MulxU32(&x957, &x958, x7, (arg2[5])); + var x959: u32 = undefined; + var x960: u32 = undefined; + fiatP384MulxU32(&x959, &x960, x7, (arg2[4])); + var x961: u32 = undefined; + var x962: u32 = undefined; + fiatP384MulxU32(&x961, &x962, x7, (arg2[3])); + var x963: u32 = undefined; + var x964: u32 = undefined; + fiatP384MulxU32(&x963, &x964, x7, (arg2[2])); + var x965: u32 = undefined; + var x966: u32 = undefined; + fiatP384MulxU32(&x965, &x966, x7, (arg2[1])); + var x967: u32 = undefined; + var x968: u32 = undefined; + fiatP384MulxU32(&x967, &x968, x7, (arg2[0])); + var x969: u32 = undefined; + var x970: u1 = undefined; + fiatP384AddcarryxU32(&x969, &x970, 0x0, x968, x965); + var x971: u32 = undefined; + var x972: u1 = undefined; + fiatP384AddcarryxU32(&x971, &x972, x970, x966, x963); + var x973: u32 = undefined; + var x974: u1 = undefined; + fiatP384AddcarryxU32(&x973, &x974, x972, x964, x961); + var x975: u32 = undefined; + var x976: u1 = undefined; + fiatP384AddcarryxU32(&x975, &x976, x974, x962, x959); + var x977: u32 = undefined; + var x978: u1 = undefined; + fiatP384AddcarryxU32(&x977, &x978, x976, x960, x957); + var x979: u32 = undefined; + var x980: u1 = undefined; + fiatP384AddcarryxU32(&x979, &x980, x978, x958, x955); + var x981: u32 = undefined; + var x982: u1 = undefined; + fiatP384AddcarryxU32(&x981, &x982, x980, x956, x953); + var x983: u32 = undefined; + var x984: u1 = undefined; + fiatP384AddcarryxU32(&x983, &x984, x982, x954, x951); + var x985: u32 = undefined; + var x986: u1 = undefined; + fiatP384AddcarryxU32(&x985, &x986, x984, x952, x949); + var x987: u32 = undefined; + var x988: u1 = undefined; + fiatP384AddcarryxU32(&x987, &x988, x986, x950, x947); + var x989: u32 = undefined; + var x990: u1 = undefined; + fiatP384AddcarryxU32(&x989, &x990, x988, x948, x945); + const x991: u32 = (@intCast(u32, x990) + x946); + var x992: u32 = undefined; + var x993: u1 = undefined; + fiatP384AddcarryxU32(&x992, &x993, 0x0, x920, x967); + var x994: u32 = undefined; + var x995: u1 = undefined; + fiatP384AddcarryxU32(&x994, &x995, x993, x922, x969); + var x996: u32 = undefined; + var x997: u1 = undefined; + fiatP384AddcarryxU32(&x996, &x997, x995, x924, x971); + var x998: u32 = undefined; + var x999: u1 = undefined; + fiatP384AddcarryxU32(&x998, &x999, x997, x926, x973); + var x1000: u32 = undefined; + var x1001: u1 = undefined; + fiatP384AddcarryxU32(&x1000, &x1001, x999, x928, x975); + var x1002: u32 = undefined; + var x1003: u1 = undefined; + fiatP384AddcarryxU32(&x1002, &x1003, x1001, x930, x977); + var x1004: u32 = undefined; + var x1005: u1 = undefined; + fiatP384AddcarryxU32(&x1004, &x1005, x1003, x932, x979); + var x1006: u32 = undefined; + var x1007: u1 = undefined; + fiatP384AddcarryxU32(&x1006, &x1007, x1005, x934, x981); + var x1008: u32 = undefined; + var x1009: u1 = undefined; + fiatP384AddcarryxU32(&x1008, &x1009, x1007, x936, x983); + var x1010: u32 = undefined; + var x1011: u1 = undefined; + fiatP384AddcarryxU32(&x1010, &x1011, x1009, x938, x985); + var x1012: u32 = undefined; + var x1013: u1 = undefined; + fiatP384AddcarryxU32(&x1012, &x1013, x1011, x940, x987); + var x1014: u32 = undefined; + var x1015: u1 = undefined; + fiatP384AddcarryxU32(&x1014, &x1015, x1013, x942, x989); + var x1016: u32 = undefined; + var x1017: u1 = undefined; + fiatP384AddcarryxU32(&x1016, &x1017, x1015, x944, x991); + var x1018: u32 = undefined; + var x1019: u32 = undefined; + fiatP384MulxU32(&x1018, &x1019, x992, 0xffffffff); + var x1020: u32 = undefined; + var x1021: u32 = undefined; + fiatP384MulxU32(&x1020, &x1021, x992, 0xffffffff); + var x1022: u32 = undefined; + var x1023: u32 = undefined; + fiatP384MulxU32(&x1022, &x1023, x992, 0xffffffff); + var x1024: u32 = undefined; + var x1025: u32 = undefined; + fiatP384MulxU32(&x1024, &x1025, x992, 0xffffffff); + var x1026: u32 = undefined; + var x1027: u32 = undefined; + fiatP384MulxU32(&x1026, &x1027, x992, 0xffffffff); + var x1028: u32 = undefined; + var x1029: u32 = undefined; + fiatP384MulxU32(&x1028, &x1029, x992, 0xffffffff); + var x1030: u32 = undefined; + var x1031: u32 = undefined; + fiatP384MulxU32(&x1030, &x1031, x992, 0xffffffff); + var x1032: u32 = undefined; + var x1033: u32 = undefined; + fiatP384MulxU32(&x1032, &x1033, x992, 0xfffffffe); + var x1034: u32 = undefined; + var x1035: u32 = undefined; + fiatP384MulxU32(&x1034, &x1035, x992, 0xffffffff); + var x1036: u32 = undefined; + var x1037: u32 = undefined; + fiatP384MulxU32(&x1036, &x1037, x992, 0xffffffff); + var x1038: u32 = undefined; + var x1039: u1 = undefined; + fiatP384AddcarryxU32(&x1038, &x1039, 0x0, x1035, x1032); + var x1040: u32 = undefined; + var x1041: u1 = undefined; + fiatP384AddcarryxU32(&x1040, &x1041, x1039, x1033, x1030); + var x1042: u32 = undefined; + var x1043: u1 = undefined; + fiatP384AddcarryxU32(&x1042, &x1043, x1041, x1031, x1028); + var x1044: u32 = undefined; + var x1045: u1 = undefined; + fiatP384AddcarryxU32(&x1044, &x1045, x1043, x1029, x1026); + var x1046: u32 = undefined; + var x1047: u1 = undefined; + fiatP384AddcarryxU32(&x1046, &x1047, x1045, x1027, x1024); + var x1048: u32 = undefined; + var x1049: u1 = undefined; + fiatP384AddcarryxU32(&x1048, &x1049, x1047, x1025, x1022); + var x1050: u32 = undefined; + var x1051: u1 = undefined; + fiatP384AddcarryxU32(&x1050, &x1051, x1049, x1023, x1020); + var x1052: u32 = undefined; + var x1053: u1 = undefined; + fiatP384AddcarryxU32(&x1052, &x1053, x1051, x1021, x1018); + const x1054: u32 = (@intCast(u32, x1053) + x1019); + var x1055: u32 = undefined; + var x1056: u1 = undefined; + fiatP384AddcarryxU32(&x1055, &x1056, 0x0, x992, x1036); + var x1057: u32 = undefined; + var x1058: u1 = undefined; + fiatP384AddcarryxU32(&x1057, &x1058, x1056, x994, x1037); + var x1059: u32 = undefined; + var x1060: u1 = undefined; + fiatP384AddcarryxU32(&x1059, &x1060, x1058, x996, @intCast(u32, 0x0)); + var x1061: u32 = undefined; + var x1062: u1 = undefined; + fiatP384AddcarryxU32(&x1061, &x1062, x1060, x998, x1034); + var x1063: u32 = undefined; + var x1064: u1 = undefined; + fiatP384AddcarryxU32(&x1063, &x1064, x1062, x1000, x1038); + var x1065: u32 = undefined; + var x1066: u1 = undefined; + fiatP384AddcarryxU32(&x1065, &x1066, x1064, x1002, x1040); + var x1067: u32 = undefined; + var x1068: u1 = undefined; + fiatP384AddcarryxU32(&x1067, &x1068, x1066, x1004, x1042); + var x1069: u32 = undefined; + var x1070: u1 = undefined; + fiatP384AddcarryxU32(&x1069, &x1070, x1068, x1006, x1044); + var x1071: u32 = undefined; + var x1072: u1 = undefined; + fiatP384AddcarryxU32(&x1071, &x1072, x1070, x1008, x1046); + var x1073: u32 = undefined; + var x1074: u1 = undefined; + fiatP384AddcarryxU32(&x1073, &x1074, x1072, x1010, x1048); + var x1075: u32 = undefined; + var x1076: u1 = undefined; + fiatP384AddcarryxU32(&x1075, &x1076, x1074, x1012, x1050); + var x1077: u32 = undefined; + var x1078: u1 = undefined; + fiatP384AddcarryxU32(&x1077, &x1078, x1076, x1014, x1052); + var x1079: u32 = undefined; + var x1080: u1 = undefined; + fiatP384AddcarryxU32(&x1079, &x1080, x1078, x1016, x1054); + const x1081: u32 = (@intCast(u32, x1080) + @intCast(u32, x1017)); + var x1082: u32 = undefined; + var x1083: u32 = undefined; + fiatP384MulxU32(&x1082, &x1083, x8, (arg2[11])); + var x1084: u32 = undefined; + var x1085: u32 = undefined; + fiatP384MulxU32(&x1084, &x1085, x8, (arg2[10])); + var x1086: u32 = undefined; + var x1087: u32 = undefined; + fiatP384MulxU32(&x1086, &x1087, x8, (arg2[9])); + var x1088: u32 = undefined; + var x1089: u32 = undefined; + fiatP384MulxU32(&x1088, &x1089, x8, (arg2[8])); + var x1090: u32 = undefined; + var x1091: u32 = undefined; + fiatP384MulxU32(&x1090, &x1091, x8, (arg2[7])); + var x1092: u32 = undefined; + var x1093: u32 = undefined; + fiatP384MulxU32(&x1092, &x1093, x8, (arg2[6])); + var x1094: u32 = undefined; + var x1095: u32 = undefined; + fiatP384MulxU32(&x1094, &x1095, x8, (arg2[5])); + var x1096: u32 = undefined; + var x1097: u32 = undefined; + fiatP384MulxU32(&x1096, &x1097, x8, (arg2[4])); + var x1098: u32 = undefined; + var x1099: u32 = undefined; + fiatP384MulxU32(&x1098, &x1099, x8, (arg2[3])); + var x1100: u32 = undefined; + var x1101: u32 = undefined; + fiatP384MulxU32(&x1100, &x1101, x8, (arg2[2])); + var x1102: u32 = undefined; + var x1103: u32 = undefined; + fiatP384MulxU32(&x1102, &x1103, x8, (arg2[1])); + var x1104: u32 = undefined; + var x1105: u32 = undefined; + fiatP384MulxU32(&x1104, &x1105, x8, (arg2[0])); + var x1106: u32 = undefined; + var x1107: u1 = undefined; + fiatP384AddcarryxU32(&x1106, &x1107, 0x0, x1105, x1102); + var x1108: u32 = undefined; + var x1109: u1 = undefined; + fiatP384AddcarryxU32(&x1108, &x1109, x1107, x1103, x1100); + var x1110: u32 = undefined; + var x1111: u1 = undefined; + fiatP384AddcarryxU32(&x1110, &x1111, x1109, x1101, x1098); + var x1112: u32 = undefined; + var x1113: u1 = undefined; + fiatP384AddcarryxU32(&x1112, &x1113, x1111, x1099, x1096); + var x1114: u32 = undefined; + var x1115: u1 = undefined; + fiatP384AddcarryxU32(&x1114, &x1115, x1113, x1097, x1094); + var x1116: u32 = undefined; + var x1117: u1 = undefined; + fiatP384AddcarryxU32(&x1116, &x1117, x1115, x1095, x1092); + var x1118: u32 = undefined; + var x1119: u1 = undefined; + fiatP384AddcarryxU32(&x1118, &x1119, x1117, x1093, x1090); + var x1120: u32 = undefined; + var x1121: u1 = undefined; + fiatP384AddcarryxU32(&x1120, &x1121, x1119, x1091, x1088); + var x1122: u32 = undefined; + var x1123: u1 = undefined; + fiatP384AddcarryxU32(&x1122, &x1123, x1121, x1089, x1086); + var x1124: u32 = undefined; + var x1125: u1 = undefined; + fiatP384AddcarryxU32(&x1124, &x1125, x1123, x1087, x1084); + var x1126: u32 = undefined; + var x1127: u1 = undefined; + fiatP384AddcarryxU32(&x1126, &x1127, x1125, x1085, x1082); + const x1128: u32 = (@intCast(u32, x1127) + x1083); + var x1129: u32 = undefined; + var x1130: u1 = undefined; + fiatP384AddcarryxU32(&x1129, &x1130, 0x0, x1057, x1104); + var x1131: u32 = undefined; + var x1132: u1 = undefined; + fiatP384AddcarryxU32(&x1131, &x1132, x1130, x1059, x1106); + var x1133: u32 = undefined; + var x1134: u1 = undefined; + fiatP384AddcarryxU32(&x1133, &x1134, x1132, x1061, x1108); + var x1135: u32 = undefined; + var x1136: u1 = undefined; + fiatP384AddcarryxU32(&x1135, &x1136, x1134, x1063, x1110); + var x1137: u32 = undefined; + var x1138: u1 = undefined; + fiatP384AddcarryxU32(&x1137, &x1138, x1136, x1065, x1112); + var x1139: u32 = undefined; + var x1140: u1 = undefined; + fiatP384AddcarryxU32(&x1139, &x1140, x1138, x1067, x1114); + var x1141: u32 = undefined; + var x1142: u1 = undefined; + fiatP384AddcarryxU32(&x1141, &x1142, x1140, x1069, x1116); + var x1143: u32 = undefined; + var x1144: u1 = undefined; + fiatP384AddcarryxU32(&x1143, &x1144, x1142, x1071, x1118); + var x1145: u32 = undefined; + var x1146: u1 = undefined; + fiatP384AddcarryxU32(&x1145, &x1146, x1144, x1073, x1120); + var x1147: u32 = undefined; + var x1148: u1 = undefined; + fiatP384AddcarryxU32(&x1147, &x1148, x1146, x1075, x1122); + var x1149: u32 = undefined; + var x1150: u1 = undefined; + fiatP384AddcarryxU32(&x1149, &x1150, x1148, x1077, x1124); + var x1151: u32 = undefined; + var x1152: u1 = undefined; + fiatP384AddcarryxU32(&x1151, &x1152, x1150, x1079, x1126); + var x1153: u32 = undefined; + var x1154: u1 = undefined; + fiatP384AddcarryxU32(&x1153, &x1154, x1152, x1081, x1128); + var x1155: u32 = undefined; + var x1156: u32 = undefined; + fiatP384MulxU32(&x1155, &x1156, x1129, 0xffffffff); + var x1157: u32 = undefined; + var x1158: u32 = undefined; + fiatP384MulxU32(&x1157, &x1158, x1129, 0xffffffff); + var x1159: u32 = undefined; + var x1160: u32 = undefined; + fiatP384MulxU32(&x1159, &x1160, x1129, 0xffffffff); + var x1161: u32 = undefined; + var x1162: u32 = undefined; + fiatP384MulxU32(&x1161, &x1162, x1129, 0xffffffff); + var x1163: u32 = undefined; + var x1164: u32 = undefined; + fiatP384MulxU32(&x1163, &x1164, x1129, 0xffffffff); + var x1165: u32 = undefined; + var x1166: u32 = undefined; + fiatP384MulxU32(&x1165, &x1166, x1129, 0xffffffff); + var x1167: u32 = undefined; + var x1168: u32 = undefined; + fiatP384MulxU32(&x1167, &x1168, x1129, 0xffffffff); + var x1169: u32 = undefined; + var x1170: u32 = undefined; + fiatP384MulxU32(&x1169, &x1170, x1129, 0xfffffffe); + var x1171: u32 = undefined; + var x1172: u32 = undefined; + fiatP384MulxU32(&x1171, &x1172, x1129, 0xffffffff); + var x1173: u32 = undefined; + var x1174: u32 = undefined; + fiatP384MulxU32(&x1173, &x1174, x1129, 0xffffffff); + var x1175: u32 = undefined; + var x1176: u1 = undefined; + fiatP384AddcarryxU32(&x1175, &x1176, 0x0, x1172, x1169); + var x1177: u32 = undefined; + var x1178: u1 = undefined; + fiatP384AddcarryxU32(&x1177, &x1178, x1176, x1170, x1167); + var x1179: u32 = undefined; + var x1180: u1 = undefined; + fiatP384AddcarryxU32(&x1179, &x1180, x1178, x1168, x1165); + var x1181: u32 = undefined; + var x1182: u1 = undefined; + fiatP384AddcarryxU32(&x1181, &x1182, x1180, x1166, x1163); + var x1183: u32 = undefined; + var x1184: u1 = undefined; + fiatP384AddcarryxU32(&x1183, &x1184, x1182, x1164, x1161); + var x1185: u32 = undefined; + var x1186: u1 = undefined; + fiatP384AddcarryxU32(&x1185, &x1186, x1184, x1162, x1159); + var x1187: u32 = undefined; + var x1188: u1 = undefined; + fiatP384AddcarryxU32(&x1187, &x1188, x1186, x1160, x1157); + var x1189: u32 = undefined; + var x1190: u1 = undefined; + fiatP384AddcarryxU32(&x1189, &x1190, x1188, x1158, x1155); + const x1191: u32 = (@intCast(u32, x1190) + x1156); + var x1192: u32 = undefined; + var x1193: u1 = undefined; + fiatP384AddcarryxU32(&x1192, &x1193, 0x0, x1129, x1173); + var x1194: u32 = undefined; + var x1195: u1 = undefined; + fiatP384AddcarryxU32(&x1194, &x1195, x1193, x1131, x1174); + var x1196: u32 = undefined; + var x1197: u1 = undefined; + fiatP384AddcarryxU32(&x1196, &x1197, x1195, x1133, @intCast(u32, 0x0)); + var x1198: u32 = undefined; + var x1199: u1 = undefined; + fiatP384AddcarryxU32(&x1198, &x1199, x1197, x1135, x1171); + var x1200: u32 = undefined; + var x1201: u1 = undefined; + fiatP384AddcarryxU32(&x1200, &x1201, x1199, x1137, x1175); + var x1202: u32 = undefined; + var x1203: u1 = undefined; + fiatP384AddcarryxU32(&x1202, &x1203, x1201, x1139, x1177); + var x1204: u32 = undefined; + var x1205: u1 = undefined; + fiatP384AddcarryxU32(&x1204, &x1205, x1203, x1141, x1179); + var x1206: u32 = undefined; + var x1207: u1 = undefined; + fiatP384AddcarryxU32(&x1206, &x1207, x1205, x1143, x1181); + var x1208: u32 = undefined; + var x1209: u1 = undefined; + fiatP384AddcarryxU32(&x1208, &x1209, x1207, x1145, x1183); + var x1210: u32 = undefined; + var x1211: u1 = undefined; + fiatP384AddcarryxU32(&x1210, &x1211, x1209, x1147, x1185); + var x1212: u32 = undefined; + var x1213: u1 = undefined; + fiatP384AddcarryxU32(&x1212, &x1213, x1211, x1149, x1187); + var x1214: u32 = undefined; + var x1215: u1 = undefined; + fiatP384AddcarryxU32(&x1214, &x1215, x1213, x1151, x1189); + var x1216: u32 = undefined; + var x1217: u1 = undefined; + fiatP384AddcarryxU32(&x1216, &x1217, x1215, x1153, x1191); + const x1218: u32 = (@intCast(u32, x1217) + @intCast(u32, x1154)); + var x1219: u32 = undefined; + var x1220: u32 = undefined; + fiatP384MulxU32(&x1219, &x1220, x9, (arg2[11])); + var x1221: u32 = undefined; + var x1222: u32 = undefined; + fiatP384MulxU32(&x1221, &x1222, x9, (arg2[10])); + var x1223: u32 = undefined; + var x1224: u32 = undefined; + fiatP384MulxU32(&x1223, &x1224, x9, (arg2[9])); + var x1225: u32 = undefined; + var x1226: u32 = undefined; + fiatP384MulxU32(&x1225, &x1226, x9, (arg2[8])); + var x1227: u32 = undefined; + var x1228: u32 = undefined; + fiatP384MulxU32(&x1227, &x1228, x9, (arg2[7])); + var x1229: u32 = undefined; + var x1230: u32 = undefined; + fiatP384MulxU32(&x1229, &x1230, x9, (arg2[6])); + var x1231: u32 = undefined; + var x1232: u32 = undefined; + fiatP384MulxU32(&x1231, &x1232, x9, (arg2[5])); + var x1233: u32 = undefined; + var x1234: u32 = undefined; + fiatP384MulxU32(&x1233, &x1234, x9, (arg2[4])); + var x1235: u32 = undefined; + var x1236: u32 = undefined; + fiatP384MulxU32(&x1235, &x1236, x9, (arg2[3])); + var x1237: u32 = undefined; + var x1238: u32 = undefined; + fiatP384MulxU32(&x1237, &x1238, x9, (arg2[2])); + var x1239: u32 = undefined; + var x1240: u32 = undefined; + fiatP384MulxU32(&x1239, &x1240, x9, (arg2[1])); + var x1241: u32 = undefined; + var x1242: u32 = undefined; + fiatP384MulxU32(&x1241, &x1242, x9, (arg2[0])); + var x1243: u32 = undefined; + var x1244: u1 = undefined; + fiatP384AddcarryxU32(&x1243, &x1244, 0x0, x1242, x1239); + var x1245: u32 = undefined; + var x1246: u1 = undefined; + fiatP384AddcarryxU32(&x1245, &x1246, x1244, x1240, x1237); + var x1247: u32 = undefined; + var x1248: u1 = undefined; + fiatP384AddcarryxU32(&x1247, &x1248, x1246, x1238, x1235); + var x1249: u32 = undefined; + var x1250: u1 = undefined; + fiatP384AddcarryxU32(&x1249, &x1250, x1248, x1236, x1233); + var x1251: u32 = undefined; + var x1252: u1 = undefined; + fiatP384AddcarryxU32(&x1251, &x1252, x1250, x1234, x1231); + var x1253: u32 = undefined; + var x1254: u1 = undefined; + fiatP384AddcarryxU32(&x1253, &x1254, x1252, x1232, x1229); + var x1255: u32 = undefined; + var x1256: u1 = undefined; + fiatP384AddcarryxU32(&x1255, &x1256, x1254, x1230, x1227); + var x1257: u32 = undefined; + var x1258: u1 = undefined; + fiatP384AddcarryxU32(&x1257, &x1258, x1256, x1228, x1225); + var x1259: u32 = undefined; + var x1260: u1 = undefined; + fiatP384AddcarryxU32(&x1259, &x1260, x1258, x1226, x1223); + var x1261: u32 = undefined; + var x1262: u1 = undefined; + fiatP384AddcarryxU32(&x1261, &x1262, x1260, x1224, x1221); + var x1263: u32 = undefined; + var x1264: u1 = undefined; + fiatP384AddcarryxU32(&x1263, &x1264, x1262, x1222, x1219); + const x1265: u32 = (@intCast(u32, x1264) + x1220); + var x1266: u32 = undefined; + var x1267: u1 = undefined; + fiatP384AddcarryxU32(&x1266, &x1267, 0x0, x1194, x1241); + var x1268: u32 = undefined; + var x1269: u1 = undefined; + fiatP384AddcarryxU32(&x1268, &x1269, x1267, x1196, x1243); + var x1270: u32 = undefined; + var x1271: u1 = undefined; + fiatP384AddcarryxU32(&x1270, &x1271, x1269, x1198, x1245); + var x1272: u32 = undefined; + var x1273: u1 = undefined; + fiatP384AddcarryxU32(&x1272, &x1273, x1271, x1200, x1247); + var x1274: u32 = undefined; + var x1275: u1 = undefined; + fiatP384AddcarryxU32(&x1274, &x1275, x1273, x1202, x1249); + var x1276: u32 = undefined; + var x1277: u1 = undefined; + fiatP384AddcarryxU32(&x1276, &x1277, x1275, x1204, x1251); + var x1278: u32 = undefined; + var x1279: u1 = undefined; + fiatP384AddcarryxU32(&x1278, &x1279, x1277, x1206, x1253); + var x1280: u32 = undefined; + var x1281: u1 = undefined; + fiatP384AddcarryxU32(&x1280, &x1281, x1279, x1208, x1255); + var x1282: u32 = undefined; + var x1283: u1 = undefined; + fiatP384AddcarryxU32(&x1282, &x1283, x1281, x1210, x1257); + var x1284: u32 = undefined; + var x1285: u1 = undefined; + fiatP384AddcarryxU32(&x1284, &x1285, x1283, x1212, x1259); + var x1286: u32 = undefined; + var x1287: u1 = undefined; + fiatP384AddcarryxU32(&x1286, &x1287, x1285, x1214, x1261); + var x1288: u32 = undefined; + var x1289: u1 = undefined; + fiatP384AddcarryxU32(&x1288, &x1289, x1287, x1216, x1263); + var x1290: u32 = undefined; + var x1291: u1 = undefined; + fiatP384AddcarryxU32(&x1290, &x1291, x1289, x1218, x1265); + var x1292: u32 = undefined; + var x1293: u32 = undefined; + fiatP384MulxU32(&x1292, &x1293, x1266, 0xffffffff); + var x1294: u32 = undefined; + var x1295: u32 = undefined; + fiatP384MulxU32(&x1294, &x1295, x1266, 0xffffffff); + var x1296: u32 = undefined; + var x1297: u32 = undefined; + fiatP384MulxU32(&x1296, &x1297, x1266, 0xffffffff); + var x1298: u32 = undefined; + var x1299: u32 = undefined; + fiatP384MulxU32(&x1298, &x1299, x1266, 0xffffffff); + var x1300: u32 = undefined; + var x1301: u32 = undefined; + fiatP384MulxU32(&x1300, &x1301, x1266, 0xffffffff); + var x1302: u32 = undefined; + var x1303: u32 = undefined; + fiatP384MulxU32(&x1302, &x1303, x1266, 0xffffffff); + var x1304: u32 = undefined; + var x1305: u32 = undefined; + fiatP384MulxU32(&x1304, &x1305, x1266, 0xffffffff); + var x1306: u32 = undefined; + var x1307: u32 = undefined; + fiatP384MulxU32(&x1306, &x1307, x1266, 0xfffffffe); + var x1308: u32 = undefined; + var x1309: u32 = undefined; + fiatP384MulxU32(&x1308, &x1309, x1266, 0xffffffff); + var x1310: u32 = undefined; + var x1311: u32 = undefined; + fiatP384MulxU32(&x1310, &x1311, x1266, 0xffffffff); + var x1312: u32 = undefined; + var x1313: u1 = undefined; + fiatP384AddcarryxU32(&x1312, &x1313, 0x0, x1309, x1306); + var x1314: u32 = undefined; + var x1315: u1 = undefined; + fiatP384AddcarryxU32(&x1314, &x1315, x1313, x1307, x1304); + var x1316: u32 = undefined; + var x1317: u1 = undefined; + fiatP384AddcarryxU32(&x1316, &x1317, x1315, x1305, x1302); + var x1318: u32 = undefined; + var x1319: u1 = undefined; + fiatP384AddcarryxU32(&x1318, &x1319, x1317, x1303, x1300); + var x1320: u32 = undefined; + var x1321: u1 = undefined; + fiatP384AddcarryxU32(&x1320, &x1321, x1319, x1301, x1298); + var x1322: u32 = undefined; + var x1323: u1 = undefined; + fiatP384AddcarryxU32(&x1322, &x1323, x1321, x1299, x1296); + var x1324: u32 = undefined; + var x1325: u1 = undefined; + fiatP384AddcarryxU32(&x1324, &x1325, x1323, x1297, x1294); + var x1326: u32 = undefined; + var x1327: u1 = undefined; + fiatP384AddcarryxU32(&x1326, &x1327, x1325, x1295, x1292); + const x1328: u32 = (@intCast(u32, x1327) + x1293); + var x1329: u32 = undefined; + var x1330: u1 = undefined; + fiatP384AddcarryxU32(&x1329, &x1330, 0x0, x1266, x1310); + var x1331: u32 = undefined; + var x1332: u1 = undefined; + fiatP384AddcarryxU32(&x1331, &x1332, x1330, x1268, x1311); + var x1333: u32 = undefined; + var x1334: u1 = undefined; + fiatP384AddcarryxU32(&x1333, &x1334, x1332, x1270, @intCast(u32, 0x0)); + var x1335: u32 = undefined; + var x1336: u1 = undefined; + fiatP384AddcarryxU32(&x1335, &x1336, x1334, x1272, x1308); + var x1337: u32 = undefined; + var x1338: u1 = undefined; + fiatP384AddcarryxU32(&x1337, &x1338, x1336, x1274, x1312); + var x1339: u32 = undefined; + var x1340: u1 = undefined; + fiatP384AddcarryxU32(&x1339, &x1340, x1338, x1276, x1314); + var x1341: u32 = undefined; + var x1342: u1 = undefined; + fiatP384AddcarryxU32(&x1341, &x1342, x1340, x1278, x1316); + var x1343: u32 = undefined; + var x1344: u1 = undefined; + fiatP384AddcarryxU32(&x1343, &x1344, x1342, x1280, x1318); + var x1345: u32 = undefined; + var x1346: u1 = undefined; + fiatP384AddcarryxU32(&x1345, &x1346, x1344, x1282, x1320); + var x1347: u32 = undefined; + var x1348: u1 = undefined; + fiatP384AddcarryxU32(&x1347, &x1348, x1346, x1284, x1322); + var x1349: u32 = undefined; + var x1350: u1 = undefined; + fiatP384AddcarryxU32(&x1349, &x1350, x1348, x1286, x1324); + var x1351: u32 = undefined; + var x1352: u1 = undefined; + fiatP384AddcarryxU32(&x1351, &x1352, x1350, x1288, x1326); + var x1353: u32 = undefined; + var x1354: u1 = undefined; + fiatP384AddcarryxU32(&x1353, &x1354, x1352, x1290, x1328); + const x1355: u32 = (@intCast(u32, x1354) + @intCast(u32, x1291)); + var x1356: u32 = undefined; + var x1357: u32 = undefined; + fiatP384MulxU32(&x1356, &x1357, x10, (arg2[11])); + var x1358: u32 = undefined; + var x1359: u32 = undefined; + fiatP384MulxU32(&x1358, &x1359, x10, (arg2[10])); + var x1360: u32 = undefined; + var x1361: u32 = undefined; + fiatP384MulxU32(&x1360, &x1361, x10, (arg2[9])); + var x1362: u32 = undefined; + var x1363: u32 = undefined; + fiatP384MulxU32(&x1362, &x1363, x10, (arg2[8])); + var x1364: u32 = undefined; + var x1365: u32 = undefined; + fiatP384MulxU32(&x1364, &x1365, x10, (arg2[7])); + var x1366: u32 = undefined; + var x1367: u32 = undefined; + fiatP384MulxU32(&x1366, &x1367, x10, (arg2[6])); + var x1368: u32 = undefined; + var x1369: u32 = undefined; + fiatP384MulxU32(&x1368, &x1369, x10, (arg2[5])); + var x1370: u32 = undefined; + var x1371: u32 = undefined; + fiatP384MulxU32(&x1370, &x1371, x10, (arg2[4])); + var x1372: u32 = undefined; + var x1373: u32 = undefined; + fiatP384MulxU32(&x1372, &x1373, x10, (arg2[3])); + var x1374: u32 = undefined; + var x1375: u32 = undefined; + fiatP384MulxU32(&x1374, &x1375, x10, (arg2[2])); + var x1376: u32 = undefined; + var x1377: u32 = undefined; + fiatP384MulxU32(&x1376, &x1377, x10, (arg2[1])); + var x1378: u32 = undefined; + var x1379: u32 = undefined; + fiatP384MulxU32(&x1378, &x1379, x10, (arg2[0])); + var x1380: u32 = undefined; + var x1381: u1 = undefined; + fiatP384AddcarryxU32(&x1380, &x1381, 0x0, x1379, x1376); + var x1382: u32 = undefined; + var x1383: u1 = undefined; + fiatP384AddcarryxU32(&x1382, &x1383, x1381, x1377, x1374); + var x1384: u32 = undefined; + var x1385: u1 = undefined; + fiatP384AddcarryxU32(&x1384, &x1385, x1383, x1375, x1372); + var x1386: u32 = undefined; + var x1387: u1 = undefined; + fiatP384AddcarryxU32(&x1386, &x1387, x1385, x1373, x1370); + var x1388: u32 = undefined; + var x1389: u1 = undefined; + fiatP384AddcarryxU32(&x1388, &x1389, x1387, x1371, x1368); + var x1390: u32 = undefined; + var x1391: u1 = undefined; + fiatP384AddcarryxU32(&x1390, &x1391, x1389, x1369, x1366); + var x1392: u32 = undefined; + var x1393: u1 = undefined; + fiatP384AddcarryxU32(&x1392, &x1393, x1391, x1367, x1364); + var x1394: u32 = undefined; + var x1395: u1 = undefined; + fiatP384AddcarryxU32(&x1394, &x1395, x1393, x1365, x1362); + var x1396: u32 = undefined; + var x1397: u1 = undefined; + fiatP384AddcarryxU32(&x1396, &x1397, x1395, x1363, x1360); + var x1398: u32 = undefined; + var x1399: u1 = undefined; + fiatP384AddcarryxU32(&x1398, &x1399, x1397, x1361, x1358); + var x1400: u32 = undefined; + var x1401: u1 = undefined; + fiatP384AddcarryxU32(&x1400, &x1401, x1399, x1359, x1356); + const x1402: u32 = (@intCast(u32, x1401) + x1357); + var x1403: u32 = undefined; + var x1404: u1 = undefined; + fiatP384AddcarryxU32(&x1403, &x1404, 0x0, x1331, x1378); + var x1405: u32 = undefined; + var x1406: u1 = undefined; + fiatP384AddcarryxU32(&x1405, &x1406, x1404, x1333, x1380); + var x1407: u32 = undefined; + var x1408: u1 = undefined; + fiatP384AddcarryxU32(&x1407, &x1408, x1406, x1335, x1382); + var x1409: u32 = undefined; + var x1410: u1 = undefined; + fiatP384AddcarryxU32(&x1409, &x1410, x1408, x1337, x1384); + var x1411: u32 = undefined; + var x1412: u1 = undefined; + fiatP384AddcarryxU32(&x1411, &x1412, x1410, x1339, x1386); + var x1413: u32 = undefined; + var x1414: u1 = undefined; + fiatP384AddcarryxU32(&x1413, &x1414, x1412, x1341, x1388); + var x1415: u32 = undefined; + var x1416: u1 = undefined; + fiatP384AddcarryxU32(&x1415, &x1416, x1414, x1343, x1390); + var x1417: u32 = undefined; + var x1418: u1 = undefined; + fiatP384AddcarryxU32(&x1417, &x1418, x1416, x1345, x1392); + var x1419: u32 = undefined; + var x1420: u1 = undefined; + fiatP384AddcarryxU32(&x1419, &x1420, x1418, x1347, x1394); + var x1421: u32 = undefined; + var x1422: u1 = undefined; + fiatP384AddcarryxU32(&x1421, &x1422, x1420, x1349, x1396); + var x1423: u32 = undefined; + var x1424: u1 = undefined; + fiatP384AddcarryxU32(&x1423, &x1424, x1422, x1351, x1398); + var x1425: u32 = undefined; + var x1426: u1 = undefined; + fiatP384AddcarryxU32(&x1425, &x1426, x1424, x1353, x1400); + var x1427: u32 = undefined; + var x1428: u1 = undefined; + fiatP384AddcarryxU32(&x1427, &x1428, x1426, x1355, x1402); + var x1429: u32 = undefined; + var x1430: u32 = undefined; + fiatP384MulxU32(&x1429, &x1430, x1403, 0xffffffff); + var x1431: u32 = undefined; + var x1432: u32 = undefined; + fiatP384MulxU32(&x1431, &x1432, x1403, 0xffffffff); + var x1433: u32 = undefined; + var x1434: u32 = undefined; + fiatP384MulxU32(&x1433, &x1434, x1403, 0xffffffff); + var x1435: u32 = undefined; + var x1436: u32 = undefined; + fiatP384MulxU32(&x1435, &x1436, x1403, 0xffffffff); + var x1437: u32 = undefined; + var x1438: u32 = undefined; + fiatP384MulxU32(&x1437, &x1438, x1403, 0xffffffff); + var x1439: u32 = undefined; + var x1440: u32 = undefined; + fiatP384MulxU32(&x1439, &x1440, x1403, 0xffffffff); + var x1441: u32 = undefined; + var x1442: u32 = undefined; + fiatP384MulxU32(&x1441, &x1442, x1403, 0xffffffff); + var x1443: u32 = undefined; + var x1444: u32 = undefined; + fiatP384MulxU32(&x1443, &x1444, x1403, 0xfffffffe); + var x1445: u32 = undefined; + var x1446: u32 = undefined; + fiatP384MulxU32(&x1445, &x1446, x1403, 0xffffffff); + var x1447: u32 = undefined; + var x1448: u32 = undefined; + fiatP384MulxU32(&x1447, &x1448, x1403, 0xffffffff); + var x1449: u32 = undefined; + var x1450: u1 = undefined; + fiatP384AddcarryxU32(&x1449, &x1450, 0x0, x1446, x1443); + var x1451: u32 = undefined; + var x1452: u1 = undefined; + fiatP384AddcarryxU32(&x1451, &x1452, x1450, x1444, x1441); + var x1453: u32 = undefined; + var x1454: u1 = undefined; + fiatP384AddcarryxU32(&x1453, &x1454, x1452, x1442, x1439); + var x1455: u32 = undefined; + var x1456: u1 = undefined; + fiatP384AddcarryxU32(&x1455, &x1456, x1454, x1440, x1437); + var x1457: u32 = undefined; + var x1458: u1 = undefined; + fiatP384AddcarryxU32(&x1457, &x1458, x1456, x1438, x1435); + var x1459: u32 = undefined; + var x1460: u1 = undefined; + fiatP384AddcarryxU32(&x1459, &x1460, x1458, x1436, x1433); + var x1461: u32 = undefined; + var x1462: u1 = undefined; + fiatP384AddcarryxU32(&x1461, &x1462, x1460, x1434, x1431); + var x1463: u32 = undefined; + var x1464: u1 = undefined; + fiatP384AddcarryxU32(&x1463, &x1464, x1462, x1432, x1429); + const x1465: u32 = (@intCast(u32, x1464) + x1430); + var x1466: u32 = undefined; + var x1467: u1 = undefined; + fiatP384AddcarryxU32(&x1466, &x1467, 0x0, x1403, x1447); + var x1468: u32 = undefined; + var x1469: u1 = undefined; + fiatP384AddcarryxU32(&x1468, &x1469, x1467, x1405, x1448); + var x1470: u32 = undefined; + var x1471: u1 = undefined; + fiatP384AddcarryxU32(&x1470, &x1471, x1469, x1407, @intCast(u32, 0x0)); + var x1472: u32 = undefined; + var x1473: u1 = undefined; + fiatP384AddcarryxU32(&x1472, &x1473, x1471, x1409, x1445); + var x1474: u32 = undefined; + var x1475: u1 = undefined; + fiatP384AddcarryxU32(&x1474, &x1475, x1473, x1411, x1449); + var x1476: u32 = undefined; + var x1477: u1 = undefined; + fiatP384AddcarryxU32(&x1476, &x1477, x1475, x1413, x1451); + var x1478: u32 = undefined; + var x1479: u1 = undefined; + fiatP384AddcarryxU32(&x1478, &x1479, x1477, x1415, x1453); + var x1480: u32 = undefined; + var x1481: u1 = undefined; + fiatP384AddcarryxU32(&x1480, &x1481, x1479, x1417, x1455); + var x1482: u32 = undefined; + var x1483: u1 = undefined; + fiatP384AddcarryxU32(&x1482, &x1483, x1481, x1419, x1457); + var x1484: u32 = undefined; + var x1485: u1 = undefined; + fiatP384AddcarryxU32(&x1484, &x1485, x1483, x1421, x1459); + var x1486: u32 = undefined; + var x1487: u1 = undefined; + fiatP384AddcarryxU32(&x1486, &x1487, x1485, x1423, x1461); + var x1488: u32 = undefined; + var x1489: u1 = undefined; + fiatP384AddcarryxU32(&x1488, &x1489, x1487, x1425, x1463); + var x1490: u32 = undefined; + var x1491: u1 = undefined; + fiatP384AddcarryxU32(&x1490, &x1491, x1489, x1427, x1465); + const x1492: u32 = (@intCast(u32, x1491) + @intCast(u32, x1428)); + var x1493: u32 = undefined; + var x1494: u32 = undefined; + fiatP384MulxU32(&x1493, &x1494, x11, (arg2[11])); + var x1495: u32 = undefined; + var x1496: u32 = undefined; + fiatP384MulxU32(&x1495, &x1496, x11, (arg2[10])); + var x1497: u32 = undefined; + var x1498: u32 = undefined; + fiatP384MulxU32(&x1497, &x1498, x11, (arg2[9])); + var x1499: u32 = undefined; + var x1500: u32 = undefined; + fiatP384MulxU32(&x1499, &x1500, x11, (arg2[8])); + var x1501: u32 = undefined; + var x1502: u32 = undefined; + fiatP384MulxU32(&x1501, &x1502, x11, (arg2[7])); + var x1503: u32 = undefined; + var x1504: u32 = undefined; + fiatP384MulxU32(&x1503, &x1504, x11, (arg2[6])); + var x1505: u32 = undefined; + var x1506: u32 = undefined; + fiatP384MulxU32(&x1505, &x1506, x11, (arg2[5])); + var x1507: u32 = undefined; + var x1508: u32 = undefined; + fiatP384MulxU32(&x1507, &x1508, x11, (arg2[4])); + var x1509: u32 = undefined; + var x1510: u32 = undefined; + fiatP384MulxU32(&x1509, &x1510, x11, (arg2[3])); + var x1511: u32 = undefined; + var x1512: u32 = undefined; + fiatP384MulxU32(&x1511, &x1512, x11, (arg2[2])); + var x1513: u32 = undefined; + var x1514: u32 = undefined; + fiatP384MulxU32(&x1513, &x1514, x11, (arg2[1])); + var x1515: u32 = undefined; + var x1516: u32 = undefined; + fiatP384MulxU32(&x1515, &x1516, x11, (arg2[0])); + var x1517: u32 = undefined; + var x1518: u1 = undefined; + fiatP384AddcarryxU32(&x1517, &x1518, 0x0, x1516, x1513); + var x1519: u32 = undefined; + var x1520: u1 = undefined; + fiatP384AddcarryxU32(&x1519, &x1520, x1518, x1514, x1511); + var x1521: u32 = undefined; + var x1522: u1 = undefined; + fiatP384AddcarryxU32(&x1521, &x1522, x1520, x1512, x1509); + var x1523: u32 = undefined; + var x1524: u1 = undefined; + fiatP384AddcarryxU32(&x1523, &x1524, x1522, x1510, x1507); + var x1525: u32 = undefined; + var x1526: u1 = undefined; + fiatP384AddcarryxU32(&x1525, &x1526, x1524, x1508, x1505); + var x1527: u32 = undefined; + var x1528: u1 = undefined; + fiatP384AddcarryxU32(&x1527, &x1528, x1526, x1506, x1503); + var x1529: u32 = undefined; + var x1530: u1 = undefined; + fiatP384AddcarryxU32(&x1529, &x1530, x1528, x1504, x1501); + var x1531: u32 = undefined; + var x1532: u1 = undefined; + fiatP384AddcarryxU32(&x1531, &x1532, x1530, x1502, x1499); + var x1533: u32 = undefined; + var x1534: u1 = undefined; + fiatP384AddcarryxU32(&x1533, &x1534, x1532, x1500, x1497); + var x1535: u32 = undefined; + var x1536: u1 = undefined; + fiatP384AddcarryxU32(&x1535, &x1536, x1534, x1498, x1495); + var x1537: u32 = undefined; + var x1538: u1 = undefined; + fiatP384AddcarryxU32(&x1537, &x1538, x1536, x1496, x1493); + const x1539: u32 = (@intCast(u32, x1538) + x1494); + var x1540: u32 = undefined; + var x1541: u1 = undefined; + fiatP384AddcarryxU32(&x1540, &x1541, 0x0, x1468, x1515); + var x1542: u32 = undefined; + var x1543: u1 = undefined; + fiatP384AddcarryxU32(&x1542, &x1543, x1541, x1470, x1517); + var x1544: u32 = undefined; + var x1545: u1 = undefined; + fiatP384AddcarryxU32(&x1544, &x1545, x1543, x1472, x1519); + var x1546: u32 = undefined; + var x1547: u1 = undefined; + fiatP384AddcarryxU32(&x1546, &x1547, x1545, x1474, x1521); + var x1548: u32 = undefined; + var x1549: u1 = undefined; + fiatP384AddcarryxU32(&x1548, &x1549, x1547, x1476, x1523); + var x1550: u32 = undefined; + var x1551: u1 = undefined; + fiatP384AddcarryxU32(&x1550, &x1551, x1549, x1478, x1525); + var x1552: u32 = undefined; + var x1553: u1 = undefined; + fiatP384AddcarryxU32(&x1552, &x1553, x1551, x1480, x1527); + var x1554: u32 = undefined; + var x1555: u1 = undefined; + fiatP384AddcarryxU32(&x1554, &x1555, x1553, x1482, x1529); + var x1556: u32 = undefined; + var x1557: u1 = undefined; + fiatP384AddcarryxU32(&x1556, &x1557, x1555, x1484, x1531); + var x1558: u32 = undefined; + var x1559: u1 = undefined; + fiatP384AddcarryxU32(&x1558, &x1559, x1557, x1486, x1533); + var x1560: u32 = undefined; + var x1561: u1 = undefined; + fiatP384AddcarryxU32(&x1560, &x1561, x1559, x1488, x1535); + var x1562: u32 = undefined; + var x1563: u1 = undefined; + fiatP384AddcarryxU32(&x1562, &x1563, x1561, x1490, x1537); + var x1564: u32 = undefined; + var x1565: u1 = undefined; + fiatP384AddcarryxU32(&x1564, &x1565, x1563, x1492, x1539); + var x1566: u32 = undefined; + var x1567: u32 = undefined; + fiatP384MulxU32(&x1566, &x1567, x1540, 0xffffffff); + var x1568: u32 = undefined; + var x1569: u32 = undefined; + fiatP384MulxU32(&x1568, &x1569, x1540, 0xffffffff); + var x1570: u32 = undefined; + var x1571: u32 = undefined; + fiatP384MulxU32(&x1570, &x1571, x1540, 0xffffffff); + var x1572: u32 = undefined; + var x1573: u32 = undefined; + fiatP384MulxU32(&x1572, &x1573, x1540, 0xffffffff); + var x1574: u32 = undefined; + var x1575: u32 = undefined; + fiatP384MulxU32(&x1574, &x1575, x1540, 0xffffffff); + var x1576: u32 = undefined; + var x1577: u32 = undefined; + fiatP384MulxU32(&x1576, &x1577, x1540, 0xffffffff); + var x1578: u32 = undefined; + var x1579: u32 = undefined; + fiatP384MulxU32(&x1578, &x1579, x1540, 0xffffffff); + var x1580: u32 = undefined; + var x1581: u32 = undefined; + fiatP384MulxU32(&x1580, &x1581, x1540, 0xfffffffe); + var x1582: u32 = undefined; + var x1583: u32 = undefined; + fiatP384MulxU32(&x1582, &x1583, x1540, 0xffffffff); + var x1584: u32 = undefined; + var x1585: u32 = undefined; + fiatP384MulxU32(&x1584, &x1585, x1540, 0xffffffff); + var x1586: u32 = undefined; + var x1587: u1 = undefined; + fiatP384AddcarryxU32(&x1586, &x1587, 0x0, x1583, x1580); + var x1588: u32 = undefined; + var x1589: u1 = undefined; + fiatP384AddcarryxU32(&x1588, &x1589, x1587, x1581, x1578); + var x1590: u32 = undefined; + var x1591: u1 = undefined; + fiatP384AddcarryxU32(&x1590, &x1591, x1589, x1579, x1576); + var x1592: u32 = undefined; + var x1593: u1 = undefined; + fiatP384AddcarryxU32(&x1592, &x1593, x1591, x1577, x1574); + var x1594: u32 = undefined; + var x1595: u1 = undefined; + fiatP384AddcarryxU32(&x1594, &x1595, x1593, x1575, x1572); + var x1596: u32 = undefined; + var x1597: u1 = undefined; + fiatP384AddcarryxU32(&x1596, &x1597, x1595, x1573, x1570); + var x1598: u32 = undefined; + var x1599: u1 = undefined; + fiatP384AddcarryxU32(&x1598, &x1599, x1597, x1571, x1568); + var x1600: u32 = undefined; + var x1601: u1 = undefined; + fiatP384AddcarryxU32(&x1600, &x1601, x1599, x1569, x1566); + const x1602: u32 = (@intCast(u32, x1601) + x1567); + var x1603: u32 = undefined; + var x1604: u1 = undefined; + fiatP384AddcarryxU32(&x1603, &x1604, 0x0, x1540, x1584); + var x1605: u32 = undefined; + var x1606: u1 = undefined; + fiatP384AddcarryxU32(&x1605, &x1606, x1604, x1542, x1585); + var x1607: u32 = undefined; + var x1608: u1 = undefined; + fiatP384AddcarryxU32(&x1607, &x1608, x1606, x1544, @intCast(u32, 0x0)); + var x1609: u32 = undefined; + var x1610: u1 = undefined; + fiatP384AddcarryxU32(&x1609, &x1610, x1608, x1546, x1582); + var x1611: u32 = undefined; + var x1612: u1 = undefined; + fiatP384AddcarryxU32(&x1611, &x1612, x1610, x1548, x1586); + var x1613: u32 = undefined; + var x1614: u1 = undefined; + fiatP384AddcarryxU32(&x1613, &x1614, x1612, x1550, x1588); + var x1615: u32 = undefined; + var x1616: u1 = undefined; + fiatP384AddcarryxU32(&x1615, &x1616, x1614, x1552, x1590); + var x1617: u32 = undefined; + var x1618: u1 = undefined; + fiatP384AddcarryxU32(&x1617, &x1618, x1616, x1554, x1592); + var x1619: u32 = undefined; + var x1620: u1 = undefined; + fiatP384AddcarryxU32(&x1619, &x1620, x1618, x1556, x1594); + var x1621: u32 = undefined; + var x1622: u1 = undefined; + fiatP384AddcarryxU32(&x1621, &x1622, x1620, x1558, x1596); + var x1623: u32 = undefined; + var x1624: u1 = undefined; + fiatP384AddcarryxU32(&x1623, &x1624, x1622, x1560, x1598); + var x1625: u32 = undefined; + var x1626: u1 = undefined; + fiatP384AddcarryxU32(&x1625, &x1626, x1624, x1562, x1600); + var x1627: u32 = undefined; + var x1628: u1 = undefined; + fiatP384AddcarryxU32(&x1627, &x1628, x1626, x1564, x1602); + const x1629: u32 = (@intCast(u32, x1628) + @intCast(u32, x1565)); + var x1630: u32 = undefined; + var x1631: u1 = undefined; + fiatP384SubborrowxU32(&x1630, &x1631, 0x0, x1605, 0xffffffff); + var x1632: u32 = undefined; + var x1633: u1 = undefined; + fiatP384SubborrowxU32(&x1632, &x1633, x1631, x1607, @intCast(u32, 0x0)); + var x1634: u32 = undefined; + var x1635: u1 = undefined; + fiatP384SubborrowxU32(&x1634, &x1635, x1633, x1609, @intCast(u32, 0x0)); + var x1636: u32 = undefined; + var x1637: u1 = undefined; + fiatP384SubborrowxU32(&x1636, &x1637, x1635, x1611, 0xffffffff); + var x1638: u32 = undefined; + var x1639: u1 = undefined; + fiatP384SubborrowxU32(&x1638, &x1639, x1637, x1613, 0xfffffffe); + var x1640: u32 = undefined; + var x1641: u1 = undefined; + fiatP384SubborrowxU32(&x1640, &x1641, x1639, x1615, 0xffffffff); + var x1642: u32 = undefined; + var x1643: u1 = undefined; + fiatP384SubborrowxU32(&x1642, &x1643, x1641, x1617, 0xffffffff); + var x1644: u32 = undefined; + var x1645: u1 = undefined; + fiatP384SubborrowxU32(&x1644, &x1645, x1643, x1619, 0xffffffff); + var x1646: u32 = undefined; + var x1647: u1 = undefined; + fiatP384SubborrowxU32(&x1646, &x1647, x1645, x1621, 0xffffffff); + var x1648: u32 = undefined; + var x1649: u1 = undefined; + fiatP384SubborrowxU32(&x1648, &x1649, x1647, x1623, 0xffffffff); + var x1650: u32 = undefined; + var x1651: u1 = undefined; + fiatP384SubborrowxU32(&x1650, &x1651, x1649, x1625, 0xffffffff); + var x1652: u32 = undefined; + var x1653: u1 = undefined; + fiatP384SubborrowxU32(&x1652, &x1653, x1651, x1627, 0xffffffff); + var x1654: u32 = undefined; + var x1655: u1 = undefined; + fiatP384SubborrowxU32(&x1654, &x1655, x1653, x1629, @intCast(u32, 0x0)); + var x1656: u32 = undefined; + fiatP384CmovznzU32(&x1656, x1655, x1630, x1605); + var x1657: u32 = undefined; + fiatP384CmovznzU32(&x1657, x1655, x1632, x1607); + var x1658: u32 = undefined; + fiatP384CmovznzU32(&x1658, x1655, x1634, x1609); + var x1659: u32 = undefined; + fiatP384CmovznzU32(&x1659, x1655, x1636, x1611); + var x1660: u32 = undefined; + fiatP384CmovznzU32(&x1660, x1655, x1638, x1613); + var x1661: u32 = undefined; + fiatP384CmovznzU32(&x1661, x1655, x1640, x1615); + var x1662: u32 = undefined; + fiatP384CmovznzU32(&x1662, x1655, x1642, x1617); + var x1663: u32 = undefined; + fiatP384CmovznzU32(&x1663, x1655, x1644, x1619); + var x1664: u32 = undefined; + fiatP384CmovznzU32(&x1664, x1655, x1646, x1621); + var x1665: u32 = undefined; + fiatP384CmovznzU32(&x1665, x1655, x1648, x1623); + var x1666: u32 = undefined; + fiatP384CmovznzU32(&x1666, x1655, x1650, x1625); + var x1667: u32 = undefined; + fiatP384CmovznzU32(&x1667, x1655, x1652, x1627); + out1[0] = x1656; + out1[1] = x1657; + out1[2] = x1658; + out1[3] = x1659; + out1[4] = x1660; + out1[5] = x1661; + out1[6] = x1662; + out1[7] = x1663; + out1[8] = x1664; + out1[9] = x1665; + out1[10] = x1666; + out1[11] = x1667; +} + +/// The function fiatP384Square squares a field element in the Montgomery domain. +/// Preconditions: +/// 0 ≤ eval arg1 < m +/// Postconditions: +/// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg1)) mod m +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +pub fn fiatP384Square(out1: *[12]u32, arg1: [12]u32) void { + const x1: u32 = (arg1[1]); + const x2: u32 = (arg1[2]); + const x3: u32 = (arg1[3]); + const x4: u32 = (arg1[4]); + const x5: u32 = (arg1[5]); + const x6: u32 = (arg1[6]); + const x7: u32 = (arg1[7]); + const x8: u32 = (arg1[8]); + const x9: u32 = (arg1[9]); + const x10: u32 = (arg1[10]); + const x11: u32 = (arg1[11]); + const x12: u32 = (arg1[0]); + var x13: u32 = undefined; + var x14: u32 = undefined; + fiatP384MulxU32(&x13, &x14, x12, (arg1[11])); + var x15: u32 = undefined; + var x16: u32 = undefined; + fiatP384MulxU32(&x15, &x16, x12, (arg1[10])); + var x17: u32 = undefined; + var x18: u32 = undefined; + fiatP384MulxU32(&x17, &x18, x12, (arg1[9])); + var x19: u32 = undefined; + var x20: u32 = undefined; + fiatP384MulxU32(&x19, &x20, x12, (arg1[8])); + var x21: u32 = undefined; + var x22: u32 = undefined; + fiatP384MulxU32(&x21, &x22, x12, (arg1[7])); + var x23: u32 = undefined; + var x24: u32 = undefined; + fiatP384MulxU32(&x23, &x24, x12, (arg1[6])); + var x25: u32 = undefined; + var x26: u32 = undefined; + fiatP384MulxU32(&x25, &x26, x12, (arg1[5])); + var x27: u32 = undefined; + var x28: u32 = undefined; + fiatP384MulxU32(&x27, &x28, x12, (arg1[4])); + var x29: u32 = undefined; + var x30: u32 = undefined; + fiatP384MulxU32(&x29, &x30, x12, (arg1[3])); + var x31: u32 = undefined; + var x32: u32 = undefined; + fiatP384MulxU32(&x31, &x32, x12, (arg1[2])); + var x33: u32 = undefined; + var x34: u32 = undefined; + fiatP384MulxU32(&x33, &x34, x12, (arg1[1])); + var x35: u32 = undefined; + var x36: u32 = undefined; + fiatP384MulxU32(&x35, &x36, x12, (arg1[0])); + var x37: u32 = undefined; + var x38: u1 = undefined; + fiatP384AddcarryxU32(&x37, &x38, 0x0, x36, x33); + var x39: u32 = undefined; + var x40: u1 = undefined; + fiatP384AddcarryxU32(&x39, &x40, x38, x34, x31); + var x41: u32 = undefined; + var x42: u1 = undefined; + fiatP384AddcarryxU32(&x41, &x42, x40, x32, x29); + var x43: u32 = undefined; + var x44: u1 = undefined; + fiatP384AddcarryxU32(&x43, &x44, x42, x30, x27); + var x45: u32 = undefined; + var x46: u1 = undefined; + fiatP384AddcarryxU32(&x45, &x46, x44, x28, x25); + var x47: u32 = undefined; + var x48: u1 = undefined; + fiatP384AddcarryxU32(&x47, &x48, x46, x26, x23); + var x49: u32 = undefined; + var x50: u1 = undefined; + fiatP384AddcarryxU32(&x49, &x50, x48, x24, x21); + var x51: u32 = undefined; + var x52: u1 = undefined; + fiatP384AddcarryxU32(&x51, &x52, x50, x22, x19); + var x53: u32 = undefined; + var x54: u1 = undefined; + fiatP384AddcarryxU32(&x53, &x54, x52, x20, x17); + var x55: u32 = undefined; + var x56: u1 = undefined; + fiatP384AddcarryxU32(&x55, &x56, x54, x18, x15); + var x57: u32 = undefined; + var x58: u1 = undefined; + fiatP384AddcarryxU32(&x57, &x58, x56, x16, x13); + const x59: u32 = (@intCast(u32, x58) + x14); + var x60: u32 = undefined; + var x61: u32 = undefined; + fiatP384MulxU32(&x60, &x61, x35, 0xffffffff); + var x62: u32 = undefined; + var x63: u32 = undefined; + fiatP384MulxU32(&x62, &x63, x35, 0xffffffff); + var x64: u32 = undefined; + var x65: u32 = undefined; + fiatP384MulxU32(&x64, &x65, x35, 0xffffffff); + var x66: u32 = undefined; + var x67: u32 = undefined; + fiatP384MulxU32(&x66, &x67, x35, 0xffffffff); + var x68: u32 = undefined; + var x69: u32 = undefined; + fiatP384MulxU32(&x68, &x69, x35, 0xffffffff); + var x70: u32 = undefined; + var x71: u32 = undefined; + fiatP384MulxU32(&x70, &x71, x35, 0xffffffff); + var x72: u32 = undefined; + var x73: u32 = undefined; + fiatP384MulxU32(&x72, &x73, x35, 0xffffffff); + var x74: u32 = undefined; + var x75: u32 = undefined; + fiatP384MulxU32(&x74, &x75, x35, 0xfffffffe); + var x76: u32 = undefined; + var x77: u32 = undefined; + fiatP384MulxU32(&x76, &x77, x35, 0xffffffff); + var x78: u32 = undefined; + var x79: u32 = undefined; + fiatP384MulxU32(&x78, &x79, x35, 0xffffffff); + var x80: u32 = undefined; + var x81: u1 = undefined; + fiatP384AddcarryxU32(&x80, &x81, 0x0, x77, x74); + var x82: u32 = undefined; + var x83: u1 = undefined; + fiatP384AddcarryxU32(&x82, &x83, x81, x75, x72); + var x84: u32 = undefined; + var x85: u1 = undefined; + fiatP384AddcarryxU32(&x84, &x85, x83, x73, x70); + var x86: u32 = undefined; + var x87: u1 = undefined; + fiatP384AddcarryxU32(&x86, &x87, x85, x71, x68); + var x88: u32 = undefined; + var x89: u1 = undefined; + fiatP384AddcarryxU32(&x88, &x89, x87, x69, x66); + var x90: u32 = undefined; + var x91: u1 = undefined; + fiatP384AddcarryxU32(&x90, &x91, x89, x67, x64); + var x92: u32 = undefined; + var x93: u1 = undefined; + fiatP384AddcarryxU32(&x92, &x93, x91, x65, x62); + var x94: u32 = undefined; + var x95: u1 = undefined; + fiatP384AddcarryxU32(&x94, &x95, x93, x63, x60); + const x96: u32 = (@intCast(u32, x95) + x61); + var x97: u32 = undefined; + var x98: u1 = undefined; + fiatP384AddcarryxU32(&x97, &x98, 0x0, x35, x78); + var x99: u32 = undefined; + var x100: u1 = undefined; + fiatP384AddcarryxU32(&x99, &x100, x98, x37, x79); + var x101: u32 = undefined; + var x102: u1 = undefined; + fiatP384AddcarryxU32(&x101, &x102, x100, x39, @intCast(u32, 0x0)); + var x103: u32 = undefined; + var x104: u1 = undefined; + fiatP384AddcarryxU32(&x103, &x104, x102, x41, x76); + var x105: u32 = undefined; + var x106: u1 = undefined; + fiatP384AddcarryxU32(&x105, &x106, x104, x43, x80); + var x107: u32 = undefined; + var x108: u1 = undefined; + fiatP384AddcarryxU32(&x107, &x108, x106, x45, x82); + var x109: u32 = undefined; + var x110: u1 = undefined; + fiatP384AddcarryxU32(&x109, &x110, x108, x47, x84); + var x111: u32 = undefined; + var x112: u1 = undefined; + fiatP384AddcarryxU32(&x111, &x112, x110, x49, x86); + var x113: u32 = undefined; + var x114: u1 = undefined; + fiatP384AddcarryxU32(&x113, &x114, x112, x51, x88); + var x115: u32 = undefined; + var x116: u1 = undefined; + fiatP384AddcarryxU32(&x115, &x116, x114, x53, x90); + var x117: u32 = undefined; + var x118: u1 = undefined; + fiatP384AddcarryxU32(&x117, &x118, x116, x55, x92); + var x119: u32 = undefined; + var x120: u1 = undefined; + fiatP384AddcarryxU32(&x119, &x120, x118, x57, x94); + var x121: u32 = undefined; + var x122: u1 = undefined; + fiatP384AddcarryxU32(&x121, &x122, x120, x59, x96); + var x123: u32 = undefined; + var x124: u32 = undefined; + fiatP384MulxU32(&x123, &x124, x1, (arg1[11])); + var x125: u32 = undefined; + var x126: u32 = undefined; + fiatP384MulxU32(&x125, &x126, x1, (arg1[10])); + var x127: u32 = undefined; + var x128: u32 = undefined; + fiatP384MulxU32(&x127, &x128, x1, (arg1[9])); + var x129: u32 = undefined; + var x130: u32 = undefined; + fiatP384MulxU32(&x129, &x130, x1, (arg1[8])); + var x131: u32 = undefined; + var x132: u32 = undefined; + fiatP384MulxU32(&x131, &x132, x1, (arg1[7])); + var x133: u32 = undefined; + var x134: u32 = undefined; + fiatP384MulxU32(&x133, &x134, x1, (arg1[6])); + var x135: u32 = undefined; + var x136: u32 = undefined; + fiatP384MulxU32(&x135, &x136, x1, (arg1[5])); + var x137: u32 = undefined; + var x138: u32 = undefined; + fiatP384MulxU32(&x137, &x138, x1, (arg1[4])); + var x139: u32 = undefined; + var x140: u32 = undefined; + fiatP384MulxU32(&x139, &x140, x1, (arg1[3])); + var x141: u32 = undefined; + var x142: u32 = undefined; + fiatP384MulxU32(&x141, &x142, x1, (arg1[2])); + var x143: u32 = undefined; + var x144: u32 = undefined; + fiatP384MulxU32(&x143, &x144, x1, (arg1[1])); + var x145: u32 = undefined; + var x146: u32 = undefined; + fiatP384MulxU32(&x145, &x146, x1, (arg1[0])); + var x147: u32 = undefined; + var x148: u1 = undefined; + fiatP384AddcarryxU32(&x147, &x148, 0x0, x146, x143); + var x149: u32 = undefined; + var x150: u1 = undefined; + fiatP384AddcarryxU32(&x149, &x150, x148, x144, x141); + var x151: u32 = undefined; + var x152: u1 = undefined; + fiatP384AddcarryxU32(&x151, &x152, x150, x142, x139); + var x153: u32 = undefined; + var x154: u1 = undefined; + fiatP384AddcarryxU32(&x153, &x154, x152, x140, x137); + var x155: u32 = undefined; + var x156: u1 = undefined; + fiatP384AddcarryxU32(&x155, &x156, x154, x138, x135); + var x157: u32 = undefined; + var x158: u1 = undefined; + fiatP384AddcarryxU32(&x157, &x158, x156, x136, x133); + var x159: u32 = undefined; + var x160: u1 = undefined; + fiatP384AddcarryxU32(&x159, &x160, x158, x134, x131); + var x161: u32 = undefined; + var x162: u1 = undefined; + fiatP384AddcarryxU32(&x161, &x162, x160, x132, x129); + var x163: u32 = undefined; + var x164: u1 = undefined; + fiatP384AddcarryxU32(&x163, &x164, x162, x130, x127); + var x165: u32 = undefined; + var x166: u1 = undefined; + fiatP384AddcarryxU32(&x165, &x166, x164, x128, x125); + var x167: u32 = undefined; + var x168: u1 = undefined; + fiatP384AddcarryxU32(&x167, &x168, x166, x126, x123); + const x169: u32 = (@intCast(u32, x168) + x124); + var x170: u32 = undefined; + var x171: u1 = undefined; + fiatP384AddcarryxU32(&x170, &x171, 0x0, x99, x145); + var x172: u32 = undefined; + var x173: u1 = undefined; + fiatP384AddcarryxU32(&x172, &x173, x171, x101, x147); + var x174: u32 = undefined; + var x175: u1 = undefined; + fiatP384AddcarryxU32(&x174, &x175, x173, x103, x149); + var x176: u32 = undefined; + var x177: u1 = undefined; + fiatP384AddcarryxU32(&x176, &x177, x175, x105, x151); + var x178: u32 = undefined; + var x179: u1 = undefined; + fiatP384AddcarryxU32(&x178, &x179, x177, x107, x153); + var x180: u32 = undefined; + var x181: u1 = undefined; + fiatP384AddcarryxU32(&x180, &x181, x179, x109, x155); + var x182: u32 = undefined; + var x183: u1 = undefined; + fiatP384AddcarryxU32(&x182, &x183, x181, x111, x157); + var x184: u32 = undefined; + var x185: u1 = undefined; + fiatP384AddcarryxU32(&x184, &x185, x183, x113, x159); + var x186: u32 = undefined; + var x187: u1 = undefined; + fiatP384AddcarryxU32(&x186, &x187, x185, x115, x161); + var x188: u32 = undefined; + var x189: u1 = undefined; + fiatP384AddcarryxU32(&x188, &x189, x187, x117, x163); + var x190: u32 = undefined; + var x191: u1 = undefined; + fiatP384AddcarryxU32(&x190, &x191, x189, x119, x165); + var x192: u32 = undefined; + var x193: u1 = undefined; + fiatP384AddcarryxU32(&x192, &x193, x191, x121, x167); + var x194: u32 = undefined; + var x195: u1 = undefined; + fiatP384AddcarryxU32(&x194, &x195, x193, @intCast(u32, x122), x169); + var x196: u32 = undefined; + var x197: u32 = undefined; + fiatP384MulxU32(&x196, &x197, x170, 0xffffffff); + var x198: u32 = undefined; + var x199: u32 = undefined; + fiatP384MulxU32(&x198, &x199, x170, 0xffffffff); + var x200: u32 = undefined; + var x201: u32 = undefined; + fiatP384MulxU32(&x200, &x201, x170, 0xffffffff); + var x202: u32 = undefined; + var x203: u32 = undefined; + fiatP384MulxU32(&x202, &x203, x170, 0xffffffff); + var x204: u32 = undefined; + var x205: u32 = undefined; + fiatP384MulxU32(&x204, &x205, x170, 0xffffffff); + var x206: u32 = undefined; + var x207: u32 = undefined; + fiatP384MulxU32(&x206, &x207, x170, 0xffffffff); + var x208: u32 = undefined; + var x209: u32 = undefined; + fiatP384MulxU32(&x208, &x209, x170, 0xffffffff); + var x210: u32 = undefined; + var x211: u32 = undefined; + fiatP384MulxU32(&x210, &x211, x170, 0xfffffffe); + var x212: u32 = undefined; + var x213: u32 = undefined; + fiatP384MulxU32(&x212, &x213, x170, 0xffffffff); + var x214: u32 = undefined; + var x215: u32 = undefined; + fiatP384MulxU32(&x214, &x215, x170, 0xffffffff); + var x216: u32 = undefined; + var x217: u1 = undefined; + fiatP384AddcarryxU32(&x216, &x217, 0x0, x213, x210); + var x218: u32 = undefined; + var x219: u1 = undefined; + fiatP384AddcarryxU32(&x218, &x219, x217, x211, x208); + var x220: u32 = undefined; + var x221: u1 = undefined; + fiatP384AddcarryxU32(&x220, &x221, x219, x209, x206); + var x222: u32 = undefined; + var x223: u1 = undefined; + fiatP384AddcarryxU32(&x222, &x223, x221, x207, x204); + var x224: u32 = undefined; + var x225: u1 = undefined; + fiatP384AddcarryxU32(&x224, &x225, x223, x205, x202); + var x226: u32 = undefined; + var x227: u1 = undefined; + fiatP384AddcarryxU32(&x226, &x227, x225, x203, x200); + var x228: u32 = undefined; + var x229: u1 = undefined; + fiatP384AddcarryxU32(&x228, &x229, x227, x201, x198); + var x230: u32 = undefined; + var x231: u1 = undefined; + fiatP384AddcarryxU32(&x230, &x231, x229, x199, x196); + const x232: u32 = (@intCast(u32, x231) + x197); + var x233: u32 = undefined; + var x234: u1 = undefined; + fiatP384AddcarryxU32(&x233, &x234, 0x0, x170, x214); + var x235: u32 = undefined; + var x236: u1 = undefined; + fiatP384AddcarryxU32(&x235, &x236, x234, x172, x215); + var x237: u32 = undefined; + var x238: u1 = undefined; + fiatP384AddcarryxU32(&x237, &x238, x236, x174, @intCast(u32, 0x0)); + var x239: u32 = undefined; + var x240: u1 = undefined; + fiatP384AddcarryxU32(&x239, &x240, x238, x176, x212); + var x241: u32 = undefined; + var x242: u1 = undefined; + fiatP384AddcarryxU32(&x241, &x242, x240, x178, x216); + var x243: u32 = undefined; + var x244: u1 = undefined; + fiatP384AddcarryxU32(&x243, &x244, x242, x180, x218); + var x245: u32 = undefined; + var x246: u1 = undefined; + fiatP384AddcarryxU32(&x245, &x246, x244, x182, x220); + var x247: u32 = undefined; + var x248: u1 = undefined; + fiatP384AddcarryxU32(&x247, &x248, x246, x184, x222); + var x249: u32 = undefined; + var x250: u1 = undefined; + fiatP384AddcarryxU32(&x249, &x250, x248, x186, x224); + var x251: u32 = undefined; + var x252: u1 = undefined; + fiatP384AddcarryxU32(&x251, &x252, x250, x188, x226); + var x253: u32 = undefined; + var x254: u1 = undefined; + fiatP384AddcarryxU32(&x253, &x254, x252, x190, x228); + var x255: u32 = undefined; + var x256: u1 = undefined; + fiatP384AddcarryxU32(&x255, &x256, x254, x192, x230); + var x257: u32 = undefined; + var x258: u1 = undefined; + fiatP384AddcarryxU32(&x257, &x258, x256, x194, x232); + const x259: u32 = (@intCast(u32, x258) + @intCast(u32, x195)); + var x260: u32 = undefined; + var x261: u32 = undefined; + fiatP384MulxU32(&x260, &x261, x2, (arg1[11])); + var x262: u32 = undefined; + var x263: u32 = undefined; + fiatP384MulxU32(&x262, &x263, x2, (arg1[10])); + var x264: u32 = undefined; + var x265: u32 = undefined; + fiatP384MulxU32(&x264, &x265, x2, (arg1[9])); + var x266: u32 = undefined; + var x267: u32 = undefined; + fiatP384MulxU32(&x266, &x267, x2, (arg1[8])); + var x268: u32 = undefined; + var x269: u32 = undefined; + fiatP384MulxU32(&x268, &x269, x2, (arg1[7])); + var x270: u32 = undefined; + var x271: u32 = undefined; + fiatP384MulxU32(&x270, &x271, x2, (arg1[6])); + var x272: u32 = undefined; + var x273: u32 = undefined; + fiatP384MulxU32(&x272, &x273, x2, (arg1[5])); + var x274: u32 = undefined; + var x275: u32 = undefined; + fiatP384MulxU32(&x274, &x275, x2, (arg1[4])); + var x276: u32 = undefined; + var x277: u32 = undefined; + fiatP384MulxU32(&x276, &x277, x2, (arg1[3])); + var x278: u32 = undefined; + var x279: u32 = undefined; + fiatP384MulxU32(&x278, &x279, x2, (arg1[2])); + var x280: u32 = undefined; + var x281: u32 = undefined; + fiatP384MulxU32(&x280, &x281, x2, (arg1[1])); + var x282: u32 = undefined; + var x283: u32 = undefined; + fiatP384MulxU32(&x282, &x283, x2, (arg1[0])); + var x284: u32 = undefined; + var x285: u1 = undefined; + fiatP384AddcarryxU32(&x284, &x285, 0x0, x283, x280); + var x286: u32 = undefined; + var x287: u1 = undefined; + fiatP384AddcarryxU32(&x286, &x287, x285, x281, x278); + var x288: u32 = undefined; + var x289: u1 = undefined; + fiatP384AddcarryxU32(&x288, &x289, x287, x279, x276); + var x290: u32 = undefined; + var x291: u1 = undefined; + fiatP384AddcarryxU32(&x290, &x291, x289, x277, x274); + var x292: u32 = undefined; + var x293: u1 = undefined; + fiatP384AddcarryxU32(&x292, &x293, x291, x275, x272); + var x294: u32 = undefined; + var x295: u1 = undefined; + fiatP384AddcarryxU32(&x294, &x295, x293, x273, x270); + var x296: u32 = undefined; + var x297: u1 = undefined; + fiatP384AddcarryxU32(&x296, &x297, x295, x271, x268); + var x298: u32 = undefined; + var x299: u1 = undefined; + fiatP384AddcarryxU32(&x298, &x299, x297, x269, x266); + var x300: u32 = undefined; + var x301: u1 = undefined; + fiatP384AddcarryxU32(&x300, &x301, x299, x267, x264); + var x302: u32 = undefined; + var x303: u1 = undefined; + fiatP384AddcarryxU32(&x302, &x303, x301, x265, x262); + var x304: u32 = undefined; + var x305: u1 = undefined; + fiatP384AddcarryxU32(&x304, &x305, x303, x263, x260); + const x306: u32 = (@intCast(u32, x305) + x261); + var x307: u32 = undefined; + var x308: u1 = undefined; + fiatP384AddcarryxU32(&x307, &x308, 0x0, x235, x282); + var x309: u32 = undefined; + var x310: u1 = undefined; + fiatP384AddcarryxU32(&x309, &x310, x308, x237, x284); + var x311: u32 = undefined; + var x312: u1 = undefined; + fiatP384AddcarryxU32(&x311, &x312, x310, x239, x286); + var x313: u32 = undefined; + var x314: u1 = undefined; + fiatP384AddcarryxU32(&x313, &x314, x312, x241, x288); + var x315: u32 = undefined; + var x316: u1 = undefined; + fiatP384AddcarryxU32(&x315, &x316, x314, x243, x290); + var x317: u32 = undefined; + var x318: u1 = undefined; + fiatP384AddcarryxU32(&x317, &x318, x316, x245, x292); + var x319: u32 = undefined; + var x320: u1 = undefined; + fiatP384AddcarryxU32(&x319, &x320, x318, x247, x294); + var x321: u32 = undefined; + var x322: u1 = undefined; + fiatP384AddcarryxU32(&x321, &x322, x320, x249, x296); + var x323: u32 = undefined; + var x324: u1 = undefined; + fiatP384AddcarryxU32(&x323, &x324, x322, x251, x298); + var x325: u32 = undefined; + var x326: u1 = undefined; + fiatP384AddcarryxU32(&x325, &x326, x324, x253, x300); + var x327: u32 = undefined; + var x328: u1 = undefined; + fiatP384AddcarryxU32(&x327, &x328, x326, x255, x302); + var x329: u32 = undefined; + var x330: u1 = undefined; + fiatP384AddcarryxU32(&x329, &x330, x328, x257, x304); + var x331: u32 = undefined; + var x332: u1 = undefined; + fiatP384AddcarryxU32(&x331, &x332, x330, x259, x306); + var x333: u32 = undefined; + var x334: u32 = undefined; + fiatP384MulxU32(&x333, &x334, x307, 0xffffffff); + var x335: u32 = undefined; + var x336: u32 = undefined; + fiatP384MulxU32(&x335, &x336, x307, 0xffffffff); + var x337: u32 = undefined; + var x338: u32 = undefined; + fiatP384MulxU32(&x337, &x338, x307, 0xffffffff); + var x339: u32 = undefined; + var x340: u32 = undefined; + fiatP384MulxU32(&x339, &x340, x307, 0xffffffff); + var x341: u32 = undefined; + var x342: u32 = undefined; + fiatP384MulxU32(&x341, &x342, x307, 0xffffffff); + var x343: u32 = undefined; + var x344: u32 = undefined; + fiatP384MulxU32(&x343, &x344, x307, 0xffffffff); + var x345: u32 = undefined; + var x346: u32 = undefined; + fiatP384MulxU32(&x345, &x346, x307, 0xffffffff); + var x347: u32 = undefined; + var x348: u32 = undefined; + fiatP384MulxU32(&x347, &x348, x307, 0xfffffffe); + var x349: u32 = undefined; + var x350: u32 = undefined; + fiatP384MulxU32(&x349, &x350, x307, 0xffffffff); + var x351: u32 = undefined; + var x352: u32 = undefined; + fiatP384MulxU32(&x351, &x352, x307, 0xffffffff); + var x353: u32 = undefined; + var x354: u1 = undefined; + fiatP384AddcarryxU32(&x353, &x354, 0x0, x350, x347); + var x355: u32 = undefined; + var x356: u1 = undefined; + fiatP384AddcarryxU32(&x355, &x356, x354, x348, x345); + var x357: u32 = undefined; + var x358: u1 = undefined; + fiatP384AddcarryxU32(&x357, &x358, x356, x346, x343); + var x359: u32 = undefined; + var x360: u1 = undefined; + fiatP384AddcarryxU32(&x359, &x360, x358, x344, x341); + var x361: u32 = undefined; + var x362: u1 = undefined; + fiatP384AddcarryxU32(&x361, &x362, x360, x342, x339); + var x363: u32 = undefined; + var x364: u1 = undefined; + fiatP384AddcarryxU32(&x363, &x364, x362, x340, x337); + var x365: u32 = undefined; + var x366: u1 = undefined; + fiatP384AddcarryxU32(&x365, &x366, x364, x338, x335); + var x367: u32 = undefined; + var x368: u1 = undefined; + fiatP384AddcarryxU32(&x367, &x368, x366, x336, x333); + const x369: u32 = (@intCast(u32, x368) + x334); + var x370: u32 = undefined; + var x371: u1 = undefined; + fiatP384AddcarryxU32(&x370, &x371, 0x0, x307, x351); + var x372: u32 = undefined; + var x373: u1 = undefined; + fiatP384AddcarryxU32(&x372, &x373, x371, x309, x352); + var x374: u32 = undefined; + var x375: u1 = undefined; + fiatP384AddcarryxU32(&x374, &x375, x373, x311, @intCast(u32, 0x0)); + var x376: u32 = undefined; + var x377: u1 = undefined; + fiatP384AddcarryxU32(&x376, &x377, x375, x313, x349); + var x378: u32 = undefined; + var x379: u1 = undefined; + fiatP384AddcarryxU32(&x378, &x379, x377, x315, x353); + var x380: u32 = undefined; + var x381: u1 = undefined; + fiatP384AddcarryxU32(&x380, &x381, x379, x317, x355); + var x382: u32 = undefined; + var x383: u1 = undefined; + fiatP384AddcarryxU32(&x382, &x383, x381, x319, x357); + var x384: u32 = undefined; + var x385: u1 = undefined; + fiatP384AddcarryxU32(&x384, &x385, x383, x321, x359); + var x386: u32 = undefined; + var x387: u1 = undefined; + fiatP384AddcarryxU32(&x386, &x387, x385, x323, x361); + var x388: u32 = undefined; + var x389: u1 = undefined; + fiatP384AddcarryxU32(&x388, &x389, x387, x325, x363); + var x390: u32 = undefined; + var x391: u1 = undefined; + fiatP384AddcarryxU32(&x390, &x391, x389, x327, x365); + var x392: u32 = undefined; + var x393: u1 = undefined; + fiatP384AddcarryxU32(&x392, &x393, x391, x329, x367); + var x394: u32 = undefined; + var x395: u1 = undefined; + fiatP384AddcarryxU32(&x394, &x395, x393, x331, x369); + const x396: u32 = (@intCast(u32, x395) + @intCast(u32, x332)); + var x397: u32 = undefined; + var x398: u32 = undefined; + fiatP384MulxU32(&x397, &x398, x3, (arg1[11])); + var x399: u32 = undefined; + var x400: u32 = undefined; + fiatP384MulxU32(&x399, &x400, x3, (arg1[10])); + var x401: u32 = undefined; + var x402: u32 = undefined; + fiatP384MulxU32(&x401, &x402, x3, (arg1[9])); + var x403: u32 = undefined; + var x404: u32 = undefined; + fiatP384MulxU32(&x403, &x404, x3, (arg1[8])); + var x405: u32 = undefined; + var x406: u32 = undefined; + fiatP384MulxU32(&x405, &x406, x3, (arg1[7])); + var x407: u32 = undefined; + var x408: u32 = undefined; + fiatP384MulxU32(&x407, &x408, x3, (arg1[6])); + var x409: u32 = undefined; + var x410: u32 = undefined; + fiatP384MulxU32(&x409, &x410, x3, (arg1[5])); + var x411: u32 = undefined; + var x412: u32 = undefined; + fiatP384MulxU32(&x411, &x412, x3, (arg1[4])); + var x413: u32 = undefined; + var x414: u32 = undefined; + fiatP384MulxU32(&x413, &x414, x3, (arg1[3])); + var x415: u32 = undefined; + var x416: u32 = undefined; + fiatP384MulxU32(&x415, &x416, x3, (arg1[2])); + var x417: u32 = undefined; + var x418: u32 = undefined; + fiatP384MulxU32(&x417, &x418, x3, (arg1[1])); + var x419: u32 = undefined; + var x420: u32 = undefined; + fiatP384MulxU32(&x419, &x420, x3, (arg1[0])); + var x421: u32 = undefined; + var x422: u1 = undefined; + fiatP384AddcarryxU32(&x421, &x422, 0x0, x420, x417); + var x423: u32 = undefined; + var x424: u1 = undefined; + fiatP384AddcarryxU32(&x423, &x424, x422, x418, x415); + var x425: u32 = undefined; + var x426: u1 = undefined; + fiatP384AddcarryxU32(&x425, &x426, x424, x416, x413); + var x427: u32 = undefined; + var x428: u1 = undefined; + fiatP384AddcarryxU32(&x427, &x428, x426, x414, x411); + var x429: u32 = undefined; + var x430: u1 = undefined; + fiatP384AddcarryxU32(&x429, &x430, x428, x412, x409); + var x431: u32 = undefined; + var x432: u1 = undefined; + fiatP384AddcarryxU32(&x431, &x432, x430, x410, x407); + var x433: u32 = undefined; + var x434: u1 = undefined; + fiatP384AddcarryxU32(&x433, &x434, x432, x408, x405); + var x435: u32 = undefined; + var x436: u1 = undefined; + fiatP384AddcarryxU32(&x435, &x436, x434, x406, x403); + var x437: u32 = undefined; + var x438: u1 = undefined; + fiatP384AddcarryxU32(&x437, &x438, x436, x404, x401); + var x439: u32 = undefined; + var x440: u1 = undefined; + fiatP384AddcarryxU32(&x439, &x440, x438, x402, x399); + var x441: u32 = undefined; + var x442: u1 = undefined; + fiatP384AddcarryxU32(&x441, &x442, x440, x400, x397); + const x443: u32 = (@intCast(u32, x442) + x398); + var x444: u32 = undefined; + var x445: u1 = undefined; + fiatP384AddcarryxU32(&x444, &x445, 0x0, x372, x419); + var x446: u32 = undefined; + var x447: u1 = undefined; + fiatP384AddcarryxU32(&x446, &x447, x445, x374, x421); + var x448: u32 = undefined; + var x449: u1 = undefined; + fiatP384AddcarryxU32(&x448, &x449, x447, x376, x423); + var x450: u32 = undefined; + var x451: u1 = undefined; + fiatP384AddcarryxU32(&x450, &x451, x449, x378, x425); + var x452: u32 = undefined; + var x453: u1 = undefined; + fiatP384AddcarryxU32(&x452, &x453, x451, x380, x427); + var x454: u32 = undefined; + var x455: u1 = undefined; + fiatP384AddcarryxU32(&x454, &x455, x453, x382, x429); + var x456: u32 = undefined; + var x457: u1 = undefined; + fiatP384AddcarryxU32(&x456, &x457, x455, x384, x431); + var x458: u32 = undefined; + var x459: u1 = undefined; + fiatP384AddcarryxU32(&x458, &x459, x457, x386, x433); + var x460: u32 = undefined; + var x461: u1 = undefined; + fiatP384AddcarryxU32(&x460, &x461, x459, x388, x435); + var x462: u32 = undefined; + var x463: u1 = undefined; + fiatP384AddcarryxU32(&x462, &x463, x461, x390, x437); + var x464: u32 = undefined; + var x465: u1 = undefined; + fiatP384AddcarryxU32(&x464, &x465, x463, x392, x439); + var x466: u32 = undefined; + var x467: u1 = undefined; + fiatP384AddcarryxU32(&x466, &x467, x465, x394, x441); + var x468: u32 = undefined; + var x469: u1 = undefined; + fiatP384AddcarryxU32(&x468, &x469, x467, x396, x443); + var x470: u32 = undefined; + var x471: u32 = undefined; + fiatP384MulxU32(&x470, &x471, x444, 0xffffffff); + var x472: u32 = undefined; + var x473: u32 = undefined; + fiatP384MulxU32(&x472, &x473, x444, 0xffffffff); + var x474: u32 = undefined; + var x475: u32 = undefined; + fiatP384MulxU32(&x474, &x475, x444, 0xffffffff); + var x476: u32 = undefined; + var x477: u32 = undefined; + fiatP384MulxU32(&x476, &x477, x444, 0xffffffff); + var x478: u32 = undefined; + var x479: u32 = undefined; + fiatP384MulxU32(&x478, &x479, x444, 0xffffffff); + var x480: u32 = undefined; + var x481: u32 = undefined; + fiatP384MulxU32(&x480, &x481, x444, 0xffffffff); + var x482: u32 = undefined; + var x483: u32 = undefined; + fiatP384MulxU32(&x482, &x483, x444, 0xffffffff); + var x484: u32 = undefined; + var x485: u32 = undefined; + fiatP384MulxU32(&x484, &x485, x444, 0xfffffffe); + var x486: u32 = undefined; + var x487: u32 = undefined; + fiatP384MulxU32(&x486, &x487, x444, 0xffffffff); + var x488: u32 = undefined; + var x489: u32 = undefined; + fiatP384MulxU32(&x488, &x489, x444, 0xffffffff); + var x490: u32 = undefined; + var x491: u1 = undefined; + fiatP384AddcarryxU32(&x490, &x491, 0x0, x487, x484); + var x492: u32 = undefined; + var x493: u1 = undefined; + fiatP384AddcarryxU32(&x492, &x493, x491, x485, x482); + var x494: u32 = undefined; + var x495: u1 = undefined; + fiatP384AddcarryxU32(&x494, &x495, x493, x483, x480); + var x496: u32 = undefined; + var x497: u1 = undefined; + fiatP384AddcarryxU32(&x496, &x497, x495, x481, x478); + var x498: u32 = undefined; + var x499: u1 = undefined; + fiatP384AddcarryxU32(&x498, &x499, x497, x479, x476); + var x500: u32 = undefined; + var x501: u1 = undefined; + fiatP384AddcarryxU32(&x500, &x501, x499, x477, x474); + var x502: u32 = undefined; + var x503: u1 = undefined; + fiatP384AddcarryxU32(&x502, &x503, x501, x475, x472); + var x504: u32 = undefined; + var x505: u1 = undefined; + fiatP384AddcarryxU32(&x504, &x505, x503, x473, x470); + const x506: u32 = (@intCast(u32, x505) + x471); + var x507: u32 = undefined; + var x508: u1 = undefined; + fiatP384AddcarryxU32(&x507, &x508, 0x0, x444, x488); + var x509: u32 = undefined; + var x510: u1 = undefined; + fiatP384AddcarryxU32(&x509, &x510, x508, x446, x489); + var x511: u32 = undefined; + var x512: u1 = undefined; + fiatP384AddcarryxU32(&x511, &x512, x510, x448, @intCast(u32, 0x0)); + var x513: u32 = undefined; + var x514: u1 = undefined; + fiatP384AddcarryxU32(&x513, &x514, x512, x450, x486); + var x515: u32 = undefined; + var x516: u1 = undefined; + fiatP384AddcarryxU32(&x515, &x516, x514, x452, x490); + var x517: u32 = undefined; + var x518: u1 = undefined; + fiatP384AddcarryxU32(&x517, &x518, x516, x454, x492); + var x519: u32 = undefined; + var x520: u1 = undefined; + fiatP384AddcarryxU32(&x519, &x520, x518, x456, x494); + var x521: u32 = undefined; + var x522: u1 = undefined; + fiatP384AddcarryxU32(&x521, &x522, x520, x458, x496); + var x523: u32 = undefined; + var x524: u1 = undefined; + fiatP384AddcarryxU32(&x523, &x524, x522, x460, x498); + var x525: u32 = undefined; + var x526: u1 = undefined; + fiatP384AddcarryxU32(&x525, &x526, x524, x462, x500); + var x527: u32 = undefined; + var x528: u1 = undefined; + fiatP384AddcarryxU32(&x527, &x528, x526, x464, x502); + var x529: u32 = undefined; + var x530: u1 = undefined; + fiatP384AddcarryxU32(&x529, &x530, x528, x466, x504); + var x531: u32 = undefined; + var x532: u1 = undefined; + fiatP384AddcarryxU32(&x531, &x532, x530, x468, x506); + const x533: u32 = (@intCast(u32, x532) + @intCast(u32, x469)); + var x534: u32 = undefined; + var x535: u32 = undefined; + fiatP384MulxU32(&x534, &x535, x4, (arg1[11])); + var x536: u32 = undefined; + var x537: u32 = undefined; + fiatP384MulxU32(&x536, &x537, x4, (arg1[10])); + var x538: u32 = undefined; + var x539: u32 = undefined; + fiatP384MulxU32(&x538, &x539, x4, (arg1[9])); + var x540: u32 = undefined; + var x541: u32 = undefined; + fiatP384MulxU32(&x540, &x541, x4, (arg1[8])); + var x542: u32 = undefined; + var x543: u32 = undefined; + fiatP384MulxU32(&x542, &x543, x4, (arg1[7])); + var x544: u32 = undefined; + var x545: u32 = undefined; + fiatP384MulxU32(&x544, &x545, x4, (arg1[6])); + var x546: u32 = undefined; + var x547: u32 = undefined; + fiatP384MulxU32(&x546, &x547, x4, (arg1[5])); + var x548: u32 = undefined; + var x549: u32 = undefined; + fiatP384MulxU32(&x548, &x549, x4, (arg1[4])); + var x550: u32 = undefined; + var x551: u32 = undefined; + fiatP384MulxU32(&x550, &x551, x4, (arg1[3])); + var x552: u32 = undefined; + var x553: u32 = undefined; + fiatP384MulxU32(&x552, &x553, x4, (arg1[2])); + var x554: u32 = undefined; + var x555: u32 = undefined; + fiatP384MulxU32(&x554, &x555, x4, (arg1[1])); + var x556: u32 = undefined; + var x557: u32 = undefined; + fiatP384MulxU32(&x556, &x557, x4, (arg1[0])); + var x558: u32 = undefined; + var x559: u1 = undefined; + fiatP384AddcarryxU32(&x558, &x559, 0x0, x557, x554); + var x560: u32 = undefined; + var x561: u1 = undefined; + fiatP384AddcarryxU32(&x560, &x561, x559, x555, x552); + var x562: u32 = undefined; + var x563: u1 = undefined; + fiatP384AddcarryxU32(&x562, &x563, x561, x553, x550); + var x564: u32 = undefined; + var x565: u1 = undefined; + fiatP384AddcarryxU32(&x564, &x565, x563, x551, x548); + var x566: u32 = undefined; + var x567: u1 = undefined; + fiatP384AddcarryxU32(&x566, &x567, x565, x549, x546); + var x568: u32 = undefined; + var x569: u1 = undefined; + fiatP384AddcarryxU32(&x568, &x569, x567, x547, x544); + var x570: u32 = undefined; + var x571: u1 = undefined; + fiatP384AddcarryxU32(&x570, &x571, x569, x545, x542); + var x572: u32 = undefined; + var x573: u1 = undefined; + fiatP384AddcarryxU32(&x572, &x573, x571, x543, x540); + var x574: u32 = undefined; + var x575: u1 = undefined; + fiatP384AddcarryxU32(&x574, &x575, x573, x541, x538); + var x576: u32 = undefined; + var x577: u1 = undefined; + fiatP384AddcarryxU32(&x576, &x577, x575, x539, x536); + var x578: u32 = undefined; + var x579: u1 = undefined; + fiatP384AddcarryxU32(&x578, &x579, x577, x537, x534); + const x580: u32 = (@intCast(u32, x579) + x535); + var x581: u32 = undefined; + var x582: u1 = undefined; + fiatP384AddcarryxU32(&x581, &x582, 0x0, x509, x556); + var x583: u32 = undefined; + var x584: u1 = undefined; + fiatP384AddcarryxU32(&x583, &x584, x582, x511, x558); + var x585: u32 = undefined; + var x586: u1 = undefined; + fiatP384AddcarryxU32(&x585, &x586, x584, x513, x560); + var x587: u32 = undefined; + var x588: u1 = undefined; + fiatP384AddcarryxU32(&x587, &x588, x586, x515, x562); + var x589: u32 = undefined; + var x590: u1 = undefined; + fiatP384AddcarryxU32(&x589, &x590, x588, x517, x564); + var x591: u32 = undefined; + var x592: u1 = undefined; + fiatP384AddcarryxU32(&x591, &x592, x590, x519, x566); + var x593: u32 = undefined; + var x594: u1 = undefined; + fiatP384AddcarryxU32(&x593, &x594, x592, x521, x568); + var x595: u32 = undefined; + var x596: u1 = undefined; + fiatP384AddcarryxU32(&x595, &x596, x594, x523, x570); + var x597: u32 = undefined; + var x598: u1 = undefined; + fiatP384AddcarryxU32(&x597, &x598, x596, x525, x572); + var x599: u32 = undefined; + var x600: u1 = undefined; + fiatP384AddcarryxU32(&x599, &x600, x598, x527, x574); + var x601: u32 = undefined; + var x602: u1 = undefined; + fiatP384AddcarryxU32(&x601, &x602, x600, x529, x576); + var x603: u32 = undefined; + var x604: u1 = undefined; + fiatP384AddcarryxU32(&x603, &x604, x602, x531, x578); + var x605: u32 = undefined; + var x606: u1 = undefined; + fiatP384AddcarryxU32(&x605, &x606, x604, x533, x580); + var x607: u32 = undefined; + var x608: u32 = undefined; + fiatP384MulxU32(&x607, &x608, x581, 0xffffffff); + var x609: u32 = undefined; + var x610: u32 = undefined; + fiatP384MulxU32(&x609, &x610, x581, 0xffffffff); + var x611: u32 = undefined; + var x612: u32 = undefined; + fiatP384MulxU32(&x611, &x612, x581, 0xffffffff); + var x613: u32 = undefined; + var x614: u32 = undefined; + fiatP384MulxU32(&x613, &x614, x581, 0xffffffff); + var x615: u32 = undefined; + var x616: u32 = undefined; + fiatP384MulxU32(&x615, &x616, x581, 0xffffffff); + var x617: u32 = undefined; + var x618: u32 = undefined; + fiatP384MulxU32(&x617, &x618, x581, 0xffffffff); + var x619: u32 = undefined; + var x620: u32 = undefined; + fiatP384MulxU32(&x619, &x620, x581, 0xffffffff); + var x621: u32 = undefined; + var x622: u32 = undefined; + fiatP384MulxU32(&x621, &x622, x581, 0xfffffffe); + var x623: u32 = undefined; + var x624: u32 = undefined; + fiatP384MulxU32(&x623, &x624, x581, 0xffffffff); + var x625: u32 = undefined; + var x626: u32 = undefined; + fiatP384MulxU32(&x625, &x626, x581, 0xffffffff); + var x627: u32 = undefined; + var x628: u1 = undefined; + fiatP384AddcarryxU32(&x627, &x628, 0x0, x624, x621); + var x629: u32 = undefined; + var x630: u1 = undefined; + fiatP384AddcarryxU32(&x629, &x630, x628, x622, x619); + var x631: u32 = undefined; + var x632: u1 = undefined; + fiatP384AddcarryxU32(&x631, &x632, x630, x620, x617); + var x633: u32 = undefined; + var x634: u1 = undefined; + fiatP384AddcarryxU32(&x633, &x634, x632, x618, x615); + var x635: u32 = undefined; + var x636: u1 = undefined; + fiatP384AddcarryxU32(&x635, &x636, x634, x616, x613); + var x637: u32 = undefined; + var x638: u1 = undefined; + fiatP384AddcarryxU32(&x637, &x638, x636, x614, x611); + var x639: u32 = undefined; + var x640: u1 = undefined; + fiatP384AddcarryxU32(&x639, &x640, x638, x612, x609); + var x641: u32 = undefined; + var x642: u1 = undefined; + fiatP384AddcarryxU32(&x641, &x642, x640, x610, x607); + const x643: u32 = (@intCast(u32, x642) + x608); + var x644: u32 = undefined; + var x645: u1 = undefined; + fiatP384AddcarryxU32(&x644, &x645, 0x0, x581, x625); + var x646: u32 = undefined; + var x647: u1 = undefined; + fiatP384AddcarryxU32(&x646, &x647, x645, x583, x626); + var x648: u32 = undefined; + var x649: u1 = undefined; + fiatP384AddcarryxU32(&x648, &x649, x647, x585, @intCast(u32, 0x0)); + var x650: u32 = undefined; + var x651: u1 = undefined; + fiatP384AddcarryxU32(&x650, &x651, x649, x587, x623); + var x652: u32 = undefined; + var x653: u1 = undefined; + fiatP384AddcarryxU32(&x652, &x653, x651, x589, x627); + var x654: u32 = undefined; + var x655: u1 = undefined; + fiatP384AddcarryxU32(&x654, &x655, x653, x591, x629); + var x656: u32 = undefined; + var x657: u1 = undefined; + fiatP384AddcarryxU32(&x656, &x657, x655, x593, x631); + var x658: u32 = undefined; + var x659: u1 = undefined; + fiatP384AddcarryxU32(&x658, &x659, x657, x595, x633); + var x660: u32 = undefined; + var x661: u1 = undefined; + fiatP384AddcarryxU32(&x660, &x661, x659, x597, x635); + var x662: u32 = undefined; + var x663: u1 = undefined; + fiatP384AddcarryxU32(&x662, &x663, x661, x599, x637); + var x664: u32 = undefined; + var x665: u1 = undefined; + fiatP384AddcarryxU32(&x664, &x665, x663, x601, x639); + var x666: u32 = undefined; + var x667: u1 = undefined; + fiatP384AddcarryxU32(&x666, &x667, x665, x603, x641); + var x668: u32 = undefined; + var x669: u1 = undefined; + fiatP384AddcarryxU32(&x668, &x669, x667, x605, x643); + const x670: u32 = (@intCast(u32, x669) + @intCast(u32, x606)); + var x671: u32 = undefined; + var x672: u32 = undefined; + fiatP384MulxU32(&x671, &x672, x5, (arg1[11])); + var x673: u32 = undefined; + var x674: u32 = undefined; + fiatP384MulxU32(&x673, &x674, x5, (arg1[10])); + var x675: u32 = undefined; + var x676: u32 = undefined; + fiatP384MulxU32(&x675, &x676, x5, (arg1[9])); + var x677: u32 = undefined; + var x678: u32 = undefined; + fiatP384MulxU32(&x677, &x678, x5, (arg1[8])); + var x679: u32 = undefined; + var x680: u32 = undefined; + fiatP384MulxU32(&x679, &x680, x5, (arg1[7])); + var x681: u32 = undefined; + var x682: u32 = undefined; + fiatP384MulxU32(&x681, &x682, x5, (arg1[6])); + var x683: u32 = undefined; + var x684: u32 = undefined; + fiatP384MulxU32(&x683, &x684, x5, (arg1[5])); + var x685: u32 = undefined; + var x686: u32 = undefined; + fiatP384MulxU32(&x685, &x686, x5, (arg1[4])); + var x687: u32 = undefined; + var x688: u32 = undefined; + fiatP384MulxU32(&x687, &x688, x5, (arg1[3])); + var x689: u32 = undefined; + var x690: u32 = undefined; + fiatP384MulxU32(&x689, &x690, x5, (arg1[2])); + var x691: u32 = undefined; + var x692: u32 = undefined; + fiatP384MulxU32(&x691, &x692, x5, (arg1[1])); + var x693: u32 = undefined; + var x694: u32 = undefined; + fiatP384MulxU32(&x693, &x694, x5, (arg1[0])); + var x695: u32 = undefined; + var x696: u1 = undefined; + fiatP384AddcarryxU32(&x695, &x696, 0x0, x694, x691); + var x697: u32 = undefined; + var x698: u1 = undefined; + fiatP384AddcarryxU32(&x697, &x698, x696, x692, x689); + var x699: u32 = undefined; + var x700: u1 = undefined; + fiatP384AddcarryxU32(&x699, &x700, x698, x690, x687); + var x701: u32 = undefined; + var x702: u1 = undefined; + fiatP384AddcarryxU32(&x701, &x702, x700, x688, x685); + var x703: u32 = undefined; + var x704: u1 = undefined; + fiatP384AddcarryxU32(&x703, &x704, x702, x686, x683); + var x705: u32 = undefined; + var x706: u1 = undefined; + fiatP384AddcarryxU32(&x705, &x706, x704, x684, x681); + var x707: u32 = undefined; + var x708: u1 = undefined; + fiatP384AddcarryxU32(&x707, &x708, x706, x682, x679); + var x709: u32 = undefined; + var x710: u1 = undefined; + fiatP384AddcarryxU32(&x709, &x710, x708, x680, x677); + var x711: u32 = undefined; + var x712: u1 = undefined; + fiatP384AddcarryxU32(&x711, &x712, x710, x678, x675); + var x713: u32 = undefined; + var x714: u1 = undefined; + fiatP384AddcarryxU32(&x713, &x714, x712, x676, x673); + var x715: u32 = undefined; + var x716: u1 = undefined; + fiatP384AddcarryxU32(&x715, &x716, x714, x674, x671); + const x717: u32 = (@intCast(u32, x716) + x672); + var x718: u32 = undefined; + var x719: u1 = undefined; + fiatP384AddcarryxU32(&x718, &x719, 0x0, x646, x693); + var x720: u32 = undefined; + var x721: u1 = undefined; + fiatP384AddcarryxU32(&x720, &x721, x719, x648, x695); + var x722: u32 = undefined; + var x723: u1 = undefined; + fiatP384AddcarryxU32(&x722, &x723, x721, x650, x697); + var x724: u32 = undefined; + var x725: u1 = undefined; + fiatP384AddcarryxU32(&x724, &x725, x723, x652, x699); + var x726: u32 = undefined; + var x727: u1 = undefined; + fiatP384AddcarryxU32(&x726, &x727, x725, x654, x701); + var x728: u32 = undefined; + var x729: u1 = undefined; + fiatP384AddcarryxU32(&x728, &x729, x727, x656, x703); + var x730: u32 = undefined; + var x731: u1 = undefined; + fiatP384AddcarryxU32(&x730, &x731, x729, x658, x705); + var x732: u32 = undefined; + var x733: u1 = undefined; + fiatP384AddcarryxU32(&x732, &x733, x731, x660, x707); + var x734: u32 = undefined; + var x735: u1 = undefined; + fiatP384AddcarryxU32(&x734, &x735, x733, x662, x709); + var x736: u32 = undefined; + var x737: u1 = undefined; + fiatP384AddcarryxU32(&x736, &x737, x735, x664, x711); + var x738: u32 = undefined; + var x739: u1 = undefined; + fiatP384AddcarryxU32(&x738, &x739, x737, x666, x713); + var x740: u32 = undefined; + var x741: u1 = undefined; + fiatP384AddcarryxU32(&x740, &x741, x739, x668, x715); + var x742: u32 = undefined; + var x743: u1 = undefined; + fiatP384AddcarryxU32(&x742, &x743, x741, x670, x717); + var x744: u32 = undefined; + var x745: u32 = undefined; + fiatP384MulxU32(&x744, &x745, x718, 0xffffffff); + var x746: u32 = undefined; + var x747: u32 = undefined; + fiatP384MulxU32(&x746, &x747, x718, 0xffffffff); + var x748: u32 = undefined; + var x749: u32 = undefined; + fiatP384MulxU32(&x748, &x749, x718, 0xffffffff); + var x750: u32 = undefined; + var x751: u32 = undefined; + fiatP384MulxU32(&x750, &x751, x718, 0xffffffff); + var x752: u32 = undefined; + var x753: u32 = undefined; + fiatP384MulxU32(&x752, &x753, x718, 0xffffffff); + var x754: u32 = undefined; + var x755: u32 = undefined; + fiatP384MulxU32(&x754, &x755, x718, 0xffffffff); + var x756: u32 = undefined; + var x757: u32 = undefined; + fiatP384MulxU32(&x756, &x757, x718, 0xffffffff); + var x758: u32 = undefined; + var x759: u32 = undefined; + fiatP384MulxU32(&x758, &x759, x718, 0xfffffffe); + var x760: u32 = undefined; + var x761: u32 = undefined; + fiatP384MulxU32(&x760, &x761, x718, 0xffffffff); + var x762: u32 = undefined; + var x763: u32 = undefined; + fiatP384MulxU32(&x762, &x763, x718, 0xffffffff); + var x764: u32 = undefined; + var x765: u1 = undefined; + fiatP384AddcarryxU32(&x764, &x765, 0x0, x761, x758); + var x766: u32 = undefined; + var x767: u1 = undefined; + fiatP384AddcarryxU32(&x766, &x767, x765, x759, x756); + var x768: u32 = undefined; + var x769: u1 = undefined; + fiatP384AddcarryxU32(&x768, &x769, x767, x757, x754); + var x770: u32 = undefined; + var x771: u1 = undefined; + fiatP384AddcarryxU32(&x770, &x771, x769, x755, x752); + var x772: u32 = undefined; + var x773: u1 = undefined; + fiatP384AddcarryxU32(&x772, &x773, x771, x753, x750); + var x774: u32 = undefined; + var x775: u1 = undefined; + fiatP384AddcarryxU32(&x774, &x775, x773, x751, x748); + var x776: u32 = undefined; + var x777: u1 = undefined; + fiatP384AddcarryxU32(&x776, &x777, x775, x749, x746); + var x778: u32 = undefined; + var x779: u1 = undefined; + fiatP384AddcarryxU32(&x778, &x779, x777, x747, x744); + const x780: u32 = (@intCast(u32, x779) + x745); + var x781: u32 = undefined; + var x782: u1 = undefined; + fiatP384AddcarryxU32(&x781, &x782, 0x0, x718, x762); + var x783: u32 = undefined; + var x784: u1 = undefined; + fiatP384AddcarryxU32(&x783, &x784, x782, x720, x763); + var x785: u32 = undefined; + var x786: u1 = undefined; + fiatP384AddcarryxU32(&x785, &x786, x784, x722, @intCast(u32, 0x0)); + var x787: u32 = undefined; + var x788: u1 = undefined; + fiatP384AddcarryxU32(&x787, &x788, x786, x724, x760); + var x789: u32 = undefined; + var x790: u1 = undefined; + fiatP384AddcarryxU32(&x789, &x790, x788, x726, x764); + var x791: u32 = undefined; + var x792: u1 = undefined; + fiatP384AddcarryxU32(&x791, &x792, x790, x728, x766); + var x793: u32 = undefined; + var x794: u1 = undefined; + fiatP384AddcarryxU32(&x793, &x794, x792, x730, x768); + var x795: u32 = undefined; + var x796: u1 = undefined; + fiatP384AddcarryxU32(&x795, &x796, x794, x732, x770); + var x797: u32 = undefined; + var x798: u1 = undefined; + fiatP384AddcarryxU32(&x797, &x798, x796, x734, x772); + var x799: u32 = undefined; + var x800: u1 = undefined; + fiatP384AddcarryxU32(&x799, &x800, x798, x736, x774); + var x801: u32 = undefined; + var x802: u1 = undefined; + fiatP384AddcarryxU32(&x801, &x802, x800, x738, x776); + var x803: u32 = undefined; + var x804: u1 = undefined; + fiatP384AddcarryxU32(&x803, &x804, x802, x740, x778); + var x805: u32 = undefined; + var x806: u1 = undefined; + fiatP384AddcarryxU32(&x805, &x806, x804, x742, x780); + const x807: u32 = (@intCast(u32, x806) + @intCast(u32, x743)); + var x808: u32 = undefined; + var x809: u32 = undefined; + fiatP384MulxU32(&x808, &x809, x6, (arg1[11])); + var x810: u32 = undefined; + var x811: u32 = undefined; + fiatP384MulxU32(&x810, &x811, x6, (arg1[10])); + var x812: u32 = undefined; + var x813: u32 = undefined; + fiatP384MulxU32(&x812, &x813, x6, (arg1[9])); + var x814: u32 = undefined; + var x815: u32 = undefined; + fiatP384MulxU32(&x814, &x815, x6, (arg1[8])); + var x816: u32 = undefined; + var x817: u32 = undefined; + fiatP384MulxU32(&x816, &x817, x6, (arg1[7])); + var x818: u32 = undefined; + var x819: u32 = undefined; + fiatP384MulxU32(&x818, &x819, x6, (arg1[6])); + var x820: u32 = undefined; + var x821: u32 = undefined; + fiatP384MulxU32(&x820, &x821, x6, (arg1[5])); + var x822: u32 = undefined; + var x823: u32 = undefined; + fiatP384MulxU32(&x822, &x823, x6, (arg1[4])); + var x824: u32 = undefined; + var x825: u32 = undefined; + fiatP384MulxU32(&x824, &x825, x6, (arg1[3])); + var x826: u32 = undefined; + var x827: u32 = undefined; + fiatP384MulxU32(&x826, &x827, x6, (arg1[2])); + var x828: u32 = undefined; + var x829: u32 = undefined; + fiatP384MulxU32(&x828, &x829, x6, (arg1[1])); + var x830: u32 = undefined; + var x831: u32 = undefined; + fiatP384MulxU32(&x830, &x831, x6, (arg1[0])); + var x832: u32 = undefined; + var x833: u1 = undefined; + fiatP384AddcarryxU32(&x832, &x833, 0x0, x831, x828); + var x834: u32 = undefined; + var x835: u1 = undefined; + fiatP384AddcarryxU32(&x834, &x835, x833, x829, x826); + var x836: u32 = undefined; + var x837: u1 = undefined; + fiatP384AddcarryxU32(&x836, &x837, x835, x827, x824); + var x838: u32 = undefined; + var x839: u1 = undefined; + fiatP384AddcarryxU32(&x838, &x839, x837, x825, x822); + var x840: u32 = undefined; + var x841: u1 = undefined; + fiatP384AddcarryxU32(&x840, &x841, x839, x823, x820); + var x842: u32 = undefined; + var x843: u1 = undefined; + fiatP384AddcarryxU32(&x842, &x843, x841, x821, x818); + var x844: u32 = undefined; + var x845: u1 = undefined; + fiatP384AddcarryxU32(&x844, &x845, x843, x819, x816); + var x846: u32 = undefined; + var x847: u1 = undefined; + fiatP384AddcarryxU32(&x846, &x847, x845, x817, x814); + var x848: u32 = undefined; + var x849: u1 = undefined; + fiatP384AddcarryxU32(&x848, &x849, x847, x815, x812); + var x850: u32 = undefined; + var x851: u1 = undefined; + fiatP384AddcarryxU32(&x850, &x851, x849, x813, x810); + var x852: u32 = undefined; + var x853: u1 = undefined; + fiatP384AddcarryxU32(&x852, &x853, x851, x811, x808); + const x854: u32 = (@intCast(u32, x853) + x809); + var x855: u32 = undefined; + var x856: u1 = undefined; + fiatP384AddcarryxU32(&x855, &x856, 0x0, x783, x830); + var x857: u32 = undefined; + var x858: u1 = undefined; + fiatP384AddcarryxU32(&x857, &x858, x856, x785, x832); + var x859: u32 = undefined; + var x860: u1 = undefined; + fiatP384AddcarryxU32(&x859, &x860, x858, x787, x834); + var x861: u32 = undefined; + var x862: u1 = undefined; + fiatP384AddcarryxU32(&x861, &x862, x860, x789, x836); + var x863: u32 = undefined; + var x864: u1 = undefined; + fiatP384AddcarryxU32(&x863, &x864, x862, x791, x838); + var x865: u32 = undefined; + var x866: u1 = undefined; + fiatP384AddcarryxU32(&x865, &x866, x864, x793, x840); + var x867: u32 = undefined; + var x868: u1 = undefined; + fiatP384AddcarryxU32(&x867, &x868, x866, x795, x842); + var x869: u32 = undefined; + var x870: u1 = undefined; + fiatP384AddcarryxU32(&x869, &x870, x868, x797, x844); + var x871: u32 = undefined; + var x872: u1 = undefined; + fiatP384AddcarryxU32(&x871, &x872, x870, x799, x846); + var x873: u32 = undefined; + var x874: u1 = undefined; + fiatP384AddcarryxU32(&x873, &x874, x872, x801, x848); + var x875: u32 = undefined; + var x876: u1 = undefined; + fiatP384AddcarryxU32(&x875, &x876, x874, x803, x850); + var x877: u32 = undefined; + var x878: u1 = undefined; + fiatP384AddcarryxU32(&x877, &x878, x876, x805, x852); + var x879: u32 = undefined; + var x880: u1 = undefined; + fiatP384AddcarryxU32(&x879, &x880, x878, x807, x854); + var x881: u32 = undefined; + var x882: u32 = undefined; + fiatP384MulxU32(&x881, &x882, x855, 0xffffffff); + var x883: u32 = undefined; + var x884: u32 = undefined; + fiatP384MulxU32(&x883, &x884, x855, 0xffffffff); + var x885: u32 = undefined; + var x886: u32 = undefined; + fiatP384MulxU32(&x885, &x886, x855, 0xffffffff); + var x887: u32 = undefined; + var x888: u32 = undefined; + fiatP384MulxU32(&x887, &x888, x855, 0xffffffff); + var x889: u32 = undefined; + var x890: u32 = undefined; + fiatP384MulxU32(&x889, &x890, x855, 0xffffffff); + var x891: u32 = undefined; + var x892: u32 = undefined; + fiatP384MulxU32(&x891, &x892, x855, 0xffffffff); + var x893: u32 = undefined; + var x894: u32 = undefined; + fiatP384MulxU32(&x893, &x894, x855, 0xffffffff); + var x895: u32 = undefined; + var x896: u32 = undefined; + fiatP384MulxU32(&x895, &x896, x855, 0xfffffffe); + var x897: u32 = undefined; + var x898: u32 = undefined; + fiatP384MulxU32(&x897, &x898, x855, 0xffffffff); + var x899: u32 = undefined; + var x900: u32 = undefined; + fiatP384MulxU32(&x899, &x900, x855, 0xffffffff); + var x901: u32 = undefined; + var x902: u1 = undefined; + fiatP384AddcarryxU32(&x901, &x902, 0x0, x898, x895); + var x903: u32 = undefined; + var x904: u1 = undefined; + fiatP384AddcarryxU32(&x903, &x904, x902, x896, x893); + var x905: u32 = undefined; + var x906: u1 = undefined; + fiatP384AddcarryxU32(&x905, &x906, x904, x894, x891); + var x907: u32 = undefined; + var x908: u1 = undefined; + fiatP384AddcarryxU32(&x907, &x908, x906, x892, x889); + var x909: u32 = undefined; + var x910: u1 = undefined; + fiatP384AddcarryxU32(&x909, &x910, x908, x890, x887); + var x911: u32 = undefined; + var x912: u1 = undefined; + fiatP384AddcarryxU32(&x911, &x912, x910, x888, x885); + var x913: u32 = undefined; + var x914: u1 = undefined; + fiatP384AddcarryxU32(&x913, &x914, x912, x886, x883); + var x915: u32 = undefined; + var x916: u1 = undefined; + fiatP384AddcarryxU32(&x915, &x916, x914, x884, x881); + const x917: u32 = (@intCast(u32, x916) + x882); + var x918: u32 = undefined; + var x919: u1 = undefined; + fiatP384AddcarryxU32(&x918, &x919, 0x0, x855, x899); + var x920: u32 = undefined; + var x921: u1 = undefined; + fiatP384AddcarryxU32(&x920, &x921, x919, x857, x900); + var x922: u32 = undefined; + var x923: u1 = undefined; + fiatP384AddcarryxU32(&x922, &x923, x921, x859, @intCast(u32, 0x0)); + var x924: u32 = undefined; + var x925: u1 = undefined; + fiatP384AddcarryxU32(&x924, &x925, x923, x861, x897); + var x926: u32 = undefined; + var x927: u1 = undefined; + fiatP384AddcarryxU32(&x926, &x927, x925, x863, x901); + var x928: u32 = undefined; + var x929: u1 = undefined; + fiatP384AddcarryxU32(&x928, &x929, x927, x865, x903); + var x930: u32 = undefined; + var x931: u1 = undefined; + fiatP384AddcarryxU32(&x930, &x931, x929, x867, x905); + var x932: u32 = undefined; + var x933: u1 = undefined; + fiatP384AddcarryxU32(&x932, &x933, x931, x869, x907); + var x934: u32 = undefined; + var x935: u1 = undefined; + fiatP384AddcarryxU32(&x934, &x935, x933, x871, x909); + var x936: u32 = undefined; + var x937: u1 = undefined; + fiatP384AddcarryxU32(&x936, &x937, x935, x873, x911); + var x938: u32 = undefined; + var x939: u1 = undefined; + fiatP384AddcarryxU32(&x938, &x939, x937, x875, x913); + var x940: u32 = undefined; + var x941: u1 = undefined; + fiatP384AddcarryxU32(&x940, &x941, x939, x877, x915); + var x942: u32 = undefined; + var x943: u1 = undefined; + fiatP384AddcarryxU32(&x942, &x943, x941, x879, x917); + const x944: u32 = (@intCast(u32, x943) + @intCast(u32, x880)); + var x945: u32 = undefined; + var x946: u32 = undefined; + fiatP384MulxU32(&x945, &x946, x7, (arg1[11])); + var x947: u32 = undefined; + var x948: u32 = undefined; + fiatP384MulxU32(&x947, &x948, x7, (arg1[10])); + var x949: u32 = undefined; + var x950: u32 = undefined; + fiatP384MulxU32(&x949, &x950, x7, (arg1[9])); + var x951: u32 = undefined; + var x952: u32 = undefined; + fiatP384MulxU32(&x951, &x952, x7, (arg1[8])); + var x953: u32 = undefined; + var x954: u32 = undefined; + fiatP384MulxU32(&x953, &x954, x7, (arg1[7])); + var x955: u32 = undefined; + var x956: u32 = undefined; + fiatP384MulxU32(&x955, &x956, x7, (arg1[6])); + var x957: u32 = undefined; + var x958: u32 = undefined; + fiatP384MulxU32(&x957, &x958, x7, (arg1[5])); + var x959: u32 = undefined; + var x960: u32 = undefined; + fiatP384MulxU32(&x959, &x960, x7, (arg1[4])); + var x961: u32 = undefined; + var x962: u32 = undefined; + fiatP384MulxU32(&x961, &x962, x7, (arg1[3])); + var x963: u32 = undefined; + var x964: u32 = undefined; + fiatP384MulxU32(&x963, &x964, x7, (arg1[2])); + var x965: u32 = undefined; + var x966: u32 = undefined; + fiatP384MulxU32(&x965, &x966, x7, (arg1[1])); + var x967: u32 = undefined; + var x968: u32 = undefined; + fiatP384MulxU32(&x967, &x968, x7, (arg1[0])); + var x969: u32 = undefined; + var x970: u1 = undefined; + fiatP384AddcarryxU32(&x969, &x970, 0x0, x968, x965); + var x971: u32 = undefined; + var x972: u1 = undefined; + fiatP384AddcarryxU32(&x971, &x972, x970, x966, x963); + var x973: u32 = undefined; + var x974: u1 = undefined; + fiatP384AddcarryxU32(&x973, &x974, x972, x964, x961); + var x975: u32 = undefined; + var x976: u1 = undefined; + fiatP384AddcarryxU32(&x975, &x976, x974, x962, x959); + var x977: u32 = undefined; + var x978: u1 = undefined; + fiatP384AddcarryxU32(&x977, &x978, x976, x960, x957); + var x979: u32 = undefined; + var x980: u1 = undefined; + fiatP384AddcarryxU32(&x979, &x980, x978, x958, x955); + var x981: u32 = undefined; + var x982: u1 = undefined; + fiatP384AddcarryxU32(&x981, &x982, x980, x956, x953); + var x983: u32 = undefined; + var x984: u1 = undefined; + fiatP384AddcarryxU32(&x983, &x984, x982, x954, x951); + var x985: u32 = undefined; + var x986: u1 = undefined; + fiatP384AddcarryxU32(&x985, &x986, x984, x952, x949); + var x987: u32 = undefined; + var x988: u1 = undefined; + fiatP384AddcarryxU32(&x987, &x988, x986, x950, x947); + var x989: u32 = undefined; + var x990: u1 = undefined; + fiatP384AddcarryxU32(&x989, &x990, x988, x948, x945); + const x991: u32 = (@intCast(u32, x990) + x946); + var x992: u32 = undefined; + var x993: u1 = undefined; + fiatP384AddcarryxU32(&x992, &x993, 0x0, x920, x967); + var x994: u32 = undefined; + var x995: u1 = undefined; + fiatP384AddcarryxU32(&x994, &x995, x993, x922, x969); + var x996: u32 = undefined; + var x997: u1 = undefined; + fiatP384AddcarryxU32(&x996, &x997, x995, x924, x971); + var x998: u32 = undefined; + var x999: u1 = undefined; + fiatP384AddcarryxU32(&x998, &x999, x997, x926, x973); + var x1000: u32 = undefined; + var x1001: u1 = undefined; + fiatP384AddcarryxU32(&x1000, &x1001, x999, x928, x975); + var x1002: u32 = undefined; + var x1003: u1 = undefined; + fiatP384AddcarryxU32(&x1002, &x1003, x1001, x930, x977); + var x1004: u32 = undefined; + var x1005: u1 = undefined; + fiatP384AddcarryxU32(&x1004, &x1005, x1003, x932, x979); + var x1006: u32 = undefined; + var x1007: u1 = undefined; + fiatP384AddcarryxU32(&x1006, &x1007, x1005, x934, x981); + var x1008: u32 = undefined; + var x1009: u1 = undefined; + fiatP384AddcarryxU32(&x1008, &x1009, x1007, x936, x983); + var x1010: u32 = undefined; + var x1011: u1 = undefined; + fiatP384AddcarryxU32(&x1010, &x1011, x1009, x938, x985); + var x1012: u32 = undefined; + var x1013: u1 = undefined; + fiatP384AddcarryxU32(&x1012, &x1013, x1011, x940, x987); + var x1014: u32 = undefined; + var x1015: u1 = undefined; + fiatP384AddcarryxU32(&x1014, &x1015, x1013, x942, x989); + var x1016: u32 = undefined; + var x1017: u1 = undefined; + fiatP384AddcarryxU32(&x1016, &x1017, x1015, x944, x991); + var x1018: u32 = undefined; + var x1019: u32 = undefined; + fiatP384MulxU32(&x1018, &x1019, x992, 0xffffffff); + var x1020: u32 = undefined; + var x1021: u32 = undefined; + fiatP384MulxU32(&x1020, &x1021, x992, 0xffffffff); + var x1022: u32 = undefined; + var x1023: u32 = undefined; + fiatP384MulxU32(&x1022, &x1023, x992, 0xffffffff); + var x1024: u32 = undefined; + var x1025: u32 = undefined; + fiatP384MulxU32(&x1024, &x1025, x992, 0xffffffff); + var x1026: u32 = undefined; + var x1027: u32 = undefined; + fiatP384MulxU32(&x1026, &x1027, x992, 0xffffffff); + var x1028: u32 = undefined; + var x1029: u32 = undefined; + fiatP384MulxU32(&x1028, &x1029, x992, 0xffffffff); + var x1030: u32 = undefined; + var x1031: u32 = undefined; + fiatP384MulxU32(&x1030, &x1031, x992, 0xffffffff); + var x1032: u32 = undefined; + var x1033: u32 = undefined; + fiatP384MulxU32(&x1032, &x1033, x992, 0xfffffffe); + var x1034: u32 = undefined; + var x1035: u32 = undefined; + fiatP384MulxU32(&x1034, &x1035, x992, 0xffffffff); + var x1036: u32 = undefined; + var x1037: u32 = undefined; + fiatP384MulxU32(&x1036, &x1037, x992, 0xffffffff); + var x1038: u32 = undefined; + var x1039: u1 = undefined; + fiatP384AddcarryxU32(&x1038, &x1039, 0x0, x1035, x1032); + var x1040: u32 = undefined; + var x1041: u1 = undefined; + fiatP384AddcarryxU32(&x1040, &x1041, x1039, x1033, x1030); + var x1042: u32 = undefined; + var x1043: u1 = undefined; + fiatP384AddcarryxU32(&x1042, &x1043, x1041, x1031, x1028); + var x1044: u32 = undefined; + var x1045: u1 = undefined; + fiatP384AddcarryxU32(&x1044, &x1045, x1043, x1029, x1026); + var x1046: u32 = undefined; + var x1047: u1 = undefined; + fiatP384AddcarryxU32(&x1046, &x1047, x1045, x1027, x1024); + var x1048: u32 = undefined; + var x1049: u1 = undefined; + fiatP384AddcarryxU32(&x1048, &x1049, x1047, x1025, x1022); + var x1050: u32 = undefined; + var x1051: u1 = undefined; + fiatP384AddcarryxU32(&x1050, &x1051, x1049, x1023, x1020); + var x1052: u32 = undefined; + var x1053: u1 = undefined; + fiatP384AddcarryxU32(&x1052, &x1053, x1051, x1021, x1018); + const x1054: u32 = (@intCast(u32, x1053) + x1019); + var x1055: u32 = undefined; + var x1056: u1 = undefined; + fiatP384AddcarryxU32(&x1055, &x1056, 0x0, x992, x1036); + var x1057: u32 = undefined; + var x1058: u1 = undefined; + fiatP384AddcarryxU32(&x1057, &x1058, x1056, x994, x1037); + var x1059: u32 = undefined; + var x1060: u1 = undefined; + fiatP384AddcarryxU32(&x1059, &x1060, x1058, x996, @intCast(u32, 0x0)); + var x1061: u32 = undefined; + var x1062: u1 = undefined; + fiatP384AddcarryxU32(&x1061, &x1062, x1060, x998, x1034); + var x1063: u32 = undefined; + var x1064: u1 = undefined; + fiatP384AddcarryxU32(&x1063, &x1064, x1062, x1000, x1038); + var x1065: u32 = undefined; + var x1066: u1 = undefined; + fiatP384AddcarryxU32(&x1065, &x1066, x1064, x1002, x1040); + var x1067: u32 = undefined; + var x1068: u1 = undefined; + fiatP384AddcarryxU32(&x1067, &x1068, x1066, x1004, x1042); + var x1069: u32 = undefined; + var x1070: u1 = undefined; + fiatP384AddcarryxU32(&x1069, &x1070, x1068, x1006, x1044); + var x1071: u32 = undefined; + var x1072: u1 = undefined; + fiatP384AddcarryxU32(&x1071, &x1072, x1070, x1008, x1046); + var x1073: u32 = undefined; + var x1074: u1 = undefined; + fiatP384AddcarryxU32(&x1073, &x1074, x1072, x1010, x1048); + var x1075: u32 = undefined; + var x1076: u1 = undefined; + fiatP384AddcarryxU32(&x1075, &x1076, x1074, x1012, x1050); + var x1077: u32 = undefined; + var x1078: u1 = undefined; + fiatP384AddcarryxU32(&x1077, &x1078, x1076, x1014, x1052); + var x1079: u32 = undefined; + var x1080: u1 = undefined; + fiatP384AddcarryxU32(&x1079, &x1080, x1078, x1016, x1054); + const x1081: u32 = (@intCast(u32, x1080) + @intCast(u32, x1017)); + var x1082: u32 = undefined; + var x1083: u32 = undefined; + fiatP384MulxU32(&x1082, &x1083, x8, (arg1[11])); + var x1084: u32 = undefined; + var x1085: u32 = undefined; + fiatP384MulxU32(&x1084, &x1085, x8, (arg1[10])); + var x1086: u32 = undefined; + var x1087: u32 = undefined; + fiatP384MulxU32(&x1086, &x1087, x8, (arg1[9])); + var x1088: u32 = undefined; + var x1089: u32 = undefined; + fiatP384MulxU32(&x1088, &x1089, x8, (arg1[8])); + var x1090: u32 = undefined; + var x1091: u32 = undefined; + fiatP384MulxU32(&x1090, &x1091, x8, (arg1[7])); + var x1092: u32 = undefined; + var x1093: u32 = undefined; + fiatP384MulxU32(&x1092, &x1093, x8, (arg1[6])); + var x1094: u32 = undefined; + var x1095: u32 = undefined; + fiatP384MulxU32(&x1094, &x1095, x8, (arg1[5])); + var x1096: u32 = undefined; + var x1097: u32 = undefined; + fiatP384MulxU32(&x1096, &x1097, x8, (arg1[4])); + var x1098: u32 = undefined; + var x1099: u32 = undefined; + fiatP384MulxU32(&x1098, &x1099, x8, (arg1[3])); + var x1100: u32 = undefined; + var x1101: u32 = undefined; + fiatP384MulxU32(&x1100, &x1101, x8, (arg1[2])); + var x1102: u32 = undefined; + var x1103: u32 = undefined; + fiatP384MulxU32(&x1102, &x1103, x8, (arg1[1])); + var x1104: u32 = undefined; + var x1105: u32 = undefined; + fiatP384MulxU32(&x1104, &x1105, x8, (arg1[0])); + var x1106: u32 = undefined; + var x1107: u1 = undefined; + fiatP384AddcarryxU32(&x1106, &x1107, 0x0, x1105, x1102); + var x1108: u32 = undefined; + var x1109: u1 = undefined; + fiatP384AddcarryxU32(&x1108, &x1109, x1107, x1103, x1100); + var x1110: u32 = undefined; + var x1111: u1 = undefined; + fiatP384AddcarryxU32(&x1110, &x1111, x1109, x1101, x1098); + var x1112: u32 = undefined; + var x1113: u1 = undefined; + fiatP384AddcarryxU32(&x1112, &x1113, x1111, x1099, x1096); + var x1114: u32 = undefined; + var x1115: u1 = undefined; + fiatP384AddcarryxU32(&x1114, &x1115, x1113, x1097, x1094); + var x1116: u32 = undefined; + var x1117: u1 = undefined; + fiatP384AddcarryxU32(&x1116, &x1117, x1115, x1095, x1092); + var x1118: u32 = undefined; + var x1119: u1 = undefined; + fiatP384AddcarryxU32(&x1118, &x1119, x1117, x1093, x1090); + var x1120: u32 = undefined; + var x1121: u1 = undefined; + fiatP384AddcarryxU32(&x1120, &x1121, x1119, x1091, x1088); + var x1122: u32 = undefined; + var x1123: u1 = undefined; + fiatP384AddcarryxU32(&x1122, &x1123, x1121, x1089, x1086); + var x1124: u32 = undefined; + var x1125: u1 = undefined; + fiatP384AddcarryxU32(&x1124, &x1125, x1123, x1087, x1084); + var x1126: u32 = undefined; + var x1127: u1 = undefined; + fiatP384AddcarryxU32(&x1126, &x1127, x1125, x1085, x1082); + const x1128: u32 = (@intCast(u32, x1127) + x1083); + var x1129: u32 = undefined; + var x1130: u1 = undefined; + fiatP384AddcarryxU32(&x1129, &x1130, 0x0, x1057, x1104); + var x1131: u32 = undefined; + var x1132: u1 = undefined; + fiatP384AddcarryxU32(&x1131, &x1132, x1130, x1059, x1106); + var x1133: u32 = undefined; + var x1134: u1 = undefined; + fiatP384AddcarryxU32(&x1133, &x1134, x1132, x1061, x1108); + var x1135: u32 = undefined; + var x1136: u1 = undefined; + fiatP384AddcarryxU32(&x1135, &x1136, x1134, x1063, x1110); + var x1137: u32 = undefined; + var x1138: u1 = undefined; + fiatP384AddcarryxU32(&x1137, &x1138, x1136, x1065, x1112); + var x1139: u32 = undefined; + var x1140: u1 = undefined; + fiatP384AddcarryxU32(&x1139, &x1140, x1138, x1067, x1114); + var x1141: u32 = undefined; + var x1142: u1 = undefined; + fiatP384AddcarryxU32(&x1141, &x1142, x1140, x1069, x1116); + var x1143: u32 = undefined; + var x1144: u1 = undefined; + fiatP384AddcarryxU32(&x1143, &x1144, x1142, x1071, x1118); + var x1145: u32 = undefined; + var x1146: u1 = undefined; + fiatP384AddcarryxU32(&x1145, &x1146, x1144, x1073, x1120); + var x1147: u32 = undefined; + var x1148: u1 = undefined; + fiatP384AddcarryxU32(&x1147, &x1148, x1146, x1075, x1122); + var x1149: u32 = undefined; + var x1150: u1 = undefined; + fiatP384AddcarryxU32(&x1149, &x1150, x1148, x1077, x1124); + var x1151: u32 = undefined; + var x1152: u1 = undefined; + fiatP384AddcarryxU32(&x1151, &x1152, x1150, x1079, x1126); + var x1153: u32 = undefined; + var x1154: u1 = undefined; + fiatP384AddcarryxU32(&x1153, &x1154, x1152, x1081, x1128); + var x1155: u32 = undefined; + var x1156: u32 = undefined; + fiatP384MulxU32(&x1155, &x1156, x1129, 0xffffffff); + var x1157: u32 = undefined; + var x1158: u32 = undefined; + fiatP384MulxU32(&x1157, &x1158, x1129, 0xffffffff); + var x1159: u32 = undefined; + var x1160: u32 = undefined; + fiatP384MulxU32(&x1159, &x1160, x1129, 0xffffffff); + var x1161: u32 = undefined; + var x1162: u32 = undefined; + fiatP384MulxU32(&x1161, &x1162, x1129, 0xffffffff); + var x1163: u32 = undefined; + var x1164: u32 = undefined; + fiatP384MulxU32(&x1163, &x1164, x1129, 0xffffffff); + var x1165: u32 = undefined; + var x1166: u32 = undefined; + fiatP384MulxU32(&x1165, &x1166, x1129, 0xffffffff); + var x1167: u32 = undefined; + var x1168: u32 = undefined; + fiatP384MulxU32(&x1167, &x1168, x1129, 0xffffffff); + var x1169: u32 = undefined; + var x1170: u32 = undefined; + fiatP384MulxU32(&x1169, &x1170, x1129, 0xfffffffe); + var x1171: u32 = undefined; + var x1172: u32 = undefined; + fiatP384MulxU32(&x1171, &x1172, x1129, 0xffffffff); + var x1173: u32 = undefined; + var x1174: u32 = undefined; + fiatP384MulxU32(&x1173, &x1174, x1129, 0xffffffff); + var x1175: u32 = undefined; + var x1176: u1 = undefined; + fiatP384AddcarryxU32(&x1175, &x1176, 0x0, x1172, x1169); + var x1177: u32 = undefined; + var x1178: u1 = undefined; + fiatP384AddcarryxU32(&x1177, &x1178, x1176, x1170, x1167); + var x1179: u32 = undefined; + var x1180: u1 = undefined; + fiatP384AddcarryxU32(&x1179, &x1180, x1178, x1168, x1165); + var x1181: u32 = undefined; + var x1182: u1 = undefined; + fiatP384AddcarryxU32(&x1181, &x1182, x1180, x1166, x1163); + var x1183: u32 = undefined; + var x1184: u1 = undefined; + fiatP384AddcarryxU32(&x1183, &x1184, x1182, x1164, x1161); + var x1185: u32 = undefined; + var x1186: u1 = undefined; + fiatP384AddcarryxU32(&x1185, &x1186, x1184, x1162, x1159); + var x1187: u32 = undefined; + var x1188: u1 = undefined; + fiatP384AddcarryxU32(&x1187, &x1188, x1186, x1160, x1157); + var x1189: u32 = undefined; + var x1190: u1 = undefined; + fiatP384AddcarryxU32(&x1189, &x1190, x1188, x1158, x1155); + const x1191: u32 = (@intCast(u32, x1190) + x1156); + var x1192: u32 = undefined; + var x1193: u1 = undefined; + fiatP384AddcarryxU32(&x1192, &x1193, 0x0, x1129, x1173); + var x1194: u32 = undefined; + var x1195: u1 = undefined; + fiatP384AddcarryxU32(&x1194, &x1195, x1193, x1131, x1174); + var x1196: u32 = undefined; + var x1197: u1 = undefined; + fiatP384AddcarryxU32(&x1196, &x1197, x1195, x1133, @intCast(u32, 0x0)); + var x1198: u32 = undefined; + var x1199: u1 = undefined; + fiatP384AddcarryxU32(&x1198, &x1199, x1197, x1135, x1171); + var x1200: u32 = undefined; + var x1201: u1 = undefined; + fiatP384AddcarryxU32(&x1200, &x1201, x1199, x1137, x1175); + var x1202: u32 = undefined; + var x1203: u1 = undefined; + fiatP384AddcarryxU32(&x1202, &x1203, x1201, x1139, x1177); + var x1204: u32 = undefined; + var x1205: u1 = undefined; + fiatP384AddcarryxU32(&x1204, &x1205, x1203, x1141, x1179); + var x1206: u32 = undefined; + var x1207: u1 = undefined; + fiatP384AddcarryxU32(&x1206, &x1207, x1205, x1143, x1181); + var x1208: u32 = undefined; + var x1209: u1 = undefined; + fiatP384AddcarryxU32(&x1208, &x1209, x1207, x1145, x1183); + var x1210: u32 = undefined; + var x1211: u1 = undefined; + fiatP384AddcarryxU32(&x1210, &x1211, x1209, x1147, x1185); + var x1212: u32 = undefined; + var x1213: u1 = undefined; + fiatP384AddcarryxU32(&x1212, &x1213, x1211, x1149, x1187); + var x1214: u32 = undefined; + var x1215: u1 = undefined; + fiatP384AddcarryxU32(&x1214, &x1215, x1213, x1151, x1189); + var x1216: u32 = undefined; + var x1217: u1 = undefined; + fiatP384AddcarryxU32(&x1216, &x1217, x1215, x1153, x1191); + const x1218: u32 = (@intCast(u32, x1217) + @intCast(u32, x1154)); + var x1219: u32 = undefined; + var x1220: u32 = undefined; + fiatP384MulxU32(&x1219, &x1220, x9, (arg1[11])); + var x1221: u32 = undefined; + var x1222: u32 = undefined; + fiatP384MulxU32(&x1221, &x1222, x9, (arg1[10])); + var x1223: u32 = undefined; + var x1224: u32 = undefined; + fiatP384MulxU32(&x1223, &x1224, x9, (arg1[9])); + var x1225: u32 = undefined; + var x1226: u32 = undefined; + fiatP384MulxU32(&x1225, &x1226, x9, (arg1[8])); + var x1227: u32 = undefined; + var x1228: u32 = undefined; + fiatP384MulxU32(&x1227, &x1228, x9, (arg1[7])); + var x1229: u32 = undefined; + var x1230: u32 = undefined; + fiatP384MulxU32(&x1229, &x1230, x9, (arg1[6])); + var x1231: u32 = undefined; + var x1232: u32 = undefined; + fiatP384MulxU32(&x1231, &x1232, x9, (arg1[5])); + var x1233: u32 = undefined; + var x1234: u32 = undefined; + fiatP384MulxU32(&x1233, &x1234, x9, (arg1[4])); + var x1235: u32 = undefined; + var x1236: u32 = undefined; + fiatP384MulxU32(&x1235, &x1236, x9, (arg1[3])); + var x1237: u32 = undefined; + var x1238: u32 = undefined; + fiatP384MulxU32(&x1237, &x1238, x9, (arg1[2])); + var x1239: u32 = undefined; + var x1240: u32 = undefined; + fiatP384MulxU32(&x1239, &x1240, x9, (arg1[1])); + var x1241: u32 = undefined; + var x1242: u32 = undefined; + fiatP384MulxU32(&x1241, &x1242, x9, (arg1[0])); + var x1243: u32 = undefined; + var x1244: u1 = undefined; + fiatP384AddcarryxU32(&x1243, &x1244, 0x0, x1242, x1239); + var x1245: u32 = undefined; + var x1246: u1 = undefined; + fiatP384AddcarryxU32(&x1245, &x1246, x1244, x1240, x1237); + var x1247: u32 = undefined; + var x1248: u1 = undefined; + fiatP384AddcarryxU32(&x1247, &x1248, x1246, x1238, x1235); + var x1249: u32 = undefined; + var x1250: u1 = undefined; + fiatP384AddcarryxU32(&x1249, &x1250, x1248, x1236, x1233); + var x1251: u32 = undefined; + var x1252: u1 = undefined; + fiatP384AddcarryxU32(&x1251, &x1252, x1250, x1234, x1231); + var x1253: u32 = undefined; + var x1254: u1 = undefined; + fiatP384AddcarryxU32(&x1253, &x1254, x1252, x1232, x1229); + var x1255: u32 = undefined; + var x1256: u1 = undefined; + fiatP384AddcarryxU32(&x1255, &x1256, x1254, x1230, x1227); + var x1257: u32 = undefined; + var x1258: u1 = undefined; + fiatP384AddcarryxU32(&x1257, &x1258, x1256, x1228, x1225); + var x1259: u32 = undefined; + var x1260: u1 = undefined; + fiatP384AddcarryxU32(&x1259, &x1260, x1258, x1226, x1223); + var x1261: u32 = undefined; + var x1262: u1 = undefined; + fiatP384AddcarryxU32(&x1261, &x1262, x1260, x1224, x1221); + var x1263: u32 = undefined; + var x1264: u1 = undefined; + fiatP384AddcarryxU32(&x1263, &x1264, x1262, x1222, x1219); + const x1265: u32 = (@intCast(u32, x1264) + x1220); + var x1266: u32 = undefined; + var x1267: u1 = undefined; + fiatP384AddcarryxU32(&x1266, &x1267, 0x0, x1194, x1241); + var x1268: u32 = undefined; + var x1269: u1 = undefined; + fiatP384AddcarryxU32(&x1268, &x1269, x1267, x1196, x1243); + var x1270: u32 = undefined; + var x1271: u1 = undefined; + fiatP384AddcarryxU32(&x1270, &x1271, x1269, x1198, x1245); + var x1272: u32 = undefined; + var x1273: u1 = undefined; + fiatP384AddcarryxU32(&x1272, &x1273, x1271, x1200, x1247); + var x1274: u32 = undefined; + var x1275: u1 = undefined; + fiatP384AddcarryxU32(&x1274, &x1275, x1273, x1202, x1249); + var x1276: u32 = undefined; + var x1277: u1 = undefined; + fiatP384AddcarryxU32(&x1276, &x1277, x1275, x1204, x1251); + var x1278: u32 = undefined; + var x1279: u1 = undefined; + fiatP384AddcarryxU32(&x1278, &x1279, x1277, x1206, x1253); + var x1280: u32 = undefined; + var x1281: u1 = undefined; + fiatP384AddcarryxU32(&x1280, &x1281, x1279, x1208, x1255); + var x1282: u32 = undefined; + var x1283: u1 = undefined; + fiatP384AddcarryxU32(&x1282, &x1283, x1281, x1210, x1257); + var x1284: u32 = undefined; + var x1285: u1 = undefined; + fiatP384AddcarryxU32(&x1284, &x1285, x1283, x1212, x1259); + var x1286: u32 = undefined; + var x1287: u1 = undefined; + fiatP384AddcarryxU32(&x1286, &x1287, x1285, x1214, x1261); + var x1288: u32 = undefined; + var x1289: u1 = undefined; + fiatP384AddcarryxU32(&x1288, &x1289, x1287, x1216, x1263); + var x1290: u32 = undefined; + var x1291: u1 = undefined; + fiatP384AddcarryxU32(&x1290, &x1291, x1289, x1218, x1265); + var x1292: u32 = undefined; + var x1293: u32 = undefined; + fiatP384MulxU32(&x1292, &x1293, x1266, 0xffffffff); + var x1294: u32 = undefined; + var x1295: u32 = undefined; + fiatP384MulxU32(&x1294, &x1295, x1266, 0xffffffff); + var x1296: u32 = undefined; + var x1297: u32 = undefined; + fiatP384MulxU32(&x1296, &x1297, x1266, 0xffffffff); + var x1298: u32 = undefined; + var x1299: u32 = undefined; + fiatP384MulxU32(&x1298, &x1299, x1266, 0xffffffff); + var x1300: u32 = undefined; + var x1301: u32 = undefined; + fiatP384MulxU32(&x1300, &x1301, x1266, 0xffffffff); + var x1302: u32 = undefined; + var x1303: u32 = undefined; + fiatP384MulxU32(&x1302, &x1303, x1266, 0xffffffff); + var x1304: u32 = undefined; + var x1305: u32 = undefined; + fiatP384MulxU32(&x1304, &x1305, x1266, 0xffffffff); + var x1306: u32 = undefined; + var x1307: u32 = undefined; + fiatP384MulxU32(&x1306, &x1307, x1266, 0xfffffffe); + var x1308: u32 = undefined; + var x1309: u32 = undefined; + fiatP384MulxU32(&x1308, &x1309, x1266, 0xffffffff); + var x1310: u32 = undefined; + var x1311: u32 = undefined; + fiatP384MulxU32(&x1310, &x1311, x1266, 0xffffffff); + var x1312: u32 = undefined; + var x1313: u1 = undefined; + fiatP384AddcarryxU32(&x1312, &x1313, 0x0, x1309, x1306); + var x1314: u32 = undefined; + var x1315: u1 = undefined; + fiatP384AddcarryxU32(&x1314, &x1315, x1313, x1307, x1304); + var x1316: u32 = undefined; + var x1317: u1 = undefined; + fiatP384AddcarryxU32(&x1316, &x1317, x1315, x1305, x1302); + var x1318: u32 = undefined; + var x1319: u1 = undefined; + fiatP384AddcarryxU32(&x1318, &x1319, x1317, x1303, x1300); + var x1320: u32 = undefined; + var x1321: u1 = undefined; + fiatP384AddcarryxU32(&x1320, &x1321, x1319, x1301, x1298); + var x1322: u32 = undefined; + var x1323: u1 = undefined; + fiatP384AddcarryxU32(&x1322, &x1323, x1321, x1299, x1296); + var x1324: u32 = undefined; + var x1325: u1 = undefined; + fiatP384AddcarryxU32(&x1324, &x1325, x1323, x1297, x1294); + var x1326: u32 = undefined; + var x1327: u1 = undefined; + fiatP384AddcarryxU32(&x1326, &x1327, x1325, x1295, x1292); + const x1328: u32 = (@intCast(u32, x1327) + x1293); + var x1329: u32 = undefined; + var x1330: u1 = undefined; + fiatP384AddcarryxU32(&x1329, &x1330, 0x0, x1266, x1310); + var x1331: u32 = undefined; + var x1332: u1 = undefined; + fiatP384AddcarryxU32(&x1331, &x1332, x1330, x1268, x1311); + var x1333: u32 = undefined; + var x1334: u1 = undefined; + fiatP384AddcarryxU32(&x1333, &x1334, x1332, x1270, @intCast(u32, 0x0)); + var x1335: u32 = undefined; + var x1336: u1 = undefined; + fiatP384AddcarryxU32(&x1335, &x1336, x1334, x1272, x1308); + var x1337: u32 = undefined; + var x1338: u1 = undefined; + fiatP384AddcarryxU32(&x1337, &x1338, x1336, x1274, x1312); + var x1339: u32 = undefined; + var x1340: u1 = undefined; + fiatP384AddcarryxU32(&x1339, &x1340, x1338, x1276, x1314); + var x1341: u32 = undefined; + var x1342: u1 = undefined; + fiatP384AddcarryxU32(&x1341, &x1342, x1340, x1278, x1316); + var x1343: u32 = undefined; + var x1344: u1 = undefined; + fiatP384AddcarryxU32(&x1343, &x1344, x1342, x1280, x1318); + var x1345: u32 = undefined; + var x1346: u1 = undefined; + fiatP384AddcarryxU32(&x1345, &x1346, x1344, x1282, x1320); + var x1347: u32 = undefined; + var x1348: u1 = undefined; + fiatP384AddcarryxU32(&x1347, &x1348, x1346, x1284, x1322); + var x1349: u32 = undefined; + var x1350: u1 = undefined; + fiatP384AddcarryxU32(&x1349, &x1350, x1348, x1286, x1324); + var x1351: u32 = undefined; + var x1352: u1 = undefined; + fiatP384AddcarryxU32(&x1351, &x1352, x1350, x1288, x1326); + var x1353: u32 = undefined; + var x1354: u1 = undefined; + fiatP384AddcarryxU32(&x1353, &x1354, x1352, x1290, x1328); + const x1355: u32 = (@intCast(u32, x1354) + @intCast(u32, x1291)); + var x1356: u32 = undefined; + var x1357: u32 = undefined; + fiatP384MulxU32(&x1356, &x1357, x10, (arg1[11])); + var x1358: u32 = undefined; + var x1359: u32 = undefined; + fiatP384MulxU32(&x1358, &x1359, x10, (arg1[10])); + var x1360: u32 = undefined; + var x1361: u32 = undefined; + fiatP384MulxU32(&x1360, &x1361, x10, (arg1[9])); + var x1362: u32 = undefined; + var x1363: u32 = undefined; + fiatP384MulxU32(&x1362, &x1363, x10, (arg1[8])); + var x1364: u32 = undefined; + var x1365: u32 = undefined; + fiatP384MulxU32(&x1364, &x1365, x10, (arg1[7])); + var x1366: u32 = undefined; + var x1367: u32 = undefined; + fiatP384MulxU32(&x1366, &x1367, x10, (arg1[6])); + var x1368: u32 = undefined; + var x1369: u32 = undefined; + fiatP384MulxU32(&x1368, &x1369, x10, (arg1[5])); + var x1370: u32 = undefined; + var x1371: u32 = undefined; + fiatP384MulxU32(&x1370, &x1371, x10, (arg1[4])); + var x1372: u32 = undefined; + var x1373: u32 = undefined; + fiatP384MulxU32(&x1372, &x1373, x10, (arg1[3])); + var x1374: u32 = undefined; + var x1375: u32 = undefined; + fiatP384MulxU32(&x1374, &x1375, x10, (arg1[2])); + var x1376: u32 = undefined; + var x1377: u32 = undefined; + fiatP384MulxU32(&x1376, &x1377, x10, (arg1[1])); + var x1378: u32 = undefined; + var x1379: u32 = undefined; + fiatP384MulxU32(&x1378, &x1379, x10, (arg1[0])); + var x1380: u32 = undefined; + var x1381: u1 = undefined; + fiatP384AddcarryxU32(&x1380, &x1381, 0x0, x1379, x1376); + var x1382: u32 = undefined; + var x1383: u1 = undefined; + fiatP384AddcarryxU32(&x1382, &x1383, x1381, x1377, x1374); + var x1384: u32 = undefined; + var x1385: u1 = undefined; + fiatP384AddcarryxU32(&x1384, &x1385, x1383, x1375, x1372); + var x1386: u32 = undefined; + var x1387: u1 = undefined; + fiatP384AddcarryxU32(&x1386, &x1387, x1385, x1373, x1370); + var x1388: u32 = undefined; + var x1389: u1 = undefined; + fiatP384AddcarryxU32(&x1388, &x1389, x1387, x1371, x1368); + var x1390: u32 = undefined; + var x1391: u1 = undefined; + fiatP384AddcarryxU32(&x1390, &x1391, x1389, x1369, x1366); + var x1392: u32 = undefined; + var x1393: u1 = undefined; + fiatP384AddcarryxU32(&x1392, &x1393, x1391, x1367, x1364); + var x1394: u32 = undefined; + var x1395: u1 = undefined; + fiatP384AddcarryxU32(&x1394, &x1395, x1393, x1365, x1362); + var x1396: u32 = undefined; + var x1397: u1 = undefined; + fiatP384AddcarryxU32(&x1396, &x1397, x1395, x1363, x1360); + var x1398: u32 = undefined; + var x1399: u1 = undefined; + fiatP384AddcarryxU32(&x1398, &x1399, x1397, x1361, x1358); + var x1400: u32 = undefined; + var x1401: u1 = undefined; + fiatP384AddcarryxU32(&x1400, &x1401, x1399, x1359, x1356); + const x1402: u32 = (@intCast(u32, x1401) + x1357); + var x1403: u32 = undefined; + var x1404: u1 = undefined; + fiatP384AddcarryxU32(&x1403, &x1404, 0x0, x1331, x1378); + var x1405: u32 = undefined; + var x1406: u1 = undefined; + fiatP384AddcarryxU32(&x1405, &x1406, x1404, x1333, x1380); + var x1407: u32 = undefined; + var x1408: u1 = undefined; + fiatP384AddcarryxU32(&x1407, &x1408, x1406, x1335, x1382); + var x1409: u32 = undefined; + var x1410: u1 = undefined; + fiatP384AddcarryxU32(&x1409, &x1410, x1408, x1337, x1384); + var x1411: u32 = undefined; + var x1412: u1 = undefined; + fiatP384AddcarryxU32(&x1411, &x1412, x1410, x1339, x1386); + var x1413: u32 = undefined; + var x1414: u1 = undefined; + fiatP384AddcarryxU32(&x1413, &x1414, x1412, x1341, x1388); + var x1415: u32 = undefined; + var x1416: u1 = undefined; + fiatP384AddcarryxU32(&x1415, &x1416, x1414, x1343, x1390); + var x1417: u32 = undefined; + var x1418: u1 = undefined; + fiatP384AddcarryxU32(&x1417, &x1418, x1416, x1345, x1392); + var x1419: u32 = undefined; + var x1420: u1 = undefined; + fiatP384AddcarryxU32(&x1419, &x1420, x1418, x1347, x1394); + var x1421: u32 = undefined; + var x1422: u1 = undefined; + fiatP384AddcarryxU32(&x1421, &x1422, x1420, x1349, x1396); + var x1423: u32 = undefined; + var x1424: u1 = undefined; + fiatP384AddcarryxU32(&x1423, &x1424, x1422, x1351, x1398); + var x1425: u32 = undefined; + var x1426: u1 = undefined; + fiatP384AddcarryxU32(&x1425, &x1426, x1424, x1353, x1400); + var x1427: u32 = undefined; + var x1428: u1 = undefined; + fiatP384AddcarryxU32(&x1427, &x1428, x1426, x1355, x1402); + var x1429: u32 = undefined; + var x1430: u32 = undefined; + fiatP384MulxU32(&x1429, &x1430, x1403, 0xffffffff); + var x1431: u32 = undefined; + var x1432: u32 = undefined; + fiatP384MulxU32(&x1431, &x1432, x1403, 0xffffffff); + var x1433: u32 = undefined; + var x1434: u32 = undefined; + fiatP384MulxU32(&x1433, &x1434, x1403, 0xffffffff); + var x1435: u32 = undefined; + var x1436: u32 = undefined; + fiatP384MulxU32(&x1435, &x1436, x1403, 0xffffffff); + var x1437: u32 = undefined; + var x1438: u32 = undefined; + fiatP384MulxU32(&x1437, &x1438, x1403, 0xffffffff); + var x1439: u32 = undefined; + var x1440: u32 = undefined; + fiatP384MulxU32(&x1439, &x1440, x1403, 0xffffffff); + var x1441: u32 = undefined; + var x1442: u32 = undefined; + fiatP384MulxU32(&x1441, &x1442, x1403, 0xffffffff); + var x1443: u32 = undefined; + var x1444: u32 = undefined; + fiatP384MulxU32(&x1443, &x1444, x1403, 0xfffffffe); + var x1445: u32 = undefined; + var x1446: u32 = undefined; + fiatP384MulxU32(&x1445, &x1446, x1403, 0xffffffff); + var x1447: u32 = undefined; + var x1448: u32 = undefined; + fiatP384MulxU32(&x1447, &x1448, x1403, 0xffffffff); + var x1449: u32 = undefined; + var x1450: u1 = undefined; + fiatP384AddcarryxU32(&x1449, &x1450, 0x0, x1446, x1443); + var x1451: u32 = undefined; + var x1452: u1 = undefined; + fiatP384AddcarryxU32(&x1451, &x1452, x1450, x1444, x1441); + var x1453: u32 = undefined; + var x1454: u1 = undefined; + fiatP384AddcarryxU32(&x1453, &x1454, x1452, x1442, x1439); + var x1455: u32 = undefined; + var x1456: u1 = undefined; + fiatP384AddcarryxU32(&x1455, &x1456, x1454, x1440, x1437); + var x1457: u32 = undefined; + var x1458: u1 = undefined; + fiatP384AddcarryxU32(&x1457, &x1458, x1456, x1438, x1435); + var x1459: u32 = undefined; + var x1460: u1 = undefined; + fiatP384AddcarryxU32(&x1459, &x1460, x1458, x1436, x1433); + var x1461: u32 = undefined; + var x1462: u1 = undefined; + fiatP384AddcarryxU32(&x1461, &x1462, x1460, x1434, x1431); + var x1463: u32 = undefined; + var x1464: u1 = undefined; + fiatP384AddcarryxU32(&x1463, &x1464, x1462, x1432, x1429); + const x1465: u32 = (@intCast(u32, x1464) + x1430); + var x1466: u32 = undefined; + var x1467: u1 = undefined; + fiatP384AddcarryxU32(&x1466, &x1467, 0x0, x1403, x1447); + var x1468: u32 = undefined; + var x1469: u1 = undefined; + fiatP384AddcarryxU32(&x1468, &x1469, x1467, x1405, x1448); + var x1470: u32 = undefined; + var x1471: u1 = undefined; + fiatP384AddcarryxU32(&x1470, &x1471, x1469, x1407, @intCast(u32, 0x0)); + var x1472: u32 = undefined; + var x1473: u1 = undefined; + fiatP384AddcarryxU32(&x1472, &x1473, x1471, x1409, x1445); + var x1474: u32 = undefined; + var x1475: u1 = undefined; + fiatP384AddcarryxU32(&x1474, &x1475, x1473, x1411, x1449); + var x1476: u32 = undefined; + var x1477: u1 = undefined; + fiatP384AddcarryxU32(&x1476, &x1477, x1475, x1413, x1451); + var x1478: u32 = undefined; + var x1479: u1 = undefined; + fiatP384AddcarryxU32(&x1478, &x1479, x1477, x1415, x1453); + var x1480: u32 = undefined; + var x1481: u1 = undefined; + fiatP384AddcarryxU32(&x1480, &x1481, x1479, x1417, x1455); + var x1482: u32 = undefined; + var x1483: u1 = undefined; + fiatP384AddcarryxU32(&x1482, &x1483, x1481, x1419, x1457); + var x1484: u32 = undefined; + var x1485: u1 = undefined; + fiatP384AddcarryxU32(&x1484, &x1485, x1483, x1421, x1459); + var x1486: u32 = undefined; + var x1487: u1 = undefined; + fiatP384AddcarryxU32(&x1486, &x1487, x1485, x1423, x1461); + var x1488: u32 = undefined; + var x1489: u1 = undefined; + fiatP384AddcarryxU32(&x1488, &x1489, x1487, x1425, x1463); + var x1490: u32 = undefined; + var x1491: u1 = undefined; + fiatP384AddcarryxU32(&x1490, &x1491, x1489, x1427, x1465); + const x1492: u32 = (@intCast(u32, x1491) + @intCast(u32, x1428)); + var x1493: u32 = undefined; + var x1494: u32 = undefined; + fiatP384MulxU32(&x1493, &x1494, x11, (arg1[11])); + var x1495: u32 = undefined; + var x1496: u32 = undefined; + fiatP384MulxU32(&x1495, &x1496, x11, (arg1[10])); + var x1497: u32 = undefined; + var x1498: u32 = undefined; + fiatP384MulxU32(&x1497, &x1498, x11, (arg1[9])); + var x1499: u32 = undefined; + var x1500: u32 = undefined; + fiatP384MulxU32(&x1499, &x1500, x11, (arg1[8])); + var x1501: u32 = undefined; + var x1502: u32 = undefined; + fiatP384MulxU32(&x1501, &x1502, x11, (arg1[7])); + var x1503: u32 = undefined; + var x1504: u32 = undefined; + fiatP384MulxU32(&x1503, &x1504, x11, (arg1[6])); + var x1505: u32 = undefined; + var x1506: u32 = undefined; + fiatP384MulxU32(&x1505, &x1506, x11, (arg1[5])); + var x1507: u32 = undefined; + var x1508: u32 = undefined; + fiatP384MulxU32(&x1507, &x1508, x11, (arg1[4])); + var x1509: u32 = undefined; + var x1510: u32 = undefined; + fiatP384MulxU32(&x1509, &x1510, x11, (arg1[3])); + var x1511: u32 = undefined; + var x1512: u32 = undefined; + fiatP384MulxU32(&x1511, &x1512, x11, (arg1[2])); + var x1513: u32 = undefined; + var x1514: u32 = undefined; + fiatP384MulxU32(&x1513, &x1514, x11, (arg1[1])); + var x1515: u32 = undefined; + var x1516: u32 = undefined; + fiatP384MulxU32(&x1515, &x1516, x11, (arg1[0])); + var x1517: u32 = undefined; + var x1518: u1 = undefined; + fiatP384AddcarryxU32(&x1517, &x1518, 0x0, x1516, x1513); + var x1519: u32 = undefined; + var x1520: u1 = undefined; + fiatP384AddcarryxU32(&x1519, &x1520, x1518, x1514, x1511); + var x1521: u32 = undefined; + var x1522: u1 = undefined; + fiatP384AddcarryxU32(&x1521, &x1522, x1520, x1512, x1509); + var x1523: u32 = undefined; + var x1524: u1 = undefined; + fiatP384AddcarryxU32(&x1523, &x1524, x1522, x1510, x1507); + var x1525: u32 = undefined; + var x1526: u1 = undefined; + fiatP384AddcarryxU32(&x1525, &x1526, x1524, x1508, x1505); + var x1527: u32 = undefined; + var x1528: u1 = undefined; + fiatP384AddcarryxU32(&x1527, &x1528, x1526, x1506, x1503); + var x1529: u32 = undefined; + var x1530: u1 = undefined; + fiatP384AddcarryxU32(&x1529, &x1530, x1528, x1504, x1501); + var x1531: u32 = undefined; + var x1532: u1 = undefined; + fiatP384AddcarryxU32(&x1531, &x1532, x1530, x1502, x1499); + var x1533: u32 = undefined; + var x1534: u1 = undefined; + fiatP384AddcarryxU32(&x1533, &x1534, x1532, x1500, x1497); + var x1535: u32 = undefined; + var x1536: u1 = undefined; + fiatP384AddcarryxU32(&x1535, &x1536, x1534, x1498, x1495); + var x1537: u32 = undefined; + var x1538: u1 = undefined; + fiatP384AddcarryxU32(&x1537, &x1538, x1536, x1496, x1493); + const x1539: u32 = (@intCast(u32, x1538) + x1494); + var x1540: u32 = undefined; + var x1541: u1 = undefined; + fiatP384AddcarryxU32(&x1540, &x1541, 0x0, x1468, x1515); + var x1542: u32 = undefined; + var x1543: u1 = undefined; + fiatP384AddcarryxU32(&x1542, &x1543, x1541, x1470, x1517); + var x1544: u32 = undefined; + var x1545: u1 = undefined; + fiatP384AddcarryxU32(&x1544, &x1545, x1543, x1472, x1519); + var x1546: u32 = undefined; + var x1547: u1 = undefined; + fiatP384AddcarryxU32(&x1546, &x1547, x1545, x1474, x1521); + var x1548: u32 = undefined; + var x1549: u1 = undefined; + fiatP384AddcarryxU32(&x1548, &x1549, x1547, x1476, x1523); + var x1550: u32 = undefined; + var x1551: u1 = undefined; + fiatP384AddcarryxU32(&x1550, &x1551, x1549, x1478, x1525); + var x1552: u32 = undefined; + var x1553: u1 = undefined; + fiatP384AddcarryxU32(&x1552, &x1553, x1551, x1480, x1527); + var x1554: u32 = undefined; + var x1555: u1 = undefined; + fiatP384AddcarryxU32(&x1554, &x1555, x1553, x1482, x1529); + var x1556: u32 = undefined; + var x1557: u1 = undefined; + fiatP384AddcarryxU32(&x1556, &x1557, x1555, x1484, x1531); + var x1558: u32 = undefined; + var x1559: u1 = undefined; + fiatP384AddcarryxU32(&x1558, &x1559, x1557, x1486, x1533); + var x1560: u32 = undefined; + var x1561: u1 = undefined; + fiatP384AddcarryxU32(&x1560, &x1561, x1559, x1488, x1535); + var x1562: u32 = undefined; + var x1563: u1 = undefined; + fiatP384AddcarryxU32(&x1562, &x1563, x1561, x1490, x1537); + var x1564: u32 = undefined; + var x1565: u1 = undefined; + fiatP384AddcarryxU32(&x1564, &x1565, x1563, x1492, x1539); + var x1566: u32 = undefined; + var x1567: u32 = undefined; + fiatP384MulxU32(&x1566, &x1567, x1540, 0xffffffff); + var x1568: u32 = undefined; + var x1569: u32 = undefined; + fiatP384MulxU32(&x1568, &x1569, x1540, 0xffffffff); + var x1570: u32 = undefined; + var x1571: u32 = undefined; + fiatP384MulxU32(&x1570, &x1571, x1540, 0xffffffff); + var x1572: u32 = undefined; + var x1573: u32 = undefined; + fiatP384MulxU32(&x1572, &x1573, x1540, 0xffffffff); + var x1574: u32 = undefined; + var x1575: u32 = undefined; + fiatP384MulxU32(&x1574, &x1575, x1540, 0xffffffff); + var x1576: u32 = undefined; + var x1577: u32 = undefined; + fiatP384MulxU32(&x1576, &x1577, x1540, 0xffffffff); + var x1578: u32 = undefined; + var x1579: u32 = undefined; + fiatP384MulxU32(&x1578, &x1579, x1540, 0xffffffff); + var x1580: u32 = undefined; + var x1581: u32 = undefined; + fiatP384MulxU32(&x1580, &x1581, x1540, 0xfffffffe); + var x1582: u32 = undefined; + var x1583: u32 = undefined; + fiatP384MulxU32(&x1582, &x1583, x1540, 0xffffffff); + var x1584: u32 = undefined; + var x1585: u32 = undefined; + fiatP384MulxU32(&x1584, &x1585, x1540, 0xffffffff); + var x1586: u32 = undefined; + var x1587: u1 = undefined; + fiatP384AddcarryxU32(&x1586, &x1587, 0x0, x1583, x1580); + var x1588: u32 = undefined; + var x1589: u1 = undefined; + fiatP384AddcarryxU32(&x1588, &x1589, x1587, x1581, x1578); + var x1590: u32 = undefined; + var x1591: u1 = undefined; + fiatP384AddcarryxU32(&x1590, &x1591, x1589, x1579, x1576); + var x1592: u32 = undefined; + var x1593: u1 = undefined; + fiatP384AddcarryxU32(&x1592, &x1593, x1591, x1577, x1574); + var x1594: u32 = undefined; + var x1595: u1 = undefined; + fiatP384AddcarryxU32(&x1594, &x1595, x1593, x1575, x1572); + var x1596: u32 = undefined; + var x1597: u1 = undefined; + fiatP384AddcarryxU32(&x1596, &x1597, x1595, x1573, x1570); + var x1598: u32 = undefined; + var x1599: u1 = undefined; + fiatP384AddcarryxU32(&x1598, &x1599, x1597, x1571, x1568); + var x1600: u32 = undefined; + var x1601: u1 = undefined; + fiatP384AddcarryxU32(&x1600, &x1601, x1599, x1569, x1566); + const x1602: u32 = (@intCast(u32, x1601) + x1567); + var x1603: u32 = undefined; + var x1604: u1 = undefined; + fiatP384AddcarryxU32(&x1603, &x1604, 0x0, x1540, x1584); + var x1605: u32 = undefined; + var x1606: u1 = undefined; + fiatP384AddcarryxU32(&x1605, &x1606, x1604, x1542, x1585); + var x1607: u32 = undefined; + var x1608: u1 = undefined; + fiatP384AddcarryxU32(&x1607, &x1608, x1606, x1544, @intCast(u32, 0x0)); + var x1609: u32 = undefined; + var x1610: u1 = undefined; + fiatP384AddcarryxU32(&x1609, &x1610, x1608, x1546, x1582); + var x1611: u32 = undefined; + var x1612: u1 = undefined; + fiatP384AddcarryxU32(&x1611, &x1612, x1610, x1548, x1586); + var x1613: u32 = undefined; + var x1614: u1 = undefined; + fiatP384AddcarryxU32(&x1613, &x1614, x1612, x1550, x1588); + var x1615: u32 = undefined; + var x1616: u1 = undefined; + fiatP384AddcarryxU32(&x1615, &x1616, x1614, x1552, x1590); + var x1617: u32 = undefined; + var x1618: u1 = undefined; + fiatP384AddcarryxU32(&x1617, &x1618, x1616, x1554, x1592); + var x1619: u32 = undefined; + var x1620: u1 = undefined; + fiatP384AddcarryxU32(&x1619, &x1620, x1618, x1556, x1594); + var x1621: u32 = undefined; + var x1622: u1 = undefined; + fiatP384AddcarryxU32(&x1621, &x1622, x1620, x1558, x1596); + var x1623: u32 = undefined; + var x1624: u1 = undefined; + fiatP384AddcarryxU32(&x1623, &x1624, x1622, x1560, x1598); + var x1625: u32 = undefined; + var x1626: u1 = undefined; + fiatP384AddcarryxU32(&x1625, &x1626, x1624, x1562, x1600); + var x1627: u32 = undefined; + var x1628: u1 = undefined; + fiatP384AddcarryxU32(&x1627, &x1628, x1626, x1564, x1602); + const x1629: u32 = (@intCast(u32, x1628) + @intCast(u32, x1565)); + var x1630: u32 = undefined; + var x1631: u1 = undefined; + fiatP384SubborrowxU32(&x1630, &x1631, 0x0, x1605, 0xffffffff); + var x1632: u32 = undefined; + var x1633: u1 = undefined; + fiatP384SubborrowxU32(&x1632, &x1633, x1631, x1607, @intCast(u32, 0x0)); + var x1634: u32 = undefined; + var x1635: u1 = undefined; + fiatP384SubborrowxU32(&x1634, &x1635, x1633, x1609, @intCast(u32, 0x0)); + var x1636: u32 = undefined; + var x1637: u1 = undefined; + fiatP384SubborrowxU32(&x1636, &x1637, x1635, x1611, 0xffffffff); + var x1638: u32 = undefined; + var x1639: u1 = undefined; + fiatP384SubborrowxU32(&x1638, &x1639, x1637, x1613, 0xfffffffe); + var x1640: u32 = undefined; + var x1641: u1 = undefined; + fiatP384SubborrowxU32(&x1640, &x1641, x1639, x1615, 0xffffffff); + var x1642: u32 = undefined; + var x1643: u1 = undefined; + fiatP384SubborrowxU32(&x1642, &x1643, x1641, x1617, 0xffffffff); + var x1644: u32 = undefined; + var x1645: u1 = undefined; + fiatP384SubborrowxU32(&x1644, &x1645, x1643, x1619, 0xffffffff); + var x1646: u32 = undefined; + var x1647: u1 = undefined; + fiatP384SubborrowxU32(&x1646, &x1647, x1645, x1621, 0xffffffff); + var x1648: u32 = undefined; + var x1649: u1 = undefined; + fiatP384SubborrowxU32(&x1648, &x1649, x1647, x1623, 0xffffffff); + var x1650: u32 = undefined; + var x1651: u1 = undefined; + fiatP384SubborrowxU32(&x1650, &x1651, x1649, x1625, 0xffffffff); + var x1652: u32 = undefined; + var x1653: u1 = undefined; + fiatP384SubborrowxU32(&x1652, &x1653, x1651, x1627, 0xffffffff); + var x1654: u32 = undefined; + var x1655: u1 = undefined; + fiatP384SubborrowxU32(&x1654, &x1655, x1653, x1629, @intCast(u32, 0x0)); + var x1656: u32 = undefined; + fiatP384CmovznzU32(&x1656, x1655, x1630, x1605); + var x1657: u32 = undefined; + fiatP384CmovznzU32(&x1657, x1655, x1632, x1607); + var x1658: u32 = undefined; + fiatP384CmovznzU32(&x1658, x1655, x1634, x1609); + var x1659: u32 = undefined; + fiatP384CmovznzU32(&x1659, x1655, x1636, x1611); + var x1660: u32 = undefined; + fiatP384CmovznzU32(&x1660, x1655, x1638, x1613); + var x1661: u32 = undefined; + fiatP384CmovznzU32(&x1661, x1655, x1640, x1615); + var x1662: u32 = undefined; + fiatP384CmovznzU32(&x1662, x1655, x1642, x1617); + var x1663: u32 = undefined; + fiatP384CmovznzU32(&x1663, x1655, x1644, x1619); + var x1664: u32 = undefined; + fiatP384CmovznzU32(&x1664, x1655, x1646, x1621); + var x1665: u32 = undefined; + fiatP384CmovznzU32(&x1665, x1655, x1648, x1623); + var x1666: u32 = undefined; + fiatP384CmovznzU32(&x1666, x1655, x1650, x1625); + var x1667: u32 = undefined; + fiatP384CmovznzU32(&x1667, x1655, x1652, x1627); + out1[0] = x1656; + out1[1] = x1657; + out1[2] = x1658; + out1[3] = x1659; + out1[4] = x1660; + out1[5] = x1661; + out1[6] = x1662; + out1[7] = x1663; + out1[8] = x1664; + out1[9] = x1665; + out1[10] = x1666; + out1[11] = x1667; +} + +/// The function fiatP384Add adds two field elements in the Montgomery domain. +/// Preconditions: +/// 0 ≤ eval arg1 < m +/// 0 ≤ eval arg2 < m +/// Postconditions: +/// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) + eval (from_montgomery arg2)) mod m +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +/// arg2: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +pub fn fiatP384Add(out1: *[12]u32, arg1: [12]u32, arg2: [12]u32) void { + var x1: u32 = undefined; + var x2: u1 = undefined; + fiatP384AddcarryxU32(&x1, &x2, 0x0, (arg1[0]), (arg2[0])); + var x3: u32 = undefined; + var x4: u1 = undefined; + fiatP384AddcarryxU32(&x3, &x4, x2, (arg1[1]), (arg2[1])); + var x5: u32 = undefined; + var x6: u1 = undefined; + fiatP384AddcarryxU32(&x5, &x6, x4, (arg1[2]), (arg2[2])); + var x7: u32 = undefined; + var x8: u1 = undefined; + fiatP384AddcarryxU32(&x7, &x8, x6, (arg1[3]), (arg2[3])); + var x9: u32 = undefined; + var x10: u1 = undefined; + fiatP384AddcarryxU32(&x9, &x10, x8, (arg1[4]), (arg2[4])); + var x11: u32 = undefined; + var x12: u1 = undefined; + fiatP384AddcarryxU32(&x11, &x12, x10, (arg1[5]), (arg2[5])); + var x13: u32 = undefined; + var x14: u1 = undefined; + fiatP384AddcarryxU32(&x13, &x14, x12, (arg1[6]), (arg2[6])); + var x15: u32 = undefined; + var x16: u1 = undefined; + fiatP384AddcarryxU32(&x15, &x16, x14, (arg1[7]), (arg2[7])); + var x17: u32 = undefined; + var x18: u1 = undefined; + fiatP384AddcarryxU32(&x17, &x18, x16, (arg1[8]), (arg2[8])); + var x19: u32 = undefined; + var x20: u1 = undefined; + fiatP384AddcarryxU32(&x19, &x20, x18, (arg1[9]), (arg2[9])); + var x21: u32 = undefined; + var x22: u1 = undefined; + fiatP384AddcarryxU32(&x21, &x22, x20, (arg1[10]), (arg2[10])); + var x23: u32 = undefined; + var x24: u1 = undefined; + fiatP384AddcarryxU32(&x23, &x24, x22, (arg1[11]), (arg2[11])); + var x25: u32 = undefined; + var x26: u1 = undefined; + fiatP384SubborrowxU32(&x25, &x26, 0x0, x1, 0xffffffff); + var x27: u32 = undefined; + var x28: u1 = undefined; + fiatP384SubborrowxU32(&x27, &x28, x26, x3, @intCast(u32, 0x0)); + var x29: u32 = undefined; + var x30: u1 = undefined; + fiatP384SubborrowxU32(&x29, &x30, x28, x5, @intCast(u32, 0x0)); + var x31: u32 = undefined; + var x32: u1 = undefined; + fiatP384SubborrowxU32(&x31, &x32, x30, x7, 0xffffffff); + var x33: u32 = undefined; + var x34: u1 = undefined; + fiatP384SubborrowxU32(&x33, &x34, x32, x9, 0xfffffffe); + var x35: u32 = undefined; + var x36: u1 = undefined; + fiatP384SubborrowxU32(&x35, &x36, x34, x11, 0xffffffff); + var x37: u32 = undefined; + var x38: u1 = undefined; + fiatP384SubborrowxU32(&x37, &x38, x36, x13, 0xffffffff); + var x39: u32 = undefined; + var x40: u1 = undefined; + fiatP384SubborrowxU32(&x39, &x40, x38, x15, 0xffffffff); + var x41: u32 = undefined; + var x42: u1 = undefined; + fiatP384SubborrowxU32(&x41, &x42, x40, x17, 0xffffffff); + var x43: u32 = undefined; + var x44: u1 = undefined; + fiatP384SubborrowxU32(&x43, &x44, x42, x19, 0xffffffff); + var x45: u32 = undefined; + var x46: u1 = undefined; + fiatP384SubborrowxU32(&x45, &x46, x44, x21, 0xffffffff); + var x47: u32 = undefined; + var x48: u1 = undefined; + fiatP384SubborrowxU32(&x47, &x48, x46, x23, 0xffffffff); + var x49: u32 = undefined; + var x50: u1 = undefined; + fiatP384SubborrowxU32(&x49, &x50, x48, @intCast(u32, x24), @intCast(u32, 0x0)); + var x51: u32 = undefined; + fiatP384CmovznzU32(&x51, x50, x25, x1); + var x52: u32 = undefined; + fiatP384CmovznzU32(&x52, x50, x27, x3); + var x53: u32 = undefined; + fiatP384CmovznzU32(&x53, x50, x29, x5); + var x54: u32 = undefined; + fiatP384CmovznzU32(&x54, x50, x31, x7); + var x55: u32 = undefined; + fiatP384CmovznzU32(&x55, x50, x33, x9); + var x56: u32 = undefined; + fiatP384CmovznzU32(&x56, x50, x35, x11); + var x57: u32 = undefined; + fiatP384CmovznzU32(&x57, x50, x37, x13); + var x58: u32 = undefined; + fiatP384CmovznzU32(&x58, x50, x39, x15); + var x59: u32 = undefined; + fiatP384CmovznzU32(&x59, x50, x41, x17); + var x60: u32 = undefined; + fiatP384CmovznzU32(&x60, x50, x43, x19); + var x61: u32 = undefined; + fiatP384CmovznzU32(&x61, x50, x45, x21); + var x62: u32 = undefined; + fiatP384CmovznzU32(&x62, x50, x47, x23); + out1[0] = x51; + out1[1] = x52; + out1[2] = x53; + out1[3] = x54; + out1[4] = x55; + out1[5] = x56; + out1[6] = x57; + out1[7] = x58; + out1[8] = x59; + out1[9] = x60; + out1[10] = x61; + out1[11] = x62; +} + +/// The function fiatP384Sub subtracts two field elements in the Montgomery domain. +/// Preconditions: +/// 0 ≤ eval arg1 < m +/// 0 ≤ eval arg2 < m +/// Postconditions: +/// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) - eval (from_montgomery arg2)) mod m +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +/// arg2: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +pub fn fiatP384Sub(out1: *[12]u32, arg1: [12]u32, arg2: [12]u32) void { + var x1: u32 = undefined; + var x2: u1 = undefined; + fiatP384SubborrowxU32(&x1, &x2, 0x0, (arg1[0]), (arg2[0])); + var x3: u32 = undefined; + var x4: u1 = undefined; + fiatP384SubborrowxU32(&x3, &x4, x2, (arg1[1]), (arg2[1])); + var x5: u32 = undefined; + var x6: u1 = undefined; + fiatP384SubborrowxU32(&x5, &x6, x4, (arg1[2]), (arg2[2])); + var x7: u32 = undefined; + var x8: u1 = undefined; + fiatP384SubborrowxU32(&x7, &x8, x6, (arg1[3]), (arg2[3])); + var x9: u32 = undefined; + var x10: u1 = undefined; + fiatP384SubborrowxU32(&x9, &x10, x8, (arg1[4]), (arg2[4])); + var x11: u32 = undefined; + var x12: u1 = undefined; + fiatP384SubborrowxU32(&x11, &x12, x10, (arg1[5]), (arg2[5])); + var x13: u32 = undefined; + var x14: u1 = undefined; + fiatP384SubborrowxU32(&x13, &x14, x12, (arg1[6]), (arg2[6])); + var x15: u32 = undefined; + var x16: u1 = undefined; + fiatP384SubborrowxU32(&x15, &x16, x14, (arg1[7]), (arg2[7])); + var x17: u32 = undefined; + var x18: u1 = undefined; + fiatP384SubborrowxU32(&x17, &x18, x16, (arg1[8]), (arg2[8])); + var x19: u32 = undefined; + var x20: u1 = undefined; + fiatP384SubborrowxU32(&x19, &x20, x18, (arg1[9]), (arg2[9])); + var x21: u32 = undefined; + var x22: u1 = undefined; + fiatP384SubborrowxU32(&x21, &x22, x20, (arg1[10]), (arg2[10])); + var x23: u32 = undefined; + var x24: u1 = undefined; + fiatP384SubborrowxU32(&x23, &x24, x22, (arg1[11]), (arg2[11])); + var x25: u32 = undefined; + fiatP384CmovznzU32(&x25, x24, @intCast(u32, 0x0), 0xffffffff); + var x26: u32 = undefined; + var x27: u1 = undefined; + fiatP384AddcarryxU32(&x26, &x27, 0x0, x1, x25); + var x28: u32 = undefined; + var x29: u1 = undefined; + fiatP384AddcarryxU32(&x28, &x29, x27, x3, @intCast(u32, 0x0)); + var x30: u32 = undefined; + var x31: u1 = undefined; + fiatP384AddcarryxU32(&x30, &x31, x29, x5, @intCast(u32, 0x0)); + var x32: u32 = undefined; + var x33: u1 = undefined; + fiatP384AddcarryxU32(&x32, &x33, x31, x7, x25); + var x34: u32 = undefined; + var x35: u1 = undefined; + fiatP384AddcarryxU32(&x34, &x35, x33, x9, (x25 & 0xfffffffe)); + var x36: u32 = undefined; + var x37: u1 = undefined; + fiatP384AddcarryxU32(&x36, &x37, x35, x11, x25); + var x38: u32 = undefined; + var x39: u1 = undefined; + fiatP384AddcarryxU32(&x38, &x39, x37, x13, x25); + var x40: u32 = undefined; + var x41: u1 = undefined; + fiatP384AddcarryxU32(&x40, &x41, x39, x15, x25); + var x42: u32 = undefined; + var x43: u1 = undefined; + fiatP384AddcarryxU32(&x42, &x43, x41, x17, x25); + var x44: u32 = undefined; + var x45: u1 = undefined; + fiatP384AddcarryxU32(&x44, &x45, x43, x19, x25); + var x46: u32 = undefined; + var x47: u1 = undefined; + fiatP384AddcarryxU32(&x46, &x47, x45, x21, x25); + var x48: u32 = undefined; + var x49: u1 = undefined; + fiatP384AddcarryxU32(&x48, &x49, x47, x23, x25); + out1[0] = x26; + out1[1] = x28; + out1[2] = x30; + out1[3] = x32; + out1[4] = x34; + out1[5] = x36; + out1[6] = x38; + out1[7] = x40; + out1[8] = x42; + out1[9] = x44; + out1[10] = x46; + out1[11] = x48; +} + +/// The function fiatP384Opp negates a field element in the Montgomery domain. +/// Preconditions: +/// 0 ≤ eval arg1 < m +/// Postconditions: +/// eval (from_montgomery out1) mod m = -eval (from_montgomery arg1) mod m +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +pub fn fiatP384Opp(out1: *[12]u32, arg1: [12]u32) void { + var x1: u32 = undefined; + var x2: u1 = undefined; + fiatP384SubborrowxU32(&x1, &x2, 0x0, @intCast(u32, 0x0), (arg1[0])); + var x3: u32 = undefined; + var x4: u1 = undefined; + fiatP384SubborrowxU32(&x3, &x4, x2, @intCast(u32, 0x0), (arg1[1])); + var x5: u32 = undefined; + var x6: u1 = undefined; + fiatP384SubborrowxU32(&x5, &x6, x4, @intCast(u32, 0x0), (arg1[2])); + var x7: u32 = undefined; + var x8: u1 = undefined; + fiatP384SubborrowxU32(&x7, &x8, x6, @intCast(u32, 0x0), (arg1[3])); + var x9: u32 = undefined; + var x10: u1 = undefined; + fiatP384SubborrowxU32(&x9, &x10, x8, @intCast(u32, 0x0), (arg1[4])); + var x11: u32 = undefined; + var x12: u1 = undefined; + fiatP384SubborrowxU32(&x11, &x12, x10, @intCast(u32, 0x0), (arg1[5])); + var x13: u32 = undefined; + var x14: u1 = undefined; + fiatP384SubborrowxU32(&x13, &x14, x12, @intCast(u32, 0x0), (arg1[6])); + var x15: u32 = undefined; + var x16: u1 = undefined; + fiatP384SubborrowxU32(&x15, &x16, x14, @intCast(u32, 0x0), (arg1[7])); + var x17: u32 = undefined; + var x18: u1 = undefined; + fiatP384SubborrowxU32(&x17, &x18, x16, @intCast(u32, 0x0), (arg1[8])); + var x19: u32 = undefined; + var x20: u1 = undefined; + fiatP384SubborrowxU32(&x19, &x20, x18, @intCast(u32, 0x0), (arg1[9])); + var x21: u32 = undefined; + var x22: u1 = undefined; + fiatP384SubborrowxU32(&x21, &x22, x20, @intCast(u32, 0x0), (arg1[10])); + var x23: u32 = undefined; + var x24: u1 = undefined; + fiatP384SubborrowxU32(&x23, &x24, x22, @intCast(u32, 0x0), (arg1[11])); + var x25: u32 = undefined; + fiatP384CmovznzU32(&x25, x24, @intCast(u32, 0x0), 0xffffffff); + var x26: u32 = undefined; + var x27: u1 = undefined; + fiatP384AddcarryxU32(&x26, &x27, 0x0, x1, x25); + var x28: u32 = undefined; + var x29: u1 = undefined; + fiatP384AddcarryxU32(&x28, &x29, x27, x3, @intCast(u32, 0x0)); + var x30: u32 = undefined; + var x31: u1 = undefined; + fiatP384AddcarryxU32(&x30, &x31, x29, x5, @intCast(u32, 0x0)); + var x32: u32 = undefined; + var x33: u1 = undefined; + fiatP384AddcarryxU32(&x32, &x33, x31, x7, x25); + var x34: u32 = undefined; + var x35: u1 = undefined; + fiatP384AddcarryxU32(&x34, &x35, x33, x9, (x25 & 0xfffffffe)); + var x36: u32 = undefined; + var x37: u1 = undefined; + fiatP384AddcarryxU32(&x36, &x37, x35, x11, x25); + var x38: u32 = undefined; + var x39: u1 = undefined; + fiatP384AddcarryxU32(&x38, &x39, x37, x13, x25); + var x40: u32 = undefined; + var x41: u1 = undefined; + fiatP384AddcarryxU32(&x40, &x41, x39, x15, x25); + var x42: u32 = undefined; + var x43: u1 = undefined; + fiatP384AddcarryxU32(&x42, &x43, x41, x17, x25); + var x44: u32 = undefined; + var x45: u1 = undefined; + fiatP384AddcarryxU32(&x44, &x45, x43, x19, x25); + var x46: u32 = undefined; + var x47: u1 = undefined; + fiatP384AddcarryxU32(&x46, &x47, x45, x21, x25); + var x48: u32 = undefined; + var x49: u1 = undefined; + fiatP384AddcarryxU32(&x48, &x49, x47, x23, x25); + out1[0] = x26; + out1[1] = x28; + out1[2] = x30; + out1[3] = x32; + out1[4] = x34; + out1[5] = x36; + out1[6] = x38; + out1[7] = x40; + out1[8] = x42; + out1[9] = x44; + out1[10] = x46; + out1[11] = x48; +} + +/// The function fiatP384FromMontgomery translates a field element out of the Montgomery domain. +/// Preconditions: +/// 0 ≤ eval arg1 < m +/// Postconditions: +/// eval out1 mod m = (eval arg1 * ((2^32)⁻¹ mod m)^12) mod m +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +pub fn fiatP384FromMontgomery(out1: *[12]u32, arg1: [12]u32) void { + const x1: u32 = (arg1[0]); + var x2: u32 = undefined; + var x3: u32 = undefined; + fiatP384MulxU32(&x2, &x3, x1, 0xffffffff); + var x4: u32 = undefined; + var x5: u32 = undefined; + fiatP384MulxU32(&x4, &x5, x1, 0xffffffff); + var x6: u32 = undefined; + var x7: u32 = undefined; + fiatP384MulxU32(&x6, &x7, x1, 0xffffffff); + var x8: u32 = undefined; + var x9: u32 = undefined; + fiatP384MulxU32(&x8, &x9, x1, 0xffffffff); + var x10: u32 = undefined; + var x11: u32 = undefined; + fiatP384MulxU32(&x10, &x11, x1, 0xffffffff); + var x12: u32 = undefined; + var x13: u32 = undefined; + fiatP384MulxU32(&x12, &x13, x1, 0xffffffff); + var x14: u32 = undefined; + var x15: u32 = undefined; + fiatP384MulxU32(&x14, &x15, x1, 0xffffffff); + var x16: u32 = undefined; + var x17: u32 = undefined; + fiatP384MulxU32(&x16, &x17, x1, 0xfffffffe); + var x18: u32 = undefined; + var x19: u32 = undefined; + fiatP384MulxU32(&x18, &x19, x1, 0xffffffff); + var x20: u32 = undefined; + var x21: u32 = undefined; + fiatP384MulxU32(&x20, &x21, x1, 0xffffffff); + var x22: u32 = undefined; + var x23: u1 = undefined; + fiatP384AddcarryxU32(&x22, &x23, 0x0, x19, x16); + var x24: u32 = undefined; + var x25: u1 = undefined; + fiatP384AddcarryxU32(&x24, &x25, x23, x17, x14); + var x26: u32 = undefined; + var x27: u1 = undefined; + fiatP384AddcarryxU32(&x26, &x27, x25, x15, x12); + var x28: u32 = undefined; + var x29: u1 = undefined; + fiatP384AddcarryxU32(&x28, &x29, x27, x13, x10); + var x30: u32 = undefined; + var x31: u1 = undefined; + fiatP384AddcarryxU32(&x30, &x31, x29, x11, x8); + var x32: u32 = undefined; + var x33: u1 = undefined; + fiatP384AddcarryxU32(&x32, &x33, x31, x9, x6); + var x34: u32 = undefined; + var x35: u1 = undefined; + fiatP384AddcarryxU32(&x34, &x35, x33, x7, x4); + var x36: u32 = undefined; + var x37: u1 = undefined; + fiatP384AddcarryxU32(&x36, &x37, x35, x5, x2); + var x38: u32 = undefined; + var x39: u1 = undefined; + fiatP384AddcarryxU32(&x38, &x39, 0x0, x1, x20); + var x40: u32 = undefined; + var x41: u1 = undefined; + fiatP384AddcarryxU32(&x40, &x41, 0x0, (@intCast(u32, x39) + x21), (arg1[1])); + var x42: u32 = undefined; + var x43: u32 = undefined; + fiatP384MulxU32(&x42, &x43, x40, 0xffffffff); + var x44: u32 = undefined; + var x45: u32 = undefined; + fiatP384MulxU32(&x44, &x45, x40, 0xffffffff); + var x46: u32 = undefined; + var x47: u32 = undefined; + fiatP384MulxU32(&x46, &x47, x40, 0xffffffff); + var x48: u32 = undefined; + var x49: u32 = undefined; + fiatP384MulxU32(&x48, &x49, x40, 0xffffffff); + var x50: u32 = undefined; + var x51: u32 = undefined; + fiatP384MulxU32(&x50, &x51, x40, 0xffffffff); + var x52: u32 = undefined; + var x53: u32 = undefined; + fiatP384MulxU32(&x52, &x53, x40, 0xffffffff); + var x54: u32 = undefined; + var x55: u32 = undefined; + fiatP384MulxU32(&x54, &x55, x40, 0xffffffff); + var x56: u32 = undefined; + var x57: u32 = undefined; + fiatP384MulxU32(&x56, &x57, x40, 0xfffffffe); + var x58: u32 = undefined; + var x59: u32 = undefined; + fiatP384MulxU32(&x58, &x59, x40, 0xffffffff); + var x60: u32 = undefined; + var x61: u32 = undefined; + fiatP384MulxU32(&x60, &x61, x40, 0xffffffff); + var x62: u32 = undefined; + var x63: u1 = undefined; + fiatP384AddcarryxU32(&x62, &x63, 0x0, x59, x56); + var x64: u32 = undefined; + var x65: u1 = undefined; + fiatP384AddcarryxU32(&x64, &x65, x63, x57, x54); + var x66: u32 = undefined; + var x67: u1 = undefined; + fiatP384AddcarryxU32(&x66, &x67, x65, x55, x52); + var x68: u32 = undefined; + var x69: u1 = undefined; + fiatP384AddcarryxU32(&x68, &x69, x67, x53, x50); + var x70: u32 = undefined; + var x71: u1 = undefined; + fiatP384AddcarryxU32(&x70, &x71, x69, x51, x48); + var x72: u32 = undefined; + var x73: u1 = undefined; + fiatP384AddcarryxU32(&x72, &x73, x71, x49, x46); + var x74: u32 = undefined; + var x75: u1 = undefined; + fiatP384AddcarryxU32(&x74, &x75, x73, x47, x44); + var x76: u32 = undefined; + var x77: u1 = undefined; + fiatP384AddcarryxU32(&x76, &x77, x75, x45, x42); + var x78: u32 = undefined; + var x79: u1 = undefined; + fiatP384AddcarryxU32(&x78, &x79, 0x0, x40, x60); + var x80: u32 = undefined; + var x81: u1 = undefined; + fiatP384AddcarryxU32(&x80, &x81, x79, @intCast(u32, x41), x61); + var x82: u32 = undefined; + var x83: u1 = undefined; + fiatP384AddcarryxU32(&x82, &x83, x81, x18, @intCast(u32, 0x0)); + var x84: u32 = undefined; + var x85: u1 = undefined; + fiatP384AddcarryxU32(&x84, &x85, x83, x22, x58); + var x86: u32 = undefined; + var x87: u1 = undefined; + fiatP384AddcarryxU32(&x86, &x87, x85, x24, x62); + var x88: u32 = undefined; + var x89: u1 = undefined; + fiatP384AddcarryxU32(&x88, &x89, x87, x26, x64); + var x90: u32 = undefined; + var x91: u1 = undefined; + fiatP384AddcarryxU32(&x90, &x91, x89, x28, x66); + var x92: u32 = undefined; + var x93: u1 = undefined; + fiatP384AddcarryxU32(&x92, &x93, x91, x30, x68); + var x94: u32 = undefined; + var x95: u1 = undefined; + fiatP384AddcarryxU32(&x94, &x95, x93, x32, x70); + var x96: u32 = undefined; + var x97: u1 = undefined; + fiatP384AddcarryxU32(&x96, &x97, x95, x34, x72); + var x98: u32 = undefined; + var x99: u1 = undefined; + fiatP384AddcarryxU32(&x98, &x99, x97, x36, x74); + var x100: u32 = undefined; + var x101: u1 = undefined; + fiatP384AddcarryxU32(&x100, &x101, x99, (@intCast(u32, x37) + x3), x76); + var x102: u32 = undefined; + var x103: u1 = undefined; + fiatP384AddcarryxU32(&x102, &x103, x101, @intCast(u32, 0x0), (@intCast(u32, x77) + x43)); + var x104: u32 = undefined; + var x105: u1 = undefined; + fiatP384AddcarryxU32(&x104, &x105, 0x0, x80, (arg1[2])); + var x106: u32 = undefined; + var x107: u1 = undefined; + fiatP384AddcarryxU32(&x106, &x107, x105, x82, @intCast(u32, 0x0)); + var x108: u32 = undefined; + var x109: u1 = undefined; + fiatP384AddcarryxU32(&x108, &x109, x107, x84, @intCast(u32, 0x0)); + var x110: u32 = undefined; + var x111: u1 = undefined; + fiatP384AddcarryxU32(&x110, &x111, x109, x86, @intCast(u32, 0x0)); + var x112: u32 = undefined; + var x113: u1 = undefined; + fiatP384AddcarryxU32(&x112, &x113, x111, x88, @intCast(u32, 0x0)); + var x114: u32 = undefined; + var x115: u1 = undefined; + fiatP384AddcarryxU32(&x114, &x115, x113, x90, @intCast(u32, 0x0)); + var x116: u32 = undefined; + var x117: u1 = undefined; + fiatP384AddcarryxU32(&x116, &x117, x115, x92, @intCast(u32, 0x0)); + var x118: u32 = undefined; + var x119: u1 = undefined; + fiatP384AddcarryxU32(&x118, &x119, x117, x94, @intCast(u32, 0x0)); + var x120: u32 = undefined; + var x121: u1 = undefined; + fiatP384AddcarryxU32(&x120, &x121, x119, x96, @intCast(u32, 0x0)); + var x122: u32 = undefined; + var x123: u1 = undefined; + fiatP384AddcarryxU32(&x122, &x123, x121, x98, @intCast(u32, 0x0)); + var x124: u32 = undefined; + var x125: u1 = undefined; + fiatP384AddcarryxU32(&x124, &x125, x123, x100, @intCast(u32, 0x0)); + var x126: u32 = undefined; + var x127: u1 = undefined; + fiatP384AddcarryxU32(&x126, &x127, x125, x102, @intCast(u32, 0x0)); + var x128: u32 = undefined; + var x129: u32 = undefined; + fiatP384MulxU32(&x128, &x129, x104, 0xffffffff); + var x130: u32 = undefined; + var x131: u32 = undefined; + fiatP384MulxU32(&x130, &x131, x104, 0xffffffff); + var x132: u32 = undefined; + var x133: u32 = undefined; + fiatP384MulxU32(&x132, &x133, x104, 0xffffffff); + var x134: u32 = undefined; + var x135: u32 = undefined; + fiatP384MulxU32(&x134, &x135, x104, 0xffffffff); + var x136: u32 = undefined; + var x137: u32 = undefined; + fiatP384MulxU32(&x136, &x137, x104, 0xffffffff); + var x138: u32 = undefined; + var x139: u32 = undefined; + fiatP384MulxU32(&x138, &x139, x104, 0xffffffff); + var x140: u32 = undefined; + var x141: u32 = undefined; + fiatP384MulxU32(&x140, &x141, x104, 0xffffffff); + var x142: u32 = undefined; + var x143: u32 = undefined; + fiatP384MulxU32(&x142, &x143, x104, 0xfffffffe); + var x144: u32 = undefined; + var x145: u32 = undefined; + fiatP384MulxU32(&x144, &x145, x104, 0xffffffff); + var x146: u32 = undefined; + var x147: u32 = undefined; + fiatP384MulxU32(&x146, &x147, x104, 0xffffffff); + var x148: u32 = undefined; + var x149: u1 = undefined; + fiatP384AddcarryxU32(&x148, &x149, 0x0, x145, x142); + var x150: u32 = undefined; + var x151: u1 = undefined; + fiatP384AddcarryxU32(&x150, &x151, x149, x143, x140); + var x152: u32 = undefined; + var x153: u1 = undefined; + fiatP384AddcarryxU32(&x152, &x153, x151, x141, x138); + var x154: u32 = undefined; + var x155: u1 = undefined; + fiatP384AddcarryxU32(&x154, &x155, x153, x139, x136); + var x156: u32 = undefined; + var x157: u1 = undefined; + fiatP384AddcarryxU32(&x156, &x157, x155, x137, x134); + var x158: u32 = undefined; + var x159: u1 = undefined; + fiatP384AddcarryxU32(&x158, &x159, x157, x135, x132); + var x160: u32 = undefined; + var x161: u1 = undefined; + fiatP384AddcarryxU32(&x160, &x161, x159, x133, x130); + var x162: u32 = undefined; + var x163: u1 = undefined; + fiatP384AddcarryxU32(&x162, &x163, x161, x131, x128); + var x164: u32 = undefined; + var x165: u1 = undefined; + fiatP384AddcarryxU32(&x164, &x165, 0x0, x104, x146); + var x166: u32 = undefined; + var x167: u1 = undefined; + fiatP384AddcarryxU32(&x166, &x167, x165, x106, x147); + var x168: u32 = undefined; + var x169: u1 = undefined; + fiatP384AddcarryxU32(&x168, &x169, x167, x108, @intCast(u32, 0x0)); + var x170: u32 = undefined; + var x171: u1 = undefined; + fiatP384AddcarryxU32(&x170, &x171, x169, x110, x144); + var x172: u32 = undefined; + var x173: u1 = undefined; + fiatP384AddcarryxU32(&x172, &x173, x171, x112, x148); + var x174: u32 = undefined; + var x175: u1 = undefined; + fiatP384AddcarryxU32(&x174, &x175, x173, x114, x150); + var x176: u32 = undefined; + var x177: u1 = undefined; + fiatP384AddcarryxU32(&x176, &x177, x175, x116, x152); + var x178: u32 = undefined; + var x179: u1 = undefined; + fiatP384AddcarryxU32(&x178, &x179, x177, x118, x154); + var x180: u32 = undefined; + var x181: u1 = undefined; + fiatP384AddcarryxU32(&x180, &x181, x179, x120, x156); + var x182: u32 = undefined; + var x183: u1 = undefined; + fiatP384AddcarryxU32(&x182, &x183, x181, x122, x158); + var x184: u32 = undefined; + var x185: u1 = undefined; + fiatP384AddcarryxU32(&x184, &x185, x183, x124, x160); + var x186: u32 = undefined; + var x187: u1 = undefined; + fiatP384AddcarryxU32(&x186, &x187, x185, x126, x162); + var x188: u32 = undefined; + var x189: u1 = undefined; + fiatP384AddcarryxU32(&x188, &x189, x187, (@intCast(u32, x127) + @intCast(u32, x103)), (@intCast(u32, x163) + x129)); + var x190: u32 = undefined; + var x191: u1 = undefined; + fiatP384AddcarryxU32(&x190, &x191, 0x0, x166, (arg1[3])); + var x192: u32 = undefined; + var x193: u1 = undefined; + fiatP384AddcarryxU32(&x192, &x193, x191, x168, @intCast(u32, 0x0)); + var x194: u32 = undefined; + var x195: u1 = undefined; + fiatP384AddcarryxU32(&x194, &x195, x193, x170, @intCast(u32, 0x0)); + var x196: u32 = undefined; + var x197: u1 = undefined; + fiatP384AddcarryxU32(&x196, &x197, x195, x172, @intCast(u32, 0x0)); + var x198: u32 = undefined; + var x199: u1 = undefined; + fiatP384AddcarryxU32(&x198, &x199, x197, x174, @intCast(u32, 0x0)); + var x200: u32 = undefined; + var x201: u1 = undefined; + fiatP384AddcarryxU32(&x200, &x201, x199, x176, @intCast(u32, 0x0)); + var x202: u32 = undefined; + var x203: u1 = undefined; + fiatP384AddcarryxU32(&x202, &x203, x201, x178, @intCast(u32, 0x0)); + var x204: u32 = undefined; + var x205: u1 = undefined; + fiatP384AddcarryxU32(&x204, &x205, x203, x180, @intCast(u32, 0x0)); + var x206: u32 = undefined; + var x207: u1 = undefined; + fiatP384AddcarryxU32(&x206, &x207, x205, x182, @intCast(u32, 0x0)); + var x208: u32 = undefined; + var x209: u1 = undefined; + fiatP384AddcarryxU32(&x208, &x209, x207, x184, @intCast(u32, 0x0)); + var x210: u32 = undefined; + var x211: u1 = undefined; + fiatP384AddcarryxU32(&x210, &x211, x209, x186, @intCast(u32, 0x0)); + var x212: u32 = undefined; + var x213: u1 = undefined; + fiatP384AddcarryxU32(&x212, &x213, x211, x188, @intCast(u32, 0x0)); + var x214: u32 = undefined; + var x215: u32 = undefined; + fiatP384MulxU32(&x214, &x215, x190, 0xffffffff); + var x216: u32 = undefined; + var x217: u32 = undefined; + fiatP384MulxU32(&x216, &x217, x190, 0xffffffff); + var x218: u32 = undefined; + var x219: u32 = undefined; + fiatP384MulxU32(&x218, &x219, x190, 0xffffffff); + var x220: u32 = undefined; + var x221: u32 = undefined; + fiatP384MulxU32(&x220, &x221, x190, 0xffffffff); + var x222: u32 = undefined; + var x223: u32 = undefined; + fiatP384MulxU32(&x222, &x223, x190, 0xffffffff); + var x224: u32 = undefined; + var x225: u32 = undefined; + fiatP384MulxU32(&x224, &x225, x190, 0xffffffff); + var x226: u32 = undefined; + var x227: u32 = undefined; + fiatP384MulxU32(&x226, &x227, x190, 0xffffffff); + var x228: u32 = undefined; + var x229: u32 = undefined; + fiatP384MulxU32(&x228, &x229, x190, 0xfffffffe); + var x230: u32 = undefined; + var x231: u32 = undefined; + fiatP384MulxU32(&x230, &x231, x190, 0xffffffff); + var x232: u32 = undefined; + var x233: u32 = undefined; + fiatP384MulxU32(&x232, &x233, x190, 0xffffffff); + var x234: u32 = undefined; + var x235: u1 = undefined; + fiatP384AddcarryxU32(&x234, &x235, 0x0, x231, x228); + var x236: u32 = undefined; + var x237: u1 = undefined; + fiatP384AddcarryxU32(&x236, &x237, x235, x229, x226); + var x238: u32 = undefined; + var x239: u1 = undefined; + fiatP384AddcarryxU32(&x238, &x239, x237, x227, x224); + var x240: u32 = undefined; + var x241: u1 = undefined; + fiatP384AddcarryxU32(&x240, &x241, x239, x225, x222); + var x242: u32 = undefined; + var x243: u1 = undefined; + fiatP384AddcarryxU32(&x242, &x243, x241, x223, x220); + var x244: u32 = undefined; + var x245: u1 = undefined; + fiatP384AddcarryxU32(&x244, &x245, x243, x221, x218); + var x246: u32 = undefined; + var x247: u1 = undefined; + fiatP384AddcarryxU32(&x246, &x247, x245, x219, x216); + var x248: u32 = undefined; + var x249: u1 = undefined; + fiatP384AddcarryxU32(&x248, &x249, x247, x217, x214); + var x250: u32 = undefined; + var x251: u1 = undefined; + fiatP384AddcarryxU32(&x250, &x251, 0x0, x190, x232); + var x252: u32 = undefined; + var x253: u1 = undefined; + fiatP384AddcarryxU32(&x252, &x253, x251, x192, x233); + var x254: u32 = undefined; + var x255: u1 = undefined; + fiatP384AddcarryxU32(&x254, &x255, x253, x194, @intCast(u32, 0x0)); + var x256: u32 = undefined; + var x257: u1 = undefined; + fiatP384AddcarryxU32(&x256, &x257, x255, x196, x230); + var x258: u32 = undefined; + var x259: u1 = undefined; + fiatP384AddcarryxU32(&x258, &x259, x257, x198, x234); + var x260: u32 = undefined; + var x261: u1 = undefined; + fiatP384AddcarryxU32(&x260, &x261, x259, x200, x236); + var x262: u32 = undefined; + var x263: u1 = undefined; + fiatP384AddcarryxU32(&x262, &x263, x261, x202, x238); + var x264: u32 = undefined; + var x265: u1 = undefined; + fiatP384AddcarryxU32(&x264, &x265, x263, x204, x240); + var x266: u32 = undefined; + var x267: u1 = undefined; + fiatP384AddcarryxU32(&x266, &x267, x265, x206, x242); + var x268: u32 = undefined; + var x269: u1 = undefined; + fiatP384AddcarryxU32(&x268, &x269, x267, x208, x244); + var x270: u32 = undefined; + var x271: u1 = undefined; + fiatP384AddcarryxU32(&x270, &x271, x269, x210, x246); + var x272: u32 = undefined; + var x273: u1 = undefined; + fiatP384AddcarryxU32(&x272, &x273, x271, x212, x248); + var x274: u32 = undefined; + var x275: u1 = undefined; + fiatP384AddcarryxU32(&x274, &x275, x273, (@intCast(u32, x213) + @intCast(u32, x189)), (@intCast(u32, x249) + x215)); + var x276: u32 = undefined; + var x277: u1 = undefined; + fiatP384AddcarryxU32(&x276, &x277, 0x0, x252, (arg1[4])); + var x278: u32 = undefined; + var x279: u1 = undefined; + fiatP384AddcarryxU32(&x278, &x279, x277, x254, @intCast(u32, 0x0)); + var x280: u32 = undefined; + var x281: u1 = undefined; + fiatP384AddcarryxU32(&x280, &x281, x279, x256, @intCast(u32, 0x0)); + var x282: u32 = undefined; + var x283: u1 = undefined; + fiatP384AddcarryxU32(&x282, &x283, x281, x258, @intCast(u32, 0x0)); + var x284: u32 = undefined; + var x285: u1 = undefined; + fiatP384AddcarryxU32(&x284, &x285, x283, x260, @intCast(u32, 0x0)); + var x286: u32 = undefined; + var x287: u1 = undefined; + fiatP384AddcarryxU32(&x286, &x287, x285, x262, @intCast(u32, 0x0)); + var x288: u32 = undefined; + var x289: u1 = undefined; + fiatP384AddcarryxU32(&x288, &x289, x287, x264, @intCast(u32, 0x0)); + var x290: u32 = undefined; + var x291: u1 = undefined; + fiatP384AddcarryxU32(&x290, &x291, x289, x266, @intCast(u32, 0x0)); + var x292: u32 = undefined; + var x293: u1 = undefined; + fiatP384AddcarryxU32(&x292, &x293, x291, x268, @intCast(u32, 0x0)); + var x294: u32 = undefined; + var x295: u1 = undefined; + fiatP384AddcarryxU32(&x294, &x295, x293, x270, @intCast(u32, 0x0)); + var x296: u32 = undefined; + var x297: u1 = undefined; + fiatP384AddcarryxU32(&x296, &x297, x295, x272, @intCast(u32, 0x0)); + var x298: u32 = undefined; + var x299: u1 = undefined; + fiatP384AddcarryxU32(&x298, &x299, x297, x274, @intCast(u32, 0x0)); + var x300: u32 = undefined; + var x301: u32 = undefined; + fiatP384MulxU32(&x300, &x301, x276, 0xffffffff); + var x302: u32 = undefined; + var x303: u32 = undefined; + fiatP384MulxU32(&x302, &x303, x276, 0xffffffff); + var x304: u32 = undefined; + var x305: u32 = undefined; + fiatP384MulxU32(&x304, &x305, x276, 0xffffffff); + var x306: u32 = undefined; + var x307: u32 = undefined; + fiatP384MulxU32(&x306, &x307, x276, 0xffffffff); + var x308: u32 = undefined; + var x309: u32 = undefined; + fiatP384MulxU32(&x308, &x309, x276, 0xffffffff); + var x310: u32 = undefined; + var x311: u32 = undefined; + fiatP384MulxU32(&x310, &x311, x276, 0xffffffff); + var x312: u32 = undefined; + var x313: u32 = undefined; + fiatP384MulxU32(&x312, &x313, x276, 0xffffffff); + var x314: u32 = undefined; + var x315: u32 = undefined; + fiatP384MulxU32(&x314, &x315, x276, 0xfffffffe); + var x316: u32 = undefined; + var x317: u32 = undefined; + fiatP384MulxU32(&x316, &x317, x276, 0xffffffff); + var x318: u32 = undefined; + var x319: u32 = undefined; + fiatP384MulxU32(&x318, &x319, x276, 0xffffffff); + var x320: u32 = undefined; + var x321: u1 = undefined; + fiatP384AddcarryxU32(&x320, &x321, 0x0, x317, x314); + var x322: u32 = undefined; + var x323: u1 = undefined; + fiatP384AddcarryxU32(&x322, &x323, x321, x315, x312); + var x324: u32 = undefined; + var x325: u1 = undefined; + fiatP384AddcarryxU32(&x324, &x325, x323, x313, x310); + var x326: u32 = undefined; + var x327: u1 = undefined; + fiatP384AddcarryxU32(&x326, &x327, x325, x311, x308); + var x328: u32 = undefined; + var x329: u1 = undefined; + fiatP384AddcarryxU32(&x328, &x329, x327, x309, x306); + var x330: u32 = undefined; + var x331: u1 = undefined; + fiatP384AddcarryxU32(&x330, &x331, x329, x307, x304); + var x332: u32 = undefined; + var x333: u1 = undefined; + fiatP384AddcarryxU32(&x332, &x333, x331, x305, x302); + var x334: u32 = undefined; + var x335: u1 = undefined; + fiatP384AddcarryxU32(&x334, &x335, x333, x303, x300); + var x336: u32 = undefined; + var x337: u1 = undefined; + fiatP384AddcarryxU32(&x336, &x337, 0x0, x276, x318); + var x338: u32 = undefined; + var x339: u1 = undefined; + fiatP384AddcarryxU32(&x338, &x339, x337, x278, x319); + var x340: u32 = undefined; + var x341: u1 = undefined; + fiatP384AddcarryxU32(&x340, &x341, x339, x280, @intCast(u32, 0x0)); + var x342: u32 = undefined; + var x343: u1 = undefined; + fiatP384AddcarryxU32(&x342, &x343, x341, x282, x316); + var x344: u32 = undefined; + var x345: u1 = undefined; + fiatP384AddcarryxU32(&x344, &x345, x343, x284, x320); + var x346: u32 = undefined; + var x347: u1 = undefined; + fiatP384AddcarryxU32(&x346, &x347, x345, x286, x322); + var x348: u32 = undefined; + var x349: u1 = undefined; + fiatP384AddcarryxU32(&x348, &x349, x347, x288, x324); + var x350: u32 = undefined; + var x351: u1 = undefined; + fiatP384AddcarryxU32(&x350, &x351, x349, x290, x326); + var x352: u32 = undefined; + var x353: u1 = undefined; + fiatP384AddcarryxU32(&x352, &x353, x351, x292, x328); + var x354: u32 = undefined; + var x355: u1 = undefined; + fiatP384AddcarryxU32(&x354, &x355, x353, x294, x330); + var x356: u32 = undefined; + var x357: u1 = undefined; + fiatP384AddcarryxU32(&x356, &x357, x355, x296, x332); + var x358: u32 = undefined; + var x359: u1 = undefined; + fiatP384AddcarryxU32(&x358, &x359, x357, x298, x334); + var x360: u32 = undefined; + var x361: u1 = undefined; + fiatP384AddcarryxU32(&x360, &x361, x359, (@intCast(u32, x299) + @intCast(u32, x275)), (@intCast(u32, x335) + x301)); + var x362: u32 = undefined; + var x363: u1 = undefined; + fiatP384AddcarryxU32(&x362, &x363, 0x0, x338, (arg1[5])); + var x364: u32 = undefined; + var x365: u1 = undefined; + fiatP384AddcarryxU32(&x364, &x365, x363, x340, @intCast(u32, 0x0)); + var x366: u32 = undefined; + var x367: u1 = undefined; + fiatP384AddcarryxU32(&x366, &x367, x365, x342, @intCast(u32, 0x0)); + var x368: u32 = undefined; + var x369: u1 = undefined; + fiatP384AddcarryxU32(&x368, &x369, x367, x344, @intCast(u32, 0x0)); + var x370: u32 = undefined; + var x371: u1 = undefined; + fiatP384AddcarryxU32(&x370, &x371, x369, x346, @intCast(u32, 0x0)); + var x372: u32 = undefined; + var x373: u1 = undefined; + fiatP384AddcarryxU32(&x372, &x373, x371, x348, @intCast(u32, 0x0)); + var x374: u32 = undefined; + var x375: u1 = undefined; + fiatP384AddcarryxU32(&x374, &x375, x373, x350, @intCast(u32, 0x0)); + var x376: u32 = undefined; + var x377: u1 = undefined; + fiatP384AddcarryxU32(&x376, &x377, x375, x352, @intCast(u32, 0x0)); + var x378: u32 = undefined; + var x379: u1 = undefined; + fiatP384AddcarryxU32(&x378, &x379, x377, x354, @intCast(u32, 0x0)); + var x380: u32 = undefined; + var x381: u1 = undefined; + fiatP384AddcarryxU32(&x380, &x381, x379, x356, @intCast(u32, 0x0)); + var x382: u32 = undefined; + var x383: u1 = undefined; + fiatP384AddcarryxU32(&x382, &x383, x381, x358, @intCast(u32, 0x0)); + var x384: u32 = undefined; + var x385: u1 = undefined; + fiatP384AddcarryxU32(&x384, &x385, x383, x360, @intCast(u32, 0x0)); + var x386: u32 = undefined; + var x387: u32 = undefined; + fiatP384MulxU32(&x386, &x387, x362, 0xffffffff); + var x388: u32 = undefined; + var x389: u32 = undefined; + fiatP384MulxU32(&x388, &x389, x362, 0xffffffff); + var x390: u32 = undefined; + var x391: u32 = undefined; + fiatP384MulxU32(&x390, &x391, x362, 0xffffffff); + var x392: u32 = undefined; + var x393: u32 = undefined; + fiatP384MulxU32(&x392, &x393, x362, 0xffffffff); + var x394: u32 = undefined; + var x395: u32 = undefined; + fiatP384MulxU32(&x394, &x395, x362, 0xffffffff); + var x396: u32 = undefined; + var x397: u32 = undefined; + fiatP384MulxU32(&x396, &x397, x362, 0xffffffff); + var x398: u32 = undefined; + var x399: u32 = undefined; + fiatP384MulxU32(&x398, &x399, x362, 0xffffffff); + var x400: u32 = undefined; + var x401: u32 = undefined; + fiatP384MulxU32(&x400, &x401, x362, 0xfffffffe); + var x402: u32 = undefined; + var x403: u32 = undefined; + fiatP384MulxU32(&x402, &x403, x362, 0xffffffff); + var x404: u32 = undefined; + var x405: u32 = undefined; + fiatP384MulxU32(&x404, &x405, x362, 0xffffffff); + var x406: u32 = undefined; + var x407: u1 = undefined; + fiatP384AddcarryxU32(&x406, &x407, 0x0, x403, x400); + var x408: u32 = undefined; + var x409: u1 = undefined; + fiatP384AddcarryxU32(&x408, &x409, x407, x401, x398); + var x410: u32 = undefined; + var x411: u1 = undefined; + fiatP384AddcarryxU32(&x410, &x411, x409, x399, x396); + var x412: u32 = undefined; + var x413: u1 = undefined; + fiatP384AddcarryxU32(&x412, &x413, x411, x397, x394); + var x414: u32 = undefined; + var x415: u1 = undefined; + fiatP384AddcarryxU32(&x414, &x415, x413, x395, x392); + var x416: u32 = undefined; + var x417: u1 = undefined; + fiatP384AddcarryxU32(&x416, &x417, x415, x393, x390); + var x418: u32 = undefined; + var x419: u1 = undefined; + fiatP384AddcarryxU32(&x418, &x419, x417, x391, x388); + var x420: u32 = undefined; + var x421: u1 = undefined; + fiatP384AddcarryxU32(&x420, &x421, x419, x389, x386); + var x422: u32 = undefined; + var x423: u1 = undefined; + fiatP384AddcarryxU32(&x422, &x423, 0x0, x362, x404); + var x424: u32 = undefined; + var x425: u1 = undefined; + fiatP384AddcarryxU32(&x424, &x425, x423, x364, x405); + var x426: u32 = undefined; + var x427: u1 = undefined; + fiatP384AddcarryxU32(&x426, &x427, x425, x366, @intCast(u32, 0x0)); + var x428: u32 = undefined; + var x429: u1 = undefined; + fiatP384AddcarryxU32(&x428, &x429, x427, x368, x402); + var x430: u32 = undefined; + var x431: u1 = undefined; + fiatP384AddcarryxU32(&x430, &x431, x429, x370, x406); + var x432: u32 = undefined; + var x433: u1 = undefined; + fiatP384AddcarryxU32(&x432, &x433, x431, x372, x408); + var x434: u32 = undefined; + var x435: u1 = undefined; + fiatP384AddcarryxU32(&x434, &x435, x433, x374, x410); + var x436: u32 = undefined; + var x437: u1 = undefined; + fiatP384AddcarryxU32(&x436, &x437, x435, x376, x412); + var x438: u32 = undefined; + var x439: u1 = undefined; + fiatP384AddcarryxU32(&x438, &x439, x437, x378, x414); + var x440: u32 = undefined; + var x441: u1 = undefined; + fiatP384AddcarryxU32(&x440, &x441, x439, x380, x416); + var x442: u32 = undefined; + var x443: u1 = undefined; + fiatP384AddcarryxU32(&x442, &x443, x441, x382, x418); + var x444: u32 = undefined; + var x445: u1 = undefined; + fiatP384AddcarryxU32(&x444, &x445, x443, x384, x420); + var x446: u32 = undefined; + var x447: u1 = undefined; + fiatP384AddcarryxU32(&x446, &x447, x445, (@intCast(u32, x385) + @intCast(u32, x361)), (@intCast(u32, x421) + x387)); + var x448: u32 = undefined; + var x449: u1 = undefined; + fiatP384AddcarryxU32(&x448, &x449, 0x0, x424, (arg1[6])); + var x450: u32 = undefined; + var x451: u1 = undefined; + fiatP384AddcarryxU32(&x450, &x451, x449, x426, @intCast(u32, 0x0)); + var x452: u32 = undefined; + var x453: u1 = undefined; + fiatP384AddcarryxU32(&x452, &x453, x451, x428, @intCast(u32, 0x0)); + var x454: u32 = undefined; + var x455: u1 = undefined; + fiatP384AddcarryxU32(&x454, &x455, x453, x430, @intCast(u32, 0x0)); + var x456: u32 = undefined; + var x457: u1 = undefined; + fiatP384AddcarryxU32(&x456, &x457, x455, x432, @intCast(u32, 0x0)); + var x458: u32 = undefined; + var x459: u1 = undefined; + fiatP384AddcarryxU32(&x458, &x459, x457, x434, @intCast(u32, 0x0)); + var x460: u32 = undefined; + var x461: u1 = undefined; + fiatP384AddcarryxU32(&x460, &x461, x459, x436, @intCast(u32, 0x0)); + var x462: u32 = undefined; + var x463: u1 = undefined; + fiatP384AddcarryxU32(&x462, &x463, x461, x438, @intCast(u32, 0x0)); + var x464: u32 = undefined; + var x465: u1 = undefined; + fiatP384AddcarryxU32(&x464, &x465, x463, x440, @intCast(u32, 0x0)); + var x466: u32 = undefined; + var x467: u1 = undefined; + fiatP384AddcarryxU32(&x466, &x467, x465, x442, @intCast(u32, 0x0)); + var x468: u32 = undefined; + var x469: u1 = undefined; + fiatP384AddcarryxU32(&x468, &x469, x467, x444, @intCast(u32, 0x0)); + var x470: u32 = undefined; + var x471: u1 = undefined; + fiatP384AddcarryxU32(&x470, &x471, x469, x446, @intCast(u32, 0x0)); + var x472: u32 = undefined; + var x473: u32 = undefined; + fiatP384MulxU32(&x472, &x473, x448, 0xffffffff); + var x474: u32 = undefined; + var x475: u32 = undefined; + fiatP384MulxU32(&x474, &x475, x448, 0xffffffff); + var x476: u32 = undefined; + var x477: u32 = undefined; + fiatP384MulxU32(&x476, &x477, x448, 0xffffffff); + var x478: u32 = undefined; + var x479: u32 = undefined; + fiatP384MulxU32(&x478, &x479, x448, 0xffffffff); + var x480: u32 = undefined; + var x481: u32 = undefined; + fiatP384MulxU32(&x480, &x481, x448, 0xffffffff); + var x482: u32 = undefined; + var x483: u32 = undefined; + fiatP384MulxU32(&x482, &x483, x448, 0xffffffff); + var x484: u32 = undefined; + var x485: u32 = undefined; + fiatP384MulxU32(&x484, &x485, x448, 0xffffffff); + var x486: u32 = undefined; + var x487: u32 = undefined; + fiatP384MulxU32(&x486, &x487, x448, 0xfffffffe); + var x488: u32 = undefined; + var x489: u32 = undefined; + fiatP384MulxU32(&x488, &x489, x448, 0xffffffff); + var x490: u32 = undefined; + var x491: u32 = undefined; + fiatP384MulxU32(&x490, &x491, x448, 0xffffffff); + var x492: u32 = undefined; + var x493: u1 = undefined; + fiatP384AddcarryxU32(&x492, &x493, 0x0, x489, x486); + var x494: u32 = undefined; + var x495: u1 = undefined; + fiatP384AddcarryxU32(&x494, &x495, x493, x487, x484); + var x496: u32 = undefined; + var x497: u1 = undefined; + fiatP384AddcarryxU32(&x496, &x497, x495, x485, x482); + var x498: u32 = undefined; + var x499: u1 = undefined; + fiatP384AddcarryxU32(&x498, &x499, x497, x483, x480); + var x500: u32 = undefined; + var x501: u1 = undefined; + fiatP384AddcarryxU32(&x500, &x501, x499, x481, x478); + var x502: u32 = undefined; + var x503: u1 = undefined; + fiatP384AddcarryxU32(&x502, &x503, x501, x479, x476); + var x504: u32 = undefined; + var x505: u1 = undefined; + fiatP384AddcarryxU32(&x504, &x505, x503, x477, x474); + var x506: u32 = undefined; + var x507: u1 = undefined; + fiatP384AddcarryxU32(&x506, &x507, x505, x475, x472); + var x508: u32 = undefined; + var x509: u1 = undefined; + fiatP384AddcarryxU32(&x508, &x509, 0x0, x448, x490); + var x510: u32 = undefined; + var x511: u1 = undefined; + fiatP384AddcarryxU32(&x510, &x511, x509, x450, x491); + var x512: u32 = undefined; + var x513: u1 = undefined; + fiatP384AddcarryxU32(&x512, &x513, x511, x452, @intCast(u32, 0x0)); + var x514: u32 = undefined; + var x515: u1 = undefined; + fiatP384AddcarryxU32(&x514, &x515, x513, x454, x488); + var x516: u32 = undefined; + var x517: u1 = undefined; + fiatP384AddcarryxU32(&x516, &x517, x515, x456, x492); + var x518: u32 = undefined; + var x519: u1 = undefined; + fiatP384AddcarryxU32(&x518, &x519, x517, x458, x494); + var x520: u32 = undefined; + var x521: u1 = undefined; + fiatP384AddcarryxU32(&x520, &x521, x519, x460, x496); + var x522: u32 = undefined; + var x523: u1 = undefined; + fiatP384AddcarryxU32(&x522, &x523, x521, x462, x498); + var x524: u32 = undefined; + var x525: u1 = undefined; + fiatP384AddcarryxU32(&x524, &x525, x523, x464, x500); + var x526: u32 = undefined; + var x527: u1 = undefined; + fiatP384AddcarryxU32(&x526, &x527, x525, x466, x502); + var x528: u32 = undefined; + var x529: u1 = undefined; + fiatP384AddcarryxU32(&x528, &x529, x527, x468, x504); + var x530: u32 = undefined; + var x531: u1 = undefined; + fiatP384AddcarryxU32(&x530, &x531, x529, x470, x506); + var x532: u32 = undefined; + var x533: u1 = undefined; + fiatP384AddcarryxU32(&x532, &x533, x531, (@intCast(u32, x471) + @intCast(u32, x447)), (@intCast(u32, x507) + x473)); + var x534: u32 = undefined; + var x535: u1 = undefined; + fiatP384AddcarryxU32(&x534, &x535, 0x0, x510, (arg1[7])); + var x536: u32 = undefined; + var x537: u1 = undefined; + fiatP384AddcarryxU32(&x536, &x537, x535, x512, @intCast(u32, 0x0)); + var x538: u32 = undefined; + var x539: u1 = undefined; + fiatP384AddcarryxU32(&x538, &x539, x537, x514, @intCast(u32, 0x0)); + var x540: u32 = undefined; + var x541: u1 = undefined; + fiatP384AddcarryxU32(&x540, &x541, x539, x516, @intCast(u32, 0x0)); + var x542: u32 = undefined; + var x543: u1 = undefined; + fiatP384AddcarryxU32(&x542, &x543, x541, x518, @intCast(u32, 0x0)); + var x544: u32 = undefined; + var x545: u1 = undefined; + fiatP384AddcarryxU32(&x544, &x545, x543, x520, @intCast(u32, 0x0)); + var x546: u32 = undefined; + var x547: u1 = undefined; + fiatP384AddcarryxU32(&x546, &x547, x545, x522, @intCast(u32, 0x0)); + var x548: u32 = undefined; + var x549: u1 = undefined; + fiatP384AddcarryxU32(&x548, &x549, x547, x524, @intCast(u32, 0x0)); + var x550: u32 = undefined; + var x551: u1 = undefined; + fiatP384AddcarryxU32(&x550, &x551, x549, x526, @intCast(u32, 0x0)); + var x552: u32 = undefined; + var x553: u1 = undefined; + fiatP384AddcarryxU32(&x552, &x553, x551, x528, @intCast(u32, 0x0)); + var x554: u32 = undefined; + var x555: u1 = undefined; + fiatP384AddcarryxU32(&x554, &x555, x553, x530, @intCast(u32, 0x0)); + var x556: u32 = undefined; + var x557: u1 = undefined; + fiatP384AddcarryxU32(&x556, &x557, x555, x532, @intCast(u32, 0x0)); + var x558: u32 = undefined; + var x559: u32 = undefined; + fiatP384MulxU32(&x558, &x559, x534, 0xffffffff); + var x560: u32 = undefined; + var x561: u32 = undefined; + fiatP384MulxU32(&x560, &x561, x534, 0xffffffff); + var x562: u32 = undefined; + var x563: u32 = undefined; + fiatP384MulxU32(&x562, &x563, x534, 0xffffffff); + var x564: u32 = undefined; + var x565: u32 = undefined; + fiatP384MulxU32(&x564, &x565, x534, 0xffffffff); + var x566: u32 = undefined; + var x567: u32 = undefined; + fiatP384MulxU32(&x566, &x567, x534, 0xffffffff); + var x568: u32 = undefined; + var x569: u32 = undefined; + fiatP384MulxU32(&x568, &x569, x534, 0xffffffff); + var x570: u32 = undefined; + var x571: u32 = undefined; + fiatP384MulxU32(&x570, &x571, x534, 0xffffffff); + var x572: u32 = undefined; + var x573: u32 = undefined; + fiatP384MulxU32(&x572, &x573, x534, 0xfffffffe); + var x574: u32 = undefined; + var x575: u32 = undefined; + fiatP384MulxU32(&x574, &x575, x534, 0xffffffff); + var x576: u32 = undefined; + var x577: u32 = undefined; + fiatP384MulxU32(&x576, &x577, x534, 0xffffffff); + var x578: u32 = undefined; + var x579: u1 = undefined; + fiatP384AddcarryxU32(&x578, &x579, 0x0, x575, x572); + var x580: u32 = undefined; + var x581: u1 = undefined; + fiatP384AddcarryxU32(&x580, &x581, x579, x573, x570); + var x582: u32 = undefined; + var x583: u1 = undefined; + fiatP384AddcarryxU32(&x582, &x583, x581, x571, x568); + var x584: u32 = undefined; + var x585: u1 = undefined; + fiatP384AddcarryxU32(&x584, &x585, x583, x569, x566); + var x586: u32 = undefined; + var x587: u1 = undefined; + fiatP384AddcarryxU32(&x586, &x587, x585, x567, x564); + var x588: u32 = undefined; + var x589: u1 = undefined; + fiatP384AddcarryxU32(&x588, &x589, x587, x565, x562); + var x590: u32 = undefined; + var x591: u1 = undefined; + fiatP384AddcarryxU32(&x590, &x591, x589, x563, x560); + var x592: u32 = undefined; + var x593: u1 = undefined; + fiatP384AddcarryxU32(&x592, &x593, x591, x561, x558); + var x594: u32 = undefined; + var x595: u1 = undefined; + fiatP384AddcarryxU32(&x594, &x595, 0x0, x534, x576); + var x596: u32 = undefined; + var x597: u1 = undefined; + fiatP384AddcarryxU32(&x596, &x597, x595, x536, x577); + var x598: u32 = undefined; + var x599: u1 = undefined; + fiatP384AddcarryxU32(&x598, &x599, x597, x538, @intCast(u32, 0x0)); + var x600: u32 = undefined; + var x601: u1 = undefined; + fiatP384AddcarryxU32(&x600, &x601, x599, x540, x574); + var x602: u32 = undefined; + var x603: u1 = undefined; + fiatP384AddcarryxU32(&x602, &x603, x601, x542, x578); + var x604: u32 = undefined; + var x605: u1 = undefined; + fiatP384AddcarryxU32(&x604, &x605, x603, x544, x580); + var x606: u32 = undefined; + var x607: u1 = undefined; + fiatP384AddcarryxU32(&x606, &x607, x605, x546, x582); + var x608: u32 = undefined; + var x609: u1 = undefined; + fiatP384AddcarryxU32(&x608, &x609, x607, x548, x584); + var x610: u32 = undefined; + var x611: u1 = undefined; + fiatP384AddcarryxU32(&x610, &x611, x609, x550, x586); + var x612: u32 = undefined; + var x613: u1 = undefined; + fiatP384AddcarryxU32(&x612, &x613, x611, x552, x588); + var x614: u32 = undefined; + var x615: u1 = undefined; + fiatP384AddcarryxU32(&x614, &x615, x613, x554, x590); + var x616: u32 = undefined; + var x617: u1 = undefined; + fiatP384AddcarryxU32(&x616, &x617, x615, x556, x592); + var x618: u32 = undefined; + var x619: u1 = undefined; + fiatP384AddcarryxU32(&x618, &x619, x617, (@intCast(u32, x557) + @intCast(u32, x533)), (@intCast(u32, x593) + x559)); + var x620: u32 = undefined; + var x621: u1 = undefined; + fiatP384AddcarryxU32(&x620, &x621, 0x0, x596, (arg1[8])); + var x622: u32 = undefined; + var x623: u1 = undefined; + fiatP384AddcarryxU32(&x622, &x623, x621, x598, @intCast(u32, 0x0)); + var x624: u32 = undefined; + var x625: u1 = undefined; + fiatP384AddcarryxU32(&x624, &x625, x623, x600, @intCast(u32, 0x0)); + var x626: u32 = undefined; + var x627: u1 = undefined; + fiatP384AddcarryxU32(&x626, &x627, x625, x602, @intCast(u32, 0x0)); + var x628: u32 = undefined; + var x629: u1 = undefined; + fiatP384AddcarryxU32(&x628, &x629, x627, x604, @intCast(u32, 0x0)); + var x630: u32 = undefined; + var x631: u1 = undefined; + fiatP384AddcarryxU32(&x630, &x631, x629, x606, @intCast(u32, 0x0)); + var x632: u32 = undefined; + var x633: u1 = undefined; + fiatP384AddcarryxU32(&x632, &x633, x631, x608, @intCast(u32, 0x0)); + var x634: u32 = undefined; + var x635: u1 = undefined; + fiatP384AddcarryxU32(&x634, &x635, x633, x610, @intCast(u32, 0x0)); + var x636: u32 = undefined; + var x637: u1 = undefined; + fiatP384AddcarryxU32(&x636, &x637, x635, x612, @intCast(u32, 0x0)); + var x638: u32 = undefined; + var x639: u1 = undefined; + fiatP384AddcarryxU32(&x638, &x639, x637, x614, @intCast(u32, 0x0)); + var x640: u32 = undefined; + var x641: u1 = undefined; + fiatP384AddcarryxU32(&x640, &x641, x639, x616, @intCast(u32, 0x0)); + var x642: u32 = undefined; + var x643: u1 = undefined; + fiatP384AddcarryxU32(&x642, &x643, x641, x618, @intCast(u32, 0x0)); + var x644: u32 = undefined; + var x645: u32 = undefined; + fiatP384MulxU32(&x644, &x645, x620, 0xffffffff); + var x646: u32 = undefined; + var x647: u32 = undefined; + fiatP384MulxU32(&x646, &x647, x620, 0xffffffff); + var x648: u32 = undefined; + var x649: u32 = undefined; + fiatP384MulxU32(&x648, &x649, x620, 0xffffffff); + var x650: u32 = undefined; + var x651: u32 = undefined; + fiatP384MulxU32(&x650, &x651, x620, 0xffffffff); + var x652: u32 = undefined; + var x653: u32 = undefined; + fiatP384MulxU32(&x652, &x653, x620, 0xffffffff); + var x654: u32 = undefined; + var x655: u32 = undefined; + fiatP384MulxU32(&x654, &x655, x620, 0xffffffff); + var x656: u32 = undefined; + var x657: u32 = undefined; + fiatP384MulxU32(&x656, &x657, x620, 0xffffffff); + var x658: u32 = undefined; + var x659: u32 = undefined; + fiatP384MulxU32(&x658, &x659, x620, 0xfffffffe); + var x660: u32 = undefined; + var x661: u32 = undefined; + fiatP384MulxU32(&x660, &x661, x620, 0xffffffff); + var x662: u32 = undefined; + var x663: u32 = undefined; + fiatP384MulxU32(&x662, &x663, x620, 0xffffffff); + var x664: u32 = undefined; + var x665: u1 = undefined; + fiatP384AddcarryxU32(&x664, &x665, 0x0, x661, x658); + var x666: u32 = undefined; + var x667: u1 = undefined; + fiatP384AddcarryxU32(&x666, &x667, x665, x659, x656); + var x668: u32 = undefined; + var x669: u1 = undefined; + fiatP384AddcarryxU32(&x668, &x669, x667, x657, x654); + var x670: u32 = undefined; + var x671: u1 = undefined; + fiatP384AddcarryxU32(&x670, &x671, x669, x655, x652); + var x672: u32 = undefined; + var x673: u1 = undefined; + fiatP384AddcarryxU32(&x672, &x673, x671, x653, x650); + var x674: u32 = undefined; + var x675: u1 = undefined; + fiatP384AddcarryxU32(&x674, &x675, x673, x651, x648); + var x676: u32 = undefined; + var x677: u1 = undefined; + fiatP384AddcarryxU32(&x676, &x677, x675, x649, x646); + var x678: u32 = undefined; + var x679: u1 = undefined; + fiatP384AddcarryxU32(&x678, &x679, x677, x647, x644); + var x680: u32 = undefined; + var x681: u1 = undefined; + fiatP384AddcarryxU32(&x680, &x681, 0x0, x620, x662); + var x682: u32 = undefined; + var x683: u1 = undefined; + fiatP384AddcarryxU32(&x682, &x683, x681, x622, x663); + var x684: u32 = undefined; + var x685: u1 = undefined; + fiatP384AddcarryxU32(&x684, &x685, x683, x624, @intCast(u32, 0x0)); + var x686: u32 = undefined; + var x687: u1 = undefined; + fiatP384AddcarryxU32(&x686, &x687, x685, x626, x660); + var x688: u32 = undefined; + var x689: u1 = undefined; + fiatP384AddcarryxU32(&x688, &x689, x687, x628, x664); + var x690: u32 = undefined; + var x691: u1 = undefined; + fiatP384AddcarryxU32(&x690, &x691, x689, x630, x666); + var x692: u32 = undefined; + var x693: u1 = undefined; + fiatP384AddcarryxU32(&x692, &x693, x691, x632, x668); + var x694: u32 = undefined; + var x695: u1 = undefined; + fiatP384AddcarryxU32(&x694, &x695, x693, x634, x670); + var x696: u32 = undefined; + var x697: u1 = undefined; + fiatP384AddcarryxU32(&x696, &x697, x695, x636, x672); + var x698: u32 = undefined; + var x699: u1 = undefined; + fiatP384AddcarryxU32(&x698, &x699, x697, x638, x674); + var x700: u32 = undefined; + var x701: u1 = undefined; + fiatP384AddcarryxU32(&x700, &x701, x699, x640, x676); + var x702: u32 = undefined; + var x703: u1 = undefined; + fiatP384AddcarryxU32(&x702, &x703, x701, x642, x678); + var x704: u32 = undefined; + var x705: u1 = undefined; + fiatP384AddcarryxU32(&x704, &x705, x703, (@intCast(u32, x643) + @intCast(u32, x619)), (@intCast(u32, x679) + x645)); + var x706: u32 = undefined; + var x707: u1 = undefined; + fiatP384AddcarryxU32(&x706, &x707, 0x0, x682, (arg1[9])); + var x708: u32 = undefined; + var x709: u1 = undefined; + fiatP384AddcarryxU32(&x708, &x709, x707, x684, @intCast(u32, 0x0)); + var x710: u32 = undefined; + var x711: u1 = undefined; + fiatP384AddcarryxU32(&x710, &x711, x709, x686, @intCast(u32, 0x0)); + var x712: u32 = undefined; + var x713: u1 = undefined; + fiatP384AddcarryxU32(&x712, &x713, x711, x688, @intCast(u32, 0x0)); + var x714: u32 = undefined; + var x715: u1 = undefined; + fiatP384AddcarryxU32(&x714, &x715, x713, x690, @intCast(u32, 0x0)); + var x716: u32 = undefined; + var x717: u1 = undefined; + fiatP384AddcarryxU32(&x716, &x717, x715, x692, @intCast(u32, 0x0)); + var x718: u32 = undefined; + var x719: u1 = undefined; + fiatP384AddcarryxU32(&x718, &x719, x717, x694, @intCast(u32, 0x0)); + var x720: u32 = undefined; + var x721: u1 = undefined; + fiatP384AddcarryxU32(&x720, &x721, x719, x696, @intCast(u32, 0x0)); + var x722: u32 = undefined; + var x723: u1 = undefined; + fiatP384AddcarryxU32(&x722, &x723, x721, x698, @intCast(u32, 0x0)); + var x724: u32 = undefined; + var x725: u1 = undefined; + fiatP384AddcarryxU32(&x724, &x725, x723, x700, @intCast(u32, 0x0)); + var x726: u32 = undefined; + var x727: u1 = undefined; + fiatP384AddcarryxU32(&x726, &x727, x725, x702, @intCast(u32, 0x0)); + var x728: u32 = undefined; + var x729: u1 = undefined; + fiatP384AddcarryxU32(&x728, &x729, x727, x704, @intCast(u32, 0x0)); + var x730: u32 = undefined; + var x731: u32 = undefined; + fiatP384MulxU32(&x730, &x731, x706, 0xffffffff); + var x732: u32 = undefined; + var x733: u32 = undefined; + fiatP384MulxU32(&x732, &x733, x706, 0xffffffff); + var x734: u32 = undefined; + var x735: u32 = undefined; + fiatP384MulxU32(&x734, &x735, x706, 0xffffffff); + var x736: u32 = undefined; + var x737: u32 = undefined; + fiatP384MulxU32(&x736, &x737, x706, 0xffffffff); + var x738: u32 = undefined; + var x739: u32 = undefined; + fiatP384MulxU32(&x738, &x739, x706, 0xffffffff); + var x740: u32 = undefined; + var x741: u32 = undefined; + fiatP384MulxU32(&x740, &x741, x706, 0xffffffff); + var x742: u32 = undefined; + var x743: u32 = undefined; + fiatP384MulxU32(&x742, &x743, x706, 0xffffffff); + var x744: u32 = undefined; + var x745: u32 = undefined; + fiatP384MulxU32(&x744, &x745, x706, 0xfffffffe); + var x746: u32 = undefined; + var x747: u32 = undefined; + fiatP384MulxU32(&x746, &x747, x706, 0xffffffff); + var x748: u32 = undefined; + var x749: u32 = undefined; + fiatP384MulxU32(&x748, &x749, x706, 0xffffffff); + var x750: u32 = undefined; + var x751: u1 = undefined; + fiatP384AddcarryxU32(&x750, &x751, 0x0, x747, x744); + var x752: u32 = undefined; + var x753: u1 = undefined; + fiatP384AddcarryxU32(&x752, &x753, x751, x745, x742); + var x754: u32 = undefined; + var x755: u1 = undefined; + fiatP384AddcarryxU32(&x754, &x755, x753, x743, x740); + var x756: u32 = undefined; + var x757: u1 = undefined; + fiatP384AddcarryxU32(&x756, &x757, x755, x741, x738); + var x758: u32 = undefined; + var x759: u1 = undefined; + fiatP384AddcarryxU32(&x758, &x759, x757, x739, x736); + var x760: u32 = undefined; + var x761: u1 = undefined; + fiatP384AddcarryxU32(&x760, &x761, x759, x737, x734); + var x762: u32 = undefined; + var x763: u1 = undefined; + fiatP384AddcarryxU32(&x762, &x763, x761, x735, x732); + var x764: u32 = undefined; + var x765: u1 = undefined; + fiatP384AddcarryxU32(&x764, &x765, x763, x733, x730); + var x766: u32 = undefined; + var x767: u1 = undefined; + fiatP384AddcarryxU32(&x766, &x767, 0x0, x706, x748); + var x768: u32 = undefined; + var x769: u1 = undefined; + fiatP384AddcarryxU32(&x768, &x769, x767, x708, x749); + var x770: u32 = undefined; + var x771: u1 = undefined; + fiatP384AddcarryxU32(&x770, &x771, x769, x710, @intCast(u32, 0x0)); + var x772: u32 = undefined; + var x773: u1 = undefined; + fiatP384AddcarryxU32(&x772, &x773, x771, x712, x746); + var x774: u32 = undefined; + var x775: u1 = undefined; + fiatP384AddcarryxU32(&x774, &x775, x773, x714, x750); + var x776: u32 = undefined; + var x777: u1 = undefined; + fiatP384AddcarryxU32(&x776, &x777, x775, x716, x752); + var x778: u32 = undefined; + var x779: u1 = undefined; + fiatP384AddcarryxU32(&x778, &x779, x777, x718, x754); + var x780: u32 = undefined; + var x781: u1 = undefined; + fiatP384AddcarryxU32(&x780, &x781, x779, x720, x756); + var x782: u32 = undefined; + var x783: u1 = undefined; + fiatP384AddcarryxU32(&x782, &x783, x781, x722, x758); + var x784: u32 = undefined; + var x785: u1 = undefined; + fiatP384AddcarryxU32(&x784, &x785, x783, x724, x760); + var x786: u32 = undefined; + var x787: u1 = undefined; + fiatP384AddcarryxU32(&x786, &x787, x785, x726, x762); + var x788: u32 = undefined; + var x789: u1 = undefined; + fiatP384AddcarryxU32(&x788, &x789, x787, x728, x764); + var x790: u32 = undefined; + var x791: u1 = undefined; + fiatP384AddcarryxU32(&x790, &x791, x789, (@intCast(u32, x729) + @intCast(u32, x705)), (@intCast(u32, x765) + x731)); + var x792: u32 = undefined; + var x793: u1 = undefined; + fiatP384AddcarryxU32(&x792, &x793, 0x0, x768, (arg1[10])); + var x794: u32 = undefined; + var x795: u1 = undefined; + fiatP384AddcarryxU32(&x794, &x795, x793, x770, @intCast(u32, 0x0)); + var x796: u32 = undefined; + var x797: u1 = undefined; + fiatP384AddcarryxU32(&x796, &x797, x795, x772, @intCast(u32, 0x0)); + var x798: u32 = undefined; + var x799: u1 = undefined; + fiatP384AddcarryxU32(&x798, &x799, x797, x774, @intCast(u32, 0x0)); + var x800: u32 = undefined; + var x801: u1 = undefined; + fiatP384AddcarryxU32(&x800, &x801, x799, x776, @intCast(u32, 0x0)); + var x802: u32 = undefined; + var x803: u1 = undefined; + fiatP384AddcarryxU32(&x802, &x803, x801, x778, @intCast(u32, 0x0)); + var x804: u32 = undefined; + var x805: u1 = undefined; + fiatP384AddcarryxU32(&x804, &x805, x803, x780, @intCast(u32, 0x0)); + var x806: u32 = undefined; + var x807: u1 = undefined; + fiatP384AddcarryxU32(&x806, &x807, x805, x782, @intCast(u32, 0x0)); + var x808: u32 = undefined; + var x809: u1 = undefined; + fiatP384AddcarryxU32(&x808, &x809, x807, x784, @intCast(u32, 0x0)); + var x810: u32 = undefined; + var x811: u1 = undefined; + fiatP384AddcarryxU32(&x810, &x811, x809, x786, @intCast(u32, 0x0)); + var x812: u32 = undefined; + var x813: u1 = undefined; + fiatP384AddcarryxU32(&x812, &x813, x811, x788, @intCast(u32, 0x0)); + var x814: u32 = undefined; + var x815: u1 = undefined; + fiatP384AddcarryxU32(&x814, &x815, x813, x790, @intCast(u32, 0x0)); + var x816: u32 = undefined; + var x817: u32 = undefined; + fiatP384MulxU32(&x816, &x817, x792, 0xffffffff); + var x818: u32 = undefined; + var x819: u32 = undefined; + fiatP384MulxU32(&x818, &x819, x792, 0xffffffff); + var x820: u32 = undefined; + var x821: u32 = undefined; + fiatP384MulxU32(&x820, &x821, x792, 0xffffffff); + var x822: u32 = undefined; + var x823: u32 = undefined; + fiatP384MulxU32(&x822, &x823, x792, 0xffffffff); + var x824: u32 = undefined; + var x825: u32 = undefined; + fiatP384MulxU32(&x824, &x825, x792, 0xffffffff); + var x826: u32 = undefined; + var x827: u32 = undefined; + fiatP384MulxU32(&x826, &x827, x792, 0xffffffff); + var x828: u32 = undefined; + var x829: u32 = undefined; + fiatP384MulxU32(&x828, &x829, x792, 0xffffffff); + var x830: u32 = undefined; + var x831: u32 = undefined; + fiatP384MulxU32(&x830, &x831, x792, 0xfffffffe); + var x832: u32 = undefined; + var x833: u32 = undefined; + fiatP384MulxU32(&x832, &x833, x792, 0xffffffff); + var x834: u32 = undefined; + var x835: u32 = undefined; + fiatP384MulxU32(&x834, &x835, x792, 0xffffffff); + var x836: u32 = undefined; + var x837: u1 = undefined; + fiatP384AddcarryxU32(&x836, &x837, 0x0, x833, x830); + var x838: u32 = undefined; + var x839: u1 = undefined; + fiatP384AddcarryxU32(&x838, &x839, x837, x831, x828); + var x840: u32 = undefined; + var x841: u1 = undefined; + fiatP384AddcarryxU32(&x840, &x841, x839, x829, x826); + var x842: u32 = undefined; + var x843: u1 = undefined; + fiatP384AddcarryxU32(&x842, &x843, x841, x827, x824); + var x844: u32 = undefined; + var x845: u1 = undefined; + fiatP384AddcarryxU32(&x844, &x845, x843, x825, x822); + var x846: u32 = undefined; + var x847: u1 = undefined; + fiatP384AddcarryxU32(&x846, &x847, x845, x823, x820); + var x848: u32 = undefined; + var x849: u1 = undefined; + fiatP384AddcarryxU32(&x848, &x849, x847, x821, x818); + var x850: u32 = undefined; + var x851: u1 = undefined; + fiatP384AddcarryxU32(&x850, &x851, x849, x819, x816); + var x852: u32 = undefined; + var x853: u1 = undefined; + fiatP384AddcarryxU32(&x852, &x853, 0x0, x792, x834); + var x854: u32 = undefined; + var x855: u1 = undefined; + fiatP384AddcarryxU32(&x854, &x855, x853, x794, x835); + var x856: u32 = undefined; + var x857: u1 = undefined; + fiatP384AddcarryxU32(&x856, &x857, x855, x796, @intCast(u32, 0x0)); + var x858: u32 = undefined; + var x859: u1 = undefined; + fiatP384AddcarryxU32(&x858, &x859, x857, x798, x832); + var x860: u32 = undefined; + var x861: u1 = undefined; + fiatP384AddcarryxU32(&x860, &x861, x859, x800, x836); + var x862: u32 = undefined; + var x863: u1 = undefined; + fiatP384AddcarryxU32(&x862, &x863, x861, x802, x838); + var x864: u32 = undefined; + var x865: u1 = undefined; + fiatP384AddcarryxU32(&x864, &x865, x863, x804, x840); + var x866: u32 = undefined; + var x867: u1 = undefined; + fiatP384AddcarryxU32(&x866, &x867, x865, x806, x842); + var x868: u32 = undefined; + var x869: u1 = undefined; + fiatP384AddcarryxU32(&x868, &x869, x867, x808, x844); + var x870: u32 = undefined; + var x871: u1 = undefined; + fiatP384AddcarryxU32(&x870, &x871, x869, x810, x846); + var x872: u32 = undefined; + var x873: u1 = undefined; + fiatP384AddcarryxU32(&x872, &x873, x871, x812, x848); + var x874: u32 = undefined; + var x875: u1 = undefined; + fiatP384AddcarryxU32(&x874, &x875, x873, x814, x850); + var x876: u32 = undefined; + var x877: u1 = undefined; + fiatP384AddcarryxU32(&x876, &x877, x875, (@intCast(u32, x815) + @intCast(u32, x791)), (@intCast(u32, x851) + x817)); + var x878: u32 = undefined; + var x879: u1 = undefined; + fiatP384AddcarryxU32(&x878, &x879, 0x0, x854, (arg1[11])); + var x880: u32 = undefined; + var x881: u1 = undefined; + fiatP384AddcarryxU32(&x880, &x881, x879, x856, @intCast(u32, 0x0)); + var x882: u32 = undefined; + var x883: u1 = undefined; + fiatP384AddcarryxU32(&x882, &x883, x881, x858, @intCast(u32, 0x0)); + var x884: u32 = undefined; + var x885: u1 = undefined; + fiatP384AddcarryxU32(&x884, &x885, x883, x860, @intCast(u32, 0x0)); + var x886: u32 = undefined; + var x887: u1 = undefined; + fiatP384AddcarryxU32(&x886, &x887, x885, x862, @intCast(u32, 0x0)); + var x888: u32 = undefined; + var x889: u1 = undefined; + fiatP384AddcarryxU32(&x888, &x889, x887, x864, @intCast(u32, 0x0)); + var x890: u32 = undefined; + var x891: u1 = undefined; + fiatP384AddcarryxU32(&x890, &x891, x889, x866, @intCast(u32, 0x0)); + var x892: u32 = undefined; + var x893: u1 = undefined; + fiatP384AddcarryxU32(&x892, &x893, x891, x868, @intCast(u32, 0x0)); + var x894: u32 = undefined; + var x895: u1 = undefined; + fiatP384AddcarryxU32(&x894, &x895, x893, x870, @intCast(u32, 0x0)); + var x896: u32 = undefined; + var x897: u1 = undefined; + fiatP384AddcarryxU32(&x896, &x897, x895, x872, @intCast(u32, 0x0)); + var x898: u32 = undefined; + var x899: u1 = undefined; + fiatP384AddcarryxU32(&x898, &x899, x897, x874, @intCast(u32, 0x0)); + var x900: u32 = undefined; + var x901: u1 = undefined; + fiatP384AddcarryxU32(&x900, &x901, x899, x876, @intCast(u32, 0x0)); + var x902: u32 = undefined; + var x903: u32 = undefined; + fiatP384MulxU32(&x902, &x903, x878, 0xffffffff); + var x904: u32 = undefined; + var x905: u32 = undefined; + fiatP384MulxU32(&x904, &x905, x878, 0xffffffff); + var x906: u32 = undefined; + var x907: u32 = undefined; + fiatP384MulxU32(&x906, &x907, x878, 0xffffffff); + var x908: u32 = undefined; + var x909: u32 = undefined; + fiatP384MulxU32(&x908, &x909, x878, 0xffffffff); + var x910: u32 = undefined; + var x911: u32 = undefined; + fiatP384MulxU32(&x910, &x911, x878, 0xffffffff); + var x912: u32 = undefined; + var x913: u32 = undefined; + fiatP384MulxU32(&x912, &x913, x878, 0xffffffff); + var x914: u32 = undefined; + var x915: u32 = undefined; + fiatP384MulxU32(&x914, &x915, x878, 0xffffffff); + var x916: u32 = undefined; + var x917: u32 = undefined; + fiatP384MulxU32(&x916, &x917, x878, 0xfffffffe); + var x918: u32 = undefined; + var x919: u32 = undefined; + fiatP384MulxU32(&x918, &x919, x878, 0xffffffff); + var x920: u32 = undefined; + var x921: u32 = undefined; + fiatP384MulxU32(&x920, &x921, x878, 0xffffffff); + var x922: u32 = undefined; + var x923: u1 = undefined; + fiatP384AddcarryxU32(&x922, &x923, 0x0, x919, x916); + var x924: u32 = undefined; + var x925: u1 = undefined; + fiatP384AddcarryxU32(&x924, &x925, x923, x917, x914); + var x926: u32 = undefined; + var x927: u1 = undefined; + fiatP384AddcarryxU32(&x926, &x927, x925, x915, x912); + var x928: u32 = undefined; + var x929: u1 = undefined; + fiatP384AddcarryxU32(&x928, &x929, x927, x913, x910); + var x930: u32 = undefined; + var x931: u1 = undefined; + fiatP384AddcarryxU32(&x930, &x931, x929, x911, x908); + var x932: u32 = undefined; + var x933: u1 = undefined; + fiatP384AddcarryxU32(&x932, &x933, x931, x909, x906); + var x934: u32 = undefined; + var x935: u1 = undefined; + fiatP384AddcarryxU32(&x934, &x935, x933, x907, x904); + var x936: u32 = undefined; + var x937: u1 = undefined; + fiatP384AddcarryxU32(&x936, &x937, x935, x905, x902); + var x938: u32 = undefined; + var x939: u1 = undefined; + fiatP384AddcarryxU32(&x938, &x939, 0x0, x878, x920); + var x940: u32 = undefined; + var x941: u1 = undefined; + fiatP384AddcarryxU32(&x940, &x941, x939, x880, x921); + var x942: u32 = undefined; + var x943: u1 = undefined; + fiatP384AddcarryxU32(&x942, &x943, x941, x882, @intCast(u32, 0x0)); + var x944: u32 = undefined; + var x945: u1 = undefined; + fiatP384AddcarryxU32(&x944, &x945, x943, x884, x918); + var x946: u32 = undefined; + var x947: u1 = undefined; + fiatP384AddcarryxU32(&x946, &x947, x945, x886, x922); + var x948: u32 = undefined; + var x949: u1 = undefined; + fiatP384AddcarryxU32(&x948, &x949, x947, x888, x924); + var x950: u32 = undefined; + var x951: u1 = undefined; + fiatP384AddcarryxU32(&x950, &x951, x949, x890, x926); + var x952: u32 = undefined; + var x953: u1 = undefined; + fiatP384AddcarryxU32(&x952, &x953, x951, x892, x928); + var x954: u32 = undefined; + var x955: u1 = undefined; + fiatP384AddcarryxU32(&x954, &x955, x953, x894, x930); + var x956: u32 = undefined; + var x957: u1 = undefined; + fiatP384AddcarryxU32(&x956, &x957, x955, x896, x932); + var x958: u32 = undefined; + var x959: u1 = undefined; + fiatP384AddcarryxU32(&x958, &x959, x957, x898, x934); + var x960: u32 = undefined; + var x961: u1 = undefined; + fiatP384AddcarryxU32(&x960, &x961, x959, x900, x936); + var x962: u32 = undefined; + var x963: u1 = undefined; + fiatP384AddcarryxU32(&x962, &x963, x961, (@intCast(u32, x901) + @intCast(u32, x877)), (@intCast(u32, x937) + x903)); + var x964: u32 = undefined; + var x965: u1 = undefined; + fiatP384SubborrowxU32(&x964, &x965, 0x0, x940, 0xffffffff); + var x966: u32 = undefined; + var x967: u1 = undefined; + fiatP384SubborrowxU32(&x966, &x967, x965, x942, @intCast(u32, 0x0)); + var x968: u32 = undefined; + var x969: u1 = undefined; + fiatP384SubborrowxU32(&x968, &x969, x967, x944, @intCast(u32, 0x0)); + var x970: u32 = undefined; + var x971: u1 = undefined; + fiatP384SubborrowxU32(&x970, &x971, x969, x946, 0xffffffff); + var x972: u32 = undefined; + var x973: u1 = undefined; + fiatP384SubborrowxU32(&x972, &x973, x971, x948, 0xfffffffe); + var x974: u32 = undefined; + var x975: u1 = undefined; + fiatP384SubborrowxU32(&x974, &x975, x973, x950, 0xffffffff); + var x976: u32 = undefined; + var x977: u1 = undefined; + fiatP384SubborrowxU32(&x976, &x977, x975, x952, 0xffffffff); + var x978: u32 = undefined; + var x979: u1 = undefined; + fiatP384SubborrowxU32(&x978, &x979, x977, x954, 0xffffffff); + var x980: u32 = undefined; + var x981: u1 = undefined; + fiatP384SubborrowxU32(&x980, &x981, x979, x956, 0xffffffff); + var x982: u32 = undefined; + var x983: u1 = undefined; + fiatP384SubborrowxU32(&x982, &x983, x981, x958, 0xffffffff); + var x984: u32 = undefined; + var x985: u1 = undefined; + fiatP384SubborrowxU32(&x984, &x985, x983, x960, 0xffffffff); + var x986: u32 = undefined; + var x987: u1 = undefined; + fiatP384SubborrowxU32(&x986, &x987, x985, x962, 0xffffffff); + var x988: u32 = undefined; + var x989: u1 = undefined; + fiatP384SubborrowxU32(&x988, &x989, x987, @intCast(u32, x963), @intCast(u32, 0x0)); + var x990: u32 = undefined; + fiatP384CmovznzU32(&x990, x989, x964, x940); + var x991: u32 = undefined; + fiatP384CmovznzU32(&x991, x989, x966, x942); + var x992: u32 = undefined; + fiatP384CmovznzU32(&x992, x989, x968, x944); + var x993: u32 = undefined; + fiatP384CmovznzU32(&x993, x989, x970, x946); + var x994: u32 = undefined; + fiatP384CmovznzU32(&x994, x989, x972, x948); + var x995: u32 = undefined; + fiatP384CmovznzU32(&x995, x989, x974, x950); + var x996: u32 = undefined; + fiatP384CmovznzU32(&x996, x989, x976, x952); + var x997: u32 = undefined; + fiatP384CmovznzU32(&x997, x989, x978, x954); + var x998: u32 = undefined; + fiatP384CmovznzU32(&x998, x989, x980, x956); + var x999: u32 = undefined; + fiatP384CmovznzU32(&x999, x989, x982, x958); + var x1000: u32 = undefined; + fiatP384CmovznzU32(&x1000, x989, x984, x960); + var x1001: u32 = undefined; + fiatP384CmovznzU32(&x1001, x989, x986, x962); + out1[0] = x990; + out1[1] = x991; + out1[2] = x992; + out1[3] = x993; + out1[4] = x994; + out1[5] = x995; + out1[6] = x996; + out1[7] = x997; + out1[8] = x998; + out1[9] = x999; + out1[10] = x1000; + out1[11] = x1001; +} + +/// The function fiatP384ToMontgomery translates a field element into the Montgomery domain. +/// Preconditions: +/// 0 ≤ eval arg1 < m +/// Postconditions: +/// eval (from_montgomery out1) mod m = eval arg1 mod m +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +pub fn fiatP384ToMontgomery(out1: *[12]u32, arg1: [12]u32) void { + const x1: u32 = (arg1[1]); + const x2: u32 = (arg1[2]); + const x3: u32 = (arg1[3]); + const x4: u32 = (arg1[4]); + const x5: u32 = (arg1[5]); + const x6: u32 = (arg1[6]); + const x7: u32 = (arg1[7]); + const x8: u32 = (arg1[8]); + const x9: u32 = (arg1[9]); + const x10: u32 = (arg1[10]); + const x11: u32 = (arg1[11]); + const x12: u32 = (arg1[0]); + var x13: u32 = undefined; + var x14: u32 = undefined; + fiatP384MulxU32(&x13, &x14, x12, 0x2); + var x15: u32 = undefined; + var x16: u32 = undefined; + fiatP384MulxU32(&x15, &x16, x12, 0xfffffffe); + var x17: u32 = undefined; + var x18: u32 = undefined; + fiatP384MulxU32(&x17, &x18, x12, 0x2); + var x19: u32 = undefined; + var x20: u32 = undefined; + fiatP384MulxU32(&x19, &x20, x12, 0xfffffffe); + var x21: u32 = undefined; + var x22: u1 = undefined; + fiatP384AddcarryxU32(&x21, &x22, 0x0, @intCast(u32, @intCast(u1, x14)), x12); + var x23: u32 = undefined; + var x24: u32 = undefined; + fiatP384MulxU32(&x23, &x24, x12, 0xffffffff); + var x25: u32 = undefined; + var x26: u32 = undefined; + fiatP384MulxU32(&x25, &x26, x12, 0xffffffff); + var x27: u32 = undefined; + var x28: u32 = undefined; + fiatP384MulxU32(&x27, &x28, x12, 0xffffffff); + var x29: u32 = undefined; + var x30: u32 = undefined; + fiatP384MulxU32(&x29, &x30, x12, 0xffffffff); + var x31: u32 = undefined; + var x32: u32 = undefined; + fiatP384MulxU32(&x31, &x32, x12, 0xffffffff); + var x33: u32 = undefined; + var x34: u32 = undefined; + fiatP384MulxU32(&x33, &x34, x12, 0xffffffff); + var x35: u32 = undefined; + var x36: u32 = undefined; + fiatP384MulxU32(&x35, &x36, x12, 0xffffffff); + var x37: u32 = undefined; + var x38: u32 = undefined; + fiatP384MulxU32(&x37, &x38, x12, 0xfffffffe); + var x39: u32 = undefined; + var x40: u32 = undefined; + fiatP384MulxU32(&x39, &x40, x12, 0xffffffff); + var x41: u32 = undefined; + var x42: u32 = undefined; + fiatP384MulxU32(&x41, &x42, x12, 0xffffffff); + var x43: u32 = undefined; + var x44: u1 = undefined; + fiatP384AddcarryxU32(&x43, &x44, 0x0, x40, x37); + var x45: u32 = undefined; + var x46: u1 = undefined; + fiatP384AddcarryxU32(&x45, &x46, x44, x38, x35); + var x47: u32 = undefined; + var x48: u1 = undefined; + fiatP384AddcarryxU32(&x47, &x48, x46, x36, x33); + var x49: u32 = undefined; + var x50: u1 = undefined; + fiatP384AddcarryxU32(&x49, &x50, x48, x34, x31); + var x51: u32 = undefined; + var x52: u1 = undefined; + fiatP384AddcarryxU32(&x51, &x52, x50, x32, x29); + var x53: u32 = undefined; + var x54: u1 = undefined; + fiatP384AddcarryxU32(&x53, &x54, x52, x30, x27); + var x55: u32 = undefined; + var x56: u1 = undefined; + fiatP384AddcarryxU32(&x55, &x56, x54, x28, x25); + var x57: u32 = undefined; + var x58: u1 = undefined; + fiatP384AddcarryxU32(&x57, &x58, x56, x26, x23); + var x59: u32 = undefined; + var x60: u1 = undefined; + fiatP384AddcarryxU32(&x59, &x60, 0x0, x12, x41); + var x61: u32 = undefined; + var x62: u1 = undefined; + fiatP384AddcarryxU32(&x61, &x62, x60, x19, x42); + var x63: u32 = undefined; + var x64: u1 = undefined; + fiatP384AddcarryxU32(&x63, &x64, 0x0, x17, x39); + var x65: u32 = undefined; + var x66: u1 = undefined; + fiatP384AddcarryxU32(&x65, &x66, x64, @intCast(u32, @intCast(u1, x18)), x43); + var x67: u32 = undefined; + var x68: u1 = undefined; + fiatP384AddcarryxU32(&x67, &x68, x66, x15, x45); + var x69: u32 = undefined; + var x70: u1 = undefined; + fiatP384AddcarryxU32(&x69, &x70, x68, x16, x47); + var x71: u32 = undefined; + var x72: u1 = undefined; + fiatP384AddcarryxU32(&x71, &x72, x70, x13, x49); + var x73: u32 = undefined; + var x74: u1 = undefined; + fiatP384AddcarryxU32(&x73, &x74, x72, x21, x51); + var x75: u32 = undefined; + var x76: u1 = undefined; + fiatP384AddcarryxU32(&x75, &x76, x74, @intCast(u32, x22), x53); + var x77: u32 = undefined; + var x78: u1 = undefined; + fiatP384AddcarryxU32(&x77, &x78, x76, @intCast(u32, 0x0), x55); + var x79: u32 = undefined; + var x80: u1 = undefined; + fiatP384AddcarryxU32(&x79, &x80, x78, @intCast(u32, 0x0), x57); + var x81: u32 = undefined; + var x82: u1 = undefined; + fiatP384AddcarryxU32(&x81, &x82, x80, @intCast(u32, 0x0), (@intCast(u32, x58) + x24)); + var x83: u32 = undefined; + var x84: u32 = undefined; + fiatP384MulxU32(&x83, &x84, x1, 0x2); + var x85: u32 = undefined; + var x86: u32 = undefined; + fiatP384MulxU32(&x85, &x86, x1, 0xfffffffe); + var x87: u32 = undefined; + var x88: u32 = undefined; + fiatP384MulxU32(&x87, &x88, x1, 0x2); + var x89: u32 = undefined; + var x90: u32 = undefined; + fiatP384MulxU32(&x89, &x90, x1, 0xfffffffe); + var x91: u32 = undefined; + var x92: u1 = undefined; + fiatP384AddcarryxU32(&x91, &x92, 0x0, @intCast(u32, @intCast(u1, x84)), x1); + var x93: u32 = undefined; + var x94: u1 = undefined; + fiatP384AddcarryxU32(&x93, &x94, 0x0, x61, x1); + var x95: u32 = undefined; + var x96: u1 = undefined; + fiatP384AddcarryxU32(&x95, &x96, x94, (@intCast(u32, x62) + x20), x89); + var x97: u32 = undefined; + var x98: u1 = undefined; + fiatP384AddcarryxU32(&x97, &x98, x96, x63, x90); + var x99: u32 = undefined; + var x100: u1 = undefined; + fiatP384AddcarryxU32(&x99, &x100, x98, x65, x87); + var x101: u32 = undefined; + var x102: u1 = undefined; + fiatP384AddcarryxU32(&x101, &x102, x100, x67, @intCast(u32, @intCast(u1, x88))); + var x103: u32 = undefined; + var x104: u1 = undefined; + fiatP384AddcarryxU32(&x103, &x104, x102, x69, x85); + var x105: u32 = undefined; + var x106: u1 = undefined; + fiatP384AddcarryxU32(&x105, &x106, x104, x71, x86); + var x107: u32 = undefined; + var x108: u1 = undefined; + fiatP384AddcarryxU32(&x107, &x108, x106, x73, x83); + var x109: u32 = undefined; + var x110: u1 = undefined; + fiatP384AddcarryxU32(&x109, &x110, x108, x75, x91); + var x111: u32 = undefined; + var x112: u1 = undefined; + fiatP384AddcarryxU32(&x111, &x112, x110, x77, @intCast(u32, x92)); + var x113: u32 = undefined; + var x114: u1 = undefined; + fiatP384AddcarryxU32(&x113, &x114, x112, x79, @intCast(u32, 0x0)); + var x115: u32 = undefined; + var x116: u1 = undefined; + fiatP384AddcarryxU32(&x115, &x116, x114, x81, @intCast(u32, 0x0)); + var x117: u32 = undefined; + var x118: u32 = undefined; + fiatP384MulxU32(&x117, &x118, x93, 0xffffffff); + var x119: u32 = undefined; + var x120: u32 = undefined; + fiatP384MulxU32(&x119, &x120, x93, 0xffffffff); + var x121: u32 = undefined; + var x122: u32 = undefined; + fiatP384MulxU32(&x121, &x122, x93, 0xffffffff); + var x123: u32 = undefined; + var x124: u32 = undefined; + fiatP384MulxU32(&x123, &x124, x93, 0xffffffff); + var x125: u32 = undefined; + var x126: u32 = undefined; + fiatP384MulxU32(&x125, &x126, x93, 0xffffffff); + var x127: u32 = undefined; + var x128: u32 = undefined; + fiatP384MulxU32(&x127, &x128, x93, 0xffffffff); + var x129: u32 = undefined; + var x130: u32 = undefined; + fiatP384MulxU32(&x129, &x130, x93, 0xffffffff); + var x131: u32 = undefined; + var x132: u32 = undefined; + fiatP384MulxU32(&x131, &x132, x93, 0xfffffffe); + var x133: u32 = undefined; + var x134: u32 = undefined; + fiatP384MulxU32(&x133, &x134, x93, 0xffffffff); + var x135: u32 = undefined; + var x136: u32 = undefined; + fiatP384MulxU32(&x135, &x136, x93, 0xffffffff); + var x137: u32 = undefined; + var x138: u1 = undefined; + fiatP384AddcarryxU32(&x137, &x138, 0x0, x134, x131); + var x139: u32 = undefined; + var x140: u1 = undefined; + fiatP384AddcarryxU32(&x139, &x140, x138, x132, x129); + var x141: u32 = undefined; + var x142: u1 = undefined; + fiatP384AddcarryxU32(&x141, &x142, x140, x130, x127); + var x143: u32 = undefined; + var x144: u1 = undefined; + fiatP384AddcarryxU32(&x143, &x144, x142, x128, x125); + var x145: u32 = undefined; + var x146: u1 = undefined; + fiatP384AddcarryxU32(&x145, &x146, x144, x126, x123); + var x147: u32 = undefined; + var x148: u1 = undefined; + fiatP384AddcarryxU32(&x147, &x148, x146, x124, x121); + var x149: u32 = undefined; + var x150: u1 = undefined; + fiatP384AddcarryxU32(&x149, &x150, x148, x122, x119); + var x151: u32 = undefined; + var x152: u1 = undefined; + fiatP384AddcarryxU32(&x151, &x152, x150, x120, x117); + var x153: u32 = undefined; + var x154: u1 = undefined; + fiatP384AddcarryxU32(&x153, &x154, 0x0, x93, x135); + var x155: u32 = undefined; + var x156: u1 = undefined; + fiatP384AddcarryxU32(&x155, &x156, x154, x95, x136); + var x157: u32 = undefined; + var x158: u1 = undefined; + fiatP384AddcarryxU32(&x157, &x158, x156, x97, @intCast(u32, 0x0)); + var x159: u32 = undefined; + var x160: u1 = undefined; + fiatP384AddcarryxU32(&x159, &x160, x158, x99, x133); + var x161: u32 = undefined; + var x162: u1 = undefined; + fiatP384AddcarryxU32(&x161, &x162, x160, x101, x137); + var x163: u32 = undefined; + var x164: u1 = undefined; + fiatP384AddcarryxU32(&x163, &x164, x162, x103, x139); + var x165: u32 = undefined; + var x166: u1 = undefined; + fiatP384AddcarryxU32(&x165, &x166, x164, x105, x141); + var x167: u32 = undefined; + var x168: u1 = undefined; + fiatP384AddcarryxU32(&x167, &x168, x166, x107, x143); + var x169: u32 = undefined; + var x170: u1 = undefined; + fiatP384AddcarryxU32(&x169, &x170, x168, x109, x145); + var x171: u32 = undefined; + var x172: u1 = undefined; + fiatP384AddcarryxU32(&x171, &x172, x170, x111, x147); + var x173: u32 = undefined; + var x174: u1 = undefined; + fiatP384AddcarryxU32(&x173, &x174, x172, x113, x149); + var x175: u32 = undefined; + var x176: u1 = undefined; + fiatP384AddcarryxU32(&x175, &x176, x174, x115, x151); + var x177: u32 = undefined; + var x178: u1 = undefined; + fiatP384AddcarryxU32(&x177, &x178, x176, (@intCast(u32, x116) + @intCast(u32, x82)), (@intCast(u32, x152) + x118)); + var x179: u32 = undefined; + var x180: u32 = undefined; + fiatP384MulxU32(&x179, &x180, x2, 0x2); + var x181: u32 = undefined; + var x182: u32 = undefined; + fiatP384MulxU32(&x181, &x182, x2, 0xfffffffe); + var x183: u32 = undefined; + var x184: u32 = undefined; + fiatP384MulxU32(&x183, &x184, x2, 0x2); + var x185: u32 = undefined; + var x186: u32 = undefined; + fiatP384MulxU32(&x185, &x186, x2, 0xfffffffe); + var x187: u32 = undefined; + var x188: u1 = undefined; + fiatP384AddcarryxU32(&x187, &x188, 0x0, @intCast(u32, @intCast(u1, x180)), x2); + var x189: u32 = undefined; + var x190: u1 = undefined; + fiatP384AddcarryxU32(&x189, &x190, 0x0, x155, x2); + var x191: u32 = undefined; + var x192: u1 = undefined; + fiatP384AddcarryxU32(&x191, &x192, x190, x157, x185); + var x193: u32 = undefined; + var x194: u1 = undefined; + fiatP384AddcarryxU32(&x193, &x194, x192, x159, x186); + var x195: u32 = undefined; + var x196: u1 = undefined; + fiatP384AddcarryxU32(&x195, &x196, x194, x161, x183); + var x197: u32 = undefined; + var x198: u1 = undefined; + fiatP384AddcarryxU32(&x197, &x198, x196, x163, @intCast(u32, @intCast(u1, x184))); + var x199: u32 = undefined; + var x200: u1 = undefined; + fiatP384AddcarryxU32(&x199, &x200, x198, x165, x181); + var x201: u32 = undefined; + var x202: u1 = undefined; + fiatP384AddcarryxU32(&x201, &x202, x200, x167, x182); + var x203: u32 = undefined; + var x204: u1 = undefined; + fiatP384AddcarryxU32(&x203, &x204, x202, x169, x179); + var x205: u32 = undefined; + var x206: u1 = undefined; + fiatP384AddcarryxU32(&x205, &x206, x204, x171, x187); + var x207: u32 = undefined; + var x208: u1 = undefined; + fiatP384AddcarryxU32(&x207, &x208, x206, x173, @intCast(u32, x188)); + var x209: u32 = undefined; + var x210: u1 = undefined; + fiatP384AddcarryxU32(&x209, &x210, x208, x175, @intCast(u32, 0x0)); + var x211: u32 = undefined; + var x212: u1 = undefined; + fiatP384AddcarryxU32(&x211, &x212, x210, x177, @intCast(u32, 0x0)); + var x213: u32 = undefined; + var x214: u32 = undefined; + fiatP384MulxU32(&x213, &x214, x189, 0xffffffff); + var x215: u32 = undefined; + var x216: u32 = undefined; + fiatP384MulxU32(&x215, &x216, x189, 0xffffffff); + var x217: u32 = undefined; + var x218: u32 = undefined; + fiatP384MulxU32(&x217, &x218, x189, 0xffffffff); + var x219: u32 = undefined; + var x220: u32 = undefined; + fiatP384MulxU32(&x219, &x220, x189, 0xffffffff); + var x221: u32 = undefined; + var x222: u32 = undefined; + fiatP384MulxU32(&x221, &x222, x189, 0xffffffff); + var x223: u32 = undefined; + var x224: u32 = undefined; + fiatP384MulxU32(&x223, &x224, x189, 0xffffffff); + var x225: u32 = undefined; + var x226: u32 = undefined; + fiatP384MulxU32(&x225, &x226, x189, 0xffffffff); + var x227: u32 = undefined; + var x228: u32 = undefined; + fiatP384MulxU32(&x227, &x228, x189, 0xfffffffe); + var x229: u32 = undefined; + var x230: u32 = undefined; + fiatP384MulxU32(&x229, &x230, x189, 0xffffffff); + var x231: u32 = undefined; + var x232: u32 = undefined; + fiatP384MulxU32(&x231, &x232, x189, 0xffffffff); + var x233: u32 = undefined; + var x234: u1 = undefined; + fiatP384AddcarryxU32(&x233, &x234, 0x0, x230, x227); + var x235: u32 = undefined; + var x236: u1 = undefined; + fiatP384AddcarryxU32(&x235, &x236, x234, x228, x225); + var x237: u32 = undefined; + var x238: u1 = undefined; + fiatP384AddcarryxU32(&x237, &x238, x236, x226, x223); + var x239: u32 = undefined; + var x240: u1 = undefined; + fiatP384AddcarryxU32(&x239, &x240, x238, x224, x221); + var x241: u32 = undefined; + var x242: u1 = undefined; + fiatP384AddcarryxU32(&x241, &x242, x240, x222, x219); + var x243: u32 = undefined; + var x244: u1 = undefined; + fiatP384AddcarryxU32(&x243, &x244, x242, x220, x217); + var x245: u32 = undefined; + var x246: u1 = undefined; + fiatP384AddcarryxU32(&x245, &x246, x244, x218, x215); + var x247: u32 = undefined; + var x248: u1 = undefined; + fiatP384AddcarryxU32(&x247, &x248, x246, x216, x213); + var x249: u32 = undefined; + var x250: u1 = undefined; + fiatP384AddcarryxU32(&x249, &x250, 0x0, x189, x231); + var x251: u32 = undefined; + var x252: u1 = undefined; + fiatP384AddcarryxU32(&x251, &x252, x250, x191, x232); + var x253: u32 = undefined; + var x254: u1 = undefined; + fiatP384AddcarryxU32(&x253, &x254, x252, x193, @intCast(u32, 0x0)); + var x255: u32 = undefined; + var x256: u1 = undefined; + fiatP384AddcarryxU32(&x255, &x256, x254, x195, x229); + var x257: u32 = undefined; + var x258: u1 = undefined; + fiatP384AddcarryxU32(&x257, &x258, x256, x197, x233); + var x259: u32 = undefined; + var x260: u1 = undefined; + fiatP384AddcarryxU32(&x259, &x260, x258, x199, x235); + var x261: u32 = undefined; + var x262: u1 = undefined; + fiatP384AddcarryxU32(&x261, &x262, x260, x201, x237); + var x263: u32 = undefined; + var x264: u1 = undefined; + fiatP384AddcarryxU32(&x263, &x264, x262, x203, x239); + var x265: u32 = undefined; + var x266: u1 = undefined; + fiatP384AddcarryxU32(&x265, &x266, x264, x205, x241); + var x267: u32 = undefined; + var x268: u1 = undefined; + fiatP384AddcarryxU32(&x267, &x268, x266, x207, x243); + var x269: u32 = undefined; + var x270: u1 = undefined; + fiatP384AddcarryxU32(&x269, &x270, x268, x209, x245); + var x271: u32 = undefined; + var x272: u1 = undefined; + fiatP384AddcarryxU32(&x271, &x272, x270, x211, x247); + var x273: u32 = undefined; + var x274: u1 = undefined; + fiatP384AddcarryxU32(&x273, &x274, x272, (@intCast(u32, x212) + @intCast(u32, x178)), (@intCast(u32, x248) + x214)); + var x275: u32 = undefined; + var x276: u32 = undefined; + fiatP384MulxU32(&x275, &x276, x3, 0x2); + var x277: u32 = undefined; + var x278: u32 = undefined; + fiatP384MulxU32(&x277, &x278, x3, 0xfffffffe); + var x279: u32 = undefined; + var x280: u32 = undefined; + fiatP384MulxU32(&x279, &x280, x3, 0x2); + var x281: u32 = undefined; + var x282: u32 = undefined; + fiatP384MulxU32(&x281, &x282, x3, 0xfffffffe); + var x283: u32 = undefined; + var x284: u1 = undefined; + fiatP384AddcarryxU32(&x283, &x284, 0x0, @intCast(u32, @intCast(u1, x276)), x3); + var x285: u32 = undefined; + var x286: u1 = undefined; + fiatP384AddcarryxU32(&x285, &x286, 0x0, x251, x3); + var x287: u32 = undefined; + var x288: u1 = undefined; + fiatP384AddcarryxU32(&x287, &x288, x286, x253, x281); + var x289: u32 = undefined; + var x290: u1 = undefined; + fiatP384AddcarryxU32(&x289, &x290, x288, x255, x282); + var x291: u32 = undefined; + var x292: u1 = undefined; + fiatP384AddcarryxU32(&x291, &x292, x290, x257, x279); + var x293: u32 = undefined; + var x294: u1 = undefined; + fiatP384AddcarryxU32(&x293, &x294, x292, x259, @intCast(u32, @intCast(u1, x280))); + var x295: u32 = undefined; + var x296: u1 = undefined; + fiatP384AddcarryxU32(&x295, &x296, x294, x261, x277); + var x297: u32 = undefined; + var x298: u1 = undefined; + fiatP384AddcarryxU32(&x297, &x298, x296, x263, x278); + var x299: u32 = undefined; + var x300: u1 = undefined; + fiatP384AddcarryxU32(&x299, &x300, x298, x265, x275); + var x301: u32 = undefined; + var x302: u1 = undefined; + fiatP384AddcarryxU32(&x301, &x302, x300, x267, x283); + var x303: u32 = undefined; + var x304: u1 = undefined; + fiatP384AddcarryxU32(&x303, &x304, x302, x269, @intCast(u32, x284)); + var x305: u32 = undefined; + var x306: u1 = undefined; + fiatP384AddcarryxU32(&x305, &x306, x304, x271, @intCast(u32, 0x0)); + var x307: u32 = undefined; + var x308: u1 = undefined; + fiatP384AddcarryxU32(&x307, &x308, x306, x273, @intCast(u32, 0x0)); + var x309: u32 = undefined; + var x310: u32 = undefined; + fiatP384MulxU32(&x309, &x310, x285, 0xffffffff); + var x311: u32 = undefined; + var x312: u32 = undefined; + fiatP384MulxU32(&x311, &x312, x285, 0xffffffff); + var x313: u32 = undefined; + var x314: u32 = undefined; + fiatP384MulxU32(&x313, &x314, x285, 0xffffffff); + var x315: u32 = undefined; + var x316: u32 = undefined; + fiatP384MulxU32(&x315, &x316, x285, 0xffffffff); + var x317: u32 = undefined; + var x318: u32 = undefined; + fiatP384MulxU32(&x317, &x318, x285, 0xffffffff); + var x319: u32 = undefined; + var x320: u32 = undefined; + fiatP384MulxU32(&x319, &x320, x285, 0xffffffff); + var x321: u32 = undefined; + var x322: u32 = undefined; + fiatP384MulxU32(&x321, &x322, x285, 0xffffffff); + var x323: u32 = undefined; + var x324: u32 = undefined; + fiatP384MulxU32(&x323, &x324, x285, 0xfffffffe); + var x325: u32 = undefined; + var x326: u32 = undefined; + fiatP384MulxU32(&x325, &x326, x285, 0xffffffff); + var x327: u32 = undefined; + var x328: u32 = undefined; + fiatP384MulxU32(&x327, &x328, x285, 0xffffffff); + var x329: u32 = undefined; + var x330: u1 = undefined; + fiatP384AddcarryxU32(&x329, &x330, 0x0, x326, x323); + var x331: u32 = undefined; + var x332: u1 = undefined; + fiatP384AddcarryxU32(&x331, &x332, x330, x324, x321); + var x333: u32 = undefined; + var x334: u1 = undefined; + fiatP384AddcarryxU32(&x333, &x334, x332, x322, x319); + var x335: u32 = undefined; + var x336: u1 = undefined; + fiatP384AddcarryxU32(&x335, &x336, x334, x320, x317); + var x337: u32 = undefined; + var x338: u1 = undefined; + fiatP384AddcarryxU32(&x337, &x338, x336, x318, x315); + var x339: u32 = undefined; + var x340: u1 = undefined; + fiatP384AddcarryxU32(&x339, &x340, x338, x316, x313); + var x341: u32 = undefined; + var x342: u1 = undefined; + fiatP384AddcarryxU32(&x341, &x342, x340, x314, x311); + var x343: u32 = undefined; + var x344: u1 = undefined; + fiatP384AddcarryxU32(&x343, &x344, x342, x312, x309); + var x345: u32 = undefined; + var x346: u1 = undefined; + fiatP384AddcarryxU32(&x345, &x346, 0x0, x285, x327); + var x347: u32 = undefined; + var x348: u1 = undefined; + fiatP384AddcarryxU32(&x347, &x348, x346, x287, x328); + var x349: u32 = undefined; + var x350: u1 = undefined; + fiatP384AddcarryxU32(&x349, &x350, x348, x289, @intCast(u32, 0x0)); + var x351: u32 = undefined; + var x352: u1 = undefined; + fiatP384AddcarryxU32(&x351, &x352, x350, x291, x325); + var x353: u32 = undefined; + var x354: u1 = undefined; + fiatP384AddcarryxU32(&x353, &x354, x352, x293, x329); + var x355: u32 = undefined; + var x356: u1 = undefined; + fiatP384AddcarryxU32(&x355, &x356, x354, x295, x331); + var x357: u32 = undefined; + var x358: u1 = undefined; + fiatP384AddcarryxU32(&x357, &x358, x356, x297, x333); + var x359: u32 = undefined; + var x360: u1 = undefined; + fiatP384AddcarryxU32(&x359, &x360, x358, x299, x335); + var x361: u32 = undefined; + var x362: u1 = undefined; + fiatP384AddcarryxU32(&x361, &x362, x360, x301, x337); + var x363: u32 = undefined; + var x364: u1 = undefined; + fiatP384AddcarryxU32(&x363, &x364, x362, x303, x339); + var x365: u32 = undefined; + var x366: u1 = undefined; + fiatP384AddcarryxU32(&x365, &x366, x364, x305, x341); + var x367: u32 = undefined; + var x368: u1 = undefined; + fiatP384AddcarryxU32(&x367, &x368, x366, x307, x343); + var x369: u32 = undefined; + var x370: u1 = undefined; + fiatP384AddcarryxU32(&x369, &x370, x368, (@intCast(u32, x308) + @intCast(u32, x274)), (@intCast(u32, x344) + x310)); + var x371: u32 = undefined; + var x372: u32 = undefined; + fiatP384MulxU32(&x371, &x372, x4, 0x2); + var x373: u32 = undefined; + var x374: u32 = undefined; + fiatP384MulxU32(&x373, &x374, x4, 0xfffffffe); + var x375: u32 = undefined; + var x376: u32 = undefined; + fiatP384MulxU32(&x375, &x376, x4, 0x2); + var x377: u32 = undefined; + var x378: u32 = undefined; + fiatP384MulxU32(&x377, &x378, x4, 0xfffffffe); + var x379: u32 = undefined; + var x380: u1 = undefined; + fiatP384AddcarryxU32(&x379, &x380, 0x0, @intCast(u32, @intCast(u1, x372)), x4); + var x381: u32 = undefined; + var x382: u1 = undefined; + fiatP384AddcarryxU32(&x381, &x382, 0x0, x347, x4); + var x383: u32 = undefined; + var x384: u1 = undefined; + fiatP384AddcarryxU32(&x383, &x384, x382, x349, x377); + var x385: u32 = undefined; + var x386: u1 = undefined; + fiatP384AddcarryxU32(&x385, &x386, x384, x351, x378); + var x387: u32 = undefined; + var x388: u1 = undefined; + fiatP384AddcarryxU32(&x387, &x388, x386, x353, x375); + var x389: u32 = undefined; + var x390: u1 = undefined; + fiatP384AddcarryxU32(&x389, &x390, x388, x355, @intCast(u32, @intCast(u1, x376))); + var x391: u32 = undefined; + var x392: u1 = undefined; + fiatP384AddcarryxU32(&x391, &x392, x390, x357, x373); + var x393: u32 = undefined; + var x394: u1 = undefined; + fiatP384AddcarryxU32(&x393, &x394, x392, x359, x374); + var x395: u32 = undefined; + var x396: u1 = undefined; + fiatP384AddcarryxU32(&x395, &x396, x394, x361, x371); + var x397: u32 = undefined; + var x398: u1 = undefined; + fiatP384AddcarryxU32(&x397, &x398, x396, x363, x379); + var x399: u32 = undefined; + var x400: u1 = undefined; + fiatP384AddcarryxU32(&x399, &x400, x398, x365, @intCast(u32, x380)); + var x401: u32 = undefined; + var x402: u1 = undefined; + fiatP384AddcarryxU32(&x401, &x402, x400, x367, @intCast(u32, 0x0)); + var x403: u32 = undefined; + var x404: u1 = undefined; + fiatP384AddcarryxU32(&x403, &x404, x402, x369, @intCast(u32, 0x0)); + var x405: u32 = undefined; + var x406: u32 = undefined; + fiatP384MulxU32(&x405, &x406, x381, 0xffffffff); + var x407: u32 = undefined; + var x408: u32 = undefined; + fiatP384MulxU32(&x407, &x408, x381, 0xffffffff); + var x409: u32 = undefined; + var x410: u32 = undefined; + fiatP384MulxU32(&x409, &x410, x381, 0xffffffff); + var x411: u32 = undefined; + var x412: u32 = undefined; + fiatP384MulxU32(&x411, &x412, x381, 0xffffffff); + var x413: u32 = undefined; + var x414: u32 = undefined; + fiatP384MulxU32(&x413, &x414, x381, 0xffffffff); + var x415: u32 = undefined; + var x416: u32 = undefined; + fiatP384MulxU32(&x415, &x416, x381, 0xffffffff); + var x417: u32 = undefined; + var x418: u32 = undefined; + fiatP384MulxU32(&x417, &x418, x381, 0xffffffff); + var x419: u32 = undefined; + var x420: u32 = undefined; + fiatP384MulxU32(&x419, &x420, x381, 0xfffffffe); + var x421: u32 = undefined; + var x422: u32 = undefined; + fiatP384MulxU32(&x421, &x422, x381, 0xffffffff); + var x423: u32 = undefined; + var x424: u32 = undefined; + fiatP384MulxU32(&x423, &x424, x381, 0xffffffff); + var x425: u32 = undefined; + var x426: u1 = undefined; + fiatP384AddcarryxU32(&x425, &x426, 0x0, x422, x419); + var x427: u32 = undefined; + var x428: u1 = undefined; + fiatP384AddcarryxU32(&x427, &x428, x426, x420, x417); + var x429: u32 = undefined; + var x430: u1 = undefined; + fiatP384AddcarryxU32(&x429, &x430, x428, x418, x415); + var x431: u32 = undefined; + var x432: u1 = undefined; + fiatP384AddcarryxU32(&x431, &x432, x430, x416, x413); + var x433: u32 = undefined; + var x434: u1 = undefined; + fiatP384AddcarryxU32(&x433, &x434, x432, x414, x411); + var x435: u32 = undefined; + var x436: u1 = undefined; + fiatP384AddcarryxU32(&x435, &x436, x434, x412, x409); + var x437: u32 = undefined; + var x438: u1 = undefined; + fiatP384AddcarryxU32(&x437, &x438, x436, x410, x407); + var x439: u32 = undefined; + var x440: u1 = undefined; + fiatP384AddcarryxU32(&x439, &x440, x438, x408, x405); + var x441: u32 = undefined; + var x442: u1 = undefined; + fiatP384AddcarryxU32(&x441, &x442, 0x0, x381, x423); + var x443: u32 = undefined; + var x444: u1 = undefined; + fiatP384AddcarryxU32(&x443, &x444, x442, x383, x424); + var x445: u32 = undefined; + var x446: u1 = undefined; + fiatP384AddcarryxU32(&x445, &x446, x444, x385, @intCast(u32, 0x0)); + var x447: u32 = undefined; + var x448: u1 = undefined; + fiatP384AddcarryxU32(&x447, &x448, x446, x387, x421); + var x449: u32 = undefined; + var x450: u1 = undefined; + fiatP384AddcarryxU32(&x449, &x450, x448, x389, x425); + var x451: u32 = undefined; + var x452: u1 = undefined; + fiatP384AddcarryxU32(&x451, &x452, x450, x391, x427); + var x453: u32 = undefined; + var x454: u1 = undefined; + fiatP384AddcarryxU32(&x453, &x454, x452, x393, x429); + var x455: u32 = undefined; + var x456: u1 = undefined; + fiatP384AddcarryxU32(&x455, &x456, x454, x395, x431); + var x457: u32 = undefined; + var x458: u1 = undefined; + fiatP384AddcarryxU32(&x457, &x458, x456, x397, x433); + var x459: u32 = undefined; + var x460: u1 = undefined; + fiatP384AddcarryxU32(&x459, &x460, x458, x399, x435); + var x461: u32 = undefined; + var x462: u1 = undefined; + fiatP384AddcarryxU32(&x461, &x462, x460, x401, x437); + var x463: u32 = undefined; + var x464: u1 = undefined; + fiatP384AddcarryxU32(&x463, &x464, x462, x403, x439); + var x465: u32 = undefined; + var x466: u1 = undefined; + fiatP384AddcarryxU32(&x465, &x466, x464, (@intCast(u32, x404) + @intCast(u32, x370)), (@intCast(u32, x440) + x406)); + var x467: u32 = undefined; + var x468: u32 = undefined; + fiatP384MulxU32(&x467, &x468, x5, 0x2); + var x469: u32 = undefined; + var x470: u32 = undefined; + fiatP384MulxU32(&x469, &x470, x5, 0xfffffffe); + var x471: u32 = undefined; + var x472: u32 = undefined; + fiatP384MulxU32(&x471, &x472, x5, 0x2); + var x473: u32 = undefined; + var x474: u32 = undefined; + fiatP384MulxU32(&x473, &x474, x5, 0xfffffffe); + var x475: u32 = undefined; + var x476: u1 = undefined; + fiatP384AddcarryxU32(&x475, &x476, 0x0, @intCast(u32, @intCast(u1, x468)), x5); + var x477: u32 = undefined; + var x478: u1 = undefined; + fiatP384AddcarryxU32(&x477, &x478, 0x0, x443, x5); + var x479: u32 = undefined; + var x480: u1 = undefined; + fiatP384AddcarryxU32(&x479, &x480, x478, x445, x473); + var x481: u32 = undefined; + var x482: u1 = undefined; + fiatP384AddcarryxU32(&x481, &x482, x480, x447, x474); + var x483: u32 = undefined; + var x484: u1 = undefined; + fiatP384AddcarryxU32(&x483, &x484, x482, x449, x471); + var x485: u32 = undefined; + var x486: u1 = undefined; + fiatP384AddcarryxU32(&x485, &x486, x484, x451, @intCast(u32, @intCast(u1, x472))); + var x487: u32 = undefined; + var x488: u1 = undefined; + fiatP384AddcarryxU32(&x487, &x488, x486, x453, x469); + var x489: u32 = undefined; + var x490: u1 = undefined; + fiatP384AddcarryxU32(&x489, &x490, x488, x455, x470); + var x491: u32 = undefined; + var x492: u1 = undefined; + fiatP384AddcarryxU32(&x491, &x492, x490, x457, x467); + var x493: u32 = undefined; + var x494: u1 = undefined; + fiatP384AddcarryxU32(&x493, &x494, x492, x459, x475); + var x495: u32 = undefined; + var x496: u1 = undefined; + fiatP384AddcarryxU32(&x495, &x496, x494, x461, @intCast(u32, x476)); + var x497: u32 = undefined; + var x498: u1 = undefined; + fiatP384AddcarryxU32(&x497, &x498, x496, x463, @intCast(u32, 0x0)); + var x499: u32 = undefined; + var x500: u1 = undefined; + fiatP384AddcarryxU32(&x499, &x500, x498, x465, @intCast(u32, 0x0)); + var x501: u32 = undefined; + var x502: u32 = undefined; + fiatP384MulxU32(&x501, &x502, x477, 0xffffffff); + var x503: u32 = undefined; + var x504: u32 = undefined; + fiatP384MulxU32(&x503, &x504, x477, 0xffffffff); + var x505: u32 = undefined; + var x506: u32 = undefined; + fiatP384MulxU32(&x505, &x506, x477, 0xffffffff); + var x507: u32 = undefined; + var x508: u32 = undefined; + fiatP384MulxU32(&x507, &x508, x477, 0xffffffff); + var x509: u32 = undefined; + var x510: u32 = undefined; + fiatP384MulxU32(&x509, &x510, x477, 0xffffffff); + var x511: u32 = undefined; + var x512: u32 = undefined; + fiatP384MulxU32(&x511, &x512, x477, 0xffffffff); + var x513: u32 = undefined; + var x514: u32 = undefined; + fiatP384MulxU32(&x513, &x514, x477, 0xffffffff); + var x515: u32 = undefined; + var x516: u32 = undefined; + fiatP384MulxU32(&x515, &x516, x477, 0xfffffffe); + var x517: u32 = undefined; + var x518: u32 = undefined; + fiatP384MulxU32(&x517, &x518, x477, 0xffffffff); + var x519: u32 = undefined; + var x520: u32 = undefined; + fiatP384MulxU32(&x519, &x520, x477, 0xffffffff); + var x521: u32 = undefined; + var x522: u1 = undefined; + fiatP384AddcarryxU32(&x521, &x522, 0x0, x518, x515); + var x523: u32 = undefined; + var x524: u1 = undefined; + fiatP384AddcarryxU32(&x523, &x524, x522, x516, x513); + var x525: u32 = undefined; + var x526: u1 = undefined; + fiatP384AddcarryxU32(&x525, &x526, x524, x514, x511); + var x527: u32 = undefined; + var x528: u1 = undefined; + fiatP384AddcarryxU32(&x527, &x528, x526, x512, x509); + var x529: u32 = undefined; + var x530: u1 = undefined; + fiatP384AddcarryxU32(&x529, &x530, x528, x510, x507); + var x531: u32 = undefined; + var x532: u1 = undefined; + fiatP384AddcarryxU32(&x531, &x532, x530, x508, x505); + var x533: u32 = undefined; + var x534: u1 = undefined; + fiatP384AddcarryxU32(&x533, &x534, x532, x506, x503); + var x535: u32 = undefined; + var x536: u1 = undefined; + fiatP384AddcarryxU32(&x535, &x536, x534, x504, x501); + var x537: u32 = undefined; + var x538: u1 = undefined; + fiatP384AddcarryxU32(&x537, &x538, 0x0, x477, x519); + var x539: u32 = undefined; + var x540: u1 = undefined; + fiatP384AddcarryxU32(&x539, &x540, x538, x479, x520); + var x541: u32 = undefined; + var x542: u1 = undefined; + fiatP384AddcarryxU32(&x541, &x542, x540, x481, @intCast(u32, 0x0)); + var x543: u32 = undefined; + var x544: u1 = undefined; + fiatP384AddcarryxU32(&x543, &x544, x542, x483, x517); + var x545: u32 = undefined; + var x546: u1 = undefined; + fiatP384AddcarryxU32(&x545, &x546, x544, x485, x521); + var x547: u32 = undefined; + var x548: u1 = undefined; + fiatP384AddcarryxU32(&x547, &x548, x546, x487, x523); + var x549: u32 = undefined; + var x550: u1 = undefined; + fiatP384AddcarryxU32(&x549, &x550, x548, x489, x525); + var x551: u32 = undefined; + var x552: u1 = undefined; + fiatP384AddcarryxU32(&x551, &x552, x550, x491, x527); + var x553: u32 = undefined; + var x554: u1 = undefined; + fiatP384AddcarryxU32(&x553, &x554, x552, x493, x529); + var x555: u32 = undefined; + var x556: u1 = undefined; + fiatP384AddcarryxU32(&x555, &x556, x554, x495, x531); + var x557: u32 = undefined; + var x558: u1 = undefined; + fiatP384AddcarryxU32(&x557, &x558, x556, x497, x533); + var x559: u32 = undefined; + var x560: u1 = undefined; + fiatP384AddcarryxU32(&x559, &x560, x558, x499, x535); + var x561: u32 = undefined; + var x562: u1 = undefined; + fiatP384AddcarryxU32(&x561, &x562, x560, (@intCast(u32, x500) + @intCast(u32, x466)), (@intCast(u32, x536) + x502)); + var x563: u32 = undefined; + var x564: u32 = undefined; + fiatP384MulxU32(&x563, &x564, x6, 0x2); + var x565: u32 = undefined; + var x566: u32 = undefined; + fiatP384MulxU32(&x565, &x566, x6, 0xfffffffe); + var x567: u32 = undefined; + var x568: u32 = undefined; + fiatP384MulxU32(&x567, &x568, x6, 0x2); + var x569: u32 = undefined; + var x570: u32 = undefined; + fiatP384MulxU32(&x569, &x570, x6, 0xfffffffe); + var x571: u32 = undefined; + var x572: u1 = undefined; + fiatP384AddcarryxU32(&x571, &x572, 0x0, @intCast(u32, @intCast(u1, x564)), x6); + var x573: u32 = undefined; + var x574: u1 = undefined; + fiatP384AddcarryxU32(&x573, &x574, 0x0, x539, x6); + var x575: u32 = undefined; + var x576: u1 = undefined; + fiatP384AddcarryxU32(&x575, &x576, x574, x541, x569); + var x577: u32 = undefined; + var x578: u1 = undefined; + fiatP384AddcarryxU32(&x577, &x578, x576, x543, x570); + var x579: u32 = undefined; + var x580: u1 = undefined; + fiatP384AddcarryxU32(&x579, &x580, x578, x545, x567); + var x581: u32 = undefined; + var x582: u1 = undefined; + fiatP384AddcarryxU32(&x581, &x582, x580, x547, @intCast(u32, @intCast(u1, x568))); + var x583: u32 = undefined; + var x584: u1 = undefined; + fiatP384AddcarryxU32(&x583, &x584, x582, x549, x565); + var x585: u32 = undefined; + var x586: u1 = undefined; + fiatP384AddcarryxU32(&x585, &x586, x584, x551, x566); + var x587: u32 = undefined; + var x588: u1 = undefined; + fiatP384AddcarryxU32(&x587, &x588, x586, x553, x563); + var x589: u32 = undefined; + var x590: u1 = undefined; + fiatP384AddcarryxU32(&x589, &x590, x588, x555, x571); + var x591: u32 = undefined; + var x592: u1 = undefined; + fiatP384AddcarryxU32(&x591, &x592, x590, x557, @intCast(u32, x572)); + var x593: u32 = undefined; + var x594: u1 = undefined; + fiatP384AddcarryxU32(&x593, &x594, x592, x559, @intCast(u32, 0x0)); + var x595: u32 = undefined; + var x596: u1 = undefined; + fiatP384AddcarryxU32(&x595, &x596, x594, x561, @intCast(u32, 0x0)); + var x597: u32 = undefined; + var x598: u32 = undefined; + fiatP384MulxU32(&x597, &x598, x573, 0xffffffff); + var x599: u32 = undefined; + var x600: u32 = undefined; + fiatP384MulxU32(&x599, &x600, x573, 0xffffffff); + var x601: u32 = undefined; + var x602: u32 = undefined; + fiatP384MulxU32(&x601, &x602, x573, 0xffffffff); + var x603: u32 = undefined; + var x604: u32 = undefined; + fiatP384MulxU32(&x603, &x604, x573, 0xffffffff); + var x605: u32 = undefined; + var x606: u32 = undefined; + fiatP384MulxU32(&x605, &x606, x573, 0xffffffff); + var x607: u32 = undefined; + var x608: u32 = undefined; + fiatP384MulxU32(&x607, &x608, x573, 0xffffffff); + var x609: u32 = undefined; + var x610: u32 = undefined; + fiatP384MulxU32(&x609, &x610, x573, 0xffffffff); + var x611: u32 = undefined; + var x612: u32 = undefined; + fiatP384MulxU32(&x611, &x612, x573, 0xfffffffe); + var x613: u32 = undefined; + var x614: u32 = undefined; + fiatP384MulxU32(&x613, &x614, x573, 0xffffffff); + var x615: u32 = undefined; + var x616: u32 = undefined; + fiatP384MulxU32(&x615, &x616, x573, 0xffffffff); + var x617: u32 = undefined; + var x618: u1 = undefined; + fiatP384AddcarryxU32(&x617, &x618, 0x0, x614, x611); + var x619: u32 = undefined; + var x620: u1 = undefined; + fiatP384AddcarryxU32(&x619, &x620, x618, x612, x609); + var x621: u32 = undefined; + var x622: u1 = undefined; + fiatP384AddcarryxU32(&x621, &x622, x620, x610, x607); + var x623: u32 = undefined; + var x624: u1 = undefined; + fiatP384AddcarryxU32(&x623, &x624, x622, x608, x605); + var x625: u32 = undefined; + var x626: u1 = undefined; + fiatP384AddcarryxU32(&x625, &x626, x624, x606, x603); + var x627: u32 = undefined; + var x628: u1 = undefined; + fiatP384AddcarryxU32(&x627, &x628, x626, x604, x601); + var x629: u32 = undefined; + var x630: u1 = undefined; + fiatP384AddcarryxU32(&x629, &x630, x628, x602, x599); + var x631: u32 = undefined; + var x632: u1 = undefined; + fiatP384AddcarryxU32(&x631, &x632, x630, x600, x597); + var x633: u32 = undefined; + var x634: u1 = undefined; + fiatP384AddcarryxU32(&x633, &x634, 0x0, x573, x615); + var x635: u32 = undefined; + var x636: u1 = undefined; + fiatP384AddcarryxU32(&x635, &x636, x634, x575, x616); + var x637: u32 = undefined; + var x638: u1 = undefined; + fiatP384AddcarryxU32(&x637, &x638, x636, x577, @intCast(u32, 0x0)); + var x639: u32 = undefined; + var x640: u1 = undefined; + fiatP384AddcarryxU32(&x639, &x640, x638, x579, x613); + var x641: u32 = undefined; + var x642: u1 = undefined; + fiatP384AddcarryxU32(&x641, &x642, x640, x581, x617); + var x643: u32 = undefined; + var x644: u1 = undefined; + fiatP384AddcarryxU32(&x643, &x644, x642, x583, x619); + var x645: u32 = undefined; + var x646: u1 = undefined; + fiatP384AddcarryxU32(&x645, &x646, x644, x585, x621); + var x647: u32 = undefined; + var x648: u1 = undefined; + fiatP384AddcarryxU32(&x647, &x648, x646, x587, x623); + var x649: u32 = undefined; + var x650: u1 = undefined; + fiatP384AddcarryxU32(&x649, &x650, x648, x589, x625); + var x651: u32 = undefined; + var x652: u1 = undefined; + fiatP384AddcarryxU32(&x651, &x652, x650, x591, x627); + var x653: u32 = undefined; + var x654: u1 = undefined; + fiatP384AddcarryxU32(&x653, &x654, x652, x593, x629); + var x655: u32 = undefined; + var x656: u1 = undefined; + fiatP384AddcarryxU32(&x655, &x656, x654, x595, x631); + var x657: u32 = undefined; + var x658: u1 = undefined; + fiatP384AddcarryxU32(&x657, &x658, x656, (@intCast(u32, x596) + @intCast(u32, x562)), (@intCast(u32, x632) + x598)); + var x659: u32 = undefined; + var x660: u32 = undefined; + fiatP384MulxU32(&x659, &x660, x7, 0x2); + var x661: u32 = undefined; + var x662: u32 = undefined; + fiatP384MulxU32(&x661, &x662, x7, 0xfffffffe); + var x663: u32 = undefined; + var x664: u32 = undefined; + fiatP384MulxU32(&x663, &x664, x7, 0x2); + var x665: u32 = undefined; + var x666: u32 = undefined; + fiatP384MulxU32(&x665, &x666, x7, 0xfffffffe); + var x667: u32 = undefined; + var x668: u1 = undefined; + fiatP384AddcarryxU32(&x667, &x668, 0x0, @intCast(u32, @intCast(u1, x660)), x7); + var x669: u32 = undefined; + var x670: u1 = undefined; + fiatP384AddcarryxU32(&x669, &x670, 0x0, x635, x7); + var x671: u32 = undefined; + var x672: u1 = undefined; + fiatP384AddcarryxU32(&x671, &x672, x670, x637, x665); + var x673: u32 = undefined; + var x674: u1 = undefined; + fiatP384AddcarryxU32(&x673, &x674, x672, x639, x666); + var x675: u32 = undefined; + var x676: u1 = undefined; + fiatP384AddcarryxU32(&x675, &x676, x674, x641, x663); + var x677: u32 = undefined; + var x678: u1 = undefined; + fiatP384AddcarryxU32(&x677, &x678, x676, x643, @intCast(u32, @intCast(u1, x664))); + var x679: u32 = undefined; + var x680: u1 = undefined; + fiatP384AddcarryxU32(&x679, &x680, x678, x645, x661); + var x681: u32 = undefined; + var x682: u1 = undefined; + fiatP384AddcarryxU32(&x681, &x682, x680, x647, x662); + var x683: u32 = undefined; + var x684: u1 = undefined; + fiatP384AddcarryxU32(&x683, &x684, x682, x649, x659); + var x685: u32 = undefined; + var x686: u1 = undefined; + fiatP384AddcarryxU32(&x685, &x686, x684, x651, x667); + var x687: u32 = undefined; + var x688: u1 = undefined; + fiatP384AddcarryxU32(&x687, &x688, x686, x653, @intCast(u32, x668)); + var x689: u32 = undefined; + var x690: u1 = undefined; + fiatP384AddcarryxU32(&x689, &x690, x688, x655, @intCast(u32, 0x0)); + var x691: u32 = undefined; + var x692: u1 = undefined; + fiatP384AddcarryxU32(&x691, &x692, x690, x657, @intCast(u32, 0x0)); + var x693: u32 = undefined; + var x694: u32 = undefined; + fiatP384MulxU32(&x693, &x694, x669, 0xffffffff); + var x695: u32 = undefined; + var x696: u32 = undefined; + fiatP384MulxU32(&x695, &x696, x669, 0xffffffff); + var x697: u32 = undefined; + var x698: u32 = undefined; + fiatP384MulxU32(&x697, &x698, x669, 0xffffffff); + var x699: u32 = undefined; + var x700: u32 = undefined; + fiatP384MulxU32(&x699, &x700, x669, 0xffffffff); + var x701: u32 = undefined; + var x702: u32 = undefined; + fiatP384MulxU32(&x701, &x702, x669, 0xffffffff); + var x703: u32 = undefined; + var x704: u32 = undefined; + fiatP384MulxU32(&x703, &x704, x669, 0xffffffff); + var x705: u32 = undefined; + var x706: u32 = undefined; + fiatP384MulxU32(&x705, &x706, x669, 0xffffffff); + var x707: u32 = undefined; + var x708: u32 = undefined; + fiatP384MulxU32(&x707, &x708, x669, 0xfffffffe); + var x709: u32 = undefined; + var x710: u32 = undefined; + fiatP384MulxU32(&x709, &x710, x669, 0xffffffff); + var x711: u32 = undefined; + var x712: u32 = undefined; + fiatP384MulxU32(&x711, &x712, x669, 0xffffffff); + var x713: u32 = undefined; + var x714: u1 = undefined; + fiatP384AddcarryxU32(&x713, &x714, 0x0, x710, x707); + var x715: u32 = undefined; + var x716: u1 = undefined; + fiatP384AddcarryxU32(&x715, &x716, x714, x708, x705); + var x717: u32 = undefined; + var x718: u1 = undefined; + fiatP384AddcarryxU32(&x717, &x718, x716, x706, x703); + var x719: u32 = undefined; + var x720: u1 = undefined; + fiatP384AddcarryxU32(&x719, &x720, x718, x704, x701); + var x721: u32 = undefined; + var x722: u1 = undefined; + fiatP384AddcarryxU32(&x721, &x722, x720, x702, x699); + var x723: u32 = undefined; + var x724: u1 = undefined; + fiatP384AddcarryxU32(&x723, &x724, x722, x700, x697); + var x725: u32 = undefined; + var x726: u1 = undefined; + fiatP384AddcarryxU32(&x725, &x726, x724, x698, x695); + var x727: u32 = undefined; + var x728: u1 = undefined; + fiatP384AddcarryxU32(&x727, &x728, x726, x696, x693); + var x729: u32 = undefined; + var x730: u1 = undefined; + fiatP384AddcarryxU32(&x729, &x730, 0x0, x669, x711); + var x731: u32 = undefined; + var x732: u1 = undefined; + fiatP384AddcarryxU32(&x731, &x732, x730, x671, x712); + var x733: u32 = undefined; + var x734: u1 = undefined; + fiatP384AddcarryxU32(&x733, &x734, x732, x673, @intCast(u32, 0x0)); + var x735: u32 = undefined; + var x736: u1 = undefined; + fiatP384AddcarryxU32(&x735, &x736, x734, x675, x709); + var x737: u32 = undefined; + var x738: u1 = undefined; + fiatP384AddcarryxU32(&x737, &x738, x736, x677, x713); + var x739: u32 = undefined; + var x740: u1 = undefined; + fiatP384AddcarryxU32(&x739, &x740, x738, x679, x715); + var x741: u32 = undefined; + var x742: u1 = undefined; + fiatP384AddcarryxU32(&x741, &x742, x740, x681, x717); + var x743: u32 = undefined; + var x744: u1 = undefined; + fiatP384AddcarryxU32(&x743, &x744, x742, x683, x719); + var x745: u32 = undefined; + var x746: u1 = undefined; + fiatP384AddcarryxU32(&x745, &x746, x744, x685, x721); + var x747: u32 = undefined; + var x748: u1 = undefined; + fiatP384AddcarryxU32(&x747, &x748, x746, x687, x723); + var x749: u32 = undefined; + var x750: u1 = undefined; + fiatP384AddcarryxU32(&x749, &x750, x748, x689, x725); + var x751: u32 = undefined; + var x752: u1 = undefined; + fiatP384AddcarryxU32(&x751, &x752, x750, x691, x727); + var x753: u32 = undefined; + var x754: u1 = undefined; + fiatP384AddcarryxU32(&x753, &x754, x752, (@intCast(u32, x692) + @intCast(u32, x658)), (@intCast(u32, x728) + x694)); + var x755: u32 = undefined; + var x756: u32 = undefined; + fiatP384MulxU32(&x755, &x756, x8, 0x2); + var x757: u32 = undefined; + var x758: u32 = undefined; + fiatP384MulxU32(&x757, &x758, x8, 0xfffffffe); + var x759: u32 = undefined; + var x760: u32 = undefined; + fiatP384MulxU32(&x759, &x760, x8, 0x2); + var x761: u32 = undefined; + var x762: u32 = undefined; + fiatP384MulxU32(&x761, &x762, x8, 0xfffffffe); + var x763: u32 = undefined; + var x764: u1 = undefined; + fiatP384AddcarryxU32(&x763, &x764, 0x0, @intCast(u32, @intCast(u1, x756)), x8); + var x765: u32 = undefined; + var x766: u1 = undefined; + fiatP384AddcarryxU32(&x765, &x766, 0x0, x731, x8); + var x767: u32 = undefined; + var x768: u1 = undefined; + fiatP384AddcarryxU32(&x767, &x768, x766, x733, x761); + var x769: u32 = undefined; + var x770: u1 = undefined; + fiatP384AddcarryxU32(&x769, &x770, x768, x735, x762); + var x771: u32 = undefined; + var x772: u1 = undefined; + fiatP384AddcarryxU32(&x771, &x772, x770, x737, x759); + var x773: u32 = undefined; + var x774: u1 = undefined; + fiatP384AddcarryxU32(&x773, &x774, x772, x739, @intCast(u32, @intCast(u1, x760))); + var x775: u32 = undefined; + var x776: u1 = undefined; + fiatP384AddcarryxU32(&x775, &x776, x774, x741, x757); + var x777: u32 = undefined; + var x778: u1 = undefined; + fiatP384AddcarryxU32(&x777, &x778, x776, x743, x758); + var x779: u32 = undefined; + var x780: u1 = undefined; + fiatP384AddcarryxU32(&x779, &x780, x778, x745, x755); + var x781: u32 = undefined; + var x782: u1 = undefined; + fiatP384AddcarryxU32(&x781, &x782, x780, x747, x763); + var x783: u32 = undefined; + var x784: u1 = undefined; + fiatP384AddcarryxU32(&x783, &x784, x782, x749, @intCast(u32, x764)); + var x785: u32 = undefined; + var x786: u1 = undefined; + fiatP384AddcarryxU32(&x785, &x786, x784, x751, @intCast(u32, 0x0)); + var x787: u32 = undefined; + var x788: u1 = undefined; + fiatP384AddcarryxU32(&x787, &x788, x786, x753, @intCast(u32, 0x0)); + var x789: u32 = undefined; + var x790: u32 = undefined; + fiatP384MulxU32(&x789, &x790, x765, 0xffffffff); + var x791: u32 = undefined; + var x792: u32 = undefined; + fiatP384MulxU32(&x791, &x792, x765, 0xffffffff); + var x793: u32 = undefined; + var x794: u32 = undefined; + fiatP384MulxU32(&x793, &x794, x765, 0xffffffff); + var x795: u32 = undefined; + var x796: u32 = undefined; + fiatP384MulxU32(&x795, &x796, x765, 0xffffffff); + var x797: u32 = undefined; + var x798: u32 = undefined; + fiatP384MulxU32(&x797, &x798, x765, 0xffffffff); + var x799: u32 = undefined; + var x800: u32 = undefined; + fiatP384MulxU32(&x799, &x800, x765, 0xffffffff); + var x801: u32 = undefined; + var x802: u32 = undefined; + fiatP384MulxU32(&x801, &x802, x765, 0xffffffff); + var x803: u32 = undefined; + var x804: u32 = undefined; + fiatP384MulxU32(&x803, &x804, x765, 0xfffffffe); + var x805: u32 = undefined; + var x806: u32 = undefined; + fiatP384MulxU32(&x805, &x806, x765, 0xffffffff); + var x807: u32 = undefined; + var x808: u32 = undefined; + fiatP384MulxU32(&x807, &x808, x765, 0xffffffff); + var x809: u32 = undefined; + var x810: u1 = undefined; + fiatP384AddcarryxU32(&x809, &x810, 0x0, x806, x803); + var x811: u32 = undefined; + var x812: u1 = undefined; + fiatP384AddcarryxU32(&x811, &x812, x810, x804, x801); + var x813: u32 = undefined; + var x814: u1 = undefined; + fiatP384AddcarryxU32(&x813, &x814, x812, x802, x799); + var x815: u32 = undefined; + var x816: u1 = undefined; + fiatP384AddcarryxU32(&x815, &x816, x814, x800, x797); + var x817: u32 = undefined; + var x818: u1 = undefined; + fiatP384AddcarryxU32(&x817, &x818, x816, x798, x795); + var x819: u32 = undefined; + var x820: u1 = undefined; + fiatP384AddcarryxU32(&x819, &x820, x818, x796, x793); + var x821: u32 = undefined; + var x822: u1 = undefined; + fiatP384AddcarryxU32(&x821, &x822, x820, x794, x791); + var x823: u32 = undefined; + var x824: u1 = undefined; + fiatP384AddcarryxU32(&x823, &x824, x822, x792, x789); + var x825: u32 = undefined; + var x826: u1 = undefined; + fiatP384AddcarryxU32(&x825, &x826, 0x0, x765, x807); + var x827: u32 = undefined; + var x828: u1 = undefined; + fiatP384AddcarryxU32(&x827, &x828, x826, x767, x808); + var x829: u32 = undefined; + var x830: u1 = undefined; + fiatP384AddcarryxU32(&x829, &x830, x828, x769, @intCast(u32, 0x0)); + var x831: u32 = undefined; + var x832: u1 = undefined; + fiatP384AddcarryxU32(&x831, &x832, x830, x771, x805); + var x833: u32 = undefined; + var x834: u1 = undefined; + fiatP384AddcarryxU32(&x833, &x834, x832, x773, x809); + var x835: u32 = undefined; + var x836: u1 = undefined; + fiatP384AddcarryxU32(&x835, &x836, x834, x775, x811); + var x837: u32 = undefined; + var x838: u1 = undefined; + fiatP384AddcarryxU32(&x837, &x838, x836, x777, x813); + var x839: u32 = undefined; + var x840: u1 = undefined; + fiatP384AddcarryxU32(&x839, &x840, x838, x779, x815); + var x841: u32 = undefined; + var x842: u1 = undefined; + fiatP384AddcarryxU32(&x841, &x842, x840, x781, x817); + var x843: u32 = undefined; + var x844: u1 = undefined; + fiatP384AddcarryxU32(&x843, &x844, x842, x783, x819); + var x845: u32 = undefined; + var x846: u1 = undefined; + fiatP384AddcarryxU32(&x845, &x846, x844, x785, x821); + var x847: u32 = undefined; + var x848: u1 = undefined; + fiatP384AddcarryxU32(&x847, &x848, x846, x787, x823); + var x849: u32 = undefined; + var x850: u1 = undefined; + fiatP384AddcarryxU32(&x849, &x850, x848, (@intCast(u32, x788) + @intCast(u32, x754)), (@intCast(u32, x824) + x790)); + var x851: u32 = undefined; + var x852: u32 = undefined; + fiatP384MulxU32(&x851, &x852, x9, 0x2); + var x853: u32 = undefined; + var x854: u32 = undefined; + fiatP384MulxU32(&x853, &x854, x9, 0xfffffffe); + var x855: u32 = undefined; + var x856: u32 = undefined; + fiatP384MulxU32(&x855, &x856, x9, 0x2); + var x857: u32 = undefined; + var x858: u32 = undefined; + fiatP384MulxU32(&x857, &x858, x9, 0xfffffffe); + var x859: u32 = undefined; + var x860: u1 = undefined; + fiatP384AddcarryxU32(&x859, &x860, 0x0, @intCast(u32, @intCast(u1, x852)), x9); + var x861: u32 = undefined; + var x862: u1 = undefined; + fiatP384AddcarryxU32(&x861, &x862, 0x0, x827, x9); + var x863: u32 = undefined; + var x864: u1 = undefined; + fiatP384AddcarryxU32(&x863, &x864, x862, x829, x857); + var x865: u32 = undefined; + var x866: u1 = undefined; + fiatP384AddcarryxU32(&x865, &x866, x864, x831, x858); + var x867: u32 = undefined; + var x868: u1 = undefined; + fiatP384AddcarryxU32(&x867, &x868, x866, x833, x855); + var x869: u32 = undefined; + var x870: u1 = undefined; + fiatP384AddcarryxU32(&x869, &x870, x868, x835, @intCast(u32, @intCast(u1, x856))); + var x871: u32 = undefined; + var x872: u1 = undefined; + fiatP384AddcarryxU32(&x871, &x872, x870, x837, x853); + var x873: u32 = undefined; + var x874: u1 = undefined; + fiatP384AddcarryxU32(&x873, &x874, x872, x839, x854); + var x875: u32 = undefined; + var x876: u1 = undefined; + fiatP384AddcarryxU32(&x875, &x876, x874, x841, x851); + var x877: u32 = undefined; + var x878: u1 = undefined; + fiatP384AddcarryxU32(&x877, &x878, x876, x843, x859); + var x879: u32 = undefined; + var x880: u1 = undefined; + fiatP384AddcarryxU32(&x879, &x880, x878, x845, @intCast(u32, x860)); + var x881: u32 = undefined; + var x882: u1 = undefined; + fiatP384AddcarryxU32(&x881, &x882, x880, x847, @intCast(u32, 0x0)); + var x883: u32 = undefined; + var x884: u1 = undefined; + fiatP384AddcarryxU32(&x883, &x884, x882, x849, @intCast(u32, 0x0)); + var x885: u32 = undefined; + var x886: u32 = undefined; + fiatP384MulxU32(&x885, &x886, x861, 0xffffffff); + var x887: u32 = undefined; + var x888: u32 = undefined; + fiatP384MulxU32(&x887, &x888, x861, 0xffffffff); + var x889: u32 = undefined; + var x890: u32 = undefined; + fiatP384MulxU32(&x889, &x890, x861, 0xffffffff); + var x891: u32 = undefined; + var x892: u32 = undefined; + fiatP384MulxU32(&x891, &x892, x861, 0xffffffff); + var x893: u32 = undefined; + var x894: u32 = undefined; + fiatP384MulxU32(&x893, &x894, x861, 0xffffffff); + var x895: u32 = undefined; + var x896: u32 = undefined; + fiatP384MulxU32(&x895, &x896, x861, 0xffffffff); + var x897: u32 = undefined; + var x898: u32 = undefined; + fiatP384MulxU32(&x897, &x898, x861, 0xffffffff); + var x899: u32 = undefined; + var x900: u32 = undefined; + fiatP384MulxU32(&x899, &x900, x861, 0xfffffffe); + var x901: u32 = undefined; + var x902: u32 = undefined; + fiatP384MulxU32(&x901, &x902, x861, 0xffffffff); + var x903: u32 = undefined; + var x904: u32 = undefined; + fiatP384MulxU32(&x903, &x904, x861, 0xffffffff); + var x905: u32 = undefined; + var x906: u1 = undefined; + fiatP384AddcarryxU32(&x905, &x906, 0x0, x902, x899); + var x907: u32 = undefined; + var x908: u1 = undefined; + fiatP384AddcarryxU32(&x907, &x908, x906, x900, x897); + var x909: u32 = undefined; + var x910: u1 = undefined; + fiatP384AddcarryxU32(&x909, &x910, x908, x898, x895); + var x911: u32 = undefined; + var x912: u1 = undefined; + fiatP384AddcarryxU32(&x911, &x912, x910, x896, x893); + var x913: u32 = undefined; + var x914: u1 = undefined; + fiatP384AddcarryxU32(&x913, &x914, x912, x894, x891); + var x915: u32 = undefined; + var x916: u1 = undefined; + fiatP384AddcarryxU32(&x915, &x916, x914, x892, x889); + var x917: u32 = undefined; + var x918: u1 = undefined; + fiatP384AddcarryxU32(&x917, &x918, x916, x890, x887); + var x919: u32 = undefined; + var x920: u1 = undefined; + fiatP384AddcarryxU32(&x919, &x920, x918, x888, x885); + var x921: u32 = undefined; + var x922: u1 = undefined; + fiatP384AddcarryxU32(&x921, &x922, 0x0, x861, x903); + var x923: u32 = undefined; + var x924: u1 = undefined; + fiatP384AddcarryxU32(&x923, &x924, x922, x863, x904); + var x925: u32 = undefined; + var x926: u1 = undefined; + fiatP384AddcarryxU32(&x925, &x926, x924, x865, @intCast(u32, 0x0)); + var x927: u32 = undefined; + var x928: u1 = undefined; + fiatP384AddcarryxU32(&x927, &x928, x926, x867, x901); + var x929: u32 = undefined; + var x930: u1 = undefined; + fiatP384AddcarryxU32(&x929, &x930, x928, x869, x905); + var x931: u32 = undefined; + var x932: u1 = undefined; + fiatP384AddcarryxU32(&x931, &x932, x930, x871, x907); + var x933: u32 = undefined; + var x934: u1 = undefined; + fiatP384AddcarryxU32(&x933, &x934, x932, x873, x909); + var x935: u32 = undefined; + var x936: u1 = undefined; + fiatP384AddcarryxU32(&x935, &x936, x934, x875, x911); + var x937: u32 = undefined; + var x938: u1 = undefined; + fiatP384AddcarryxU32(&x937, &x938, x936, x877, x913); + var x939: u32 = undefined; + var x940: u1 = undefined; + fiatP384AddcarryxU32(&x939, &x940, x938, x879, x915); + var x941: u32 = undefined; + var x942: u1 = undefined; + fiatP384AddcarryxU32(&x941, &x942, x940, x881, x917); + var x943: u32 = undefined; + var x944: u1 = undefined; + fiatP384AddcarryxU32(&x943, &x944, x942, x883, x919); + var x945: u32 = undefined; + var x946: u1 = undefined; + fiatP384AddcarryxU32(&x945, &x946, x944, (@intCast(u32, x884) + @intCast(u32, x850)), (@intCast(u32, x920) + x886)); + var x947: u32 = undefined; + var x948: u32 = undefined; + fiatP384MulxU32(&x947, &x948, x10, 0x2); + var x949: u32 = undefined; + var x950: u32 = undefined; + fiatP384MulxU32(&x949, &x950, x10, 0xfffffffe); + var x951: u32 = undefined; + var x952: u32 = undefined; + fiatP384MulxU32(&x951, &x952, x10, 0x2); + var x953: u32 = undefined; + var x954: u32 = undefined; + fiatP384MulxU32(&x953, &x954, x10, 0xfffffffe); + var x955: u32 = undefined; + var x956: u1 = undefined; + fiatP384AddcarryxU32(&x955, &x956, 0x0, @intCast(u32, @intCast(u1, x948)), x10); + var x957: u32 = undefined; + var x958: u1 = undefined; + fiatP384AddcarryxU32(&x957, &x958, 0x0, x923, x10); + var x959: u32 = undefined; + var x960: u1 = undefined; + fiatP384AddcarryxU32(&x959, &x960, x958, x925, x953); + var x961: u32 = undefined; + var x962: u1 = undefined; + fiatP384AddcarryxU32(&x961, &x962, x960, x927, x954); + var x963: u32 = undefined; + var x964: u1 = undefined; + fiatP384AddcarryxU32(&x963, &x964, x962, x929, x951); + var x965: u32 = undefined; + var x966: u1 = undefined; + fiatP384AddcarryxU32(&x965, &x966, x964, x931, @intCast(u32, @intCast(u1, x952))); + var x967: u32 = undefined; + var x968: u1 = undefined; + fiatP384AddcarryxU32(&x967, &x968, x966, x933, x949); + var x969: u32 = undefined; + var x970: u1 = undefined; + fiatP384AddcarryxU32(&x969, &x970, x968, x935, x950); + var x971: u32 = undefined; + var x972: u1 = undefined; + fiatP384AddcarryxU32(&x971, &x972, x970, x937, x947); + var x973: u32 = undefined; + var x974: u1 = undefined; + fiatP384AddcarryxU32(&x973, &x974, x972, x939, x955); + var x975: u32 = undefined; + var x976: u1 = undefined; + fiatP384AddcarryxU32(&x975, &x976, x974, x941, @intCast(u32, x956)); + var x977: u32 = undefined; + var x978: u1 = undefined; + fiatP384AddcarryxU32(&x977, &x978, x976, x943, @intCast(u32, 0x0)); + var x979: u32 = undefined; + var x980: u1 = undefined; + fiatP384AddcarryxU32(&x979, &x980, x978, x945, @intCast(u32, 0x0)); + var x981: u32 = undefined; + var x982: u32 = undefined; + fiatP384MulxU32(&x981, &x982, x957, 0xffffffff); + var x983: u32 = undefined; + var x984: u32 = undefined; + fiatP384MulxU32(&x983, &x984, x957, 0xffffffff); + var x985: u32 = undefined; + var x986: u32 = undefined; + fiatP384MulxU32(&x985, &x986, x957, 0xffffffff); + var x987: u32 = undefined; + var x988: u32 = undefined; + fiatP384MulxU32(&x987, &x988, x957, 0xffffffff); + var x989: u32 = undefined; + var x990: u32 = undefined; + fiatP384MulxU32(&x989, &x990, x957, 0xffffffff); + var x991: u32 = undefined; + var x992: u32 = undefined; + fiatP384MulxU32(&x991, &x992, x957, 0xffffffff); + var x993: u32 = undefined; + var x994: u32 = undefined; + fiatP384MulxU32(&x993, &x994, x957, 0xffffffff); + var x995: u32 = undefined; + var x996: u32 = undefined; + fiatP384MulxU32(&x995, &x996, x957, 0xfffffffe); + var x997: u32 = undefined; + var x998: u32 = undefined; + fiatP384MulxU32(&x997, &x998, x957, 0xffffffff); + var x999: u32 = undefined; + var x1000: u32 = undefined; + fiatP384MulxU32(&x999, &x1000, x957, 0xffffffff); + var x1001: u32 = undefined; + var x1002: u1 = undefined; + fiatP384AddcarryxU32(&x1001, &x1002, 0x0, x998, x995); + var x1003: u32 = undefined; + var x1004: u1 = undefined; + fiatP384AddcarryxU32(&x1003, &x1004, x1002, x996, x993); + var x1005: u32 = undefined; + var x1006: u1 = undefined; + fiatP384AddcarryxU32(&x1005, &x1006, x1004, x994, x991); + var x1007: u32 = undefined; + var x1008: u1 = undefined; + fiatP384AddcarryxU32(&x1007, &x1008, x1006, x992, x989); + var x1009: u32 = undefined; + var x1010: u1 = undefined; + fiatP384AddcarryxU32(&x1009, &x1010, x1008, x990, x987); + var x1011: u32 = undefined; + var x1012: u1 = undefined; + fiatP384AddcarryxU32(&x1011, &x1012, x1010, x988, x985); + var x1013: u32 = undefined; + var x1014: u1 = undefined; + fiatP384AddcarryxU32(&x1013, &x1014, x1012, x986, x983); + var x1015: u32 = undefined; + var x1016: u1 = undefined; + fiatP384AddcarryxU32(&x1015, &x1016, x1014, x984, x981); + var x1017: u32 = undefined; + var x1018: u1 = undefined; + fiatP384AddcarryxU32(&x1017, &x1018, 0x0, x957, x999); + var x1019: u32 = undefined; + var x1020: u1 = undefined; + fiatP384AddcarryxU32(&x1019, &x1020, x1018, x959, x1000); + var x1021: u32 = undefined; + var x1022: u1 = undefined; + fiatP384AddcarryxU32(&x1021, &x1022, x1020, x961, @intCast(u32, 0x0)); + var x1023: u32 = undefined; + var x1024: u1 = undefined; + fiatP384AddcarryxU32(&x1023, &x1024, x1022, x963, x997); + var x1025: u32 = undefined; + var x1026: u1 = undefined; + fiatP384AddcarryxU32(&x1025, &x1026, x1024, x965, x1001); + var x1027: u32 = undefined; + var x1028: u1 = undefined; + fiatP384AddcarryxU32(&x1027, &x1028, x1026, x967, x1003); + var x1029: u32 = undefined; + var x1030: u1 = undefined; + fiatP384AddcarryxU32(&x1029, &x1030, x1028, x969, x1005); + var x1031: u32 = undefined; + var x1032: u1 = undefined; + fiatP384AddcarryxU32(&x1031, &x1032, x1030, x971, x1007); + var x1033: u32 = undefined; + var x1034: u1 = undefined; + fiatP384AddcarryxU32(&x1033, &x1034, x1032, x973, x1009); + var x1035: u32 = undefined; + var x1036: u1 = undefined; + fiatP384AddcarryxU32(&x1035, &x1036, x1034, x975, x1011); + var x1037: u32 = undefined; + var x1038: u1 = undefined; + fiatP384AddcarryxU32(&x1037, &x1038, x1036, x977, x1013); + var x1039: u32 = undefined; + var x1040: u1 = undefined; + fiatP384AddcarryxU32(&x1039, &x1040, x1038, x979, x1015); + var x1041: u32 = undefined; + var x1042: u1 = undefined; + fiatP384AddcarryxU32(&x1041, &x1042, x1040, (@intCast(u32, x980) + @intCast(u32, x946)), (@intCast(u32, x1016) + x982)); + var x1043: u32 = undefined; + var x1044: u32 = undefined; + fiatP384MulxU32(&x1043, &x1044, x11, 0x2); + var x1045: u32 = undefined; + var x1046: u32 = undefined; + fiatP384MulxU32(&x1045, &x1046, x11, 0xfffffffe); + var x1047: u32 = undefined; + var x1048: u32 = undefined; + fiatP384MulxU32(&x1047, &x1048, x11, 0x2); + var x1049: u32 = undefined; + var x1050: u32 = undefined; + fiatP384MulxU32(&x1049, &x1050, x11, 0xfffffffe); + var x1051: u32 = undefined; + var x1052: u1 = undefined; + fiatP384AddcarryxU32(&x1051, &x1052, 0x0, @intCast(u32, @intCast(u1, x1044)), x11); + var x1053: u32 = undefined; + var x1054: u1 = undefined; + fiatP384AddcarryxU32(&x1053, &x1054, 0x0, x1019, x11); + var x1055: u32 = undefined; + var x1056: u1 = undefined; + fiatP384AddcarryxU32(&x1055, &x1056, x1054, x1021, x1049); + var x1057: u32 = undefined; + var x1058: u1 = undefined; + fiatP384AddcarryxU32(&x1057, &x1058, x1056, x1023, x1050); + var x1059: u32 = undefined; + var x1060: u1 = undefined; + fiatP384AddcarryxU32(&x1059, &x1060, x1058, x1025, x1047); + var x1061: u32 = undefined; + var x1062: u1 = undefined; + fiatP384AddcarryxU32(&x1061, &x1062, x1060, x1027, @intCast(u32, @intCast(u1, x1048))); + var x1063: u32 = undefined; + var x1064: u1 = undefined; + fiatP384AddcarryxU32(&x1063, &x1064, x1062, x1029, x1045); + var x1065: u32 = undefined; + var x1066: u1 = undefined; + fiatP384AddcarryxU32(&x1065, &x1066, x1064, x1031, x1046); + var x1067: u32 = undefined; + var x1068: u1 = undefined; + fiatP384AddcarryxU32(&x1067, &x1068, x1066, x1033, x1043); + var x1069: u32 = undefined; + var x1070: u1 = undefined; + fiatP384AddcarryxU32(&x1069, &x1070, x1068, x1035, x1051); + var x1071: u32 = undefined; + var x1072: u1 = undefined; + fiatP384AddcarryxU32(&x1071, &x1072, x1070, x1037, @intCast(u32, x1052)); + var x1073: u32 = undefined; + var x1074: u1 = undefined; + fiatP384AddcarryxU32(&x1073, &x1074, x1072, x1039, @intCast(u32, 0x0)); + var x1075: u32 = undefined; + var x1076: u1 = undefined; + fiatP384AddcarryxU32(&x1075, &x1076, x1074, x1041, @intCast(u32, 0x0)); + var x1077: u32 = undefined; + var x1078: u32 = undefined; + fiatP384MulxU32(&x1077, &x1078, x1053, 0xffffffff); + var x1079: u32 = undefined; + var x1080: u32 = undefined; + fiatP384MulxU32(&x1079, &x1080, x1053, 0xffffffff); + var x1081: u32 = undefined; + var x1082: u32 = undefined; + fiatP384MulxU32(&x1081, &x1082, x1053, 0xffffffff); + var x1083: u32 = undefined; + var x1084: u32 = undefined; + fiatP384MulxU32(&x1083, &x1084, x1053, 0xffffffff); + var x1085: u32 = undefined; + var x1086: u32 = undefined; + fiatP384MulxU32(&x1085, &x1086, x1053, 0xffffffff); + var x1087: u32 = undefined; + var x1088: u32 = undefined; + fiatP384MulxU32(&x1087, &x1088, x1053, 0xffffffff); + var x1089: u32 = undefined; + var x1090: u32 = undefined; + fiatP384MulxU32(&x1089, &x1090, x1053, 0xffffffff); + var x1091: u32 = undefined; + var x1092: u32 = undefined; + fiatP384MulxU32(&x1091, &x1092, x1053, 0xfffffffe); + var x1093: u32 = undefined; + var x1094: u32 = undefined; + fiatP384MulxU32(&x1093, &x1094, x1053, 0xffffffff); + var x1095: u32 = undefined; + var x1096: u32 = undefined; + fiatP384MulxU32(&x1095, &x1096, x1053, 0xffffffff); + var x1097: u32 = undefined; + var x1098: u1 = undefined; + fiatP384AddcarryxU32(&x1097, &x1098, 0x0, x1094, x1091); + var x1099: u32 = undefined; + var x1100: u1 = undefined; + fiatP384AddcarryxU32(&x1099, &x1100, x1098, x1092, x1089); + var x1101: u32 = undefined; + var x1102: u1 = undefined; + fiatP384AddcarryxU32(&x1101, &x1102, x1100, x1090, x1087); + var x1103: u32 = undefined; + var x1104: u1 = undefined; + fiatP384AddcarryxU32(&x1103, &x1104, x1102, x1088, x1085); + var x1105: u32 = undefined; + var x1106: u1 = undefined; + fiatP384AddcarryxU32(&x1105, &x1106, x1104, x1086, x1083); + var x1107: u32 = undefined; + var x1108: u1 = undefined; + fiatP384AddcarryxU32(&x1107, &x1108, x1106, x1084, x1081); + var x1109: u32 = undefined; + var x1110: u1 = undefined; + fiatP384AddcarryxU32(&x1109, &x1110, x1108, x1082, x1079); + var x1111: u32 = undefined; + var x1112: u1 = undefined; + fiatP384AddcarryxU32(&x1111, &x1112, x1110, x1080, x1077); + var x1113: u32 = undefined; + var x1114: u1 = undefined; + fiatP384AddcarryxU32(&x1113, &x1114, 0x0, x1053, x1095); + var x1115: u32 = undefined; + var x1116: u1 = undefined; + fiatP384AddcarryxU32(&x1115, &x1116, x1114, x1055, x1096); + var x1117: u32 = undefined; + var x1118: u1 = undefined; + fiatP384AddcarryxU32(&x1117, &x1118, x1116, x1057, @intCast(u32, 0x0)); + var x1119: u32 = undefined; + var x1120: u1 = undefined; + fiatP384AddcarryxU32(&x1119, &x1120, x1118, x1059, x1093); + var x1121: u32 = undefined; + var x1122: u1 = undefined; + fiatP384AddcarryxU32(&x1121, &x1122, x1120, x1061, x1097); + var x1123: u32 = undefined; + var x1124: u1 = undefined; + fiatP384AddcarryxU32(&x1123, &x1124, x1122, x1063, x1099); + var x1125: u32 = undefined; + var x1126: u1 = undefined; + fiatP384AddcarryxU32(&x1125, &x1126, x1124, x1065, x1101); + var x1127: u32 = undefined; + var x1128: u1 = undefined; + fiatP384AddcarryxU32(&x1127, &x1128, x1126, x1067, x1103); + var x1129: u32 = undefined; + var x1130: u1 = undefined; + fiatP384AddcarryxU32(&x1129, &x1130, x1128, x1069, x1105); + var x1131: u32 = undefined; + var x1132: u1 = undefined; + fiatP384AddcarryxU32(&x1131, &x1132, x1130, x1071, x1107); + var x1133: u32 = undefined; + var x1134: u1 = undefined; + fiatP384AddcarryxU32(&x1133, &x1134, x1132, x1073, x1109); + var x1135: u32 = undefined; + var x1136: u1 = undefined; + fiatP384AddcarryxU32(&x1135, &x1136, x1134, x1075, x1111); + var x1137: u32 = undefined; + var x1138: u1 = undefined; + fiatP384AddcarryxU32(&x1137, &x1138, x1136, (@intCast(u32, x1076) + @intCast(u32, x1042)), (@intCast(u32, x1112) + x1078)); + var x1139: u32 = undefined; + var x1140: u1 = undefined; + fiatP384SubborrowxU32(&x1139, &x1140, 0x0, x1115, 0xffffffff); + var x1141: u32 = undefined; + var x1142: u1 = undefined; + fiatP384SubborrowxU32(&x1141, &x1142, x1140, x1117, @intCast(u32, 0x0)); + var x1143: u32 = undefined; + var x1144: u1 = undefined; + fiatP384SubborrowxU32(&x1143, &x1144, x1142, x1119, @intCast(u32, 0x0)); + var x1145: u32 = undefined; + var x1146: u1 = undefined; + fiatP384SubborrowxU32(&x1145, &x1146, x1144, x1121, 0xffffffff); + var x1147: u32 = undefined; + var x1148: u1 = undefined; + fiatP384SubborrowxU32(&x1147, &x1148, x1146, x1123, 0xfffffffe); + var x1149: u32 = undefined; + var x1150: u1 = undefined; + fiatP384SubborrowxU32(&x1149, &x1150, x1148, x1125, 0xffffffff); + var x1151: u32 = undefined; + var x1152: u1 = undefined; + fiatP384SubborrowxU32(&x1151, &x1152, x1150, x1127, 0xffffffff); + var x1153: u32 = undefined; + var x1154: u1 = undefined; + fiatP384SubborrowxU32(&x1153, &x1154, x1152, x1129, 0xffffffff); + var x1155: u32 = undefined; + var x1156: u1 = undefined; + fiatP384SubborrowxU32(&x1155, &x1156, x1154, x1131, 0xffffffff); + var x1157: u32 = undefined; + var x1158: u1 = undefined; + fiatP384SubborrowxU32(&x1157, &x1158, x1156, x1133, 0xffffffff); + var x1159: u32 = undefined; + var x1160: u1 = undefined; + fiatP384SubborrowxU32(&x1159, &x1160, x1158, x1135, 0xffffffff); + var x1161: u32 = undefined; + var x1162: u1 = undefined; + fiatP384SubborrowxU32(&x1161, &x1162, x1160, x1137, 0xffffffff); + var x1163: u32 = undefined; + var x1164: u1 = undefined; + fiatP384SubborrowxU32(&x1163, &x1164, x1162, @intCast(u32, x1138), @intCast(u32, 0x0)); + var x1165: u32 = undefined; + fiatP384CmovznzU32(&x1165, x1164, x1139, x1115); + var x1166: u32 = undefined; + fiatP384CmovznzU32(&x1166, x1164, x1141, x1117); + var x1167: u32 = undefined; + fiatP384CmovznzU32(&x1167, x1164, x1143, x1119); + var x1168: u32 = undefined; + fiatP384CmovznzU32(&x1168, x1164, x1145, x1121); + var x1169: u32 = undefined; + fiatP384CmovznzU32(&x1169, x1164, x1147, x1123); + var x1170: u32 = undefined; + fiatP384CmovznzU32(&x1170, x1164, x1149, x1125); + var x1171: u32 = undefined; + fiatP384CmovznzU32(&x1171, x1164, x1151, x1127); + var x1172: u32 = undefined; + fiatP384CmovznzU32(&x1172, x1164, x1153, x1129); + var x1173: u32 = undefined; + fiatP384CmovznzU32(&x1173, x1164, x1155, x1131); + var x1174: u32 = undefined; + fiatP384CmovznzU32(&x1174, x1164, x1157, x1133); + var x1175: u32 = undefined; + fiatP384CmovznzU32(&x1175, x1164, x1159, x1135); + var x1176: u32 = undefined; + fiatP384CmovznzU32(&x1176, x1164, x1161, x1137); + out1[0] = x1165; + out1[1] = x1166; + out1[2] = x1167; + out1[3] = x1168; + out1[4] = x1169; + out1[5] = x1170; + out1[6] = x1171; + out1[7] = x1172; + out1[8] = x1173; + out1[9] = x1174; + out1[10] = x1175; + out1[11] = x1176; +} + +/// The function fiatP384Nonzero outputs a single non-zero word if the input is non-zero and zero otherwise. +/// Preconditions: +/// 0 ≤ eval arg1 < m +/// Postconditions: +/// out1 = 0 ↔ eval (from_montgomery arg1) mod m = 0 +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +/// Output Bounds: +/// out1: [0x0 ~> 0xffffffff] +pub fn fiatP384Nonzero(out1: *u32, arg1: [12]u32) void { + const x1: u32 = ((arg1[0]) | ((arg1[1]) | ((arg1[2]) | ((arg1[3]) | ((arg1[4]) | ((arg1[5]) | ((arg1[6]) | ((arg1[7]) | ((arg1[8]) | ((arg1[9]) | ((arg1[10]) | (arg1[11])))))))))))); + out1.* = x1; +} + +/// The function fiatP384Selectznz is a multi-limb conditional select. +/// Postconditions: +/// eval out1 = (if arg1 = 0 then eval arg2 else eval arg3) +/// +/// Input Bounds: +/// arg1: [0x0 ~> 0x1] +/// arg2: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +/// arg3: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +pub fn fiatP384Selectznz(out1: *[12]u32, arg1: u1, arg2: [12]u32, arg3: [12]u32) void { + var x1: u32 = undefined; + fiatP384CmovznzU32(&x1, arg1, (arg2[0]), (arg3[0])); + var x2: u32 = undefined; + fiatP384CmovznzU32(&x2, arg1, (arg2[1]), (arg3[1])); + var x3: u32 = undefined; + fiatP384CmovznzU32(&x3, arg1, (arg2[2]), (arg3[2])); + var x4: u32 = undefined; + fiatP384CmovznzU32(&x4, arg1, (arg2[3]), (arg3[3])); + var x5: u32 = undefined; + fiatP384CmovznzU32(&x5, arg1, (arg2[4]), (arg3[4])); + var x6: u32 = undefined; + fiatP384CmovznzU32(&x6, arg1, (arg2[5]), (arg3[5])); + var x7: u32 = undefined; + fiatP384CmovznzU32(&x7, arg1, (arg2[6]), (arg3[6])); + var x8: u32 = undefined; + fiatP384CmovznzU32(&x8, arg1, (arg2[7]), (arg3[7])); + var x9: u32 = undefined; + fiatP384CmovznzU32(&x9, arg1, (arg2[8]), (arg3[8])); + var x10: u32 = undefined; + fiatP384CmovznzU32(&x10, arg1, (arg2[9]), (arg3[9])); + var x11: u32 = undefined; + fiatP384CmovznzU32(&x11, arg1, (arg2[10]), (arg3[10])); + var x12: u32 = undefined; + fiatP384CmovznzU32(&x12, arg1, (arg2[11]), (arg3[11])); + out1[0] = x1; + out1[1] = x2; + out1[2] = x3; + out1[3] = x4; + out1[4] = x5; + out1[5] = x6; + out1[6] = x7; + out1[7] = x8; + out1[8] = x9; + out1[9] = x10; + out1[10] = x11; + out1[11] = x12; +} + +/// The function fiatP384ToBytes serializes a field element NOT in the Montgomery domain to bytes in little-endian order. +/// Preconditions: +/// 0 ≤ eval arg1 < m +/// Postconditions: +/// out1 = map (λ x, ⌊((eval arg1 mod m) mod 2^(8 * (x + 1))) / 2^(8 * x)⌋) [0..47] +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff]] +pub fn fiatP384ToBytes(out1: *[48]u8, arg1: [12]u32) void { + const x1: u32 = (arg1[11]); + const x2: u32 = (arg1[10]); + const x3: u32 = (arg1[9]); + const x4: u32 = (arg1[8]); + const x5: u32 = (arg1[7]); + const x6: u32 = (arg1[6]); + const x7: u32 = (arg1[5]); + const x8: u32 = (arg1[4]); + const x9: u32 = (arg1[3]); + const x10: u32 = (arg1[2]); + const x11: u32 = (arg1[1]); + const x12: u32 = (arg1[0]); + const x13: u8 = @intCast(u8, (x12 & @intCast(u32, 0xff))); + const x14: u32 = (x12 >> 8); + const x15: u8 = @intCast(u8, (x14 & @intCast(u32, 0xff))); + const x16: u32 = (x14 >> 8); + const x17: u8 = @intCast(u8, (x16 & @intCast(u32, 0xff))); + const x18: u8 = @intCast(u8, (x16 >> 8)); + const x19: u8 = @intCast(u8, (x11 & @intCast(u32, 0xff))); + const x20: u32 = (x11 >> 8); + const x21: u8 = @intCast(u8, (x20 & @intCast(u32, 0xff))); + const x22: u32 = (x20 >> 8); + const x23: u8 = @intCast(u8, (x22 & @intCast(u32, 0xff))); + const x24: u8 = @intCast(u8, (x22 >> 8)); + const x25: u8 = @intCast(u8, (x10 & @intCast(u32, 0xff))); + const x26: u32 = (x10 >> 8); + const x27: u8 = @intCast(u8, (x26 & @intCast(u32, 0xff))); + const x28: u32 = (x26 >> 8); + const x29: u8 = @intCast(u8, (x28 & @intCast(u32, 0xff))); + const x30: u8 = @intCast(u8, (x28 >> 8)); + const x31: u8 = @intCast(u8, (x9 & @intCast(u32, 0xff))); + const x32: u32 = (x9 >> 8); + const x33: u8 = @intCast(u8, (x32 & @intCast(u32, 0xff))); + const x34: u32 = (x32 >> 8); + const x35: u8 = @intCast(u8, (x34 & @intCast(u32, 0xff))); + const x36: u8 = @intCast(u8, (x34 >> 8)); + const x37: u8 = @intCast(u8, (x8 & @intCast(u32, 0xff))); + const x38: u32 = (x8 >> 8); + const x39: u8 = @intCast(u8, (x38 & @intCast(u32, 0xff))); + const x40: u32 = (x38 >> 8); + const x41: u8 = @intCast(u8, (x40 & @intCast(u32, 0xff))); + const x42: u8 = @intCast(u8, (x40 >> 8)); + const x43: u8 = @intCast(u8, (x7 & @intCast(u32, 0xff))); + const x44: u32 = (x7 >> 8); + const x45: u8 = @intCast(u8, (x44 & @intCast(u32, 0xff))); + const x46: u32 = (x44 >> 8); + const x47: u8 = @intCast(u8, (x46 & @intCast(u32, 0xff))); + const x48: u8 = @intCast(u8, (x46 >> 8)); + const x49: u8 = @intCast(u8, (x6 & @intCast(u32, 0xff))); + const x50: u32 = (x6 >> 8); + const x51: u8 = @intCast(u8, (x50 & @intCast(u32, 0xff))); + const x52: u32 = (x50 >> 8); + const x53: u8 = @intCast(u8, (x52 & @intCast(u32, 0xff))); + const x54: u8 = @intCast(u8, (x52 >> 8)); + const x55: u8 = @intCast(u8, (x5 & @intCast(u32, 0xff))); + const x56: u32 = (x5 >> 8); + const x57: u8 = @intCast(u8, (x56 & @intCast(u32, 0xff))); + const x58: u32 = (x56 >> 8); + const x59: u8 = @intCast(u8, (x58 & @intCast(u32, 0xff))); + const x60: u8 = @intCast(u8, (x58 >> 8)); + const x61: u8 = @intCast(u8, (x4 & @intCast(u32, 0xff))); + const x62: u32 = (x4 >> 8); + const x63: u8 = @intCast(u8, (x62 & @intCast(u32, 0xff))); + const x64: u32 = (x62 >> 8); + const x65: u8 = @intCast(u8, (x64 & @intCast(u32, 0xff))); + const x66: u8 = @intCast(u8, (x64 >> 8)); + const x67: u8 = @intCast(u8, (x3 & @intCast(u32, 0xff))); + const x68: u32 = (x3 >> 8); + const x69: u8 = @intCast(u8, (x68 & @intCast(u32, 0xff))); + const x70: u32 = (x68 >> 8); + const x71: u8 = @intCast(u8, (x70 & @intCast(u32, 0xff))); + const x72: u8 = @intCast(u8, (x70 >> 8)); + const x73: u8 = @intCast(u8, (x2 & @intCast(u32, 0xff))); + const x74: u32 = (x2 >> 8); + const x75: u8 = @intCast(u8, (x74 & @intCast(u32, 0xff))); + const x76: u32 = (x74 >> 8); + const x77: u8 = @intCast(u8, (x76 & @intCast(u32, 0xff))); + const x78: u8 = @intCast(u8, (x76 >> 8)); + const x79: u8 = @intCast(u8, (x1 & @intCast(u32, 0xff))); + const x80: u32 = (x1 >> 8); + const x81: u8 = @intCast(u8, (x80 & @intCast(u32, 0xff))); + const x82: u32 = (x80 >> 8); + const x83: u8 = @intCast(u8, (x82 & @intCast(u32, 0xff))); + const x84: u8 = @intCast(u8, (x82 >> 8)); + out1[0] = x13; + out1[1] = x15; + out1[2] = x17; + out1[3] = x18; + out1[4] = x19; + out1[5] = x21; + out1[6] = x23; + out1[7] = x24; + out1[8] = x25; + out1[9] = x27; + out1[10] = x29; + out1[11] = x30; + out1[12] = x31; + out1[13] = x33; + out1[14] = x35; + out1[15] = x36; + out1[16] = x37; + out1[17] = x39; + out1[18] = x41; + out1[19] = x42; + out1[20] = x43; + out1[21] = x45; + out1[22] = x47; + out1[23] = x48; + out1[24] = x49; + out1[25] = x51; + out1[26] = x53; + out1[27] = x54; + out1[28] = x55; + out1[29] = x57; + out1[30] = x59; + out1[31] = x60; + out1[32] = x61; + out1[33] = x63; + out1[34] = x65; + out1[35] = x66; + out1[36] = x67; + out1[37] = x69; + out1[38] = x71; + out1[39] = x72; + out1[40] = x73; + out1[41] = x75; + out1[42] = x77; + out1[43] = x78; + out1[44] = x79; + out1[45] = x81; + out1[46] = x83; + out1[47] = x84; +} + +/// The function fiatP384FromBytes deserializes a field element NOT in the Montgomery domain from bytes in little-endian order. +/// Preconditions: +/// 0 ≤ bytes_eval arg1 < m +/// Postconditions: +/// eval out1 mod m = bytes_eval arg1 mod m +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +pub fn fiatP384FromBytes(out1: *[12]u32, arg1: [48]u8) void { + const x1: u32 = (@intCast(u32, (arg1[47])) << 24); + const x2: u32 = (@intCast(u32, (arg1[46])) << 16); + const x3: u32 = (@intCast(u32, (arg1[45])) << 8); + const x4: u8 = (arg1[44]); + const x5: u32 = (@intCast(u32, (arg1[43])) << 24); + const x6: u32 = (@intCast(u32, (arg1[42])) << 16); + const x7: u32 = (@intCast(u32, (arg1[41])) << 8); + const x8: u8 = (arg1[40]); + const x9: u32 = (@intCast(u32, (arg1[39])) << 24); + const x10: u32 = (@intCast(u32, (arg1[38])) << 16); + const x11: u32 = (@intCast(u32, (arg1[37])) << 8); + const x12: u8 = (arg1[36]); + const x13: u32 = (@intCast(u32, (arg1[35])) << 24); + const x14: u32 = (@intCast(u32, (arg1[34])) << 16); + const x15: u32 = (@intCast(u32, (arg1[33])) << 8); + const x16: u8 = (arg1[32]); + const x17: u32 = (@intCast(u32, (arg1[31])) << 24); + const x18: u32 = (@intCast(u32, (arg1[30])) << 16); + const x19: u32 = (@intCast(u32, (arg1[29])) << 8); + const x20: u8 = (arg1[28]); + const x21: u32 = (@intCast(u32, (arg1[27])) << 24); + const x22: u32 = (@intCast(u32, (arg1[26])) << 16); + const x23: u32 = (@intCast(u32, (arg1[25])) << 8); + const x24: u8 = (arg1[24]); + const x25: u32 = (@intCast(u32, (arg1[23])) << 24); + const x26: u32 = (@intCast(u32, (arg1[22])) << 16); + const x27: u32 = (@intCast(u32, (arg1[21])) << 8); + const x28: u8 = (arg1[20]); + const x29: u32 = (@intCast(u32, (arg1[19])) << 24); + const x30: u32 = (@intCast(u32, (arg1[18])) << 16); + const x31: u32 = (@intCast(u32, (arg1[17])) << 8); + const x32: u8 = (arg1[16]); + const x33: u32 = (@intCast(u32, (arg1[15])) << 24); + const x34: u32 = (@intCast(u32, (arg1[14])) << 16); + const x35: u32 = (@intCast(u32, (arg1[13])) << 8); + const x36: u8 = (arg1[12]); + const x37: u32 = (@intCast(u32, (arg1[11])) << 24); + const x38: u32 = (@intCast(u32, (arg1[10])) << 16); + const x39: u32 = (@intCast(u32, (arg1[9])) << 8); + const x40: u8 = (arg1[8]); + const x41: u32 = (@intCast(u32, (arg1[7])) << 24); + const x42: u32 = (@intCast(u32, (arg1[6])) << 16); + const x43: u32 = (@intCast(u32, (arg1[5])) << 8); + const x44: u8 = (arg1[4]); + const x45: u32 = (@intCast(u32, (arg1[3])) << 24); + const x46: u32 = (@intCast(u32, (arg1[2])) << 16); + const x47: u32 = (@intCast(u32, (arg1[1])) << 8); + const x48: u8 = (arg1[0]); + const x49: u32 = (x47 + @intCast(u32, x48)); + const x50: u32 = (x46 + x49); + const x51: u32 = (x45 + x50); + const x52: u32 = (x43 + @intCast(u32, x44)); + const x53: u32 = (x42 + x52); + const x54: u32 = (x41 + x53); + const x55: u32 = (x39 + @intCast(u32, x40)); + const x56: u32 = (x38 + x55); + const x57: u32 = (x37 + x56); + const x58: u32 = (x35 + @intCast(u32, x36)); + const x59: u32 = (x34 + x58); + const x60: u32 = (x33 + x59); + const x61: u32 = (x31 + @intCast(u32, x32)); + const x62: u32 = (x30 + x61); + const x63: u32 = (x29 + x62); + const x64: u32 = (x27 + @intCast(u32, x28)); + const x65: u32 = (x26 + x64); + const x66: u32 = (x25 + x65); + const x67: u32 = (x23 + @intCast(u32, x24)); + const x68: u32 = (x22 + x67); + const x69: u32 = (x21 + x68); + const x70: u32 = (x19 + @intCast(u32, x20)); + const x71: u32 = (x18 + x70); + const x72: u32 = (x17 + x71); + const x73: u32 = (x15 + @intCast(u32, x16)); + const x74: u32 = (x14 + x73); + const x75: u32 = (x13 + x74); + const x76: u32 = (x11 + @intCast(u32, x12)); + const x77: u32 = (x10 + x76); + const x78: u32 = (x9 + x77); + const x79: u32 = (x7 + @intCast(u32, x8)); + const x80: u32 = (x6 + x79); + const x81: u32 = (x5 + x80); + const x82: u32 = (x3 + @intCast(u32, x4)); + const x83: u32 = (x2 + x82); + const x84: u32 = (x1 + x83); + out1[0] = x51; + out1[1] = x54; + out1[2] = x57; + out1[3] = x60; + out1[4] = x63; + out1[5] = x66; + out1[6] = x69; + out1[7] = x72; + out1[8] = x75; + out1[9] = x78; + out1[10] = x81; + out1[11] = x84; +} + +/// The function fiatP384SetOne returns the field element one in the Montgomery domain. +/// Postconditions: +/// eval (from_montgomery out1) mod m = 1 mod m +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +pub fn fiatP384SetOne(out1: *[12]u32) void { + out1[0] = @intCast(u32, 0x1); + out1[1] = 0xffffffff; + out1[2] = 0xffffffff; + out1[3] = @intCast(u32, 0x0); + out1[4] = @intCast(u32, 0x1); + out1[5] = @intCast(u32, 0x0); + out1[6] = @intCast(u32, 0x0); + out1[7] = @intCast(u32, 0x0); + out1[8] = @intCast(u32, 0x0); + out1[9] = @intCast(u32, 0x0); + out1[10] = @intCast(u32, 0x0); + out1[11] = @intCast(u32, 0x0); +} + +/// The function fiatP384Msat returns the saturated representation of the prime modulus. +/// Postconditions: +/// twos_complement_eval out1 = m +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +pub fn fiatP384Msat(out1: *[13]u32) void { + out1[0] = 0xffffffff; + out1[1] = @intCast(u32, 0x0); + out1[2] = @intCast(u32, 0x0); + out1[3] = 0xffffffff; + out1[4] = 0xfffffffe; + out1[5] = 0xffffffff; + out1[6] = 0xffffffff; + out1[7] = 0xffffffff; + out1[8] = 0xffffffff; + out1[9] = 0xffffffff; + out1[10] = 0xffffffff; + out1[11] = 0xffffffff; + out1[12] = @intCast(u32, 0x0); +} + +/// The function fiatP384Divstep computes a divstep. +/// Preconditions: +/// 0 ≤ eval arg4 < m +/// 0 ≤ eval arg5 < m +/// Postconditions: +/// out1 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then 1 - arg1 else 1 + arg1) +/// twos_complement_eval out2 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then twos_complement_eval arg3 else twos_complement_eval arg2) +/// twos_complement_eval out3 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then ⌊(twos_complement_eval arg3 - twos_complement_eval arg2) / 2⌋ else ⌊(twos_complement_eval arg3 + (twos_complement_eval arg3 mod 2) * twos_complement_eval arg2) / 2⌋) +/// eval (from_montgomery out4) mod m = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then (2 * eval (from_montgomery arg5)) mod m else (2 * eval (from_montgomery arg4)) mod m) +/// eval (from_montgomery out5) mod m = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then (eval (from_montgomery arg4) - eval (from_montgomery arg4)) mod m else (eval (from_montgomery arg5) + (twos_complement_eval arg3 mod 2) * eval (from_montgomery arg4)) mod m) +/// 0 ≤ eval out5 < m +/// 0 ≤ eval out5 < m +/// 0 ≤ eval out2 < m +/// 0 ≤ eval out3 < m +/// +/// Input Bounds: +/// arg1: [0x0 ~> 0xffffffff] +/// arg2: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +/// arg3: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +/// arg4: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +/// arg5: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +/// Output Bounds: +/// out1: [0x0 ~> 0xffffffff] +/// out2: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +/// out3: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +/// out4: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +/// out5: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +pub fn fiatP384Divstep(out1: *u32, out2: *[13]u32, out3: *[13]u32, out4: *[12]u32, out5: *[12]u32, arg1: u32, arg2: [13]u32, arg3: [13]u32, arg4: [12]u32, arg5: [12]u32) void { + var x1: u32 = undefined; + var x2: u1 = undefined; + fiatP384AddcarryxU32(&x1, &x2, 0x0, (~arg1), @intCast(u32, 0x1)); + const x3: u1 = (@intCast(u1, (x1 >> 31)) & @intCast(u1, ((arg3[0]) & @intCast(u32, 0x1)))); + var x4: u32 = undefined; + var x5: u1 = undefined; + fiatP384AddcarryxU32(&x4, &x5, 0x0, (~arg1), @intCast(u32, 0x1)); + var x6: u32 = undefined; + fiatP384CmovznzU32(&x6, x3, arg1, x4); + var x7: u32 = undefined; + fiatP384CmovznzU32(&x7, x3, (arg2[0]), (arg3[0])); + var x8: u32 = undefined; + fiatP384CmovznzU32(&x8, x3, (arg2[1]), (arg3[1])); + var x9: u32 = undefined; + fiatP384CmovznzU32(&x9, x3, (arg2[2]), (arg3[2])); + var x10: u32 = undefined; + fiatP384CmovznzU32(&x10, x3, (arg2[3]), (arg3[3])); + var x11: u32 = undefined; + fiatP384CmovznzU32(&x11, x3, (arg2[4]), (arg3[4])); + var x12: u32 = undefined; + fiatP384CmovznzU32(&x12, x3, (arg2[5]), (arg3[5])); + var x13: u32 = undefined; + fiatP384CmovznzU32(&x13, x3, (arg2[6]), (arg3[6])); + var x14: u32 = undefined; + fiatP384CmovznzU32(&x14, x3, (arg2[7]), (arg3[7])); + var x15: u32 = undefined; + fiatP384CmovznzU32(&x15, x3, (arg2[8]), (arg3[8])); + var x16: u32 = undefined; + fiatP384CmovznzU32(&x16, x3, (arg2[9]), (arg3[9])); + var x17: u32 = undefined; + fiatP384CmovznzU32(&x17, x3, (arg2[10]), (arg3[10])); + var x18: u32 = undefined; + fiatP384CmovznzU32(&x18, x3, (arg2[11]), (arg3[11])); + var x19: u32 = undefined; + fiatP384CmovznzU32(&x19, x3, (arg2[12]), (arg3[12])); + var x20: u32 = undefined; + var x21: u1 = undefined; + fiatP384AddcarryxU32(&x20, &x21, 0x0, @intCast(u32, 0x1), (~(arg2[0]))); + var x22: u32 = undefined; + var x23: u1 = undefined; + fiatP384AddcarryxU32(&x22, &x23, x21, @intCast(u32, 0x0), (~(arg2[1]))); + var x24: u32 = undefined; + var x25: u1 = undefined; + fiatP384AddcarryxU32(&x24, &x25, x23, @intCast(u32, 0x0), (~(arg2[2]))); + var x26: u32 = undefined; + var x27: u1 = undefined; + fiatP384AddcarryxU32(&x26, &x27, x25, @intCast(u32, 0x0), (~(arg2[3]))); + var x28: u32 = undefined; + var x29: u1 = undefined; + fiatP384AddcarryxU32(&x28, &x29, x27, @intCast(u32, 0x0), (~(arg2[4]))); + var x30: u32 = undefined; + var x31: u1 = undefined; + fiatP384AddcarryxU32(&x30, &x31, x29, @intCast(u32, 0x0), (~(arg2[5]))); + var x32: u32 = undefined; + var x33: u1 = undefined; + fiatP384AddcarryxU32(&x32, &x33, x31, @intCast(u32, 0x0), (~(arg2[6]))); + var x34: u32 = undefined; + var x35: u1 = undefined; + fiatP384AddcarryxU32(&x34, &x35, x33, @intCast(u32, 0x0), (~(arg2[7]))); + var x36: u32 = undefined; + var x37: u1 = undefined; + fiatP384AddcarryxU32(&x36, &x37, x35, @intCast(u32, 0x0), (~(arg2[8]))); + var x38: u32 = undefined; + var x39: u1 = undefined; + fiatP384AddcarryxU32(&x38, &x39, x37, @intCast(u32, 0x0), (~(arg2[9]))); + var x40: u32 = undefined; + var x41: u1 = undefined; + fiatP384AddcarryxU32(&x40, &x41, x39, @intCast(u32, 0x0), (~(arg2[10]))); + var x42: u32 = undefined; + var x43: u1 = undefined; + fiatP384AddcarryxU32(&x42, &x43, x41, @intCast(u32, 0x0), (~(arg2[11]))); + var x44: u32 = undefined; + var x45: u1 = undefined; + fiatP384AddcarryxU32(&x44, &x45, x43, @intCast(u32, 0x0), (~(arg2[12]))); + var x46: u32 = undefined; + fiatP384CmovznzU32(&x46, x3, (arg3[0]), x20); + var x47: u32 = undefined; + fiatP384CmovznzU32(&x47, x3, (arg3[1]), x22); + var x48: u32 = undefined; + fiatP384CmovznzU32(&x48, x3, (arg3[2]), x24); + var x49: u32 = undefined; + fiatP384CmovznzU32(&x49, x3, (arg3[3]), x26); + var x50: u32 = undefined; + fiatP384CmovznzU32(&x50, x3, (arg3[4]), x28); + var x51: u32 = undefined; + fiatP384CmovznzU32(&x51, x3, (arg3[5]), x30); + var x52: u32 = undefined; + fiatP384CmovznzU32(&x52, x3, (arg3[6]), x32); + var x53: u32 = undefined; + fiatP384CmovznzU32(&x53, x3, (arg3[7]), x34); + var x54: u32 = undefined; + fiatP384CmovznzU32(&x54, x3, (arg3[8]), x36); + var x55: u32 = undefined; + fiatP384CmovznzU32(&x55, x3, (arg3[9]), x38); + var x56: u32 = undefined; + fiatP384CmovznzU32(&x56, x3, (arg3[10]), x40); + var x57: u32 = undefined; + fiatP384CmovznzU32(&x57, x3, (arg3[11]), x42); + var x58: u32 = undefined; + fiatP384CmovznzU32(&x58, x3, (arg3[12]), x44); + var x59: u32 = undefined; + fiatP384CmovznzU32(&x59, x3, (arg4[0]), (arg5[0])); + var x60: u32 = undefined; + fiatP384CmovznzU32(&x60, x3, (arg4[1]), (arg5[1])); + var x61: u32 = undefined; + fiatP384CmovznzU32(&x61, x3, (arg4[2]), (arg5[2])); + var x62: u32 = undefined; + fiatP384CmovznzU32(&x62, x3, (arg4[3]), (arg5[3])); + var x63: u32 = undefined; + fiatP384CmovznzU32(&x63, x3, (arg4[4]), (arg5[4])); + var x64: u32 = undefined; + fiatP384CmovznzU32(&x64, x3, (arg4[5]), (arg5[5])); + var x65: u32 = undefined; + fiatP384CmovznzU32(&x65, x3, (arg4[6]), (arg5[6])); + var x66: u32 = undefined; + fiatP384CmovznzU32(&x66, x3, (arg4[7]), (arg5[7])); + var x67: u32 = undefined; + fiatP384CmovznzU32(&x67, x3, (arg4[8]), (arg5[8])); + var x68: u32 = undefined; + fiatP384CmovznzU32(&x68, x3, (arg4[9]), (arg5[9])); + var x69: u32 = undefined; + fiatP384CmovznzU32(&x69, x3, (arg4[10]), (arg5[10])); + var x70: u32 = undefined; + fiatP384CmovznzU32(&x70, x3, (arg4[11]), (arg5[11])); + var x71: u32 = undefined; + var x72: u1 = undefined; + fiatP384AddcarryxU32(&x71, &x72, 0x0, x59, x59); + var x73: u32 = undefined; + var x74: u1 = undefined; + fiatP384AddcarryxU32(&x73, &x74, x72, x60, x60); + var x75: u32 = undefined; + var x76: u1 = undefined; + fiatP384AddcarryxU32(&x75, &x76, x74, x61, x61); + var x77: u32 = undefined; + var x78: u1 = undefined; + fiatP384AddcarryxU32(&x77, &x78, x76, x62, x62); + var x79: u32 = undefined; + var x80: u1 = undefined; + fiatP384AddcarryxU32(&x79, &x80, x78, x63, x63); + var x81: u32 = undefined; + var x82: u1 = undefined; + fiatP384AddcarryxU32(&x81, &x82, x80, x64, x64); + var x83: u32 = undefined; + var x84: u1 = undefined; + fiatP384AddcarryxU32(&x83, &x84, x82, x65, x65); + var x85: u32 = undefined; + var x86: u1 = undefined; + fiatP384AddcarryxU32(&x85, &x86, x84, x66, x66); + var x87: u32 = undefined; + var x88: u1 = undefined; + fiatP384AddcarryxU32(&x87, &x88, x86, x67, x67); + var x89: u32 = undefined; + var x90: u1 = undefined; + fiatP384AddcarryxU32(&x89, &x90, x88, x68, x68); + var x91: u32 = undefined; + var x92: u1 = undefined; + fiatP384AddcarryxU32(&x91, &x92, x90, x69, x69); + var x93: u32 = undefined; + var x94: u1 = undefined; + fiatP384AddcarryxU32(&x93, &x94, x92, x70, x70); + var x95: u32 = undefined; + var x96: u1 = undefined; + fiatP384SubborrowxU32(&x95, &x96, 0x0, x71, 0xffffffff); + var x97: u32 = undefined; + var x98: u1 = undefined; + fiatP384SubborrowxU32(&x97, &x98, x96, x73, @intCast(u32, 0x0)); + var x99: u32 = undefined; + var x100: u1 = undefined; + fiatP384SubborrowxU32(&x99, &x100, x98, x75, @intCast(u32, 0x0)); + var x101: u32 = undefined; + var x102: u1 = undefined; + fiatP384SubborrowxU32(&x101, &x102, x100, x77, 0xffffffff); + var x103: u32 = undefined; + var x104: u1 = undefined; + fiatP384SubborrowxU32(&x103, &x104, x102, x79, 0xfffffffe); + var x105: u32 = undefined; + var x106: u1 = undefined; + fiatP384SubborrowxU32(&x105, &x106, x104, x81, 0xffffffff); + var x107: u32 = undefined; + var x108: u1 = undefined; + fiatP384SubborrowxU32(&x107, &x108, x106, x83, 0xffffffff); + var x109: u32 = undefined; + var x110: u1 = undefined; + fiatP384SubborrowxU32(&x109, &x110, x108, x85, 0xffffffff); + var x111: u32 = undefined; + var x112: u1 = undefined; + fiatP384SubborrowxU32(&x111, &x112, x110, x87, 0xffffffff); + var x113: u32 = undefined; + var x114: u1 = undefined; + fiatP384SubborrowxU32(&x113, &x114, x112, x89, 0xffffffff); + var x115: u32 = undefined; + var x116: u1 = undefined; + fiatP384SubborrowxU32(&x115, &x116, x114, x91, 0xffffffff); + var x117: u32 = undefined; + var x118: u1 = undefined; + fiatP384SubborrowxU32(&x117, &x118, x116, x93, 0xffffffff); + var x119: u32 = undefined; + var x120: u1 = undefined; + fiatP384SubborrowxU32(&x119, &x120, x118, @intCast(u32, x94), @intCast(u32, 0x0)); + const x121: u32 = (arg4[11]); + const x122: u32 = (arg4[10]); + const x123: u32 = (arg4[9]); + const x124: u32 = (arg4[8]); + const x125: u32 = (arg4[7]); + const x126: u32 = (arg4[6]); + const x127: u32 = (arg4[5]); + const x128: u32 = (arg4[4]); + const x129: u32 = (arg4[3]); + const x130: u32 = (arg4[2]); + const x131: u32 = (arg4[1]); + const x132: u32 = (arg4[0]); + var x133: u32 = undefined; + var x134: u1 = undefined; + fiatP384SubborrowxU32(&x133, &x134, 0x0, @intCast(u32, 0x0), x132); + var x135: u32 = undefined; + var x136: u1 = undefined; + fiatP384SubborrowxU32(&x135, &x136, x134, @intCast(u32, 0x0), x131); + var x137: u32 = undefined; + var x138: u1 = undefined; + fiatP384SubborrowxU32(&x137, &x138, x136, @intCast(u32, 0x0), x130); + var x139: u32 = undefined; + var x140: u1 = undefined; + fiatP384SubborrowxU32(&x139, &x140, x138, @intCast(u32, 0x0), x129); + var x141: u32 = undefined; + var x142: u1 = undefined; + fiatP384SubborrowxU32(&x141, &x142, x140, @intCast(u32, 0x0), x128); + var x143: u32 = undefined; + var x144: u1 = undefined; + fiatP384SubborrowxU32(&x143, &x144, x142, @intCast(u32, 0x0), x127); + var x145: u32 = undefined; + var x146: u1 = undefined; + fiatP384SubborrowxU32(&x145, &x146, x144, @intCast(u32, 0x0), x126); + var x147: u32 = undefined; + var x148: u1 = undefined; + fiatP384SubborrowxU32(&x147, &x148, x146, @intCast(u32, 0x0), x125); + var x149: u32 = undefined; + var x150: u1 = undefined; + fiatP384SubborrowxU32(&x149, &x150, x148, @intCast(u32, 0x0), x124); + var x151: u32 = undefined; + var x152: u1 = undefined; + fiatP384SubborrowxU32(&x151, &x152, x150, @intCast(u32, 0x0), x123); + var x153: u32 = undefined; + var x154: u1 = undefined; + fiatP384SubborrowxU32(&x153, &x154, x152, @intCast(u32, 0x0), x122); + var x155: u32 = undefined; + var x156: u1 = undefined; + fiatP384SubborrowxU32(&x155, &x156, x154, @intCast(u32, 0x0), x121); + var x157: u32 = undefined; + fiatP384CmovznzU32(&x157, x156, @intCast(u32, 0x0), 0xffffffff); + var x158: u32 = undefined; + var x159: u1 = undefined; + fiatP384AddcarryxU32(&x158, &x159, 0x0, x133, x157); + var x160: u32 = undefined; + var x161: u1 = undefined; + fiatP384AddcarryxU32(&x160, &x161, x159, x135, @intCast(u32, 0x0)); + var x162: u32 = undefined; + var x163: u1 = undefined; + fiatP384AddcarryxU32(&x162, &x163, x161, x137, @intCast(u32, 0x0)); + var x164: u32 = undefined; + var x165: u1 = undefined; + fiatP384AddcarryxU32(&x164, &x165, x163, x139, x157); + var x166: u32 = undefined; + var x167: u1 = undefined; + fiatP384AddcarryxU32(&x166, &x167, x165, x141, (x157 & 0xfffffffe)); + var x168: u32 = undefined; + var x169: u1 = undefined; + fiatP384AddcarryxU32(&x168, &x169, x167, x143, x157); + var x170: u32 = undefined; + var x171: u1 = undefined; + fiatP384AddcarryxU32(&x170, &x171, x169, x145, x157); + var x172: u32 = undefined; + var x173: u1 = undefined; + fiatP384AddcarryxU32(&x172, &x173, x171, x147, x157); + var x174: u32 = undefined; + var x175: u1 = undefined; + fiatP384AddcarryxU32(&x174, &x175, x173, x149, x157); + var x176: u32 = undefined; + var x177: u1 = undefined; + fiatP384AddcarryxU32(&x176, &x177, x175, x151, x157); + var x178: u32 = undefined; + var x179: u1 = undefined; + fiatP384AddcarryxU32(&x178, &x179, x177, x153, x157); + var x180: u32 = undefined; + var x181: u1 = undefined; + fiatP384AddcarryxU32(&x180, &x181, x179, x155, x157); + var x182: u32 = undefined; + fiatP384CmovznzU32(&x182, x3, (arg5[0]), x158); + var x183: u32 = undefined; + fiatP384CmovznzU32(&x183, x3, (arg5[1]), x160); + var x184: u32 = undefined; + fiatP384CmovznzU32(&x184, x3, (arg5[2]), x162); + var x185: u32 = undefined; + fiatP384CmovznzU32(&x185, x3, (arg5[3]), x164); + var x186: u32 = undefined; + fiatP384CmovznzU32(&x186, x3, (arg5[4]), x166); + var x187: u32 = undefined; + fiatP384CmovznzU32(&x187, x3, (arg5[5]), x168); + var x188: u32 = undefined; + fiatP384CmovznzU32(&x188, x3, (arg5[6]), x170); + var x189: u32 = undefined; + fiatP384CmovznzU32(&x189, x3, (arg5[7]), x172); + var x190: u32 = undefined; + fiatP384CmovznzU32(&x190, x3, (arg5[8]), x174); + var x191: u32 = undefined; + fiatP384CmovznzU32(&x191, x3, (arg5[9]), x176); + var x192: u32 = undefined; + fiatP384CmovznzU32(&x192, x3, (arg5[10]), x178); + var x193: u32 = undefined; + fiatP384CmovznzU32(&x193, x3, (arg5[11]), x180); + const x194: u1 = @intCast(u1, (x46 & @intCast(u32, 0x1))); + var x195: u32 = undefined; + fiatP384CmovznzU32(&x195, x194, @intCast(u32, 0x0), x7); + var x196: u32 = undefined; + fiatP384CmovznzU32(&x196, x194, @intCast(u32, 0x0), x8); + var x197: u32 = undefined; + fiatP384CmovznzU32(&x197, x194, @intCast(u32, 0x0), x9); + var x198: u32 = undefined; + fiatP384CmovznzU32(&x198, x194, @intCast(u32, 0x0), x10); + var x199: u32 = undefined; + fiatP384CmovznzU32(&x199, x194, @intCast(u32, 0x0), x11); + var x200: u32 = undefined; + fiatP384CmovznzU32(&x200, x194, @intCast(u32, 0x0), x12); + var x201: u32 = undefined; + fiatP384CmovznzU32(&x201, x194, @intCast(u32, 0x0), x13); + var x202: u32 = undefined; + fiatP384CmovznzU32(&x202, x194, @intCast(u32, 0x0), x14); + var x203: u32 = undefined; + fiatP384CmovznzU32(&x203, x194, @intCast(u32, 0x0), x15); + var x204: u32 = undefined; + fiatP384CmovznzU32(&x204, x194, @intCast(u32, 0x0), x16); + var x205: u32 = undefined; + fiatP384CmovznzU32(&x205, x194, @intCast(u32, 0x0), x17); + var x206: u32 = undefined; + fiatP384CmovznzU32(&x206, x194, @intCast(u32, 0x0), x18); + var x207: u32 = undefined; + fiatP384CmovznzU32(&x207, x194, @intCast(u32, 0x0), x19); + var x208: u32 = undefined; + var x209: u1 = undefined; + fiatP384AddcarryxU32(&x208, &x209, 0x0, x46, x195); + var x210: u32 = undefined; + var x211: u1 = undefined; + fiatP384AddcarryxU32(&x210, &x211, x209, x47, x196); + var x212: u32 = undefined; + var x213: u1 = undefined; + fiatP384AddcarryxU32(&x212, &x213, x211, x48, x197); + var x214: u32 = undefined; + var x215: u1 = undefined; + fiatP384AddcarryxU32(&x214, &x215, x213, x49, x198); + var x216: u32 = undefined; + var x217: u1 = undefined; + fiatP384AddcarryxU32(&x216, &x217, x215, x50, x199); + var x218: u32 = undefined; + var x219: u1 = undefined; + fiatP384AddcarryxU32(&x218, &x219, x217, x51, x200); + var x220: u32 = undefined; + var x221: u1 = undefined; + fiatP384AddcarryxU32(&x220, &x221, x219, x52, x201); + var x222: u32 = undefined; + var x223: u1 = undefined; + fiatP384AddcarryxU32(&x222, &x223, x221, x53, x202); + var x224: u32 = undefined; + var x225: u1 = undefined; + fiatP384AddcarryxU32(&x224, &x225, x223, x54, x203); + var x226: u32 = undefined; + var x227: u1 = undefined; + fiatP384AddcarryxU32(&x226, &x227, x225, x55, x204); + var x228: u32 = undefined; + var x229: u1 = undefined; + fiatP384AddcarryxU32(&x228, &x229, x227, x56, x205); + var x230: u32 = undefined; + var x231: u1 = undefined; + fiatP384AddcarryxU32(&x230, &x231, x229, x57, x206); + var x232: u32 = undefined; + var x233: u1 = undefined; + fiatP384AddcarryxU32(&x232, &x233, x231, x58, x207); + var x234: u32 = undefined; + fiatP384CmovznzU32(&x234, x194, @intCast(u32, 0x0), x59); + var x235: u32 = undefined; + fiatP384CmovznzU32(&x235, x194, @intCast(u32, 0x0), x60); + var x236: u32 = undefined; + fiatP384CmovznzU32(&x236, x194, @intCast(u32, 0x0), x61); + var x237: u32 = undefined; + fiatP384CmovznzU32(&x237, x194, @intCast(u32, 0x0), x62); + var x238: u32 = undefined; + fiatP384CmovznzU32(&x238, x194, @intCast(u32, 0x0), x63); + var x239: u32 = undefined; + fiatP384CmovznzU32(&x239, x194, @intCast(u32, 0x0), x64); + var x240: u32 = undefined; + fiatP384CmovznzU32(&x240, x194, @intCast(u32, 0x0), x65); + var x241: u32 = undefined; + fiatP384CmovznzU32(&x241, x194, @intCast(u32, 0x0), x66); + var x242: u32 = undefined; + fiatP384CmovznzU32(&x242, x194, @intCast(u32, 0x0), x67); + var x243: u32 = undefined; + fiatP384CmovznzU32(&x243, x194, @intCast(u32, 0x0), x68); + var x244: u32 = undefined; + fiatP384CmovznzU32(&x244, x194, @intCast(u32, 0x0), x69); + var x245: u32 = undefined; + fiatP384CmovznzU32(&x245, x194, @intCast(u32, 0x0), x70); + var x246: u32 = undefined; + var x247: u1 = undefined; + fiatP384AddcarryxU32(&x246, &x247, 0x0, x182, x234); + var x248: u32 = undefined; + var x249: u1 = undefined; + fiatP384AddcarryxU32(&x248, &x249, x247, x183, x235); + var x250: u32 = undefined; + var x251: u1 = undefined; + fiatP384AddcarryxU32(&x250, &x251, x249, x184, x236); + var x252: u32 = undefined; + var x253: u1 = undefined; + fiatP384AddcarryxU32(&x252, &x253, x251, x185, x237); + var x254: u32 = undefined; + var x255: u1 = undefined; + fiatP384AddcarryxU32(&x254, &x255, x253, x186, x238); + var x256: u32 = undefined; + var x257: u1 = undefined; + fiatP384AddcarryxU32(&x256, &x257, x255, x187, x239); + var x258: u32 = undefined; + var x259: u1 = undefined; + fiatP384AddcarryxU32(&x258, &x259, x257, x188, x240); + var x260: u32 = undefined; + var x261: u1 = undefined; + fiatP384AddcarryxU32(&x260, &x261, x259, x189, x241); + var x262: u32 = undefined; + var x263: u1 = undefined; + fiatP384AddcarryxU32(&x262, &x263, x261, x190, x242); + var x264: u32 = undefined; + var x265: u1 = undefined; + fiatP384AddcarryxU32(&x264, &x265, x263, x191, x243); + var x266: u32 = undefined; + var x267: u1 = undefined; + fiatP384AddcarryxU32(&x266, &x267, x265, x192, x244); + var x268: u32 = undefined; + var x269: u1 = undefined; + fiatP384AddcarryxU32(&x268, &x269, x267, x193, x245); + var x270: u32 = undefined; + var x271: u1 = undefined; + fiatP384SubborrowxU32(&x270, &x271, 0x0, x246, 0xffffffff); + var x272: u32 = undefined; + var x273: u1 = undefined; + fiatP384SubborrowxU32(&x272, &x273, x271, x248, @intCast(u32, 0x0)); + var x274: u32 = undefined; + var x275: u1 = undefined; + fiatP384SubborrowxU32(&x274, &x275, x273, x250, @intCast(u32, 0x0)); + var x276: u32 = undefined; + var x277: u1 = undefined; + fiatP384SubborrowxU32(&x276, &x277, x275, x252, 0xffffffff); + var x278: u32 = undefined; + var x279: u1 = undefined; + fiatP384SubborrowxU32(&x278, &x279, x277, x254, 0xfffffffe); + var x280: u32 = undefined; + var x281: u1 = undefined; + fiatP384SubborrowxU32(&x280, &x281, x279, x256, 0xffffffff); + var x282: u32 = undefined; + var x283: u1 = undefined; + fiatP384SubborrowxU32(&x282, &x283, x281, x258, 0xffffffff); + var x284: u32 = undefined; + var x285: u1 = undefined; + fiatP384SubborrowxU32(&x284, &x285, x283, x260, 0xffffffff); + var x286: u32 = undefined; + var x287: u1 = undefined; + fiatP384SubborrowxU32(&x286, &x287, x285, x262, 0xffffffff); + var x288: u32 = undefined; + var x289: u1 = undefined; + fiatP384SubborrowxU32(&x288, &x289, x287, x264, 0xffffffff); + var x290: u32 = undefined; + var x291: u1 = undefined; + fiatP384SubborrowxU32(&x290, &x291, x289, x266, 0xffffffff); + var x292: u32 = undefined; + var x293: u1 = undefined; + fiatP384SubborrowxU32(&x292, &x293, x291, x268, 0xffffffff); + var x294: u32 = undefined; + var x295: u1 = undefined; + fiatP384SubborrowxU32(&x294, &x295, x293, @intCast(u32, x269), @intCast(u32, 0x0)); + var x296: u32 = undefined; + var x297: u1 = undefined; + fiatP384AddcarryxU32(&x296, &x297, 0x0, x6, @intCast(u32, 0x1)); + const x298: u32 = ((x208 >> 1) | ((x210 << 31) & 0xffffffff)); + const x299: u32 = ((x210 >> 1) | ((x212 << 31) & 0xffffffff)); + const x300: u32 = ((x212 >> 1) | ((x214 << 31) & 0xffffffff)); + const x301: u32 = ((x214 >> 1) | ((x216 << 31) & 0xffffffff)); + const x302: u32 = ((x216 >> 1) | ((x218 << 31) & 0xffffffff)); + const x303: u32 = ((x218 >> 1) | ((x220 << 31) & 0xffffffff)); + const x304: u32 = ((x220 >> 1) | ((x222 << 31) & 0xffffffff)); + const x305: u32 = ((x222 >> 1) | ((x224 << 31) & 0xffffffff)); + const x306: u32 = ((x224 >> 1) | ((x226 << 31) & 0xffffffff)); + const x307: u32 = ((x226 >> 1) | ((x228 << 31) & 0xffffffff)); + const x308: u32 = ((x228 >> 1) | ((x230 << 31) & 0xffffffff)); + const x309: u32 = ((x230 >> 1) | ((x232 << 31) & 0xffffffff)); + const x310: u32 = ((x232 & 0x80000000) | (x232 >> 1)); + var x311: u32 = undefined; + fiatP384CmovznzU32(&x311, x120, x95, x71); + var x312: u32 = undefined; + fiatP384CmovznzU32(&x312, x120, x97, x73); + var x313: u32 = undefined; + fiatP384CmovznzU32(&x313, x120, x99, x75); + var x314: u32 = undefined; + fiatP384CmovznzU32(&x314, x120, x101, x77); + var x315: u32 = undefined; + fiatP384CmovznzU32(&x315, x120, x103, x79); + var x316: u32 = undefined; + fiatP384CmovznzU32(&x316, x120, x105, x81); + var x317: u32 = undefined; + fiatP384CmovznzU32(&x317, x120, x107, x83); + var x318: u32 = undefined; + fiatP384CmovznzU32(&x318, x120, x109, x85); + var x319: u32 = undefined; + fiatP384CmovznzU32(&x319, x120, x111, x87); + var x320: u32 = undefined; + fiatP384CmovznzU32(&x320, x120, x113, x89); + var x321: u32 = undefined; + fiatP384CmovznzU32(&x321, x120, x115, x91); + var x322: u32 = undefined; + fiatP384CmovznzU32(&x322, x120, x117, x93); + var x323: u32 = undefined; + fiatP384CmovznzU32(&x323, x295, x270, x246); + var x324: u32 = undefined; + fiatP384CmovznzU32(&x324, x295, x272, x248); + var x325: u32 = undefined; + fiatP384CmovznzU32(&x325, x295, x274, x250); + var x326: u32 = undefined; + fiatP384CmovznzU32(&x326, x295, x276, x252); + var x327: u32 = undefined; + fiatP384CmovznzU32(&x327, x295, x278, x254); + var x328: u32 = undefined; + fiatP384CmovznzU32(&x328, x295, x280, x256); + var x329: u32 = undefined; + fiatP384CmovznzU32(&x329, x295, x282, x258); + var x330: u32 = undefined; + fiatP384CmovznzU32(&x330, x295, x284, x260); + var x331: u32 = undefined; + fiatP384CmovznzU32(&x331, x295, x286, x262); + var x332: u32 = undefined; + fiatP384CmovznzU32(&x332, x295, x288, x264); + var x333: u32 = undefined; + fiatP384CmovznzU32(&x333, x295, x290, x266); + var x334: u32 = undefined; + fiatP384CmovznzU32(&x334, x295, x292, x268); + out1.* = x296; + out2[0] = x7; + out2[1] = x8; + out2[2] = x9; + out2[3] = x10; + out2[4] = x11; + out2[5] = x12; + out2[6] = x13; + out2[7] = x14; + out2[8] = x15; + out2[9] = x16; + out2[10] = x17; + out2[11] = x18; + out2[12] = x19; + out3[0] = x298; + out3[1] = x299; + out3[2] = x300; + out3[3] = x301; + out3[4] = x302; + out3[5] = x303; + out3[6] = x304; + out3[7] = x305; + out3[8] = x306; + out3[9] = x307; + out3[10] = x308; + out3[11] = x309; + out3[12] = x310; + out4[0] = x311; + out4[1] = x312; + out4[2] = x313; + out4[3] = x314; + out4[4] = x315; + out4[5] = x316; + out4[6] = x317; + out4[7] = x318; + out4[8] = x319; + out4[9] = x320; + out4[10] = x321; + out4[11] = x322; + out5[0] = x323; + out5[1] = x324; + out5[2] = x325; + out5[3] = x326; + out5[4] = x327; + out5[5] = x328; + out5[6] = x329; + out5[7] = x330; + out5[8] = x331; + out5[9] = x332; + out5[10] = x333; + out5[11] = x334; +} + +/// The function fiatP384DivstepPrecomp returns the precomputed value for Bernstein-Yang-inversion (in montgomery form). +/// Postconditions: +/// eval (from_montgomery out1) = ⌊(m - 1) / 2⌋^(if (log2 m) + 1 < 46 then ⌊(49 * ((log2 m) + 1) + 80) / 17⌋ else ⌊(49 * ((log2 m) + 1) + 57) / 17⌋) +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +pub fn fiatP384DivstepPrecomp(out1: *[12]u32) void { + out1[0] = 0xfff18fff; + out1[1] = 0xfff69400; + out1[2] = 0xffffd3ff; + out1[3] = 0x2b7fe; + out1[4] = 0xfffe97ff; + out1[5] = 0xfffedbff; + out1[6] = 0x2fff; + out1[7] = 0x28400; + out1[8] = 0x50400; + out1[9] = 0x60400; + out1[10] = 0x38000; + out1[11] = 0xfffc4800; +} + diff --git a/fiat-zig/src/p384_64.zig b/fiat-zig/src/p384_64.zig new file mode 100644 index 0000000000..4f77b24808 --- /dev/null +++ b/fiat-zig/src/p384_64.zig @@ -0,0 +1,3552 @@ +/// Autogenerated: 'src/ExtractionOCaml/word_by_word_montgomery' --lang Zig --internal-static --public-function-case camelCase --private-function-case camelCase p384 64 '2^384 - 2^128 - 2^96 + 2^32 - 1' mul square add sub opp from_montgomery to_montgomery nonzero selectznz to_bytes from_bytes one msat divstep divstep_precomp +/// curve description: p384 +/// machine_wordsize = 64 (from "64") +/// requested operations: mul, square, add, sub, opp, from_montgomery, to_montgomery, nonzero, selectznz, to_bytes, from_bytes, one, msat, divstep, divstep_precomp +/// m = 0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffeffffffff0000000000000000ffffffff (from "2^384 - 2^128 - 2^96 + 2^32 - 1") +/// +/// NOTE: In addition to the bounds specified above each function, all +/// functions synthesized for this Montgomery arithmetic require the +/// input to be strictly less than the prime modulus (m), and also +/// require the input to be in the unique saturated representation. +/// All functions also ensure that these two properties are true of +/// return values. +/// +/// Computed values: +/// eval z = z[0] + (z[1] << 64) + (z[2] << 128) + (z[3] << 192) + (z[4] << 256) + (z[5] << 0x140) +/// bytes_eval z = z[0] + (z[1] << 8) + (z[2] << 16) + (z[3] << 24) + (z[4] << 32) + (z[5] << 40) + (z[6] << 48) + (z[7] << 56) + (z[8] << 64) + (z[9] << 72) + (z[10] << 80) + (z[11] << 88) + (z[12] << 96) + (z[13] << 104) + (z[14] << 112) + (z[15] << 120) + (z[16] << 128) + (z[17] << 136) + (z[18] << 144) + (z[19] << 152) + (z[20] << 160) + (z[21] << 168) + (z[22] << 176) + (z[23] << 184) + (z[24] << 192) + (z[25] << 200) + (z[26] << 208) + (z[27] << 216) + (z[28] << 224) + (z[29] << 232) + (z[30] << 240) + (z[31] << 248) + (z[32] << 256) + (z[33] << 0x108) + (z[34] << 0x110) + (z[35] << 0x118) + (z[36] << 0x120) + (z[37] << 0x128) + (z[38] << 0x130) + (z[39] << 0x138) + (z[40] << 0x140) + (z[41] << 0x148) + (z[42] << 0x150) + (z[43] << 0x158) + (z[44] << 0x160) + (z[45] << 0x168) + (z[46] << 0x170) + (z[47] << 0x178) + + +/// The function fiatP384AddcarryxU64 is an addition with carry. +/// Postconditions: +/// out1 = (arg1 + arg2 + arg3) mod 2^64 +/// out2 = ⌊(arg1 + arg2 + arg3) / 2^64⌋ +/// +/// Input Bounds: +/// arg1: [0x0 ~> 0x1] +/// arg2: [0x0 ~> 0xffffffffffffffff] +/// arg3: [0x0 ~> 0xffffffffffffffff] +/// Output Bounds: +/// out1: [0x0 ~> 0xffffffffffffffff] +/// out2: [0x0 ~> 0x1] +fn fiatP384AddcarryxU64(out1: *u64, out2: *u1, arg1: u1, arg2: u64, arg3: u64) callconv(.Inline) void { + const x1: u128 = ((@intCast(u128, arg1) + @intCast(u128, arg2)) + @intCast(u128, arg3)); + const x2: u64 = @intCast(u64, (x1 & @intCast(u128, 0xffffffffffffffff))); + const x3: u1 = @intCast(u1, (x1 >> 64)); + out1.* = x2; + out2.* = x3; +} + +/// The function fiatP384SubborrowxU64 is a subtraction with borrow. +/// Postconditions: +/// out1 = (-arg1 + arg2 + -arg3) mod 2^64 +/// out2 = -⌊(-arg1 + arg2 + -arg3) / 2^64⌋ +/// +/// Input Bounds: +/// arg1: [0x0 ~> 0x1] +/// arg2: [0x0 ~> 0xffffffffffffffff] +/// arg3: [0x0 ~> 0xffffffffffffffff] +/// Output Bounds: +/// out1: [0x0 ~> 0xffffffffffffffff] +/// out2: [0x0 ~> 0x1] +fn fiatP384SubborrowxU64(out1: *u64, out2: *u1, arg1: u1, arg2: u64, arg3: u64) callconv(.Inline) void { + const x1: i128 = ((@intCast(i128, arg2) - @intCast(i128, arg1)) - @intCast(i128, arg3)); + const x2: i1 = @intCast(i1, (x1 >> 64)); + const x3: u64 = @intCast(u64, (x1 & @intCast(i128, 0xffffffffffffffff))); + out1.* = x3; + out2.* = @intCast(u1, (@intCast(i2, 0x0) - @intCast(i2, x2))); +} + +/// The function fiatP384MulxU64 is a multiplication, returning the full double-width result. +/// Postconditions: +/// out1 = (arg1 * arg2) mod 2^64 +/// out2 = ⌊arg1 * arg2 / 2^64⌋ +/// +/// Input Bounds: +/// arg1: [0x0 ~> 0xffffffffffffffff] +/// arg2: [0x0 ~> 0xffffffffffffffff] +/// Output Bounds: +/// out1: [0x0 ~> 0xffffffffffffffff] +/// out2: [0x0 ~> 0xffffffffffffffff] +fn fiatP384MulxU64(out1: *u64, out2: *u64, arg1: u64, arg2: u64) callconv(.Inline) void { + const x1: u128 = (@intCast(u128, arg1) * @intCast(u128, arg2)); + const x2: u64 = @intCast(u64, (x1 & @intCast(u128, 0xffffffffffffffff))); + const x3: u64 = @intCast(u64, (x1 >> 64)); + out1.* = x2; + out2.* = x3; +} + +/// The function fiatP384CmovznzU64 is a single-word conditional move. +/// Postconditions: +/// out1 = (if arg1 = 0 then arg2 else arg3) +/// +/// Input Bounds: +/// arg1: [0x0 ~> 0x1] +/// arg2: [0x0 ~> 0xffffffffffffffff] +/// arg3: [0x0 ~> 0xffffffffffffffff] +/// Output Bounds: +/// out1: [0x0 ~> 0xffffffffffffffff] +fn fiatP384CmovznzU64(out1: *u64, arg1: u1, arg2: u64, arg3: u64) callconv(.Inline) void { + const x1: u1 = (~(~arg1)); + const x2: u64 = @intCast(u64, (@intCast(i128, @intCast(i1, (@intCast(i2, 0x0) - @intCast(i2, x1)))) & @intCast(i128, 0xffffffffffffffff))); + const x3: u64 = ((x2 & arg3) | ((~x2) & arg2)); + out1.* = x3; +} + +/// The function fiatP384Mul multiplies two field elements in the Montgomery domain. +/// Preconditions: +/// 0 ≤ eval arg1 < m +/// 0 ≤ eval arg2 < m +/// Postconditions: +/// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg2)) mod m +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +pub fn fiatP384Mul(out1: *[6]u64, arg1: [6]u64, arg2: [6]u64) void { + const x1: u64 = (arg1[1]); + const x2: u64 = (arg1[2]); + const x3: u64 = (arg1[3]); + const x4: u64 = (arg1[4]); + const x5: u64 = (arg1[5]); + const x6: u64 = (arg1[0]); + var x7: u64 = undefined; + var x8: u64 = undefined; + fiatP384MulxU64(&x7, &x8, x6, (arg2[5])); + var x9: u64 = undefined; + var x10: u64 = undefined; + fiatP384MulxU64(&x9, &x10, x6, (arg2[4])); + var x11: u64 = undefined; + var x12: u64 = undefined; + fiatP384MulxU64(&x11, &x12, x6, (arg2[3])); + var x13: u64 = undefined; + var x14: u64 = undefined; + fiatP384MulxU64(&x13, &x14, x6, (arg2[2])); + var x15: u64 = undefined; + var x16: u64 = undefined; + fiatP384MulxU64(&x15, &x16, x6, (arg2[1])); + var x17: u64 = undefined; + var x18: u64 = undefined; + fiatP384MulxU64(&x17, &x18, x6, (arg2[0])); + var x19: u64 = undefined; + var x20: u1 = undefined; + fiatP384AddcarryxU64(&x19, &x20, 0x0, x18, x15); + var x21: u64 = undefined; + var x22: u1 = undefined; + fiatP384AddcarryxU64(&x21, &x22, x20, x16, x13); + var x23: u64 = undefined; + var x24: u1 = undefined; + fiatP384AddcarryxU64(&x23, &x24, x22, x14, x11); + var x25: u64 = undefined; + var x26: u1 = undefined; + fiatP384AddcarryxU64(&x25, &x26, x24, x12, x9); + var x27: u64 = undefined; + var x28: u1 = undefined; + fiatP384AddcarryxU64(&x27, &x28, x26, x10, x7); + const x29: u64 = (@intCast(u64, x28) + x8); + var x30: u64 = undefined; + var x31: u64 = undefined; + fiatP384MulxU64(&x30, &x31, x17, 0x100000001); + var x32: u64 = undefined; + var x33: u64 = undefined; + fiatP384MulxU64(&x32, &x33, x30, 0xffffffffffffffff); + var x34: u64 = undefined; + var x35: u64 = undefined; + fiatP384MulxU64(&x34, &x35, x30, 0xffffffffffffffff); + var x36: u64 = undefined; + var x37: u64 = undefined; + fiatP384MulxU64(&x36, &x37, x30, 0xffffffffffffffff); + var x38: u64 = undefined; + var x39: u64 = undefined; + fiatP384MulxU64(&x38, &x39, x30, 0xfffffffffffffffe); + var x40: u64 = undefined; + var x41: u64 = undefined; + fiatP384MulxU64(&x40, &x41, x30, 0xffffffff00000000); + var x42: u64 = undefined; + var x43: u64 = undefined; + fiatP384MulxU64(&x42, &x43, x30, 0xffffffff); + var x44: u64 = undefined; + var x45: u1 = undefined; + fiatP384AddcarryxU64(&x44, &x45, 0x0, x43, x40); + var x46: u64 = undefined; + var x47: u1 = undefined; + fiatP384AddcarryxU64(&x46, &x47, x45, x41, x38); + var x48: u64 = undefined; + var x49: u1 = undefined; + fiatP384AddcarryxU64(&x48, &x49, x47, x39, x36); + var x50: u64 = undefined; + var x51: u1 = undefined; + fiatP384AddcarryxU64(&x50, &x51, x49, x37, x34); + var x52: u64 = undefined; + var x53: u1 = undefined; + fiatP384AddcarryxU64(&x52, &x53, x51, x35, x32); + const x54: u64 = (@intCast(u64, x53) + x33); + var x55: u64 = undefined; + var x56: u1 = undefined; + fiatP384AddcarryxU64(&x55, &x56, 0x0, x17, x42); + var x57: u64 = undefined; + var x58: u1 = undefined; + fiatP384AddcarryxU64(&x57, &x58, x56, x19, x44); + var x59: u64 = undefined; + var x60: u1 = undefined; + fiatP384AddcarryxU64(&x59, &x60, x58, x21, x46); + var x61: u64 = undefined; + var x62: u1 = undefined; + fiatP384AddcarryxU64(&x61, &x62, x60, x23, x48); + var x63: u64 = undefined; + var x64: u1 = undefined; + fiatP384AddcarryxU64(&x63, &x64, x62, x25, x50); + var x65: u64 = undefined; + var x66: u1 = undefined; + fiatP384AddcarryxU64(&x65, &x66, x64, x27, x52); + var x67: u64 = undefined; + var x68: u1 = undefined; + fiatP384AddcarryxU64(&x67, &x68, x66, x29, x54); + var x69: u64 = undefined; + var x70: u64 = undefined; + fiatP384MulxU64(&x69, &x70, x1, (arg2[5])); + var x71: u64 = undefined; + var x72: u64 = undefined; + fiatP384MulxU64(&x71, &x72, x1, (arg2[4])); + var x73: u64 = undefined; + var x74: u64 = undefined; + fiatP384MulxU64(&x73, &x74, x1, (arg2[3])); + var x75: u64 = undefined; + var x76: u64 = undefined; + fiatP384MulxU64(&x75, &x76, x1, (arg2[2])); + var x77: u64 = undefined; + var x78: u64 = undefined; + fiatP384MulxU64(&x77, &x78, x1, (arg2[1])); + var x79: u64 = undefined; + var x80: u64 = undefined; + fiatP384MulxU64(&x79, &x80, x1, (arg2[0])); + var x81: u64 = undefined; + var x82: u1 = undefined; + fiatP384AddcarryxU64(&x81, &x82, 0x0, x80, x77); + var x83: u64 = undefined; + var x84: u1 = undefined; + fiatP384AddcarryxU64(&x83, &x84, x82, x78, x75); + var x85: u64 = undefined; + var x86: u1 = undefined; + fiatP384AddcarryxU64(&x85, &x86, x84, x76, x73); + var x87: u64 = undefined; + var x88: u1 = undefined; + fiatP384AddcarryxU64(&x87, &x88, x86, x74, x71); + var x89: u64 = undefined; + var x90: u1 = undefined; + fiatP384AddcarryxU64(&x89, &x90, x88, x72, x69); + const x91: u64 = (@intCast(u64, x90) + x70); + var x92: u64 = undefined; + var x93: u1 = undefined; + fiatP384AddcarryxU64(&x92, &x93, 0x0, x57, x79); + var x94: u64 = undefined; + var x95: u1 = undefined; + fiatP384AddcarryxU64(&x94, &x95, x93, x59, x81); + var x96: u64 = undefined; + var x97: u1 = undefined; + fiatP384AddcarryxU64(&x96, &x97, x95, x61, x83); + var x98: u64 = undefined; + var x99: u1 = undefined; + fiatP384AddcarryxU64(&x98, &x99, x97, x63, x85); + var x100: u64 = undefined; + var x101: u1 = undefined; + fiatP384AddcarryxU64(&x100, &x101, x99, x65, x87); + var x102: u64 = undefined; + var x103: u1 = undefined; + fiatP384AddcarryxU64(&x102, &x103, x101, x67, x89); + var x104: u64 = undefined; + var x105: u1 = undefined; + fiatP384AddcarryxU64(&x104, &x105, x103, @intCast(u64, x68), x91); + var x106: u64 = undefined; + var x107: u64 = undefined; + fiatP384MulxU64(&x106, &x107, x92, 0x100000001); + var x108: u64 = undefined; + var x109: u64 = undefined; + fiatP384MulxU64(&x108, &x109, x106, 0xffffffffffffffff); + var x110: u64 = undefined; + var x111: u64 = undefined; + fiatP384MulxU64(&x110, &x111, x106, 0xffffffffffffffff); + var x112: u64 = undefined; + var x113: u64 = undefined; + fiatP384MulxU64(&x112, &x113, x106, 0xffffffffffffffff); + var x114: u64 = undefined; + var x115: u64 = undefined; + fiatP384MulxU64(&x114, &x115, x106, 0xfffffffffffffffe); + var x116: u64 = undefined; + var x117: u64 = undefined; + fiatP384MulxU64(&x116, &x117, x106, 0xffffffff00000000); + var x118: u64 = undefined; + var x119: u64 = undefined; + fiatP384MulxU64(&x118, &x119, x106, 0xffffffff); + var x120: u64 = undefined; + var x121: u1 = undefined; + fiatP384AddcarryxU64(&x120, &x121, 0x0, x119, x116); + var x122: u64 = undefined; + var x123: u1 = undefined; + fiatP384AddcarryxU64(&x122, &x123, x121, x117, x114); + var x124: u64 = undefined; + var x125: u1 = undefined; + fiatP384AddcarryxU64(&x124, &x125, x123, x115, x112); + var x126: u64 = undefined; + var x127: u1 = undefined; + fiatP384AddcarryxU64(&x126, &x127, x125, x113, x110); + var x128: u64 = undefined; + var x129: u1 = undefined; + fiatP384AddcarryxU64(&x128, &x129, x127, x111, x108); + const x130: u64 = (@intCast(u64, x129) + x109); + var x131: u64 = undefined; + var x132: u1 = undefined; + fiatP384AddcarryxU64(&x131, &x132, 0x0, x92, x118); + var x133: u64 = undefined; + var x134: u1 = undefined; + fiatP384AddcarryxU64(&x133, &x134, x132, x94, x120); + var x135: u64 = undefined; + var x136: u1 = undefined; + fiatP384AddcarryxU64(&x135, &x136, x134, x96, x122); + var x137: u64 = undefined; + var x138: u1 = undefined; + fiatP384AddcarryxU64(&x137, &x138, x136, x98, x124); + var x139: u64 = undefined; + var x140: u1 = undefined; + fiatP384AddcarryxU64(&x139, &x140, x138, x100, x126); + var x141: u64 = undefined; + var x142: u1 = undefined; + fiatP384AddcarryxU64(&x141, &x142, x140, x102, x128); + var x143: u64 = undefined; + var x144: u1 = undefined; + fiatP384AddcarryxU64(&x143, &x144, x142, x104, x130); + const x145: u64 = (@intCast(u64, x144) + @intCast(u64, x105)); + var x146: u64 = undefined; + var x147: u64 = undefined; + fiatP384MulxU64(&x146, &x147, x2, (arg2[5])); + var x148: u64 = undefined; + var x149: u64 = undefined; + fiatP384MulxU64(&x148, &x149, x2, (arg2[4])); + var x150: u64 = undefined; + var x151: u64 = undefined; + fiatP384MulxU64(&x150, &x151, x2, (arg2[3])); + var x152: u64 = undefined; + var x153: u64 = undefined; + fiatP384MulxU64(&x152, &x153, x2, (arg2[2])); + var x154: u64 = undefined; + var x155: u64 = undefined; + fiatP384MulxU64(&x154, &x155, x2, (arg2[1])); + var x156: u64 = undefined; + var x157: u64 = undefined; + fiatP384MulxU64(&x156, &x157, x2, (arg2[0])); + var x158: u64 = undefined; + var x159: u1 = undefined; + fiatP384AddcarryxU64(&x158, &x159, 0x0, x157, x154); + var x160: u64 = undefined; + var x161: u1 = undefined; + fiatP384AddcarryxU64(&x160, &x161, x159, x155, x152); + var x162: u64 = undefined; + var x163: u1 = undefined; + fiatP384AddcarryxU64(&x162, &x163, x161, x153, x150); + var x164: u64 = undefined; + var x165: u1 = undefined; + fiatP384AddcarryxU64(&x164, &x165, x163, x151, x148); + var x166: u64 = undefined; + var x167: u1 = undefined; + fiatP384AddcarryxU64(&x166, &x167, x165, x149, x146); + const x168: u64 = (@intCast(u64, x167) + x147); + var x169: u64 = undefined; + var x170: u1 = undefined; + fiatP384AddcarryxU64(&x169, &x170, 0x0, x133, x156); + var x171: u64 = undefined; + var x172: u1 = undefined; + fiatP384AddcarryxU64(&x171, &x172, x170, x135, x158); + var x173: u64 = undefined; + var x174: u1 = undefined; + fiatP384AddcarryxU64(&x173, &x174, x172, x137, x160); + var x175: u64 = undefined; + var x176: u1 = undefined; + fiatP384AddcarryxU64(&x175, &x176, x174, x139, x162); + var x177: u64 = undefined; + var x178: u1 = undefined; + fiatP384AddcarryxU64(&x177, &x178, x176, x141, x164); + var x179: u64 = undefined; + var x180: u1 = undefined; + fiatP384AddcarryxU64(&x179, &x180, x178, x143, x166); + var x181: u64 = undefined; + var x182: u1 = undefined; + fiatP384AddcarryxU64(&x181, &x182, x180, x145, x168); + var x183: u64 = undefined; + var x184: u64 = undefined; + fiatP384MulxU64(&x183, &x184, x169, 0x100000001); + var x185: u64 = undefined; + var x186: u64 = undefined; + fiatP384MulxU64(&x185, &x186, x183, 0xffffffffffffffff); + var x187: u64 = undefined; + var x188: u64 = undefined; + fiatP384MulxU64(&x187, &x188, x183, 0xffffffffffffffff); + var x189: u64 = undefined; + var x190: u64 = undefined; + fiatP384MulxU64(&x189, &x190, x183, 0xffffffffffffffff); + var x191: u64 = undefined; + var x192: u64 = undefined; + fiatP384MulxU64(&x191, &x192, x183, 0xfffffffffffffffe); + var x193: u64 = undefined; + var x194: u64 = undefined; + fiatP384MulxU64(&x193, &x194, x183, 0xffffffff00000000); + var x195: u64 = undefined; + var x196: u64 = undefined; + fiatP384MulxU64(&x195, &x196, x183, 0xffffffff); + var x197: u64 = undefined; + var x198: u1 = undefined; + fiatP384AddcarryxU64(&x197, &x198, 0x0, x196, x193); + var x199: u64 = undefined; + var x200: u1 = undefined; + fiatP384AddcarryxU64(&x199, &x200, x198, x194, x191); + var x201: u64 = undefined; + var x202: u1 = undefined; + fiatP384AddcarryxU64(&x201, &x202, x200, x192, x189); + var x203: u64 = undefined; + var x204: u1 = undefined; + fiatP384AddcarryxU64(&x203, &x204, x202, x190, x187); + var x205: u64 = undefined; + var x206: u1 = undefined; + fiatP384AddcarryxU64(&x205, &x206, x204, x188, x185); + const x207: u64 = (@intCast(u64, x206) + x186); + var x208: u64 = undefined; + var x209: u1 = undefined; + fiatP384AddcarryxU64(&x208, &x209, 0x0, x169, x195); + var x210: u64 = undefined; + var x211: u1 = undefined; + fiatP384AddcarryxU64(&x210, &x211, x209, x171, x197); + var x212: u64 = undefined; + var x213: u1 = undefined; + fiatP384AddcarryxU64(&x212, &x213, x211, x173, x199); + var x214: u64 = undefined; + var x215: u1 = undefined; + fiatP384AddcarryxU64(&x214, &x215, x213, x175, x201); + var x216: u64 = undefined; + var x217: u1 = undefined; + fiatP384AddcarryxU64(&x216, &x217, x215, x177, x203); + var x218: u64 = undefined; + var x219: u1 = undefined; + fiatP384AddcarryxU64(&x218, &x219, x217, x179, x205); + var x220: u64 = undefined; + var x221: u1 = undefined; + fiatP384AddcarryxU64(&x220, &x221, x219, x181, x207); + const x222: u64 = (@intCast(u64, x221) + @intCast(u64, x182)); + var x223: u64 = undefined; + var x224: u64 = undefined; + fiatP384MulxU64(&x223, &x224, x3, (arg2[5])); + var x225: u64 = undefined; + var x226: u64 = undefined; + fiatP384MulxU64(&x225, &x226, x3, (arg2[4])); + var x227: u64 = undefined; + var x228: u64 = undefined; + fiatP384MulxU64(&x227, &x228, x3, (arg2[3])); + var x229: u64 = undefined; + var x230: u64 = undefined; + fiatP384MulxU64(&x229, &x230, x3, (arg2[2])); + var x231: u64 = undefined; + var x232: u64 = undefined; + fiatP384MulxU64(&x231, &x232, x3, (arg2[1])); + var x233: u64 = undefined; + var x234: u64 = undefined; + fiatP384MulxU64(&x233, &x234, x3, (arg2[0])); + var x235: u64 = undefined; + var x236: u1 = undefined; + fiatP384AddcarryxU64(&x235, &x236, 0x0, x234, x231); + var x237: u64 = undefined; + var x238: u1 = undefined; + fiatP384AddcarryxU64(&x237, &x238, x236, x232, x229); + var x239: u64 = undefined; + var x240: u1 = undefined; + fiatP384AddcarryxU64(&x239, &x240, x238, x230, x227); + var x241: u64 = undefined; + var x242: u1 = undefined; + fiatP384AddcarryxU64(&x241, &x242, x240, x228, x225); + var x243: u64 = undefined; + var x244: u1 = undefined; + fiatP384AddcarryxU64(&x243, &x244, x242, x226, x223); + const x245: u64 = (@intCast(u64, x244) + x224); + var x246: u64 = undefined; + var x247: u1 = undefined; + fiatP384AddcarryxU64(&x246, &x247, 0x0, x210, x233); + var x248: u64 = undefined; + var x249: u1 = undefined; + fiatP384AddcarryxU64(&x248, &x249, x247, x212, x235); + var x250: u64 = undefined; + var x251: u1 = undefined; + fiatP384AddcarryxU64(&x250, &x251, x249, x214, x237); + var x252: u64 = undefined; + var x253: u1 = undefined; + fiatP384AddcarryxU64(&x252, &x253, x251, x216, x239); + var x254: u64 = undefined; + var x255: u1 = undefined; + fiatP384AddcarryxU64(&x254, &x255, x253, x218, x241); + var x256: u64 = undefined; + var x257: u1 = undefined; + fiatP384AddcarryxU64(&x256, &x257, x255, x220, x243); + var x258: u64 = undefined; + var x259: u1 = undefined; + fiatP384AddcarryxU64(&x258, &x259, x257, x222, x245); + var x260: u64 = undefined; + var x261: u64 = undefined; + fiatP384MulxU64(&x260, &x261, x246, 0x100000001); + var x262: u64 = undefined; + var x263: u64 = undefined; + fiatP384MulxU64(&x262, &x263, x260, 0xffffffffffffffff); + var x264: u64 = undefined; + var x265: u64 = undefined; + fiatP384MulxU64(&x264, &x265, x260, 0xffffffffffffffff); + var x266: u64 = undefined; + var x267: u64 = undefined; + fiatP384MulxU64(&x266, &x267, x260, 0xffffffffffffffff); + var x268: u64 = undefined; + var x269: u64 = undefined; + fiatP384MulxU64(&x268, &x269, x260, 0xfffffffffffffffe); + var x270: u64 = undefined; + var x271: u64 = undefined; + fiatP384MulxU64(&x270, &x271, x260, 0xffffffff00000000); + var x272: u64 = undefined; + var x273: u64 = undefined; + fiatP384MulxU64(&x272, &x273, x260, 0xffffffff); + var x274: u64 = undefined; + var x275: u1 = undefined; + fiatP384AddcarryxU64(&x274, &x275, 0x0, x273, x270); + var x276: u64 = undefined; + var x277: u1 = undefined; + fiatP384AddcarryxU64(&x276, &x277, x275, x271, x268); + var x278: u64 = undefined; + var x279: u1 = undefined; + fiatP384AddcarryxU64(&x278, &x279, x277, x269, x266); + var x280: u64 = undefined; + var x281: u1 = undefined; + fiatP384AddcarryxU64(&x280, &x281, x279, x267, x264); + var x282: u64 = undefined; + var x283: u1 = undefined; + fiatP384AddcarryxU64(&x282, &x283, x281, x265, x262); + const x284: u64 = (@intCast(u64, x283) + x263); + var x285: u64 = undefined; + var x286: u1 = undefined; + fiatP384AddcarryxU64(&x285, &x286, 0x0, x246, x272); + var x287: u64 = undefined; + var x288: u1 = undefined; + fiatP384AddcarryxU64(&x287, &x288, x286, x248, x274); + var x289: u64 = undefined; + var x290: u1 = undefined; + fiatP384AddcarryxU64(&x289, &x290, x288, x250, x276); + var x291: u64 = undefined; + var x292: u1 = undefined; + fiatP384AddcarryxU64(&x291, &x292, x290, x252, x278); + var x293: u64 = undefined; + var x294: u1 = undefined; + fiatP384AddcarryxU64(&x293, &x294, x292, x254, x280); + var x295: u64 = undefined; + var x296: u1 = undefined; + fiatP384AddcarryxU64(&x295, &x296, x294, x256, x282); + var x297: u64 = undefined; + var x298: u1 = undefined; + fiatP384AddcarryxU64(&x297, &x298, x296, x258, x284); + const x299: u64 = (@intCast(u64, x298) + @intCast(u64, x259)); + var x300: u64 = undefined; + var x301: u64 = undefined; + fiatP384MulxU64(&x300, &x301, x4, (arg2[5])); + var x302: u64 = undefined; + var x303: u64 = undefined; + fiatP384MulxU64(&x302, &x303, x4, (arg2[4])); + var x304: u64 = undefined; + var x305: u64 = undefined; + fiatP384MulxU64(&x304, &x305, x4, (arg2[3])); + var x306: u64 = undefined; + var x307: u64 = undefined; + fiatP384MulxU64(&x306, &x307, x4, (arg2[2])); + var x308: u64 = undefined; + var x309: u64 = undefined; + fiatP384MulxU64(&x308, &x309, x4, (arg2[1])); + var x310: u64 = undefined; + var x311: u64 = undefined; + fiatP384MulxU64(&x310, &x311, x4, (arg2[0])); + var x312: u64 = undefined; + var x313: u1 = undefined; + fiatP384AddcarryxU64(&x312, &x313, 0x0, x311, x308); + var x314: u64 = undefined; + var x315: u1 = undefined; + fiatP384AddcarryxU64(&x314, &x315, x313, x309, x306); + var x316: u64 = undefined; + var x317: u1 = undefined; + fiatP384AddcarryxU64(&x316, &x317, x315, x307, x304); + var x318: u64 = undefined; + var x319: u1 = undefined; + fiatP384AddcarryxU64(&x318, &x319, x317, x305, x302); + var x320: u64 = undefined; + var x321: u1 = undefined; + fiatP384AddcarryxU64(&x320, &x321, x319, x303, x300); + const x322: u64 = (@intCast(u64, x321) + x301); + var x323: u64 = undefined; + var x324: u1 = undefined; + fiatP384AddcarryxU64(&x323, &x324, 0x0, x287, x310); + var x325: u64 = undefined; + var x326: u1 = undefined; + fiatP384AddcarryxU64(&x325, &x326, x324, x289, x312); + var x327: u64 = undefined; + var x328: u1 = undefined; + fiatP384AddcarryxU64(&x327, &x328, x326, x291, x314); + var x329: u64 = undefined; + var x330: u1 = undefined; + fiatP384AddcarryxU64(&x329, &x330, x328, x293, x316); + var x331: u64 = undefined; + var x332: u1 = undefined; + fiatP384AddcarryxU64(&x331, &x332, x330, x295, x318); + var x333: u64 = undefined; + var x334: u1 = undefined; + fiatP384AddcarryxU64(&x333, &x334, x332, x297, x320); + var x335: u64 = undefined; + var x336: u1 = undefined; + fiatP384AddcarryxU64(&x335, &x336, x334, x299, x322); + var x337: u64 = undefined; + var x338: u64 = undefined; + fiatP384MulxU64(&x337, &x338, x323, 0x100000001); + var x339: u64 = undefined; + var x340: u64 = undefined; + fiatP384MulxU64(&x339, &x340, x337, 0xffffffffffffffff); + var x341: u64 = undefined; + var x342: u64 = undefined; + fiatP384MulxU64(&x341, &x342, x337, 0xffffffffffffffff); + var x343: u64 = undefined; + var x344: u64 = undefined; + fiatP384MulxU64(&x343, &x344, x337, 0xffffffffffffffff); + var x345: u64 = undefined; + var x346: u64 = undefined; + fiatP384MulxU64(&x345, &x346, x337, 0xfffffffffffffffe); + var x347: u64 = undefined; + var x348: u64 = undefined; + fiatP384MulxU64(&x347, &x348, x337, 0xffffffff00000000); + var x349: u64 = undefined; + var x350: u64 = undefined; + fiatP384MulxU64(&x349, &x350, x337, 0xffffffff); + var x351: u64 = undefined; + var x352: u1 = undefined; + fiatP384AddcarryxU64(&x351, &x352, 0x0, x350, x347); + var x353: u64 = undefined; + var x354: u1 = undefined; + fiatP384AddcarryxU64(&x353, &x354, x352, x348, x345); + var x355: u64 = undefined; + var x356: u1 = undefined; + fiatP384AddcarryxU64(&x355, &x356, x354, x346, x343); + var x357: u64 = undefined; + var x358: u1 = undefined; + fiatP384AddcarryxU64(&x357, &x358, x356, x344, x341); + var x359: u64 = undefined; + var x360: u1 = undefined; + fiatP384AddcarryxU64(&x359, &x360, x358, x342, x339); + const x361: u64 = (@intCast(u64, x360) + x340); + var x362: u64 = undefined; + var x363: u1 = undefined; + fiatP384AddcarryxU64(&x362, &x363, 0x0, x323, x349); + var x364: u64 = undefined; + var x365: u1 = undefined; + fiatP384AddcarryxU64(&x364, &x365, x363, x325, x351); + var x366: u64 = undefined; + var x367: u1 = undefined; + fiatP384AddcarryxU64(&x366, &x367, x365, x327, x353); + var x368: u64 = undefined; + var x369: u1 = undefined; + fiatP384AddcarryxU64(&x368, &x369, x367, x329, x355); + var x370: u64 = undefined; + var x371: u1 = undefined; + fiatP384AddcarryxU64(&x370, &x371, x369, x331, x357); + var x372: u64 = undefined; + var x373: u1 = undefined; + fiatP384AddcarryxU64(&x372, &x373, x371, x333, x359); + var x374: u64 = undefined; + var x375: u1 = undefined; + fiatP384AddcarryxU64(&x374, &x375, x373, x335, x361); + const x376: u64 = (@intCast(u64, x375) + @intCast(u64, x336)); + var x377: u64 = undefined; + var x378: u64 = undefined; + fiatP384MulxU64(&x377, &x378, x5, (arg2[5])); + var x379: u64 = undefined; + var x380: u64 = undefined; + fiatP384MulxU64(&x379, &x380, x5, (arg2[4])); + var x381: u64 = undefined; + var x382: u64 = undefined; + fiatP384MulxU64(&x381, &x382, x5, (arg2[3])); + var x383: u64 = undefined; + var x384: u64 = undefined; + fiatP384MulxU64(&x383, &x384, x5, (arg2[2])); + var x385: u64 = undefined; + var x386: u64 = undefined; + fiatP384MulxU64(&x385, &x386, x5, (arg2[1])); + var x387: u64 = undefined; + var x388: u64 = undefined; + fiatP384MulxU64(&x387, &x388, x5, (arg2[0])); + var x389: u64 = undefined; + var x390: u1 = undefined; + fiatP384AddcarryxU64(&x389, &x390, 0x0, x388, x385); + var x391: u64 = undefined; + var x392: u1 = undefined; + fiatP384AddcarryxU64(&x391, &x392, x390, x386, x383); + var x393: u64 = undefined; + var x394: u1 = undefined; + fiatP384AddcarryxU64(&x393, &x394, x392, x384, x381); + var x395: u64 = undefined; + var x396: u1 = undefined; + fiatP384AddcarryxU64(&x395, &x396, x394, x382, x379); + var x397: u64 = undefined; + var x398: u1 = undefined; + fiatP384AddcarryxU64(&x397, &x398, x396, x380, x377); + const x399: u64 = (@intCast(u64, x398) + x378); + var x400: u64 = undefined; + var x401: u1 = undefined; + fiatP384AddcarryxU64(&x400, &x401, 0x0, x364, x387); + var x402: u64 = undefined; + var x403: u1 = undefined; + fiatP384AddcarryxU64(&x402, &x403, x401, x366, x389); + var x404: u64 = undefined; + var x405: u1 = undefined; + fiatP384AddcarryxU64(&x404, &x405, x403, x368, x391); + var x406: u64 = undefined; + var x407: u1 = undefined; + fiatP384AddcarryxU64(&x406, &x407, x405, x370, x393); + var x408: u64 = undefined; + var x409: u1 = undefined; + fiatP384AddcarryxU64(&x408, &x409, x407, x372, x395); + var x410: u64 = undefined; + var x411: u1 = undefined; + fiatP384AddcarryxU64(&x410, &x411, x409, x374, x397); + var x412: u64 = undefined; + var x413: u1 = undefined; + fiatP384AddcarryxU64(&x412, &x413, x411, x376, x399); + var x414: u64 = undefined; + var x415: u64 = undefined; + fiatP384MulxU64(&x414, &x415, x400, 0x100000001); + var x416: u64 = undefined; + var x417: u64 = undefined; + fiatP384MulxU64(&x416, &x417, x414, 0xffffffffffffffff); + var x418: u64 = undefined; + var x419: u64 = undefined; + fiatP384MulxU64(&x418, &x419, x414, 0xffffffffffffffff); + var x420: u64 = undefined; + var x421: u64 = undefined; + fiatP384MulxU64(&x420, &x421, x414, 0xffffffffffffffff); + var x422: u64 = undefined; + var x423: u64 = undefined; + fiatP384MulxU64(&x422, &x423, x414, 0xfffffffffffffffe); + var x424: u64 = undefined; + var x425: u64 = undefined; + fiatP384MulxU64(&x424, &x425, x414, 0xffffffff00000000); + var x426: u64 = undefined; + var x427: u64 = undefined; + fiatP384MulxU64(&x426, &x427, x414, 0xffffffff); + var x428: u64 = undefined; + var x429: u1 = undefined; + fiatP384AddcarryxU64(&x428, &x429, 0x0, x427, x424); + var x430: u64 = undefined; + var x431: u1 = undefined; + fiatP384AddcarryxU64(&x430, &x431, x429, x425, x422); + var x432: u64 = undefined; + var x433: u1 = undefined; + fiatP384AddcarryxU64(&x432, &x433, x431, x423, x420); + var x434: u64 = undefined; + var x435: u1 = undefined; + fiatP384AddcarryxU64(&x434, &x435, x433, x421, x418); + var x436: u64 = undefined; + var x437: u1 = undefined; + fiatP384AddcarryxU64(&x436, &x437, x435, x419, x416); + const x438: u64 = (@intCast(u64, x437) + x417); + var x439: u64 = undefined; + var x440: u1 = undefined; + fiatP384AddcarryxU64(&x439, &x440, 0x0, x400, x426); + var x441: u64 = undefined; + var x442: u1 = undefined; + fiatP384AddcarryxU64(&x441, &x442, x440, x402, x428); + var x443: u64 = undefined; + var x444: u1 = undefined; + fiatP384AddcarryxU64(&x443, &x444, x442, x404, x430); + var x445: u64 = undefined; + var x446: u1 = undefined; + fiatP384AddcarryxU64(&x445, &x446, x444, x406, x432); + var x447: u64 = undefined; + var x448: u1 = undefined; + fiatP384AddcarryxU64(&x447, &x448, x446, x408, x434); + var x449: u64 = undefined; + var x450: u1 = undefined; + fiatP384AddcarryxU64(&x449, &x450, x448, x410, x436); + var x451: u64 = undefined; + var x452: u1 = undefined; + fiatP384AddcarryxU64(&x451, &x452, x450, x412, x438); + const x453: u64 = (@intCast(u64, x452) + @intCast(u64, x413)); + var x454: u64 = undefined; + var x455: u1 = undefined; + fiatP384SubborrowxU64(&x454, &x455, 0x0, x441, 0xffffffff); + var x456: u64 = undefined; + var x457: u1 = undefined; + fiatP384SubborrowxU64(&x456, &x457, x455, x443, 0xffffffff00000000); + var x458: u64 = undefined; + var x459: u1 = undefined; + fiatP384SubborrowxU64(&x458, &x459, x457, x445, 0xfffffffffffffffe); + var x460: u64 = undefined; + var x461: u1 = undefined; + fiatP384SubborrowxU64(&x460, &x461, x459, x447, 0xffffffffffffffff); + var x462: u64 = undefined; + var x463: u1 = undefined; + fiatP384SubborrowxU64(&x462, &x463, x461, x449, 0xffffffffffffffff); + var x464: u64 = undefined; + var x465: u1 = undefined; + fiatP384SubborrowxU64(&x464, &x465, x463, x451, 0xffffffffffffffff); + var x466: u64 = undefined; + var x467: u1 = undefined; + fiatP384SubborrowxU64(&x466, &x467, x465, x453, @intCast(u64, 0x0)); + var x468: u64 = undefined; + fiatP384CmovznzU64(&x468, x467, x454, x441); + var x469: u64 = undefined; + fiatP384CmovznzU64(&x469, x467, x456, x443); + var x470: u64 = undefined; + fiatP384CmovznzU64(&x470, x467, x458, x445); + var x471: u64 = undefined; + fiatP384CmovznzU64(&x471, x467, x460, x447); + var x472: u64 = undefined; + fiatP384CmovznzU64(&x472, x467, x462, x449); + var x473: u64 = undefined; + fiatP384CmovznzU64(&x473, x467, x464, x451); + out1[0] = x468; + out1[1] = x469; + out1[2] = x470; + out1[3] = x471; + out1[4] = x472; + out1[5] = x473; +} + +/// The function fiatP384Square squares a field element in the Montgomery domain. +/// Preconditions: +/// 0 ≤ eval arg1 < m +/// Postconditions: +/// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg1)) mod m +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +pub fn fiatP384Square(out1: *[6]u64, arg1: [6]u64) void { + const x1: u64 = (arg1[1]); + const x2: u64 = (arg1[2]); + const x3: u64 = (arg1[3]); + const x4: u64 = (arg1[4]); + const x5: u64 = (arg1[5]); + const x6: u64 = (arg1[0]); + var x7: u64 = undefined; + var x8: u64 = undefined; + fiatP384MulxU64(&x7, &x8, x6, (arg1[5])); + var x9: u64 = undefined; + var x10: u64 = undefined; + fiatP384MulxU64(&x9, &x10, x6, (arg1[4])); + var x11: u64 = undefined; + var x12: u64 = undefined; + fiatP384MulxU64(&x11, &x12, x6, (arg1[3])); + var x13: u64 = undefined; + var x14: u64 = undefined; + fiatP384MulxU64(&x13, &x14, x6, (arg1[2])); + var x15: u64 = undefined; + var x16: u64 = undefined; + fiatP384MulxU64(&x15, &x16, x6, (arg1[1])); + var x17: u64 = undefined; + var x18: u64 = undefined; + fiatP384MulxU64(&x17, &x18, x6, (arg1[0])); + var x19: u64 = undefined; + var x20: u1 = undefined; + fiatP384AddcarryxU64(&x19, &x20, 0x0, x18, x15); + var x21: u64 = undefined; + var x22: u1 = undefined; + fiatP384AddcarryxU64(&x21, &x22, x20, x16, x13); + var x23: u64 = undefined; + var x24: u1 = undefined; + fiatP384AddcarryxU64(&x23, &x24, x22, x14, x11); + var x25: u64 = undefined; + var x26: u1 = undefined; + fiatP384AddcarryxU64(&x25, &x26, x24, x12, x9); + var x27: u64 = undefined; + var x28: u1 = undefined; + fiatP384AddcarryxU64(&x27, &x28, x26, x10, x7); + const x29: u64 = (@intCast(u64, x28) + x8); + var x30: u64 = undefined; + var x31: u64 = undefined; + fiatP384MulxU64(&x30, &x31, x17, 0x100000001); + var x32: u64 = undefined; + var x33: u64 = undefined; + fiatP384MulxU64(&x32, &x33, x30, 0xffffffffffffffff); + var x34: u64 = undefined; + var x35: u64 = undefined; + fiatP384MulxU64(&x34, &x35, x30, 0xffffffffffffffff); + var x36: u64 = undefined; + var x37: u64 = undefined; + fiatP384MulxU64(&x36, &x37, x30, 0xffffffffffffffff); + var x38: u64 = undefined; + var x39: u64 = undefined; + fiatP384MulxU64(&x38, &x39, x30, 0xfffffffffffffffe); + var x40: u64 = undefined; + var x41: u64 = undefined; + fiatP384MulxU64(&x40, &x41, x30, 0xffffffff00000000); + var x42: u64 = undefined; + var x43: u64 = undefined; + fiatP384MulxU64(&x42, &x43, x30, 0xffffffff); + var x44: u64 = undefined; + var x45: u1 = undefined; + fiatP384AddcarryxU64(&x44, &x45, 0x0, x43, x40); + var x46: u64 = undefined; + var x47: u1 = undefined; + fiatP384AddcarryxU64(&x46, &x47, x45, x41, x38); + var x48: u64 = undefined; + var x49: u1 = undefined; + fiatP384AddcarryxU64(&x48, &x49, x47, x39, x36); + var x50: u64 = undefined; + var x51: u1 = undefined; + fiatP384AddcarryxU64(&x50, &x51, x49, x37, x34); + var x52: u64 = undefined; + var x53: u1 = undefined; + fiatP384AddcarryxU64(&x52, &x53, x51, x35, x32); + const x54: u64 = (@intCast(u64, x53) + x33); + var x55: u64 = undefined; + var x56: u1 = undefined; + fiatP384AddcarryxU64(&x55, &x56, 0x0, x17, x42); + var x57: u64 = undefined; + var x58: u1 = undefined; + fiatP384AddcarryxU64(&x57, &x58, x56, x19, x44); + var x59: u64 = undefined; + var x60: u1 = undefined; + fiatP384AddcarryxU64(&x59, &x60, x58, x21, x46); + var x61: u64 = undefined; + var x62: u1 = undefined; + fiatP384AddcarryxU64(&x61, &x62, x60, x23, x48); + var x63: u64 = undefined; + var x64: u1 = undefined; + fiatP384AddcarryxU64(&x63, &x64, x62, x25, x50); + var x65: u64 = undefined; + var x66: u1 = undefined; + fiatP384AddcarryxU64(&x65, &x66, x64, x27, x52); + var x67: u64 = undefined; + var x68: u1 = undefined; + fiatP384AddcarryxU64(&x67, &x68, x66, x29, x54); + var x69: u64 = undefined; + var x70: u64 = undefined; + fiatP384MulxU64(&x69, &x70, x1, (arg1[5])); + var x71: u64 = undefined; + var x72: u64 = undefined; + fiatP384MulxU64(&x71, &x72, x1, (arg1[4])); + var x73: u64 = undefined; + var x74: u64 = undefined; + fiatP384MulxU64(&x73, &x74, x1, (arg1[3])); + var x75: u64 = undefined; + var x76: u64 = undefined; + fiatP384MulxU64(&x75, &x76, x1, (arg1[2])); + var x77: u64 = undefined; + var x78: u64 = undefined; + fiatP384MulxU64(&x77, &x78, x1, (arg1[1])); + var x79: u64 = undefined; + var x80: u64 = undefined; + fiatP384MulxU64(&x79, &x80, x1, (arg1[0])); + var x81: u64 = undefined; + var x82: u1 = undefined; + fiatP384AddcarryxU64(&x81, &x82, 0x0, x80, x77); + var x83: u64 = undefined; + var x84: u1 = undefined; + fiatP384AddcarryxU64(&x83, &x84, x82, x78, x75); + var x85: u64 = undefined; + var x86: u1 = undefined; + fiatP384AddcarryxU64(&x85, &x86, x84, x76, x73); + var x87: u64 = undefined; + var x88: u1 = undefined; + fiatP384AddcarryxU64(&x87, &x88, x86, x74, x71); + var x89: u64 = undefined; + var x90: u1 = undefined; + fiatP384AddcarryxU64(&x89, &x90, x88, x72, x69); + const x91: u64 = (@intCast(u64, x90) + x70); + var x92: u64 = undefined; + var x93: u1 = undefined; + fiatP384AddcarryxU64(&x92, &x93, 0x0, x57, x79); + var x94: u64 = undefined; + var x95: u1 = undefined; + fiatP384AddcarryxU64(&x94, &x95, x93, x59, x81); + var x96: u64 = undefined; + var x97: u1 = undefined; + fiatP384AddcarryxU64(&x96, &x97, x95, x61, x83); + var x98: u64 = undefined; + var x99: u1 = undefined; + fiatP384AddcarryxU64(&x98, &x99, x97, x63, x85); + var x100: u64 = undefined; + var x101: u1 = undefined; + fiatP384AddcarryxU64(&x100, &x101, x99, x65, x87); + var x102: u64 = undefined; + var x103: u1 = undefined; + fiatP384AddcarryxU64(&x102, &x103, x101, x67, x89); + var x104: u64 = undefined; + var x105: u1 = undefined; + fiatP384AddcarryxU64(&x104, &x105, x103, @intCast(u64, x68), x91); + var x106: u64 = undefined; + var x107: u64 = undefined; + fiatP384MulxU64(&x106, &x107, x92, 0x100000001); + var x108: u64 = undefined; + var x109: u64 = undefined; + fiatP384MulxU64(&x108, &x109, x106, 0xffffffffffffffff); + var x110: u64 = undefined; + var x111: u64 = undefined; + fiatP384MulxU64(&x110, &x111, x106, 0xffffffffffffffff); + var x112: u64 = undefined; + var x113: u64 = undefined; + fiatP384MulxU64(&x112, &x113, x106, 0xffffffffffffffff); + var x114: u64 = undefined; + var x115: u64 = undefined; + fiatP384MulxU64(&x114, &x115, x106, 0xfffffffffffffffe); + var x116: u64 = undefined; + var x117: u64 = undefined; + fiatP384MulxU64(&x116, &x117, x106, 0xffffffff00000000); + var x118: u64 = undefined; + var x119: u64 = undefined; + fiatP384MulxU64(&x118, &x119, x106, 0xffffffff); + var x120: u64 = undefined; + var x121: u1 = undefined; + fiatP384AddcarryxU64(&x120, &x121, 0x0, x119, x116); + var x122: u64 = undefined; + var x123: u1 = undefined; + fiatP384AddcarryxU64(&x122, &x123, x121, x117, x114); + var x124: u64 = undefined; + var x125: u1 = undefined; + fiatP384AddcarryxU64(&x124, &x125, x123, x115, x112); + var x126: u64 = undefined; + var x127: u1 = undefined; + fiatP384AddcarryxU64(&x126, &x127, x125, x113, x110); + var x128: u64 = undefined; + var x129: u1 = undefined; + fiatP384AddcarryxU64(&x128, &x129, x127, x111, x108); + const x130: u64 = (@intCast(u64, x129) + x109); + var x131: u64 = undefined; + var x132: u1 = undefined; + fiatP384AddcarryxU64(&x131, &x132, 0x0, x92, x118); + var x133: u64 = undefined; + var x134: u1 = undefined; + fiatP384AddcarryxU64(&x133, &x134, x132, x94, x120); + var x135: u64 = undefined; + var x136: u1 = undefined; + fiatP384AddcarryxU64(&x135, &x136, x134, x96, x122); + var x137: u64 = undefined; + var x138: u1 = undefined; + fiatP384AddcarryxU64(&x137, &x138, x136, x98, x124); + var x139: u64 = undefined; + var x140: u1 = undefined; + fiatP384AddcarryxU64(&x139, &x140, x138, x100, x126); + var x141: u64 = undefined; + var x142: u1 = undefined; + fiatP384AddcarryxU64(&x141, &x142, x140, x102, x128); + var x143: u64 = undefined; + var x144: u1 = undefined; + fiatP384AddcarryxU64(&x143, &x144, x142, x104, x130); + const x145: u64 = (@intCast(u64, x144) + @intCast(u64, x105)); + var x146: u64 = undefined; + var x147: u64 = undefined; + fiatP384MulxU64(&x146, &x147, x2, (arg1[5])); + var x148: u64 = undefined; + var x149: u64 = undefined; + fiatP384MulxU64(&x148, &x149, x2, (arg1[4])); + var x150: u64 = undefined; + var x151: u64 = undefined; + fiatP384MulxU64(&x150, &x151, x2, (arg1[3])); + var x152: u64 = undefined; + var x153: u64 = undefined; + fiatP384MulxU64(&x152, &x153, x2, (arg1[2])); + var x154: u64 = undefined; + var x155: u64 = undefined; + fiatP384MulxU64(&x154, &x155, x2, (arg1[1])); + var x156: u64 = undefined; + var x157: u64 = undefined; + fiatP384MulxU64(&x156, &x157, x2, (arg1[0])); + var x158: u64 = undefined; + var x159: u1 = undefined; + fiatP384AddcarryxU64(&x158, &x159, 0x0, x157, x154); + var x160: u64 = undefined; + var x161: u1 = undefined; + fiatP384AddcarryxU64(&x160, &x161, x159, x155, x152); + var x162: u64 = undefined; + var x163: u1 = undefined; + fiatP384AddcarryxU64(&x162, &x163, x161, x153, x150); + var x164: u64 = undefined; + var x165: u1 = undefined; + fiatP384AddcarryxU64(&x164, &x165, x163, x151, x148); + var x166: u64 = undefined; + var x167: u1 = undefined; + fiatP384AddcarryxU64(&x166, &x167, x165, x149, x146); + const x168: u64 = (@intCast(u64, x167) + x147); + var x169: u64 = undefined; + var x170: u1 = undefined; + fiatP384AddcarryxU64(&x169, &x170, 0x0, x133, x156); + var x171: u64 = undefined; + var x172: u1 = undefined; + fiatP384AddcarryxU64(&x171, &x172, x170, x135, x158); + var x173: u64 = undefined; + var x174: u1 = undefined; + fiatP384AddcarryxU64(&x173, &x174, x172, x137, x160); + var x175: u64 = undefined; + var x176: u1 = undefined; + fiatP384AddcarryxU64(&x175, &x176, x174, x139, x162); + var x177: u64 = undefined; + var x178: u1 = undefined; + fiatP384AddcarryxU64(&x177, &x178, x176, x141, x164); + var x179: u64 = undefined; + var x180: u1 = undefined; + fiatP384AddcarryxU64(&x179, &x180, x178, x143, x166); + var x181: u64 = undefined; + var x182: u1 = undefined; + fiatP384AddcarryxU64(&x181, &x182, x180, x145, x168); + var x183: u64 = undefined; + var x184: u64 = undefined; + fiatP384MulxU64(&x183, &x184, x169, 0x100000001); + var x185: u64 = undefined; + var x186: u64 = undefined; + fiatP384MulxU64(&x185, &x186, x183, 0xffffffffffffffff); + var x187: u64 = undefined; + var x188: u64 = undefined; + fiatP384MulxU64(&x187, &x188, x183, 0xffffffffffffffff); + var x189: u64 = undefined; + var x190: u64 = undefined; + fiatP384MulxU64(&x189, &x190, x183, 0xffffffffffffffff); + var x191: u64 = undefined; + var x192: u64 = undefined; + fiatP384MulxU64(&x191, &x192, x183, 0xfffffffffffffffe); + var x193: u64 = undefined; + var x194: u64 = undefined; + fiatP384MulxU64(&x193, &x194, x183, 0xffffffff00000000); + var x195: u64 = undefined; + var x196: u64 = undefined; + fiatP384MulxU64(&x195, &x196, x183, 0xffffffff); + var x197: u64 = undefined; + var x198: u1 = undefined; + fiatP384AddcarryxU64(&x197, &x198, 0x0, x196, x193); + var x199: u64 = undefined; + var x200: u1 = undefined; + fiatP384AddcarryxU64(&x199, &x200, x198, x194, x191); + var x201: u64 = undefined; + var x202: u1 = undefined; + fiatP384AddcarryxU64(&x201, &x202, x200, x192, x189); + var x203: u64 = undefined; + var x204: u1 = undefined; + fiatP384AddcarryxU64(&x203, &x204, x202, x190, x187); + var x205: u64 = undefined; + var x206: u1 = undefined; + fiatP384AddcarryxU64(&x205, &x206, x204, x188, x185); + const x207: u64 = (@intCast(u64, x206) + x186); + var x208: u64 = undefined; + var x209: u1 = undefined; + fiatP384AddcarryxU64(&x208, &x209, 0x0, x169, x195); + var x210: u64 = undefined; + var x211: u1 = undefined; + fiatP384AddcarryxU64(&x210, &x211, x209, x171, x197); + var x212: u64 = undefined; + var x213: u1 = undefined; + fiatP384AddcarryxU64(&x212, &x213, x211, x173, x199); + var x214: u64 = undefined; + var x215: u1 = undefined; + fiatP384AddcarryxU64(&x214, &x215, x213, x175, x201); + var x216: u64 = undefined; + var x217: u1 = undefined; + fiatP384AddcarryxU64(&x216, &x217, x215, x177, x203); + var x218: u64 = undefined; + var x219: u1 = undefined; + fiatP384AddcarryxU64(&x218, &x219, x217, x179, x205); + var x220: u64 = undefined; + var x221: u1 = undefined; + fiatP384AddcarryxU64(&x220, &x221, x219, x181, x207); + const x222: u64 = (@intCast(u64, x221) + @intCast(u64, x182)); + var x223: u64 = undefined; + var x224: u64 = undefined; + fiatP384MulxU64(&x223, &x224, x3, (arg1[5])); + var x225: u64 = undefined; + var x226: u64 = undefined; + fiatP384MulxU64(&x225, &x226, x3, (arg1[4])); + var x227: u64 = undefined; + var x228: u64 = undefined; + fiatP384MulxU64(&x227, &x228, x3, (arg1[3])); + var x229: u64 = undefined; + var x230: u64 = undefined; + fiatP384MulxU64(&x229, &x230, x3, (arg1[2])); + var x231: u64 = undefined; + var x232: u64 = undefined; + fiatP384MulxU64(&x231, &x232, x3, (arg1[1])); + var x233: u64 = undefined; + var x234: u64 = undefined; + fiatP384MulxU64(&x233, &x234, x3, (arg1[0])); + var x235: u64 = undefined; + var x236: u1 = undefined; + fiatP384AddcarryxU64(&x235, &x236, 0x0, x234, x231); + var x237: u64 = undefined; + var x238: u1 = undefined; + fiatP384AddcarryxU64(&x237, &x238, x236, x232, x229); + var x239: u64 = undefined; + var x240: u1 = undefined; + fiatP384AddcarryxU64(&x239, &x240, x238, x230, x227); + var x241: u64 = undefined; + var x242: u1 = undefined; + fiatP384AddcarryxU64(&x241, &x242, x240, x228, x225); + var x243: u64 = undefined; + var x244: u1 = undefined; + fiatP384AddcarryxU64(&x243, &x244, x242, x226, x223); + const x245: u64 = (@intCast(u64, x244) + x224); + var x246: u64 = undefined; + var x247: u1 = undefined; + fiatP384AddcarryxU64(&x246, &x247, 0x0, x210, x233); + var x248: u64 = undefined; + var x249: u1 = undefined; + fiatP384AddcarryxU64(&x248, &x249, x247, x212, x235); + var x250: u64 = undefined; + var x251: u1 = undefined; + fiatP384AddcarryxU64(&x250, &x251, x249, x214, x237); + var x252: u64 = undefined; + var x253: u1 = undefined; + fiatP384AddcarryxU64(&x252, &x253, x251, x216, x239); + var x254: u64 = undefined; + var x255: u1 = undefined; + fiatP384AddcarryxU64(&x254, &x255, x253, x218, x241); + var x256: u64 = undefined; + var x257: u1 = undefined; + fiatP384AddcarryxU64(&x256, &x257, x255, x220, x243); + var x258: u64 = undefined; + var x259: u1 = undefined; + fiatP384AddcarryxU64(&x258, &x259, x257, x222, x245); + var x260: u64 = undefined; + var x261: u64 = undefined; + fiatP384MulxU64(&x260, &x261, x246, 0x100000001); + var x262: u64 = undefined; + var x263: u64 = undefined; + fiatP384MulxU64(&x262, &x263, x260, 0xffffffffffffffff); + var x264: u64 = undefined; + var x265: u64 = undefined; + fiatP384MulxU64(&x264, &x265, x260, 0xffffffffffffffff); + var x266: u64 = undefined; + var x267: u64 = undefined; + fiatP384MulxU64(&x266, &x267, x260, 0xffffffffffffffff); + var x268: u64 = undefined; + var x269: u64 = undefined; + fiatP384MulxU64(&x268, &x269, x260, 0xfffffffffffffffe); + var x270: u64 = undefined; + var x271: u64 = undefined; + fiatP384MulxU64(&x270, &x271, x260, 0xffffffff00000000); + var x272: u64 = undefined; + var x273: u64 = undefined; + fiatP384MulxU64(&x272, &x273, x260, 0xffffffff); + var x274: u64 = undefined; + var x275: u1 = undefined; + fiatP384AddcarryxU64(&x274, &x275, 0x0, x273, x270); + var x276: u64 = undefined; + var x277: u1 = undefined; + fiatP384AddcarryxU64(&x276, &x277, x275, x271, x268); + var x278: u64 = undefined; + var x279: u1 = undefined; + fiatP384AddcarryxU64(&x278, &x279, x277, x269, x266); + var x280: u64 = undefined; + var x281: u1 = undefined; + fiatP384AddcarryxU64(&x280, &x281, x279, x267, x264); + var x282: u64 = undefined; + var x283: u1 = undefined; + fiatP384AddcarryxU64(&x282, &x283, x281, x265, x262); + const x284: u64 = (@intCast(u64, x283) + x263); + var x285: u64 = undefined; + var x286: u1 = undefined; + fiatP384AddcarryxU64(&x285, &x286, 0x0, x246, x272); + var x287: u64 = undefined; + var x288: u1 = undefined; + fiatP384AddcarryxU64(&x287, &x288, x286, x248, x274); + var x289: u64 = undefined; + var x290: u1 = undefined; + fiatP384AddcarryxU64(&x289, &x290, x288, x250, x276); + var x291: u64 = undefined; + var x292: u1 = undefined; + fiatP384AddcarryxU64(&x291, &x292, x290, x252, x278); + var x293: u64 = undefined; + var x294: u1 = undefined; + fiatP384AddcarryxU64(&x293, &x294, x292, x254, x280); + var x295: u64 = undefined; + var x296: u1 = undefined; + fiatP384AddcarryxU64(&x295, &x296, x294, x256, x282); + var x297: u64 = undefined; + var x298: u1 = undefined; + fiatP384AddcarryxU64(&x297, &x298, x296, x258, x284); + const x299: u64 = (@intCast(u64, x298) + @intCast(u64, x259)); + var x300: u64 = undefined; + var x301: u64 = undefined; + fiatP384MulxU64(&x300, &x301, x4, (arg1[5])); + var x302: u64 = undefined; + var x303: u64 = undefined; + fiatP384MulxU64(&x302, &x303, x4, (arg1[4])); + var x304: u64 = undefined; + var x305: u64 = undefined; + fiatP384MulxU64(&x304, &x305, x4, (arg1[3])); + var x306: u64 = undefined; + var x307: u64 = undefined; + fiatP384MulxU64(&x306, &x307, x4, (arg1[2])); + var x308: u64 = undefined; + var x309: u64 = undefined; + fiatP384MulxU64(&x308, &x309, x4, (arg1[1])); + var x310: u64 = undefined; + var x311: u64 = undefined; + fiatP384MulxU64(&x310, &x311, x4, (arg1[0])); + var x312: u64 = undefined; + var x313: u1 = undefined; + fiatP384AddcarryxU64(&x312, &x313, 0x0, x311, x308); + var x314: u64 = undefined; + var x315: u1 = undefined; + fiatP384AddcarryxU64(&x314, &x315, x313, x309, x306); + var x316: u64 = undefined; + var x317: u1 = undefined; + fiatP384AddcarryxU64(&x316, &x317, x315, x307, x304); + var x318: u64 = undefined; + var x319: u1 = undefined; + fiatP384AddcarryxU64(&x318, &x319, x317, x305, x302); + var x320: u64 = undefined; + var x321: u1 = undefined; + fiatP384AddcarryxU64(&x320, &x321, x319, x303, x300); + const x322: u64 = (@intCast(u64, x321) + x301); + var x323: u64 = undefined; + var x324: u1 = undefined; + fiatP384AddcarryxU64(&x323, &x324, 0x0, x287, x310); + var x325: u64 = undefined; + var x326: u1 = undefined; + fiatP384AddcarryxU64(&x325, &x326, x324, x289, x312); + var x327: u64 = undefined; + var x328: u1 = undefined; + fiatP384AddcarryxU64(&x327, &x328, x326, x291, x314); + var x329: u64 = undefined; + var x330: u1 = undefined; + fiatP384AddcarryxU64(&x329, &x330, x328, x293, x316); + var x331: u64 = undefined; + var x332: u1 = undefined; + fiatP384AddcarryxU64(&x331, &x332, x330, x295, x318); + var x333: u64 = undefined; + var x334: u1 = undefined; + fiatP384AddcarryxU64(&x333, &x334, x332, x297, x320); + var x335: u64 = undefined; + var x336: u1 = undefined; + fiatP384AddcarryxU64(&x335, &x336, x334, x299, x322); + var x337: u64 = undefined; + var x338: u64 = undefined; + fiatP384MulxU64(&x337, &x338, x323, 0x100000001); + var x339: u64 = undefined; + var x340: u64 = undefined; + fiatP384MulxU64(&x339, &x340, x337, 0xffffffffffffffff); + var x341: u64 = undefined; + var x342: u64 = undefined; + fiatP384MulxU64(&x341, &x342, x337, 0xffffffffffffffff); + var x343: u64 = undefined; + var x344: u64 = undefined; + fiatP384MulxU64(&x343, &x344, x337, 0xffffffffffffffff); + var x345: u64 = undefined; + var x346: u64 = undefined; + fiatP384MulxU64(&x345, &x346, x337, 0xfffffffffffffffe); + var x347: u64 = undefined; + var x348: u64 = undefined; + fiatP384MulxU64(&x347, &x348, x337, 0xffffffff00000000); + var x349: u64 = undefined; + var x350: u64 = undefined; + fiatP384MulxU64(&x349, &x350, x337, 0xffffffff); + var x351: u64 = undefined; + var x352: u1 = undefined; + fiatP384AddcarryxU64(&x351, &x352, 0x0, x350, x347); + var x353: u64 = undefined; + var x354: u1 = undefined; + fiatP384AddcarryxU64(&x353, &x354, x352, x348, x345); + var x355: u64 = undefined; + var x356: u1 = undefined; + fiatP384AddcarryxU64(&x355, &x356, x354, x346, x343); + var x357: u64 = undefined; + var x358: u1 = undefined; + fiatP384AddcarryxU64(&x357, &x358, x356, x344, x341); + var x359: u64 = undefined; + var x360: u1 = undefined; + fiatP384AddcarryxU64(&x359, &x360, x358, x342, x339); + const x361: u64 = (@intCast(u64, x360) + x340); + var x362: u64 = undefined; + var x363: u1 = undefined; + fiatP384AddcarryxU64(&x362, &x363, 0x0, x323, x349); + var x364: u64 = undefined; + var x365: u1 = undefined; + fiatP384AddcarryxU64(&x364, &x365, x363, x325, x351); + var x366: u64 = undefined; + var x367: u1 = undefined; + fiatP384AddcarryxU64(&x366, &x367, x365, x327, x353); + var x368: u64 = undefined; + var x369: u1 = undefined; + fiatP384AddcarryxU64(&x368, &x369, x367, x329, x355); + var x370: u64 = undefined; + var x371: u1 = undefined; + fiatP384AddcarryxU64(&x370, &x371, x369, x331, x357); + var x372: u64 = undefined; + var x373: u1 = undefined; + fiatP384AddcarryxU64(&x372, &x373, x371, x333, x359); + var x374: u64 = undefined; + var x375: u1 = undefined; + fiatP384AddcarryxU64(&x374, &x375, x373, x335, x361); + const x376: u64 = (@intCast(u64, x375) + @intCast(u64, x336)); + var x377: u64 = undefined; + var x378: u64 = undefined; + fiatP384MulxU64(&x377, &x378, x5, (arg1[5])); + var x379: u64 = undefined; + var x380: u64 = undefined; + fiatP384MulxU64(&x379, &x380, x5, (arg1[4])); + var x381: u64 = undefined; + var x382: u64 = undefined; + fiatP384MulxU64(&x381, &x382, x5, (arg1[3])); + var x383: u64 = undefined; + var x384: u64 = undefined; + fiatP384MulxU64(&x383, &x384, x5, (arg1[2])); + var x385: u64 = undefined; + var x386: u64 = undefined; + fiatP384MulxU64(&x385, &x386, x5, (arg1[1])); + var x387: u64 = undefined; + var x388: u64 = undefined; + fiatP384MulxU64(&x387, &x388, x5, (arg1[0])); + var x389: u64 = undefined; + var x390: u1 = undefined; + fiatP384AddcarryxU64(&x389, &x390, 0x0, x388, x385); + var x391: u64 = undefined; + var x392: u1 = undefined; + fiatP384AddcarryxU64(&x391, &x392, x390, x386, x383); + var x393: u64 = undefined; + var x394: u1 = undefined; + fiatP384AddcarryxU64(&x393, &x394, x392, x384, x381); + var x395: u64 = undefined; + var x396: u1 = undefined; + fiatP384AddcarryxU64(&x395, &x396, x394, x382, x379); + var x397: u64 = undefined; + var x398: u1 = undefined; + fiatP384AddcarryxU64(&x397, &x398, x396, x380, x377); + const x399: u64 = (@intCast(u64, x398) + x378); + var x400: u64 = undefined; + var x401: u1 = undefined; + fiatP384AddcarryxU64(&x400, &x401, 0x0, x364, x387); + var x402: u64 = undefined; + var x403: u1 = undefined; + fiatP384AddcarryxU64(&x402, &x403, x401, x366, x389); + var x404: u64 = undefined; + var x405: u1 = undefined; + fiatP384AddcarryxU64(&x404, &x405, x403, x368, x391); + var x406: u64 = undefined; + var x407: u1 = undefined; + fiatP384AddcarryxU64(&x406, &x407, x405, x370, x393); + var x408: u64 = undefined; + var x409: u1 = undefined; + fiatP384AddcarryxU64(&x408, &x409, x407, x372, x395); + var x410: u64 = undefined; + var x411: u1 = undefined; + fiatP384AddcarryxU64(&x410, &x411, x409, x374, x397); + var x412: u64 = undefined; + var x413: u1 = undefined; + fiatP384AddcarryxU64(&x412, &x413, x411, x376, x399); + var x414: u64 = undefined; + var x415: u64 = undefined; + fiatP384MulxU64(&x414, &x415, x400, 0x100000001); + var x416: u64 = undefined; + var x417: u64 = undefined; + fiatP384MulxU64(&x416, &x417, x414, 0xffffffffffffffff); + var x418: u64 = undefined; + var x419: u64 = undefined; + fiatP384MulxU64(&x418, &x419, x414, 0xffffffffffffffff); + var x420: u64 = undefined; + var x421: u64 = undefined; + fiatP384MulxU64(&x420, &x421, x414, 0xffffffffffffffff); + var x422: u64 = undefined; + var x423: u64 = undefined; + fiatP384MulxU64(&x422, &x423, x414, 0xfffffffffffffffe); + var x424: u64 = undefined; + var x425: u64 = undefined; + fiatP384MulxU64(&x424, &x425, x414, 0xffffffff00000000); + var x426: u64 = undefined; + var x427: u64 = undefined; + fiatP384MulxU64(&x426, &x427, x414, 0xffffffff); + var x428: u64 = undefined; + var x429: u1 = undefined; + fiatP384AddcarryxU64(&x428, &x429, 0x0, x427, x424); + var x430: u64 = undefined; + var x431: u1 = undefined; + fiatP384AddcarryxU64(&x430, &x431, x429, x425, x422); + var x432: u64 = undefined; + var x433: u1 = undefined; + fiatP384AddcarryxU64(&x432, &x433, x431, x423, x420); + var x434: u64 = undefined; + var x435: u1 = undefined; + fiatP384AddcarryxU64(&x434, &x435, x433, x421, x418); + var x436: u64 = undefined; + var x437: u1 = undefined; + fiatP384AddcarryxU64(&x436, &x437, x435, x419, x416); + const x438: u64 = (@intCast(u64, x437) + x417); + var x439: u64 = undefined; + var x440: u1 = undefined; + fiatP384AddcarryxU64(&x439, &x440, 0x0, x400, x426); + var x441: u64 = undefined; + var x442: u1 = undefined; + fiatP384AddcarryxU64(&x441, &x442, x440, x402, x428); + var x443: u64 = undefined; + var x444: u1 = undefined; + fiatP384AddcarryxU64(&x443, &x444, x442, x404, x430); + var x445: u64 = undefined; + var x446: u1 = undefined; + fiatP384AddcarryxU64(&x445, &x446, x444, x406, x432); + var x447: u64 = undefined; + var x448: u1 = undefined; + fiatP384AddcarryxU64(&x447, &x448, x446, x408, x434); + var x449: u64 = undefined; + var x450: u1 = undefined; + fiatP384AddcarryxU64(&x449, &x450, x448, x410, x436); + var x451: u64 = undefined; + var x452: u1 = undefined; + fiatP384AddcarryxU64(&x451, &x452, x450, x412, x438); + const x453: u64 = (@intCast(u64, x452) + @intCast(u64, x413)); + var x454: u64 = undefined; + var x455: u1 = undefined; + fiatP384SubborrowxU64(&x454, &x455, 0x0, x441, 0xffffffff); + var x456: u64 = undefined; + var x457: u1 = undefined; + fiatP384SubborrowxU64(&x456, &x457, x455, x443, 0xffffffff00000000); + var x458: u64 = undefined; + var x459: u1 = undefined; + fiatP384SubborrowxU64(&x458, &x459, x457, x445, 0xfffffffffffffffe); + var x460: u64 = undefined; + var x461: u1 = undefined; + fiatP384SubborrowxU64(&x460, &x461, x459, x447, 0xffffffffffffffff); + var x462: u64 = undefined; + var x463: u1 = undefined; + fiatP384SubborrowxU64(&x462, &x463, x461, x449, 0xffffffffffffffff); + var x464: u64 = undefined; + var x465: u1 = undefined; + fiatP384SubborrowxU64(&x464, &x465, x463, x451, 0xffffffffffffffff); + var x466: u64 = undefined; + var x467: u1 = undefined; + fiatP384SubborrowxU64(&x466, &x467, x465, x453, @intCast(u64, 0x0)); + var x468: u64 = undefined; + fiatP384CmovznzU64(&x468, x467, x454, x441); + var x469: u64 = undefined; + fiatP384CmovznzU64(&x469, x467, x456, x443); + var x470: u64 = undefined; + fiatP384CmovznzU64(&x470, x467, x458, x445); + var x471: u64 = undefined; + fiatP384CmovznzU64(&x471, x467, x460, x447); + var x472: u64 = undefined; + fiatP384CmovznzU64(&x472, x467, x462, x449); + var x473: u64 = undefined; + fiatP384CmovznzU64(&x473, x467, x464, x451); + out1[0] = x468; + out1[1] = x469; + out1[2] = x470; + out1[3] = x471; + out1[4] = x472; + out1[5] = x473; +} + +/// The function fiatP384Add adds two field elements in the Montgomery domain. +/// Preconditions: +/// 0 ≤ eval arg1 < m +/// 0 ≤ eval arg2 < m +/// Postconditions: +/// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) + eval (from_montgomery arg2)) mod m +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +pub fn fiatP384Add(out1: *[6]u64, arg1: [6]u64, arg2: [6]u64) void { + var x1: u64 = undefined; + var x2: u1 = undefined; + fiatP384AddcarryxU64(&x1, &x2, 0x0, (arg1[0]), (arg2[0])); + var x3: u64 = undefined; + var x4: u1 = undefined; + fiatP384AddcarryxU64(&x3, &x4, x2, (arg1[1]), (arg2[1])); + var x5: u64 = undefined; + var x6: u1 = undefined; + fiatP384AddcarryxU64(&x5, &x6, x4, (arg1[2]), (arg2[2])); + var x7: u64 = undefined; + var x8: u1 = undefined; + fiatP384AddcarryxU64(&x7, &x8, x6, (arg1[3]), (arg2[3])); + var x9: u64 = undefined; + var x10: u1 = undefined; + fiatP384AddcarryxU64(&x9, &x10, x8, (arg1[4]), (arg2[4])); + var x11: u64 = undefined; + var x12: u1 = undefined; + fiatP384AddcarryxU64(&x11, &x12, x10, (arg1[5]), (arg2[5])); + var x13: u64 = undefined; + var x14: u1 = undefined; + fiatP384SubborrowxU64(&x13, &x14, 0x0, x1, 0xffffffff); + var x15: u64 = undefined; + var x16: u1 = undefined; + fiatP384SubborrowxU64(&x15, &x16, x14, x3, 0xffffffff00000000); + var x17: u64 = undefined; + var x18: u1 = undefined; + fiatP384SubborrowxU64(&x17, &x18, x16, x5, 0xfffffffffffffffe); + var x19: u64 = undefined; + var x20: u1 = undefined; + fiatP384SubborrowxU64(&x19, &x20, x18, x7, 0xffffffffffffffff); + var x21: u64 = undefined; + var x22: u1 = undefined; + fiatP384SubborrowxU64(&x21, &x22, x20, x9, 0xffffffffffffffff); + var x23: u64 = undefined; + var x24: u1 = undefined; + fiatP384SubborrowxU64(&x23, &x24, x22, x11, 0xffffffffffffffff); + var x25: u64 = undefined; + var x26: u1 = undefined; + fiatP384SubborrowxU64(&x25, &x26, x24, @intCast(u64, x12), @intCast(u64, 0x0)); + var x27: u64 = undefined; + fiatP384CmovznzU64(&x27, x26, x13, x1); + var x28: u64 = undefined; + fiatP384CmovznzU64(&x28, x26, x15, x3); + var x29: u64 = undefined; + fiatP384CmovznzU64(&x29, x26, x17, x5); + var x30: u64 = undefined; + fiatP384CmovznzU64(&x30, x26, x19, x7); + var x31: u64 = undefined; + fiatP384CmovznzU64(&x31, x26, x21, x9); + var x32: u64 = undefined; + fiatP384CmovznzU64(&x32, x26, x23, x11); + out1[0] = x27; + out1[1] = x28; + out1[2] = x29; + out1[3] = x30; + out1[4] = x31; + out1[5] = x32; +} + +/// The function fiatP384Sub subtracts two field elements in the Montgomery domain. +/// Preconditions: +/// 0 ≤ eval arg1 < m +/// 0 ≤ eval arg2 < m +/// Postconditions: +/// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) - eval (from_montgomery arg2)) mod m +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +pub fn fiatP384Sub(out1: *[6]u64, arg1: [6]u64, arg2: [6]u64) void { + var x1: u64 = undefined; + var x2: u1 = undefined; + fiatP384SubborrowxU64(&x1, &x2, 0x0, (arg1[0]), (arg2[0])); + var x3: u64 = undefined; + var x4: u1 = undefined; + fiatP384SubborrowxU64(&x3, &x4, x2, (arg1[1]), (arg2[1])); + var x5: u64 = undefined; + var x6: u1 = undefined; + fiatP384SubborrowxU64(&x5, &x6, x4, (arg1[2]), (arg2[2])); + var x7: u64 = undefined; + var x8: u1 = undefined; + fiatP384SubborrowxU64(&x7, &x8, x6, (arg1[3]), (arg2[3])); + var x9: u64 = undefined; + var x10: u1 = undefined; + fiatP384SubborrowxU64(&x9, &x10, x8, (arg1[4]), (arg2[4])); + var x11: u64 = undefined; + var x12: u1 = undefined; + fiatP384SubborrowxU64(&x11, &x12, x10, (arg1[5]), (arg2[5])); + var x13: u64 = undefined; + fiatP384CmovznzU64(&x13, x12, @intCast(u64, 0x0), 0xffffffffffffffff); + var x14: u64 = undefined; + var x15: u1 = undefined; + fiatP384AddcarryxU64(&x14, &x15, 0x0, x1, (x13 & 0xffffffff)); + var x16: u64 = undefined; + var x17: u1 = undefined; + fiatP384AddcarryxU64(&x16, &x17, x15, x3, (x13 & 0xffffffff00000000)); + var x18: u64 = undefined; + var x19: u1 = undefined; + fiatP384AddcarryxU64(&x18, &x19, x17, x5, (x13 & 0xfffffffffffffffe)); + var x20: u64 = undefined; + var x21: u1 = undefined; + fiatP384AddcarryxU64(&x20, &x21, x19, x7, x13); + var x22: u64 = undefined; + var x23: u1 = undefined; + fiatP384AddcarryxU64(&x22, &x23, x21, x9, x13); + var x24: u64 = undefined; + var x25: u1 = undefined; + fiatP384AddcarryxU64(&x24, &x25, x23, x11, x13); + out1[0] = x14; + out1[1] = x16; + out1[2] = x18; + out1[3] = x20; + out1[4] = x22; + out1[5] = x24; +} + +/// The function fiatP384Opp negates a field element in the Montgomery domain. +/// Preconditions: +/// 0 ≤ eval arg1 < m +/// Postconditions: +/// eval (from_montgomery out1) mod m = -eval (from_montgomery arg1) mod m +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +pub fn fiatP384Opp(out1: *[6]u64, arg1: [6]u64) void { + var x1: u64 = undefined; + var x2: u1 = undefined; + fiatP384SubborrowxU64(&x1, &x2, 0x0, @intCast(u64, 0x0), (arg1[0])); + var x3: u64 = undefined; + var x4: u1 = undefined; + fiatP384SubborrowxU64(&x3, &x4, x2, @intCast(u64, 0x0), (arg1[1])); + var x5: u64 = undefined; + var x6: u1 = undefined; + fiatP384SubborrowxU64(&x5, &x6, x4, @intCast(u64, 0x0), (arg1[2])); + var x7: u64 = undefined; + var x8: u1 = undefined; + fiatP384SubborrowxU64(&x7, &x8, x6, @intCast(u64, 0x0), (arg1[3])); + var x9: u64 = undefined; + var x10: u1 = undefined; + fiatP384SubborrowxU64(&x9, &x10, x8, @intCast(u64, 0x0), (arg1[4])); + var x11: u64 = undefined; + var x12: u1 = undefined; + fiatP384SubborrowxU64(&x11, &x12, x10, @intCast(u64, 0x0), (arg1[5])); + var x13: u64 = undefined; + fiatP384CmovznzU64(&x13, x12, @intCast(u64, 0x0), 0xffffffffffffffff); + var x14: u64 = undefined; + var x15: u1 = undefined; + fiatP384AddcarryxU64(&x14, &x15, 0x0, x1, (x13 & 0xffffffff)); + var x16: u64 = undefined; + var x17: u1 = undefined; + fiatP384AddcarryxU64(&x16, &x17, x15, x3, (x13 & 0xffffffff00000000)); + var x18: u64 = undefined; + var x19: u1 = undefined; + fiatP384AddcarryxU64(&x18, &x19, x17, x5, (x13 & 0xfffffffffffffffe)); + var x20: u64 = undefined; + var x21: u1 = undefined; + fiatP384AddcarryxU64(&x20, &x21, x19, x7, x13); + var x22: u64 = undefined; + var x23: u1 = undefined; + fiatP384AddcarryxU64(&x22, &x23, x21, x9, x13); + var x24: u64 = undefined; + var x25: u1 = undefined; + fiatP384AddcarryxU64(&x24, &x25, x23, x11, x13); + out1[0] = x14; + out1[1] = x16; + out1[2] = x18; + out1[3] = x20; + out1[4] = x22; + out1[5] = x24; +} + +/// The function fiatP384FromMontgomery translates a field element out of the Montgomery domain. +/// Preconditions: +/// 0 ≤ eval arg1 < m +/// Postconditions: +/// eval out1 mod m = (eval arg1 * ((2^64)⁻¹ mod m)^6) mod m +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +pub fn fiatP384FromMontgomery(out1: *[6]u64, arg1: [6]u64) void { + const x1: u64 = (arg1[0]); + var x2: u64 = undefined; + var x3: u64 = undefined; + fiatP384MulxU64(&x2, &x3, x1, 0x100000001); + var x4: u64 = undefined; + var x5: u64 = undefined; + fiatP384MulxU64(&x4, &x5, x2, 0xffffffffffffffff); + var x6: u64 = undefined; + var x7: u64 = undefined; + fiatP384MulxU64(&x6, &x7, x2, 0xffffffffffffffff); + var x8: u64 = undefined; + var x9: u64 = undefined; + fiatP384MulxU64(&x8, &x9, x2, 0xffffffffffffffff); + var x10: u64 = undefined; + var x11: u64 = undefined; + fiatP384MulxU64(&x10, &x11, x2, 0xfffffffffffffffe); + var x12: u64 = undefined; + var x13: u64 = undefined; + fiatP384MulxU64(&x12, &x13, x2, 0xffffffff00000000); + var x14: u64 = undefined; + var x15: u64 = undefined; + fiatP384MulxU64(&x14, &x15, x2, 0xffffffff); + var x16: u64 = undefined; + var x17: u1 = undefined; + fiatP384AddcarryxU64(&x16, &x17, 0x0, x15, x12); + var x18: u64 = undefined; + var x19: u1 = undefined; + fiatP384AddcarryxU64(&x18, &x19, x17, x13, x10); + var x20: u64 = undefined; + var x21: u1 = undefined; + fiatP384AddcarryxU64(&x20, &x21, x19, x11, x8); + var x22: u64 = undefined; + var x23: u1 = undefined; + fiatP384AddcarryxU64(&x22, &x23, x21, x9, x6); + var x24: u64 = undefined; + var x25: u1 = undefined; + fiatP384AddcarryxU64(&x24, &x25, x23, x7, x4); + var x26: u64 = undefined; + var x27: u1 = undefined; + fiatP384AddcarryxU64(&x26, &x27, 0x0, x1, x14); + var x28: u64 = undefined; + var x29: u1 = undefined; + fiatP384AddcarryxU64(&x28, &x29, x27, @intCast(u64, 0x0), x16); + var x30: u64 = undefined; + var x31: u1 = undefined; + fiatP384AddcarryxU64(&x30, &x31, x29, @intCast(u64, 0x0), x18); + var x32: u64 = undefined; + var x33: u1 = undefined; + fiatP384AddcarryxU64(&x32, &x33, x31, @intCast(u64, 0x0), x20); + var x34: u64 = undefined; + var x35: u1 = undefined; + fiatP384AddcarryxU64(&x34, &x35, x33, @intCast(u64, 0x0), x22); + var x36: u64 = undefined; + var x37: u1 = undefined; + fiatP384AddcarryxU64(&x36, &x37, x35, @intCast(u64, 0x0), x24); + var x38: u64 = undefined; + var x39: u1 = undefined; + fiatP384AddcarryxU64(&x38, &x39, x37, @intCast(u64, 0x0), (@intCast(u64, x25) + x5)); + var x40: u64 = undefined; + var x41: u1 = undefined; + fiatP384AddcarryxU64(&x40, &x41, 0x0, x28, (arg1[1])); + var x42: u64 = undefined; + var x43: u1 = undefined; + fiatP384AddcarryxU64(&x42, &x43, x41, x30, @intCast(u64, 0x0)); + var x44: u64 = undefined; + var x45: u1 = undefined; + fiatP384AddcarryxU64(&x44, &x45, x43, x32, @intCast(u64, 0x0)); + var x46: u64 = undefined; + var x47: u1 = undefined; + fiatP384AddcarryxU64(&x46, &x47, x45, x34, @intCast(u64, 0x0)); + var x48: u64 = undefined; + var x49: u1 = undefined; + fiatP384AddcarryxU64(&x48, &x49, x47, x36, @intCast(u64, 0x0)); + var x50: u64 = undefined; + var x51: u1 = undefined; + fiatP384AddcarryxU64(&x50, &x51, x49, x38, @intCast(u64, 0x0)); + var x52: u64 = undefined; + var x53: u64 = undefined; + fiatP384MulxU64(&x52, &x53, x40, 0x100000001); + var x54: u64 = undefined; + var x55: u64 = undefined; + fiatP384MulxU64(&x54, &x55, x52, 0xffffffffffffffff); + var x56: u64 = undefined; + var x57: u64 = undefined; + fiatP384MulxU64(&x56, &x57, x52, 0xffffffffffffffff); + var x58: u64 = undefined; + var x59: u64 = undefined; + fiatP384MulxU64(&x58, &x59, x52, 0xffffffffffffffff); + var x60: u64 = undefined; + var x61: u64 = undefined; + fiatP384MulxU64(&x60, &x61, x52, 0xfffffffffffffffe); + var x62: u64 = undefined; + var x63: u64 = undefined; + fiatP384MulxU64(&x62, &x63, x52, 0xffffffff00000000); + var x64: u64 = undefined; + var x65: u64 = undefined; + fiatP384MulxU64(&x64, &x65, x52, 0xffffffff); + var x66: u64 = undefined; + var x67: u1 = undefined; + fiatP384AddcarryxU64(&x66, &x67, 0x0, x65, x62); + var x68: u64 = undefined; + var x69: u1 = undefined; + fiatP384AddcarryxU64(&x68, &x69, x67, x63, x60); + var x70: u64 = undefined; + var x71: u1 = undefined; + fiatP384AddcarryxU64(&x70, &x71, x69, x61, x58); + var x72: u64 = undefined; + var x73: u1 = undefined; + fiatP384AddcarryxU64(&x72, &x73, x71, x59, x56); + var x74: u64 = undefined; + var x75: u1 = undefined; + fiatP384AddcarryxU64(&x74, &x75, x73, x57, x54); + var x76: u64 = undefined; + var x77: u1 = undefined; + fiatP384AddcarryxU64(&x76, &x77, 0x0, x40, x64); + var x78: u64 = undefined; + var x79: u1 = undefined; + fiatP384AddcarryxU64(&x78, &x79, x77, x42, x66); + var x80: u64 = undefined; + var x81: u1 = undefined; + fiatP384AddcarryxU64(&x80, &x81, x79, x44, x68); + var x82: u64 = undefined; + var x83: u1 = undefined; + fiatP384AddcarryxU64(&x82, &x83, x81, x46, x70); + var x84: u64 = undefined; + var x85: u1 = undefined; + fiatP384AddcarryxU64(&x84, &x85, x83, x48, x72); + var x86: u64 = undefined; + var x87: u1 = undefined; + fiatP384AddcarryxU64(&x86, &x87, x85, x50, x74); + var x88: u64 = undefined; + var x89: u1 = undefined; + fiatP384AddcarryxU64(&x88, &x89, x87, (@intCast(u64, x51) + @intCast(u64, x39)), (@intCast(u64, x75) + x55)); + var x90: u64 = undefined; + var x91: u1 = undefined; + fiatP384AddcarryxU64(&x90, &x91, 0x0, x78, (arg1[2])); + var x92: u64 = undefined; + var x93: u1 = undefined; + fiatP384AddcarryxU64(&x92, &x93, x91, x80, @intCast(u64, 0x0)); + var x94: u64 = undefined; + var x95: u1 = undefined; + fiatP384AddcarryxU64(&x94, &x95, x93, x82, @intCast(u64, 0x0)); + var x96: u64 = undefined; + var x97: u1 = undefined; + fiatP384AddcarryxU64(&x96, &x97, x95, x84, @intCast(u64, 0x0)); + var x98: u64 = undefined; + var x99: u1 = undefined; + fiatP384AddcarryxU64(&x98, &x99, x97, x86, @intCast(u64, 0x0)); + var x100: u64 = undefined; + var x101: u1 = undefined; + fiatP384AddcarryxU64(&x100, &x101, x99, x88, @intCast(u64, 0x0)); + var x102: u64 = undefined; + var x103: u64 = undefined; + fiatP384MulxU64(&x102, &x103, x90, 0x100000001); + var x104: u64 = undefined; + var x105: u64 = undefined; + fiatP384MulxU64(&x104, &x105, x102, 0xffffffffffffffff); + var x106: u64 = undefined; + var x107: u64 = undefined; + fiatP384MulxU64(&x106, &x107, x102, 0xffffffffffffffff); + var x108: u64 = undefined; + var x109: u64 = undefined; + fiatP384MulxU64(&x108, &x109, x102, 0xffffffffffffffff); + var x110: u64 = undefined; + var x111: u64 = undefined; + fiatP384MulxU64(&x110, &x111, x102, 0xfffffffffffffffe); + var x112: u64 = undefined; + var x113: u64 = undefined; + fiatP384MulxU64(&x112, &x113, x102, 0xffffffff00000000); + var x114: u64 = undefined; + var x115: u64 = undefined; + fiatP384MulxU64(&x114, &x115, x102, 0xffffffff); + var x116: u64 = undefined; + var x117: u1 = undefined; + fiatP384AddcarryxU64(&x116, &x117, 0x0, x115, x112); + var x118: u64 = undefined; + var x119: u1 = undefined; + fiatP384AddcarryxU64(&x118, &x119, x117, x113, x110); + var x120: u64 = undefined; + var x121: u1 = undefined; + fiatP384AddcarryxU64(&x120, &x121, x119, x111, x108); + var x122: u64 = undefined; + var x123: u1 = undefined; + fiatP384AddcarryxU64(&x122, &x123, x121, x109, x106); + var x124: u64 = undefined; + var x125: u1 = undefined; + fiatP384AddcarryxU64(&x124, &x125, x123, x107, x104); + var x126: u64 = undefined; + var x127: u1 = undefined; + fiatP384AddcarryxU64(&x126, &x127, 0x0, x90, x114); + var x128: u64 = undefined; + var x129: u1 = undefined; + fiatP384AddcarryxU64(&x128, &x129, x127, x92, x116); + var x130: u64 = undefined; + var x131: u1 = undefined; + fiatP384AddcarryxU64(&x130, &x131, x129, x94, x118); + var x132: u64 = undefined; + var x133: u1 = undefined; + fiatP384AddcarryxU64(&x132, &x133, x131, x96, x120); + var x134: u64 = undefined; + var x135: u1 = undefined; + fiatP384AddcarryxU64(&x134, &x135, x133, x98, x122); + var x136: u64 = undefined; + var x137: u1 = undefined; + fiatP384AddcarryxU64(&x136, &x137, x135, x100, x124); + var x138: u64 = undefined; + var x139: u1 = undefined; + fiatP384AddcarryxU64(&x138, &x139, x137, (@intCast(u64, x101) + @intCast(u64, x89)), (@intCast(u64, x125) + x105)); + var x140: u64 = undefined; + var x141: u1 = undefined; + fiatP384AddcarryxU64(&x140, &x141, 0x0, x128, (arg1[3])); + var x142: u64 = undefined; + var x143: u1 = undefined; + fiatP384AddcarryxU64(&x142, &x143, x141, x130, @intCast(u64, 0x0)); + var x144: u64 = undefined; + var x145: u1 = undefined; + fiatP384AddcarryxU64(&x144, &x145, x143, x132, @intCast(u64, 0x0)); + var x146: u64 = undefined; + var x147: u1 = undefined; + fiatP384AddcarryxU64(&x146, &x147, x145, x134, @intCast(u64, 0x0)); + var x148: u64 = undefined; + var x149: u1 = undefined; + fiatP384AddcarryxU64(&x148, &x149, x147, x136, @intCast(u64, 0x0)); + var x150: u64 = undefined; + var x151: u1 = undefined; + fiatP384AddcarryxU64(&x150, &x151, x149, x138, @intCast(u64, 0x0)); + var x152: u64 = undefined; + var x153: u64 = undefined; + fiatP384MulxU64(&x152, &x153, x140, 0x100000001); + var x154: u64 = undefined; + var x155: u64 = undefined; + fiatP384MulxU64(&x154, &x155, x152, 0xffffffffffffffff); + var x156: u64 = undefined; + var x157: u64 = undefined; + fiatP384MulxU64(&x156, &x157, x152, 0xffffffffffffffff); + var x158: u64 = undefined; + var x159: u64 = undefined; + fiatP384MulxU64(&x158, &x159, x152, 0xffffffffffffffff); + var x160: u64 = undefined; + var x161: u64 = undefined; + fiatP384MulxU64(&x160, &x161, x152, 0xfffffffffffffffe); + var x162: u64 = undefined; + var x163: u64 = undefined; + fiatP384MulxU64(&x162, &x163, x152, 0xffffffff00000000); + var x164: u64 = undefined; + var x165: u64 = undefined; + fiatP384MulxU64(&x164, &x165, x152, 0xffffffff); + var x166: u64 = undefined; + var x167: u1 = undefined; + fiatP384AddcarryxU64(&x166, &x167, 0x0, x165, x162); + var x168: u64 = undefined; + var x169: u1 = undefined; + fiatP384AddcarryxU64(&x168, &x169, x167, x163, x160); + var x170: u64 = undefined; + var x171: u1 = undefined; + fiatP384AddcarryxU64(&x170, &x171, x169, x161, x158); + var x172: u64 = undefined; + var x173: u1 = undefined; + fiatP384AddcarryxU64(&x172, &x173, x171, x159, x156); + var x174: u64 = undefined; + var x175: u1 = undefined; + fiatP384AddcarryxU64(&x174, &x175, x173, x157, x154); + var x176: u64 = undefined; + var x177: u1 = undefined; + fiatP384AddcarryxU64(&x176, &x177, 0x0, x140, x164); + var x178: u64 = undefined; + var x179: u1 = undefined; + fiatP384AddcarryxU64(&x178, &x179, x177, x142, x166); + var x180: u64 = undefined; + var x181: u1 = undefined; + fiatP384AddcarryxU64(&x180, &x181, x179, x144, x168); + var x182: u64 = undefined; + var x183: u1 = undefined; + fiatP384AddcarryxU64(&x182, &x183, x181, x146, x170); + var x184: u64 = undefined; + var x185: u1 = undefined; + fiatP384AddcarryxU64(&x184, &x185, x183, x148, x172); + var x186: u64 = undefined; + var x187: u1 = undefined; + fiatP384AddcarryxU64(&x186, &x187, x185, x150, x174); + var x188: u64 = undefined; + var x189: u1 = undefined; + fiatP384AddcarryxU64(&x188, &x189, x187, (@intCast(u64, x151) + @intCast(u64, x139)), (@intCast(u64, x175) + x155)); + var x190: u64 = undefined; + var x191: u1 = undefined; + fiatP384AddcarryxU64(&x190, &x191, 0x0, x178, (arg1[4])); + var x192: u64 = undefined; + var x193: u1 = undefined; + fiatP384AddcarryxU64(&x192, &x193, x191, x180, @intCast(u64, 0x0)); + var x194: u64 = undefined; + var x195: u1 = undefined; + fiatP384AddcarryxU64(&x194, &x195, x193, x182, @intCast(u64, 0x0)); + var x196: u64 = undefined; + var x197: u1 = undefined; + fiatP384AddcarryxU64(&x196, &x197, x195, x184, @intCast(u64, 0x0)); + var x198: u64 = undefined; + var x199: u1 = undefined; + fiatP384AddcarryxU64(&x198, &x199, x197, x186, @intCast(u64, 0x0)); + var x200: u64 = undefined; + var x201: u1 = undefined; + fiatP384AddcarryxU64(&x200, &x201, x199, x188, @intCast(u64, 0x0)); + var x202: u64 = undefined; + var x203: u64 = undefined; + fiatP384MulxU64(&x202, &x203, x190, 0x100000001); + var x204: u64 = undefined; + var x205: u64 = undefined; + fiatP384MulxU64(&x204, &x205, x202, 0xffffffffffffffff); + var x206: u64 = undefined; + var x207: u64 = undefined; + fiatP384MulxU64(&x206, &x207, x202, 0xffffffffffffffff); + var x208: u64 = undefined; + var x209: u64 = undefined; + fiatP384MulxU64(&x208, &x209, x202, 0xffffffffffffffff); + var x210: u64 = undefined; + var x211: u64 = undefined; + fiatP384MulxU64(&x210, &x211, x202, 0xfffffffffffffffe); + var x212: u64 = undefined; + var x213: u64 = undefined; + fiatP384MulxU64(&x212, &x213, x202, 0xffffffff00000000); + var x214: u64 = undefined; + var x215: u64 = undefined; + fiatP384MulxU64(&x214, &x215, x202, 0xffffffff); + var x216: u64 = undefined; + var x217: u1 = undefined; + fiatP384AddcarryxU64(&x216, &x217, 0x0, x215, x212); + var x218: u64 = undefined; + var x219: u1 = undefined; + fiatP384AddcarryxU64(&x218, &x219, x217, x213, x210); + var x220: u64 = undefined; + var x221: u1 = undefined; + fiatP384AddcarryxU64(&x220, &x221, x219, x211, x208); + var x222: u64 = undefined; + var x223: u1 = undefined; + fiatP384AddcarryxU64(&x222, &x223, x221, x209, x206); + var x224: u64 = undefined; + var x225: u1 = undefined; + fiatP384AddcarryxU64(&x224, &x225, x223, x207, x204); + var x226: u64 = undefined; + var x227: u1 = undefined; + fiatP384AddcarryxU64(&x226, &x227, 0x0, x190, x214); + var x228: u64 = undefined; + var x229: u1 = undefined; + fiatP384AddcarryxU64(&x228, &x229, x227, x192, x216); + var x230: u64 = undefined; + var x231: u1 = undefined; + fiatP384AddcarryxU64(&x230, &x231, x229, x194, x218); + var x232: u64 = undefined; + var x233: u1 = undefined; + fiatP384AddcarryxU64(&x232, &x233, x231, x196, x220); + var x234: u64 = undefined; + var x235: u1 = undefined; + fiatP384AddcarryxU64(&x234, &x235, x233, x198, x222); + var x236: u64 = undefined; + var x237: u1 = undefined; + fiatP384AddcarryxU64(&x236, &x237, x235, x200, x224); + var x238: u64 = undefined; + var x239: u1 = undefined; + fiatP384AddcarryxU64(&x238, &x239, x237, (@intCast(u64, x201) + @intCast(u64, x189)), (@intCast(u64, x225) + x205)); + var x240: u64 = undefined; + var x241: u1 = undefined; + fiatP384AddcarryxU64(&x240, &x241, 0x0, x228, (arg1[5])); + var x242: u64 = undefined; + var x243: u1 = undefined; + fiatP384AddcarryxU64(&x242, &x243, x241, x230, @intCast(u64, 0x0)); + var x244: u64 = undefined; + var x245: u1 = undefined; + fiatP384AddcarryxU64(&x244, &x245, x243, x232, @intCast(u64, 0x0)); + var x246: u64 = undefined; + var x247: u1 = undefined; + fiatP384AddcarryxU64(&x246, &x247, x245, x234, @intCast(u64, 0x0)); + var x248: u64 = undefined; + var x249: u1 = undefined; + fiatP384AddcarryxU64(&x248, &x249, x247, x236, @intCast(u64, 0x0)); + var x250: u64 = undefined; + var x251: u1 = undefined; + fiatP384AddcarryxU64(&x250, &x251, x249, x238, @intCast(u64, 0x0)); + var x252: u64 = undefined; + var x253: u64 = undefined; + fiatP384MulxU64(&x252, &x253, x240, 0x100000001); + var x254: u64 = undefined; + var x255: u64 = undefined; + fiatP384MulxU64(&x254, &x255, x252, 0xffffffffffffffff); + var x256: u64 = undefined; + var x257: u64 = undefined; + fiatP384MulxU64(&x256, &x257, x252, 0xffffffffffffffff); + var x258: u64 = undefined; + var x259: u64 = undefined; + fiatP384MulxU64(&x258, &x259, x252, 0xffffffffffffffff); + var x260: u64 = undefined; + var x261: u64 = undefined; + fiatP384MulxU64(&x260, &x261, x252, 0xfffffffffffffffe); + var x262: u64 = undefined; + var x263: u64 = undefined; + fiatP384MulxU64(&x262, &x263, x252, 0xffffffff00000000); + var x264: u64 = undefined; + var x265: u64 = undefined; + fiatP384MulxU64(&x264, &x265, x252, 0xffffffff); + var x266: u64 = undefined; + var x267: u1 = undefined; + fiatP384AddcarryxU64(&x266, &x267, 0x0, x265, x262); + var x268: u64 = undefined; + var x269: u1 = undefined; + fiatP384AddcarryxU64(&x268, &x269, x267, x263, x260); + var x270: u64 = undefined; + var x271: u1 = undefined; + fiatP384AddcarryxU64(&x270, &x271, x269, x261, x258); + var x272: u64 = undefined; + var x273: u1 = undefined; + fiatP384AddcarryxU64(&x272, &x273, x271, x259, x256); + var x274: u64 = undefined; + var x275: u1 = undefined; + fiatP384AddcarryxU64(&x274, &x275, x273, x257, x254); + var x276: u64 = undefined; + var x277: u1 = undefined; + fiatP384AddcarryxU64(&x276, &x277, 0x0, x240, x264); + var x278: u64 = undefined; + var x279: u1 = undefined; + fiatP384AddcarryxU64(&x278, &x279, x277, x242, x266); + var x280: u64 = undefined; + var x281: u1 = undefined; + fiatP384AddcarryxU64(&x280, &x281, x279, x244, x268); + var x282: u64 = undefined; + var x283: u1 = undefined; + fiatP384AddcarryxU64(&x282, &x283, x281, x246, x270); + var x284: u64 = undefined; + var x285: u1 = undefined; + fiatP384AddcarryxU64(&x284, &x285, x283, x248, x272); + var x286: u64 = undefined; + var x287: u1 = undefined; + fiatP384AddcarryxU64(&x286, &x287, x285, x250, x274); + var x288: u64 = undefined; + var x289: u1 = undefined; + fiatP384AddcarryxU64(&x288, &x289, x287, (@intCast(u64, x251) + @intCast(u64, x239)), (@intCast(u64, x275) + x255)); + var x290: u64 = undefined; + var x291: u1 = undefined; + fiatP384SubborrowxU64(&x290, &x291, 0x0, x278, 0xffffffff); + var x292: u64 = undefined; + var x293: u1 = undefined; + fiatP384SubborrowxU64(&x292, &x293, x291, x280, 0xffffffff00000000); + var x294: u64 = undefined; + var x295: u1 = undefined; + fiatP384SubborrowxU64(&x294, &x295, x293, x282, 0xfffffffffffffffe); + var x296: u64 = undefined; + var x297: u1 = undefined; + fiatP384SubborrowxU64(&x296, &x297, x295, x284, 0xffffffffffffffff); + var x298: u64 = undefined; + var x299: u1 = undefined; + fiatP384SubborrowxU64(&x298, &x299, x297, x286, 0xffffffffffffffff); + var x300: u64 = undefined; + var x301: u1 = undefined; + fiatP384SubborrowxU64(&x300, &x301, x299, x288, 0xffffffffffffffff); + var x302: u64 = undefined; + var x303: u1 = undefined; + fiatP384SubborrowxU64(&x302, &x303, x301, @intCast(u64, x289), @intCast(u64, 0x0)); + var x304: u64 = undefined; + fiatP384CmovznzU64(&x304, x303, x290, x278); + var x305: u64 = undefined; + fiatP384CmovznzU64(&x305, x303, x292, x280); + var x306: u64 = undefined; + fiatP384CmovznzU64(&x306, x303, x294, x282); + var x307: u64 = undefined; + fiatP384CmovznzU64(&x307, x303, x296, x284); + var x308: u64 = undefined; + fiatP384CmovznzU64(&x308, x303, x298, x286); + var x309: u64 = undefined; + fiatP384CmovznzU64(&x309, x303, x300, x288); + out1[0] = x304; + out1[1] = x305; + out1[2] = x306; + out1[3] = x307; + out1[4] = x308; + out1[5] = x309; +} + +/// The function fiatP384ToMontgomery translates a field element into the Montgomery domain. +/// Preconditions: +/// 0 ≤ eval arg1 < m +/// Postconditions: +/// eval (from_montgomery out1) mod m = eval arg1 mod m +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +pub fn fiatP384ToMontgomery(out1: *[6]u64, arg1: [6]u64) void { + const x1: u64 = (arg1[1]); + const x2: u64 = (arg1[2]); + const x3: u64 = (arg1[3]); + const x4: u64 = (arg1[4]); + const x5: u64 = (arg1[5]); + const x6: u64 = (arg1[0]); + var x7: u64 = undefined; + var x8: u64 = undefined; + fiatP384MulxU64(&x7, &x8, x6, 0x200000000); + var x9: u64 = undefined; + var x10: u64 = undefined; + fiatP384MulxU64(&x9, &x10, x6, 0xfffffffe00000000); + var x11: u64 = undefined; + var x12: u64 = undefined; + fiatP384MulxU64(&x11, &x12, x6, 0x200000000); + var x13: u64 = undefined; + var x14: u64 = undefined; + fiatP384MulxU64(&x13, &x14, x6, 0xfffffffe00000001); + var x15: u64 = undefined; + var x16: u1 = undefined; + fiatP384AddcarryxU64(&x15, &x16, 0x0, x14, x11); + var x17: u64 = undefined; + var x18: u1 = undefined; + fiatP384AddcarryxU64(&x17, &x18, x16, x12, x9); + var x19: u64 = undefined; + var x20: u1 = undefined; + fiatP384AddcarryxU64(&x19, &x20, x18, x10, x7); + var x21: u64 = undefined; + var x22: u1 = undefined; + fiatP384AddcarryxU64(&x21, &x22, x20, x8, x6); + var x23: u64 = undefined; + var x24: u64 = undefined; + fiatP384MulxU64(&x23, &x24, x13, 0x100000001); + var x25: u64 = undefined; + var x26: u64 = undefined; + fiatP384MulxU64(&x25, &x26, x23, 0xffffffffffffffff); + var x27: u64 = undefined; + var x28: u64 = undefined; + fiatP384MulxU64(&x27, &x28, x23, 0xffffffffffffffff); + var x29: u64 = undefined; + var x30: u64 = undefined; + fiatP384MulxU64(&x29, &x30, x23, 0xffffffffffffffff); + var x31: u64 = undefined; + var x32: u64 = undefined; + fiatP384MulxU64(&x31, &x32, x23, 0xfffffffffffffffe); + var x33: u64 = undefined; + var x34: u64 = undefined; + fiatP384MulxU64(&x33, &x34, x23, 0xffffffff00000000); + var x35: u64 = undefined; + var x36: u64 = undefined; + fiatP384MulxU64(&x35, &x36, x23, 0xffffffff); + var x37: u64 = undefined; + var x38: u1 = undefined; + fiatP384AddcarryxU64(&x37, &x38, 0x0, x36, x33); + var x39: u64 = undefined; + var x40: u1 = undefined; + fiatP384AddcarryxU64(&x39, &x40, x38, x34, x31); + var x41: u64 = undefined; + var x42: u1 = undefined; + fiatP384AddcarryxU64(&x41, &x42, x40, x32, x29); + var x43: u64 = undefined; + var x44: u1 = undefined; + fiatP384AddcarryxU64(&x43, &x44, x42, x30, x27); + var x45: u64 = undefined; + var x46: u1 = undefined; + fiatP384AddcarryxU64(&x45, &x46, x44, x28, x25); + var x47: u64 = undefined; + var x48: u1 = undefined; + fiatP384AddcarryxU64(&x47, &x48, 0x0, x13, x35); + var x49: u64 = undefined; + var x50: u1 = undefined; + fiatP384AddcarryxU64(&x49, &x50, x48, x15, x37); + var x51: u64 = undefined; + var x52: u1 = undefined; + fiatP384AddcarryxU64(&x51, &x52, x50, x17, x39); + var x53: u64 = undefined; + var x54: u1 = undefined; + fiatP384AddcarryxU64(&x53, &x54, x52, x19, x41); + var x55: u64 = undefined; + var x56: u1 = undefined; + fiatP384AddcarryxU64(&x55, &x56, x54, x21, x43); + var x57: u64 = undefined; + var x58: u1 = undefined; + fiatP384AddcarryxU64(&x57, &x58, x56, @intCast(u64, x22), x45); + var x59: u64 = undefined; + var x60: u1 = undefined; + fiatP384AddcarryxU64(&x59, &x60, x58, @intCast(u64, 0x0), (@intCast(u64, x46) + x26)); + var x61: u64 = undefined; + var x62: u64 = undefined; + fiatP384MulxU64(&x61, &x62, x1, 0x200000000); + var x63: u64 = undefined; + var x64: u64 = undefined; + fiatP384MulxU64(&x63, &x64, x1, 0xfffffffe00000000); + var x65: u64 = undefined; + var x66: u64 = undefined; + fiatP384MulxU64(&x65, &x66, x1, 0x200000000); + var x67: u64 = undefined; + var x68: u64 = undefined; + fiatP384MulxU64(&x67, &x68, x1, 0xfffffffe00000001); + var x69: u64 = undefined; + var x70: u1 = undefined; + fiatP384AddcarryxU64(&x69, &x70, 0x0, x68, x65); + var x71: u64 = undefined; + var x72: u1 = undefined; + fiatP384AddcarryxU64(&x71, &x72, x70, x66, x63); + var x73: u64 = undefined; + var x74: u1 = undefined; + fiatP384AddcarryxU64(&x73, &x74, x72, x64, x61); + var x75: u64 = undefined; + var x76: u1 = undefined; + fiatP384AddcarryxU64(&x75, &x76, x74, x62, x1); + var x77: u64 = undefined; + var x78: u1 = undefined; + fiatP384AddcarryxU64(&x77, &x78, 0x0, x49, x67); + var x79: u64 = undefined; + var x80: u1 = undefined; + fiatP384AddcarryxU64(&x79, &x80, x78, x51, x69); + var x81: u64 = undefined; + var x82: u1 = undefined; + fiatP384AddcarryxU64(&x81, &x82, x80, x53, x71); + var x83: u64 = undefined; + var x84: u1 = undefined; + fiatP384AddcarryxU64(&x83, &x84, x82, x55, x73); + var x85: u64 = undefined; + var x86: u1 = undefined; + fiatP384AddcarryxU64(&x85, &x86, x84, x57, x75); + var x87: u64 = undefined; + var x88: u1 = undefined; + fiatP384AddcarryxU64(&x87, &x88, x86, x59, @intCast(u64, x76)); + var x89: u64 = undefined; + var x90: u64 = undefined; + fiatP384MulxU64(&x89, &x90, x77, 0x100000001); + var x91: u64 = undefined; + var x92: u64 = undefined; + fiatP384MulxU64(&x91, &x92, x89, 0xffffffffffffffff); + var x93: u64 = undefined; + var x94: u64 = undefined; + fiatP384MulxU64(&x93, &x94, x89, 0xffffffffffffffff); + var x95: u64 = undefined; + var x96: u64 = undefined; + fiatP384MulxU64(&x95, &x96, x89, 0xffffffffffffffff); + var x97: u64 = undefined; + var x98: u64 = undefined; + fiatP384MulxU64(&x97, &x98, x89, 0xfffffffffffffffe); + var x99: u64 = undefined; + var x100: u64 = undefined; + fiatP384MulxU64(&x99, &x100, x89, 0xffffffff00000000); + var x101: u64 = undefined; + var x102: u64 = undefined; + fiatP384MulxU64(&x101, &x102, x89, 0xffffffff); + var x103: u64 = undefined; + var x104: u1 = undefined; + fiatP384AddcarryxU64(&x103, &x104, 0x0, x102, x99); + var x105: u64 = undefined; + var x106: u1 = undefined; + fiatP384AddcarryxU64(&x105, &x106, x104, x100, x97); + var x107: u64 = undefined; + var x108: u1 = undefined; + fiatP384AddcarryxU64(&x107, &x108, x106, x98, x95); + var x109: u64 = undefined; + var x110: u1 = undefined; + fiatP384AddcarryxU64(&x109, &x110, x108, x96, x93); + var x111: u64 = undefined; + var x112: u1 = undefined; + fiatP384AddcarryxU64(&x111, &x112, x110, x94, x91); + var x113: u64 = undefined; + var x114: u1 = undefined; + fiatP384AddcarryxU64(&x113, &x114, 0x0, x77, x101); + var x115: u64 = undefined; + var x116: u1 = undefined; + fiatP384AddcarryxU64(&x115, &x116, x114, x79, x103); + var x117: u64 = undefined; + var x118: u1 = undefined; + fiatP384AddcarryxU64(&x117, &x118, x116, x81, x105); + var x119: u64 = undefined; + var x120: u1 = undefined; + fiatP384AddcarryxU64(&x119, &x120, x118, x83, x107); + var x121: u64 = undefined; + var x122: u1 = undefined; + fiatP384AddcarryxU64(&x121, &x122, x120, x85, x109); + var x123: u64 = undefined; + var x124: u1 = undefined; + fiatP384AddcarryxU64(&x123, &x124, x122, x87, x111); + var x125: u64 = undefined; + var x126: u1 = undefined; + fiatP384AddcarryxU64(&x125, &x126, x124, (@intCast(u64, x88) + @intCast(u64, x60)), (@intCast(u64, x112) + x92)); + var x127: u64 = undefined; + var x128: u64 = undefined; + fiatP384MulxU64(&x127, &x128, x2, 0x200000000); + var x129: u64 = undefined; + var x130: u64 = undefined; + fiatP384MulxU64(&x129, &x130, x2, 0xfffffffe00000000); + var x131: u64 = undefined; + var x132: u64 = undefined; + fiatP384MulxU64(&x131, &x132, x2, 0x200000000); + var x133: u64 = undefined; + var x134: u64 = undefined; + fiatP384MulxU64(&x133, &x134, x2, 0xfffffffe00000001); + var x135: u64 = undefined; + var x136: u1 = undefined; + fiatP384AddcarryxU64(&x135, &x136, 0x0, x134, x131); + var x137: u64 = undefined; + var x138: u1 = undefined; + fiatP384AddcarryxU64(&x137, &x138, x136, x132, x129); + var x139: u64 = undefined; + var x140: u1 = undefined; + fiatP384AddcarryxU64(&x139, &x140, x138, x130, x127); + var x141: u64 = undefined; + var x142: u1 = undefined; + fiatP384AddcarryxU64(&x141, &x142, x140, x128, x2); + var x143: u64 = undefined; + var x144: u1 = undefined; + fiatP384AddcarryxU64(&x143, &x144, 0x0, x115, x133); + var x145: u64 = undefined; + var x146: u1 = undefined; + fiatP384AddcarryxU64(&x145, &x146, x144, x117, x135); + var x147: u64 = undefined; + var x148: u1 = undefined; + fiatP384AddcarryxU64(&x147, &x148, x146, x119, x137); + var x149: u64 = undefined; + var x150: u1 = undefined; + fiatP384AddcarryxU64(&x149, &x150, x148, x121, x139); + var x151: u64 = undefined; + var x152: u1 = undefined; + fiatP384AddcarryxU64(&x151, &x152, x150, x123, x141); + var x153: u64 = undefined; + var x154: u1 = undefined; + fiatP384AddcarryxU64(&x153, &x154, x152, x125, @intCast(u64, x142)); + var x155: u64 = undefined; + var x156: u64 = undefined; + fiatP384MulxU64(&x155, &x156, x143, 0x100000001); + var x157: u64 = undefined; + var x158: u64 = undefined; + fiatP384MulxU64(&x157, &x158, x155, 0xffffffffffffffff); + var x159: u64 = undefined; + var x160: u64 = undefined; + fiatP384MulxU64(&x159, &x160, x155, 0xffffffffffffffff); + var x161: u64 = undefined; + var x162: u64 = undefined; + fiatP384MulxU64(&x161, &x162, x155, 0xffffffffffffffff); + var x163: u64 = undefined; + var x164: u64 = undefined; + fiatP384MulxU64(&x163, &x164, x155, 0xfffffffffffffffe); + var x165: u64 = undefined; + var x166: u64 = undefined; + fiatP384MulxU64(&x165, &x166, x155, 0xffffffff00000000); + var x167: u64 = undefined; + var x168: u64 = undefined; + fiatP384MulxU64(&x167, &x168, x155, 0xffffffff); + var x169: u64 = undefined; + var x170: u1 = undefined; + fiatP384AddcarryxU64(&x169, &x170, 0x0, x168, x165); + var x171: u64 = undefined; + var x172: u1 = undefined; + fiatP384AddcarryxU64(&x171, &x172, x170, x166, x163); + var x173: u64 = undefined; + var x174: u1 = undefined; + fiatP384AddcarryxU64(&x173, &x174, x172, x164, x161); + var x175: u64 = undefined; + var x176: u1 = undefined; + fiatP384AddcarryxU64(&x175, &x176, x174, x162, x159); + var x177: u64 = undefined; + var x178: u1 = undefined; + fiatP384AddcarryxU64(&x177, &x178, x176, x160, x157); + var x179: u64 = undefined; + var x180: u1 = undefined; + fiatP384AddcarryxU64(&x179, &x180, 0x0, x143, x167); + var x181: u64 = undefined; + var x182: u1 = undefined; + fiatP384AddcarryxU64(&x181, &x182, x180, x145, x169); + var x183: u64 = undefined; + var x184: u1 = undefined; + fiatP384AddcarryxU64(&x183, &x184, x182, x147, x171); + var x185: u64 = undefined; + var x186: u1 = undefined; + fiatP384AddcarryxU64(&x185, &x186, x184, x149, x173); + var x187: u64 = undefined; + var x188: u1 = undefined; + fiatP384AddcarryxU64(&x187, &x188, x186, x151, x175); + var x189: u64 = undefined; + var x190: u1 = undefined; + fiatP384AddcarryxU64(&x189, &x190, x188, x153, x177); + var x191: u64 = undefined; + var x192: u1 = undefined; + fiatP384AddcarryxU64(&x191, &x192, x190, (@intCast(u64, x154) + @intCast(u64, x126)), (@intCast(u64, x178) + x158)); + var x193: u64 = undefined; + var x194: u64 = undefined; + fiatP384MulxU64(&x193, &x194, x3, 0x200000000); + var x195: u64 = undefined; + var x196: u64 = undefined; + fiatP384MulxU64(&x195, &x196, x3, 0xfffffffe00000000); + var x197: u64 = undefined; + var x198: u64 = undefined; + fiatP384MulxU64(&x197, &x198, x3, 0x200000000); + var x199: u64 = undefined; + var x200: u64 = undefined; + fiatP384MulxU64(&x199, &x200, x3, 0xfffffffe00000001); + var x201: u64 = undefined; + var x202: u1 = undefined; + fiatP384AddcarryxU64(&x201, &x202, 0x0, x200, x197); + var x203: u64 = undefined; + var x204: u1 = undefined; + fiatP384AddcarryxU64(&x203, &x204, x202, x198, x195); + var x205: u64 = undefined; + var x206: u1 = undefined; + fiatP384AddcarryxU64(&x205, &x206, x204, x196, x193); + var x207: u64 = undefined; + var x208: u1 = undefined; + fiatP384AddcarryxU64(&x207, &x208, x206, x194, x3); + var x209: u64 = undefined; + var x210: u1 = undefined; + fiatP384AddcarryxU64(&x209, &x210, 0x0, x181, x199); + var x211: u64 = undefined; + var x212: u1 = undefined; + fiatP384AddcarryxU64(&x211, &x212, x210, x183, x201); + var x213: u64 = undefined; + var x214: u1 = undefined; + fiatP384AddcarryxU64(&x213, &x214, x212, x185, x203); + var x215: u64 = undefined; + var x216: u1 = undefined; + fiatP384AddcarryxU64(&x215, &x216, x214, x187, x205); + var x217: u64 = undefined; + var x218: u1 = undefined; + fiatP384AddcarryxU64(&x217, &x218, x216, x189, x207); + var x219: u64 = undefined; + var x220: u1 = undefined; + fiatP384AddcarryxU64(&x219, &x220, x218, x191, @intCast(u64, x208)); + var x221: u64 = undefined; + var x222: u64 = undefined; + fiatP384MulxU64(&x221, &x222, x209, 0x100000001); + var x223: u64 = undefined; + var x224: u64 = undefined; + fiatP384MulxU64(&x223, &x224, x221, 0xffffffffffffffff); + var x225: u64 = undefined; + var x226: u64 = undefined; + fiatP384MulxU64(&x225, &x226, x221, 0xffffffffffffffff); + var x227: u64 = undefined; + var x228: u64 = undefined; + fiatP384MulxU64(&x227, &x228, x221, 0xffffffffffffffff); + var x229: u64 = undefined; + var x230: u64 = undefined; + fiatP384MulxU64(&x229, &x230, x221, 0xfffffffffffffffe); + var x231: u64 = undefined; + var x232: u64 = undefined; + fiatP384MulxU64(&x231, &x232, x221, 0xffffffff00000000); + var x233: u64 = undefined; + var x234: u64 = undefined; + fiatP384MulxU64(&x233, &x234, x221, 0xffffffff); + var x235: u64 = undefined; + var x236: u1 = undefined; + fiatP384AddcarryxU64(&x235, &x236, 0x0, x234, x231); + var x237: u64 = undefined; + var x238: u1 = undefined; + fiatP384AddcarryxU64(&x237, &x238, x236, x232, x229); + var x239: u64 = undefined; + var x240: u1 = undefined; + fiatP384AddcarryxU64(&x239, &x240, x238, x230, x227); + var x241: u64 = undefined; + var x242: u1 = undefined; + fiatP384AddcarryxU64(&x241, &x242, x240, x228, x225); + var x243: u64 = undefined; + var x244: u1 = undefined; + fiatP384AddcarryxU64(&x243, &x244, x242, x226, x223); + var x245: u64 = undefined; + var x246: u1 = undefined; + fiatP384AddcarryxU64(&x245, &x246, 0x0, x209, x233); + var x247: u64 = undefined; + var x248: u1 = undefined; + fiatP384AddcarryxU64(&x247, &x248, x246, x211, x235); + var x249: u64 = undefined; + var x250: u1 = undefined; + fiatP384AddcarryxU64(&x249, &x250, x248, x213, x237); + var x251: u64 = undefined; + var x252: u1 = undefined; + fiatP384AddcarryxU64(&x251, &x252, x250, x215, x239); + var x253: u64 = undefined; + var x254: u1 = undefined; + fiatP384AddcarryxU64(&x253, &x254, x252, x217, x241); + var x255: u64 = undefined; + var x256: u1 = undefined; + fiatP384AddcarryxU64(&x255, &x256, x254, x219, x243); + var x257: u64 = undefined; + var x258: u1 = undefined; + fiatP384AddcarryxU64(&x257, &x258, x256, (@intCast(u64, x220) + @intCast(u64, x192)), (@intCast(u64, x244) + x224)); + var x259: u64 = undefined; + var x260: u64 = undefined; + fiatP384MulxU64(&x259, &x260, x4, 0x200000000); + var x261: u64 = undefined; + var x262: u64 = undefined; + fiatP384MulxU64(&x261, &x262, x4, 0xfffffffe00000000); + var x263: u64 = undefined; + var x264: u64 = undefined; + fiatP384MulxU64(&x263, &x264, x4, 0x200000000); + var x265: u64 = undefined; + var x266: u64 = undefined; + fiatP384MulxU64(&x265, &x266, x4, 0xfffffffe00000001); + var x267: u64 = undefined; + var x268: u1 = undefined; + fiatP384AddcarryxU64(&x267, &x268, 0x0, x266, x263); + var x269: u64 = undefined; + var x270: u1 = undefined; + fiatP384AddcarryxU64(&x269, &x270, x268, x264, x261); + var x271: u64 = undefined; + var x272: u1 = undefined; + fiatP384AddcarryxU64(&x271, &x272, x270, x262, x259); + var x273: u64 = undefined; + var x274: u1 = undefined; + fiatP384AddcarryxU64(&x273, &x274, x272, x260, x4); + var x275: u64 = undefined; + var x276: u1 = undefined; + fiatP384AddcarryxU64(&x275, &x276, 0x0, x247, x265); + var x277: u64 = undefined; + var x278: u1 = undefined; + fiatP384AddcarryxU64(&x277, &x278, x276, x249, x267); + var x279: u64 = undefined; + var x280: u1 = undefined; + fiatP384AddcarryxU64(&x279, &x280, x278, x251, x269); + var x281: u64 = undefined; + var x282: u1 = undefined; + fiatP384AddcarryxU64(&x281, &x282, x280, x253, x271); + var x283: u64 = undefined; + var x284: u1 = undefined; + fiatP384AddcarryxU64(&x283, &x284, x282, x255, x273); + var x285: u64 = undefined; + var x286: u1 = undefined; + fiatP384AddcarryxU64(&x285, &x286, x284, x257, @intCast(u64, x274)); + var x287: u64 = undefined; + var x288: u64 = undefined; + fiatP384MulxU64(&x287, &x288, x275, 0x100000001); + var x289: u64 = undefined; + var x290: u64 = undefined; + fiatP384MulxU64(&x289, &x290, x287, 0xffffffffffffffff); + var x291: u64 = undefined; + var x292: u64 = undefined; + fiatP384MulxU64(&x291, &x292, x287, 0xffffffffffffffff); + var x293: u64 = undefined; + var x294: u64 = undefined; + fiatP384MulxU64(&x293, &x294, x287, 0xffffffffffffffff); + var x295: u64 = undefined; + var x296: u64 = undefined; + fiatP384MulxU64(&x295, &x296, x287, 0xfffffffffffffffe); + var x297: u64 = undefined; + var x298: u64 = undefined; + fiatP384MulxU64(&x297, &x298, x287, 0xffffffff00000000); + var x299: u64 = undefined; + var x300: u64 = undefined; + fiatP384MulxU64(&x299, &x300, x287, 0xffffffff); + var x301: u64 = undefined; + var x302: u1 = undefined; + fiatP384AddcarryxU64(&x301, &x302, 0x0, x300, x297); + var x303: u64 = undefined; + var x304: u1 = undefined; + fiatP384AddcarryxU64(&x303, &x304, x302, x298, x295); + var x305: u64 = undefined; + var x306: u1 = undefined; + fiatP384AddcarryxU64(&x305, &x306, x304, x296, x293); + var x307: u64 = undefined; + var x308: u1 = undefined; + fiatP384AddcarryxU64(&x307, &x308, x306, x294, x291); + var x309: u64 = undefined; + var x310: u1 = undefined; + fiatP384AddcarryxU64(&x309, &x310, x308, x292, x289); + var x311: u64 = undefined; + var x312: u1 = undefined; + fiatP384AddcarryxU64(&x311, &x312, 0x0, x275, x299); + var x313: u64 = undefined; + var x314: u1 = undefined; + fiatP384AddcarryxU64(&x313, &x314, x312, x277, x301); + var x315: u64 = undefined; + var x316: u1 = undefined; + fiatP384AddcarryxU64(&x315, &x316, x314, x279, x303); + var x317: u64 = undefined; + var x318: u1 = undefined; + fiatP384AddcarryxU64(&x317, &x318, x316, x281, x305); + var x319: u64 = undefined; + var x320: u1 = undefined; + fiatP384AddcarryxU64(&x319, &x320, x318, x283, x307); + var x321: u64 = undefined; + var x322: u1 = undefined; + fiatP384AddcarryxU64(&x321, &x322, x320, x285, x309); + var x323: u64 = undefined; + var x324: u1 = undefined; + fiatP384AddcarryxU64(&x323, &x324, x322, (@intCast(u64, x286) + @intCast(u64, x258)), (@intCast(u64, x310) + x290)); + var x325: u64 = undefined; + var x326: u64 = undefined; + fiatP384MulxU64(&x325, &x326, x5, 0x200000000); + var x327: u64 = undefined; + var x328: u64 = undefined; + fiatP384MulxU64(&x327, &x328, x5, 0xfffffffe00000000); + var x329: u64 = undefined; + var x330: u64 = undefined; + fiatP384MulxU64(&x329, &x330, x5, 0x200000000); + var x331: u64 = undefined; + var x332: u64 = undefined; + fiatP384MulxU64(&x331, &x332, x5, 0xfffffffe00000001); + var x333: u64 = undefined; + var x334: u1 = undefined; + fiatP384AddcarryxU64(&x333, &x334, 0x0, x332, x329); + var x335: u64 = undefined; + var x336: u1 = undefined; + fiatP384AddcarryxU64(&x335, &x336, x334, x330, x327); + var x337: u64 = undefined; + var x338: u1 = undefined; + fiatP384AddcarryxU64(&x337, &x338, x336, x328, x325); + var x339: u64 = undefined; + var x340: u1 = undefined; + fiatP384AddcarryxU64(&x339, &x340, x338, x326, x5); + var x341: u64 = undefined; + var x342: u1 = undefined; + fiatP384AddcarryxU64(&x341, &x342, 0x0, x313, x331); + var x343: u64 = undefined; + var x344: u1 = undefined; + fiatP384AddcarryxU64(&x343, &x344, x342, x315, x333); + var x345: u64 = undefined; + var x346: u1 = undefined; + fiatP384AddcarryxU64(&x345, &x346, x344, x317, x335); + var x347: u64 = undefined; + var x348: u1 = undefined; + fiatP384AddcarryxU64(&x347, &x348, x346, x319, x337); + var x349: u64 = undefined; + var x350: u1 = undefined; + fiatP384AddcarryxU64(&x349, &x350, x348, x321, x339); + var x351: u64 = undefined; + var x352: u1 = undefined; + fiatP384AddcarryxU64(&x351, &x352, x350, x323, @intCast(u64, x340)); + var x353: u64 = undefined; + var x354: u64 = undefined; + fiatP384MulxU64(&x353, &x354, x341, 0x100000001); + var x355: u64 = undefined; + var x356: u64 = undefined; + fiatP384MulxU64(&x355, &x356, x353, 0xffffffffffffffff); + var x357: u64 = undefined; + var x358: u64 = undefined; + fiatP384MulxU64(&x357, &x358, x353, 0xffffffffffffffff); + var x359: u64 = undefined; + var x360: u64 = undefined; + fiatP384MulxU64(&x359, &x360, x353, 0xffffffffffffffff); + var x361: u64 = undefined; + var x362: u64 = undefined; + fiatP384MulxU64(&x361, &x362, x353, 0xfffffffffffffffe); + var x363: u64 = undefined; + var x364: u64 = undefined; + fiatP384MulxU64(&x363, &x364, x353, 0xffffffff00000000); + var x365: u64 = undefined; + var x366: u64 = undefined; + fiatP384MulxU64(&x365, &x366, x353, 0xffffffff); + var x367: u64 = undefined; + var x368: u1 = undefined; + fiatP384AddcarryxU64(&x367, &x368, 0x0, x366, x363); + var x369: u64 = undefined; + var x370: u1 = undefined; + fiatP384AddcarryxU64(&x369, &x370, x368, x364, x361); + var x371: u64 = undefined; + var x372: u1 = undefined; + fiatP384AddcarryxU64(&x371, &x372, x370, x362, x359); + var x373: u64 = undefined; + var x374: u1 = undefined; + fiatP384AddcarryxU64(&x373, &x374, x372, x360, x357); + var x375: u64 = undefined; + var x376: u1 = undefined; + fiatP384AddcarryxU64(&x375, &x376, x374, x358, x355); + var x377: u64 = undefined; + var x378: u1 = undefined; + fiatP384AddcarryxU64(&x377, &x378, 0x0, x341, x365); + var x379: u64 = undefined; + var x380: u1 = undefined; + fiatP384AddcarryxU64(&x379, &x380, x378, x343, x367); + var x381: u64 = undefined; + var x382: u1 = undefined; + fiatP384AddcarryxU64(&x381, &x382, x380, x345, x369); + var x383: u64 = undefined; + var x384: u1 = undefined; + fiatP384AddcarryxU64(&x383, &x384, x382, x347, x371); + var x385: u64 = undefined; + var x386: u1 = undefined; + fiatP384AddcarryxU64(&x385, &x386, x384, x349, x373); + var x387: u64 = undefined; + var x388: u1 = undefined; + fiatP384AddcarryxU64(&x387, &x388, x386, x351, x375); + var x389: u64 = undefined; + var x390: u1 = undefined; + fiatP384AddcarryxU64(&x389, &x390, x388, (@intCast(u64, x352) + @intCast(u64, x324)), (@intCast(u64, x376) + x356)); + var x391: u64 = undefined; + var x392: u1 = undefined; + fiatP384SubborrowxU64(&x391, &x392, 0x0, x379, 0xffffffff); + var x393: u64 = undefined; + var x394: u1 = undefined; + fiatP384SubborrowxU64(&x393, &x394, x392, x381, 0xffffffff00000000); + var x395: u64 = undefined; + var x396: u1 = undefined; + fiatP384SubborrowxU64(&x395, &x396, x394, x383, 0xfffffffffffffffe); + var x397: u64 = undefined; + var x398: u1 = undefined; + fiatP384SubborrowxU64(&x397, &x398, x396, x385, 0xffffffffffffffff); + var x399: u64 = undefined; + var x400: u1 = undefined; + fiatP384SubborrowxU64(&x399, &x400, x398, x387, 0xffffffffffffffff); + var x401: u64 = undefined; + var x402: u1 = undefined; + fiatP384SubborrowxU64(&x401, &x402, x400, x389, 0xffffffffffffffff); + var x403: u64 = undefined; + var x404: u1 = undefined; + fiatP384SubborrowxU64(&x403, &x404, x402, @intCast(u64, x390), @intCast(u64, 0x0)); + var x405: u64 = undefined; + fiatP384CmovznzU64(&x405, x404, x391, x379); + var x406: u64 = undefined; + fiatP384CmovznzU64(&x406, x404, x393, x381); + var x407: u64 = undefined; + fiatP384CmovznzU64(&x407, x404, x395, x383); + var x408: u64 = undefined; + fiatP384CmovznzU64(&x408, x404, x397, x385); + var x409: u64 = undefined; + fiatP384CmovznzU64(&x409, x404, x399, x387); + var x410: u64 = undefined; + fiatP384CmovznzU64(&x410, x404, x401, x389); + out1[0] = x405; + out1[1] = x406; + out1[2] = x407; + out1[3] = x408; + out1[4] = x409; + out1[5] = x410; +} + +/// The function fiatP384Nonzero outputs a single non-zero word if the input is non-zero and zero otherwise. +/// Preconditions: +/// 0 ≤ eval arg1 < m +/// Postconditions: +/// out1 = 0 ↔ eval (from_montgomery arg1) mod m = 0 +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// Output Bounds: +/// out1: [0x0 ~> 0xffffffffffffffff] +pub fn fiatP384Nonzero(out1: *u64, arg1: [6]u64) void { + const x1: u64 = ((arg1[0]) | ((arg1[1]) | ((arg1[2]) | ((arg1[3]) | ((arg1[4]) | (arg1[5])))))); + out1.* = x1; +} + +/// The function fiatP384Selectznz is a multi-limb conditional select. +/// Postconditions: +/// eval out1 = (if arg1 = 0 then eval arg2 else eval arg3) +/// +/// Input Bounds: +/// arg1: [0x0 ~> 0x1] +/// arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// arg3: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +pub fn fiatP384Selectznz(out1: *[6]u64, arg1: u1, arg2: [6]u64, arg3: [6]u64) void { + var x1: u64 = undefined; + fiatP384CmovznzU64(&x1, arg1, (arg2[0]), (arg3[0])); + var x2: u64 = undefined; + fiatP384CmovznzU64(&x2, arg1, (arg2[1]), (arg3[1])); + var x3: u64 = undefined; + fiatP384CmovznzU64(&x3, arg1, (arg2[2]), (arg3[2])); + var x4: u64 = undefined; + fiatP384CmovznzU64(&x4, arg1, (arg2[3]), (arg3[3])); + var x5: u64 = undefined; + fiatP384CmovznzU64(&x5, arg1, (arg2[4]), (arg3[4])); + var x6: u64 = undefined; + fiatP384CmovznzU64(&x6, arg1, (arg2[5]), (arg3[5])); + out1[0] = x1; + out1[1] = x2; + out1[2] = x3; + out1[3] = x4; + out1[4] = x5; + out1[5] = x6; +} + +/// The function fiatP384ToBytes serializes a field element NOT in the Montgomery domain to bytes in little-endian order. +/// Preconditions: +/// 0 ≤ eval arg1 < m +/// Postconditions: +/// out1 = map (λ x, ⌊((eval arg1 mod m) mod 2^(8 * (x + 1))) / 2^(8 * x)⌋) [0..47] +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff]] +pub fn fiatP384ToBytes(out1: *[48]u8, arg1: [6]u64) void { + const x1: u64 = (arg1[5]); + const x2: u64 = (arg1[4]); + const x3: u64 = (arg1[3]); + const x4: u64 = (arg1[2]); + const x5: u64 = (arg1[1]); + const x6: u64 = (arg1[0]); + const x7: u8 = @intCast(u8, (x6 & @intCast(u64, 0xff))); + const x8: u64 = (x6 >> 8); + const x9: u8 = @intCast(u8, (x8 & @intCast(u64, 0xff))); + const x10: u64 = (x8 >> 8); + const x11: u8 = @intCast(u8, (x10 & @intCast(u64, 0xff))); + const x12: u64 = (x10 >> 8); + const x13: u8 = @intCast(u8, (x12 & @intCast(u64, 0xff))); + const x14: u64 = (x12 >> 8); + const x15: u8 = @intCast(u8, (x14 & @intCast(u64, 0xff))); + const x16: u64 = (x14 >> 8); + const x17: u8 = @intCast(u8, (x16 & @intCast(u64, 0xff))); + const x18: u64 = (x16 >> 8); + const x19: u8 = @intCast(u8, (x18 & @intCast(u64, 0xff))); + const x20: u8 = @intCast(u8, (x18 >> 8)); + const x21: u8 = @intCast(u8, (x5 & @intCast(u64, 0xff))); + const x22: u64 = (x5 >> 8); + const x23: u8 = @intCast(u8, (x22 & @intCast(u64, 0xff))); + const x24: u64 = (x22 >> 8); + const x25: u8 = @intCast(u8, (x24 & @intCast(u64, 0xff))); + const x26: u64 = (x24 >> 8); + const x27: u8 = @intCast(u8, (x26 & @intCast(u64, 0xff))); + const x28: u64 = (x26 >> 8); + const x29: u8 = @intCast(u8, (x28 & @intCast(u64, 0xff))); + const x30: u64 = (x28 >> 8); + const x31: u8 = @intCast(u8, (x30 & @intCast(u64, 0xff))); + const x32: u64 = (x30 >> 8); + const x33: u8 = @intCast(u8, (x32 & @intCast(u64, 0xff))); + const x34: u8 = @intCast(u8, (x32 >> 8)); + const x35: u8 = @intCast(u8, (x4 & @intCast(u64, 0xff))); + const x36: u64 = (x4 >> 8); + const x37: u8 = @intCast(u8, (x36 & @intCast(u64, 0xff))); + const x38: u64 = (x36 >> 8); + const x39: u8 = @intCast(u8, (x38 & @intCast(u64, 0xff))); + const x40: u64 = (x38 >> 8); + const x41: u8 = @intCast(u8, (x40 & @intCast(u64, 0xff))); + const x42: u64 = (x40 >> 8); + const x43: u8 = @intCast(u8, (x42 & @intCast(u64, 0xff))); + const x44: u64 = (x42 >> 8); + const x45: u8 = @intCast(u8, (x44 & @intCast(u64, 0xff))); + const x46: u64 = (x44 >> 8); + const x47: u8 = @intCast(u8, (x46 & @intCast(u64, 0xff))); + const x48: u8 = @intCast(u8, (x46 >> 8)); + const x49: u8 = @intCast(u8, (x3 & @intCast(u64, 0xff))); + const x50: u64 = (x3 >> 8); + const x51: u8 = @intCast(u8, (x50 & @intCast(u64, 0xff))); + const x52: u64 = (x50 >> 8); + const x53: u8 = @intCast(u8, (x52 & @intCast(u64, 0xff))); + const x54: u64 = (x52 >> 8); + const x55: u8 = @intCast(u8, (x54 & @intCast(u64, 0xff))); + const x56: u64 = (x54 >> 8); + const x57: u8 = @intCast(u8, (x56 & @intCast(u64, 0xff))); + const x58: u64 = (x56 >> 8); + const x59: u8 = @intCast(u8, (x58 & @intCast(u64, 0xff))); + const x60: u64 = (x58 >> 8); + const x61: u8 = @intCast(u8, (x60 & @intCast(u64, 0xff))); + const x62: u8 = @intCast(u8, (x60 >> 8)); + const x63: u8 = @intCast(u8, (x2 & @intCast(u64, 0xff))); + const x64: u64 = (x2 >> 8); + const x65: u8 = @intCast(u8, (x64 & @intCast(u64, 0xff))); + const x66: u64 = (x64 >> 8); + const x67: u8 = @intCast(u8, (x66 & @intCast(u64, 0xff))); + const x68: u64 = (x66 >> 8); + const x69: u8 = @intCast(u8, (x68 & @intCast(u64, 0xff))); + const x70: u64 = (x68 >> 8); + const x71: u8 = @intCast(u8, (x70 & @intCast(u64, 0xff))); + const x72: u64 = (x70 >> 8); + const x73: u8 = @intCast(u8, (x72 & @intCast(u64, 0xff))); + const x74: u64 = (x72 >> 8); + const x75: u8 = @intCast(u8, (x74 & @intCast(u64, 0xff))); + const x76: u8 = @intCast(u8, (x74 >> 8)); + const x77: u8 = @intCast(u8, (x1 & @intCast(u64, 0xff))); + const x78: u64 = (x1 >> 8); + const x79: u8 = @intCast(u8, (x78 & @intCast(u64, 0xff))); + const x80: u64 = (x78 >> 8); + const x81: u8 = @intCast(u8, (x80 & @intCast(u64, 0xff))); + const x82: u64 = (x80 >> 8); + const x83: u8 = @intCast(u8, (x82 & @intCast(u64, 0xff))); + const x84: u64 = (x82 >> 8); + const x85: u8 = @intCast(u8, (x84 & @intCast(u64, 0xff))); + const x86: u64 = (x84 >> 8); + const x87: u8 = @intCast(u8, (x86 & @intCast(u64, 0xff))); + const x88: u64 = (x86 >> 8); + const x89: u8 = @intCast(u8, (x88 & @intCast(u64, 0xff))); + const x90: u8 = @intCast(u8, (x88 >> 8)); + out1[0] = x7; + out1[1] = x9; + out1[2] = x11; + out1[3] = x13; + out1[4] = x15; + out1[5] = x17; + out1[6] = x19; + out1[7] = x20; + out1[8] = x21; + out1[9] = x23; + out1[10] = x25; + out1[11] = x27; + out1[12] = x29; + out1[13] = x31; + out1[14] = x33; + out1[15] = x34; + out1[16] = x35; + out1[17] = x37; + out1[18] = x39; + out1[19] = x41; + out1[20] = x43; + out1[21] = x45; + out1[22] = x47; + out1[23] = x48; + out1[24] = x49; + out1[25] = x51; + out1[26] = x53; + out1[27] = x55; + out1[28] = x57; + out1[29] = x59; + out1[30] = x61; + out1[31] = x62; + out1[32] = x63; + out1[33] = x65; + out1[34] = x67; + out1[35] = x69; + out1[36] = x71; + out1[37] = x73; + out1[38] = x75; + out1[39] = x76; + out1[40] = x77; + out1[41] = x79; + out1[42] = x81; + out1[43] = x83; + out1[44] = x85; + out1[45] = x87; + out1[46] = x89; + out1[47] = x90; +} + +/// The function fiatP384FromBytes deserializes a field element NOT in the Montgomery domain from bytes in little-endian order. +/// Preconditions: +/// 0 ≤ bytes_eval arg1 < m +/// Postconditions: +/// eval out1 mod m = bytes_eval arg1 mod m +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +pub fn fiatP384FromBytes(out1: *[6]u64, arg1: [48]u8) void { + const x1: u64 = (@intCast(u64, (arg1[47])) << 56); + const x2: u64 = (@intCast(u64, (arg1[46])) << 48); + const x3: u64 = (@intCast(u64, (arg1[45])) << 40); + const x4: u64 = (@intCast(u64, (arg1[44])) << 32); + const x5: u64 = (@intCast(u64, (arg1[43])) << 24); + const x6: u64 = (@intCast(u64, (arg1[42])) << 16); + const x7: u64 = (@intCast(u64, (arg1[41])) << 8); + const x8: u8 = (arg1[40]); + const x9: u64 = (@intCast(u64, (arg1[39])) << 56); + const x10: u64 = (@intCast(u64, (arg1[38])) << 48); + const x11: u64 = (@intCast(u64, (arg1[37])) << 40); + const x12: u64 = (@intCast(u64, (arg1[36])) << 32); + const x13: u64 = (@intCast(u64, (arg1[35])) << 24); + const x14: u64 = (@intCast(u64, (arg1[34])) << 16); + const x15: u64 = (@intCast(u64, (arg1[33])) << 8); + const x16: u8 = (arg1[32]); + const x17: u64 = (@intCast(u64, (arg1[31])) << 56); + const x18: u64 = (@intCast(u64, (arg1[30])) << 48); + const x19: u64 = (@intCast(u64, (arg1[29])) << 40); + const x20: u64 = (@intCast(u64, (arg1[28])) << 32); + const x21: u64 = (@intCast(u64, (arg1[27])) << 24); + const x22: u64 = (@intCast(u64, (arg1[26])) << 16); + const x23: u64 = (@intCast(u64, (arg1[25])) << 8); + const x24: u8 = (arg1[24]); + const x25: u64 = (@intCast(u64, (arg1[23])) << 56); + const x26: u64 = (@intCast(u64, (arg1[22])) << 48); + const x27: u64 = (@intCast(u64, (arg1[21])) << 40); + const x28: u64 = (@intCast(u64, (arg1[20])) << 32); + const x29: u64 = (@intCast(u64, (arg1[19])) << 24); + const x30: u64 = (@intCast(u64, (arg1[18])) << 16); + const x31: u64 = (@intCast(u64, (arg1[17])) << 8); + const x32: u8 = (arg1[16]); + const x33: u64 = (@intCast(u64, (arg1[15])) << 56); + const x34: u64 = (@intCast(u64, (arg1[14])) << 48); + const x35: u64 = (@intCast(u64, (arg1[13])) << 40); + const x36: u64 = (@intCast(u64, (arg1[12])) << 32); + const x37: u64 = (@intCast(u64, (arg1[11])) << 24); + const x38: u64 = (@intCast(u64, (arg1[10])) << 16); + const x39: u64 = (@intCast(u64, (arg1[9])) << 8); + const x40: u8 = (arg1[8]); + const x41: u64 = (@intCast(u64, (arg1[7])) << 56); + const x42: u64 = (@intCast(u64, (arg1[6])) << 48); + const x43: u64 = (@intCast(u64, (arg1[5])) << 40); + const x44: u64 = (@intCast(u64, (arg1[4])) << 32); + const x45: u64 = (@intCast(u64, (arg1[3])) << 24); + const x46: u64 = (@intCast(u64, (arg1[2])) << 16); + const x47: u64 = (@intCast(u64, (arg1[1])) << 8); + const x48: u8 = (arg1[0]); + const x49: u64 = (x47 + @intCast(u64, x48)); + const x50: u64 = (x46 + x49); + const x51: u64 = (x45 + x50); + const x52: u64 = (x44 + x51); + const x53: u64 = (x43 + x52); + const x54: u64 = (x42 + x53); + const x55: u64 = (x41 + x54); + const x56: u64 = (x39 + @intCast(u64, x40)); + const x57: u64 = (x38 + x56); + const x58: u64 = (x37 + x57); + const x59: u64 = (x36 + x58); + const x60: u64 = (x35 + x59); + const x61: u64 = (x34 + x60); + const x62: u64 = (x33 + x61); + const x63: u64 = (x31 + @intCast(u64, x32)); + const x64: u64 = (x30 + x63); + const x65: u64 = (x29 + x64); + const x66: u64 = (x28 + x65); + const x67: u64 = (x27 + x66); + const x68: u64 = (x26 + x67); + const x69: u64 = (x25 + x68); + const x70: u64 = (x23 + @intCast(u64, x24)); + const x71: u64 = (x22 + x70); + const x72: u64 = (x21 + x71); + const x73: u64 = (x20 + x72); + const x74: u64 = (x19 + x73); + const x75: u64 = (x18 + x74); + const x76: u64 = (x17 + x75); + const x77: u64 = (x15 + @intCast(u64, x16)); + const x78: u64 = (x14 + x77); + const x79: u64 = (x13 + x78); + const x80: u64 = (x12 + x79); + const x81: u64 = (x11 + x80); + const x82: u64 = (x10 + x81); + const x83: u64 = (x9 + x82); + const x84: u64 = (x7 + @intCast(u64, x8)); + const x85: u64 = (x6 + x84); + const x86: u64 = (x5 + x85); + const x87: u64 = (x4 + x86); + const x88: u64 = (x3 + x87); + const x89: u64 = (x2 + x88); + const x90: u64 = (x1 + x89); + out1[0] = x55; + out1[1] = x62; + out1[2] = x69; + out1[3] = x76; + out1[4] = x83; + out1[5] = x90; +} + +/// The function fiatP384SetOne returns the field element one in the Montgomery domain. +/// Postconditions: +/// eval (from_montgomery out1) mod m = 1 mod m +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +pub fn fiatP384SetOne(out1: *[6]u64) void { + out1[0] = 0xffffffff00000001; + out1[1] = 0xffffffff; + out1[2] = @intCast(u64, 0x1); + out1[3] = @intCast(u64, 0x0); + out1[4] = @intCast(u64, 0x0); + out1[5] = @intCast(u64, 0x0); +} + +/// The function fiatP384Msat returns the saturated representation of the prime modulus. +/// Postconditions: +/// twos_complement_eval out1 = m +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +pub fn fiatP384Msat(out1: *[7]u64) void { + out1[0] = 0xffffffff; + out1[1] = 0xffffffff00000000; + out1[2] = 0xfffffffffffffffe; + out1[3] = 0xffffffffffffffff; + out1[4] = 0xffffffffffffffff; + out1[5] = 0xffffffffffffffff; + out1[6] = @intCast(u64, 0x0); +} + +/// The function fiatP384Divstep computes a divstep. +/// Preconditions: +/// 0 ≤ eval arg4 < m +/// 0 ≤ eval arg5 < m +/// Postconditions: +/// out1 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then 1 - arg1 else 1 + arg1) +/// twos_complement_eval out2 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then twos_complement_eval arg3 else twos_complement_eval arg2) +/// twos_complement_eval out3 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then ⌊(twos_complement_eval arg3 - twos_complement_eval arg2) / 2⌋ else ⌊(twos_complement_eval arg3 + (twos_complement_eval arg3 mod 2) * twos_complement_eval arg2) / 2⌋) +/// eval (from_montgomery out4) mod m = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then (2 * eval (from_montgomery arg5)) mod m else (2 * eval (from_montgomery arg4)) mod m) +/// eval (from_montgomery out5) mod m = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then (eval (from_montgomery arg4) - eval (from_montgomery arg4)) mod m else (eval (from_montgomery arg5) + (twos_complement_eval arg3 mod 2) * eval (from_montgomery arg4)) mod m) +/// 0 ≤ eval out5 < m +/// 0 ≤ eval out5 < m +/// 0 ≤ eval out2 < m +/// 0 ≤ eval out3 < m +/// +/// Input Bounds: +/// arg1: [0x0 ~> 0xffffffffffffffff] +/// arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// arg3: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// arg4: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// arg5: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// Output Bounds: +/// out1: [0x0 ~> 0xffffffffffffffff] +/// out2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// out3: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// out4: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// out5: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +pub fn fiatP384Divstep(out1: *u64, out2: *[7]u64, out3: *[7]u64, out4: *[6]u64, out5: *[6]u64, arg1: u64, arg2: [7]u64, arg3: [7]u64, arg4: [6]u64, arg5: [6]u64) void { + var x1: u64 = undefined; + var x2: u1 = undefined; + fiatP384AddcarryxU64(&x1, &x2, 0x0, (~arg1), @intCast(u64, 0x1)); + const x3: u1 = (@intCast(u1, (x1 >> 63)) & @intCast(u1, ((arg3[0]) & @intCast(u64, 0x1)))); + var x4: u64 = undefined; + var x5: u1 = undefined; + fiatP384AddcarryxU64(&x4, &x5, 0x0, (~arg1), @intCast(u64, 0x1)); + var x6: u64 = undefined; + fiatP384CmovznzU64(&x6, x3, arg1, x4); + var x7: u64 = undefined; + fiatP384CmovznzU64(&x7, x3, (arg2[0]), (arg3[0])); + var x8: u64 = undefined; + fiatP384CmovznzU64(&x8, x3, (arg2[1]), (arg3[1])); + var x9: u64 = undefined; + fiatP384CmovznzU64(&x9, x3, (arg2[2]), (arg3[2])); + var x10: u64 = undefined; + fiatP384CmovznzU64(&x10, x3, (arg2[3]), (arg3[3])); + var x11: u64 = undefined; + fiatP384CmovznzU64(&x11, x3, (arg2[4]), (arg3[4])); + var x12: u64 = undefined; + fiatP384CmovznzU64(&x12, x3, (arg2[5]), (arg3[5])); + var x13: u64 = undefined; + fiatP384CmovznzU64(&x13, x3, (arg2[6]), (arg3[6])); + var x14: u64 = undefined; + var x15: u1 = undefined; + fiatP384AddcarryxU64(&x14, &x15, 0x0, @intCast(u64, 0x1), (~(arg2[0]))); + var x16: u64 = undefined; + var x17: u1 = undefined; + fiatP384AddcarryxU64(&x16, &x17, x15, @intCast(u64, 0x0), (~(arg2[1]))); + var x18: u64 = undefined; + var x19: u1 = undefined; + fiatP384AddcarryxU64(&x18, &x19, x17, @intCast(u64, 0x0), (~(arg2[2]))); + var x20: u64 = undefined; + var x21: u1 = undefined; + fiatP384AddcarryxU64(&x20, &x21, x19, @intCast(u64, 0x0), (~(arg2[3]))); + var x22: u64 = undefined; + var x23: u1 = undefined; + fiatP384AddcarryxU64(&x22, &x23, x21, @intCast(u64, 0x0), (~(arg2[4]))); + var x24: u64 = undefined; + var x25: u1 = undefined; + fiatP384AddcarryxU64(&x24, &x25, x23, @intCast(u64, 0x0), (~(arg2[5]))); + var x26: u64 = undefined; + var x27: u1 = undefined; + fiatP384AddcarryxU64(&x26, &x27, x25, @intCast(u64, 0x0), (~(arg2[6]))); + var x28: u64 = undefined; + fiatP384CmovznzU64(&x28, x3, (arg3[0]), x14); + var x29: u64 = undefined; + fiatP384CmovznzU64(&x29, x3, (arg3[1]), x16); + var x30: u64 = undefined; + fiatP384CmovznzU64(&x30, x3, (arg3[2]), x18); + var x31: u64 = undefined; + fiatP384CmovznzU64(&x31, x3, (arg3[3]), x20); + var x32: u64 = undefined; + fiatP384CmovznzU64(&x32, x3, (arg3[4]), x22); + var x33: u64 = undefined; + fiatP384CmovznzU64(&x33, x3, (arg3[5]), x24); + var x34: u64 = undefined; + fiatP384CmovznzU64(&x34, x3, (arg3[6]), x26); + var x35: u64 = undefined; + fiatP384CmovznzU64(&x35, x3, (arg4[0]), (arg5[0])); + var x36: u64 = undefined; + fiatP384CmovznzU64(&x36, x3, (arg4[1]), (arg5[1])); + var x37: u64 = undefined; + fiatP384CmovznzU64(&x37, x3, (arg4[2]), (arg5[2])); + var x38: u64 = undefined; + fiatP384CmovznzU64(&x38, x3, (arg4[3]), (arg5[3])); + var x39: u64 = undefined; + fiatP384CmovznzU64(&x39, x3, (arg4[4]), (arg5[4])); + var x40: u64 = undefined; + fiatP384CmovznzU64(&x40, x3, (arg4[5]), (arg5[5])); + var x41: u64 = undefined; + var x42: u1 = undefined; + fiatP384AddcarryxU64(&x41, &x42, 0x0, x35, x35); + var x43: u64 = undefined; + var x44: u1 = undefined; + fiatP384AddcarryxU64(&x43, &x44, x42, x36, x36); + var x45: u64 = undefined; + var x46: u1 = undefined; + fiatP384AddcarryxU64(&x45, &x46, x44, x37, x37); + var x47: u64 = undefined; + var x48: u1 = undefined; + fiatP384AddcarryxU64(&x47, &x48, x46, x38, x38); + var x49: u64 = undefined; + var x50: u1 = undefined; + fiatP384AddcarryxU64(&x49, &x50, x48, x39, x39); + var x51: u64 = undefined; + var x52: u1 = undefined; + fiatP384AddcarryxU64(&x51, &x52, x50, x40, x40); + var x53: u64 = undefined; + var x54: u1 = undefined; + fiatP384SubborrowxU64(&x53, &x54, 0x0, x41, 0xffffffff); + var x55: u64 = undefined; + var x56: u1 = undefined; + fiatP384SubborrowxU64(&x55, &x56, x54, x43, 0xffffffff00000000); + var x57: u64 = undefined; + var x58: u1 = undefined; + fiatP384SubborrowxU64(&x57, &x58, x56, x45, 0xfffffffffffffffe); + var x59: u64 = undefined; + var x60: u1 = undefined; + fiatP384SubborrowxU64(&x59, &x60, x58, x47, 0xffffffffffffffff); + var x61: u64 = undefined; + var x62: u1 = undefined; + fiatP384SubborrowxU64(&x61, &x62, x60, x49, 0xffffffffffffffff); + var x63: u64 = undefined; + var x64: u1 = undefined; + fiatP384SubborrowxU64(&x63, &x64, x62, x51, 0xffffffffffffffff); + var x65: u64 = undefined; + var x66: u1 = undefined; + fiatP384SubborrowxU64(&x65, &x66, x64, @intCast(u64, x52), @intCast(u64, 0x0)); + const x67: u64 = (arg4[5]); + const x68: u64 = (arg4[4]); + const x69: u64 = (arg4[3]); + const x70: u64 = (arg4[2]); + const x71: u64 = (arg4[1]); + const x72: u64 = (arg4[0]); + var x73: u64 = undefined; + var x74: u1 = undefined; + fiatP384SubborrowxU64(&x73, &x74, 0x0, @intCast(u64, 0x0), x72); + var x75: u64 = undefined; + var x76: u1 = undefined; + fiatP384SubborrowxU64(&x75, &x76, x74, @intCast(u64, 0x0), x71); + var x77: u64 = undefined; + var x78: u1 = undefined; + fiatP384SubborrowxU64(&x77, &x78, x76, @intCast(u64, 0x0), x70); + var x79: u64 = undefined; + var x80: u1 = undefined; + fiatP384SubborrowxU64(&x79, &x80, x78, @intCast(u64, 0x0), x69); + var x81: u64 = undefined; + var x82: u1 = undefined; + fiatP384SubborrowxU64(&x81, &x82, x80, @intCast(u64, 0x0), x68); + var x83: u64 = undefined; + var x84: u1 = undefined; + fiatP384SubborrowxU64(&x83, &x84, x82, @intCast(u64, 0x0), x67); + var x85: u64 = undefined; + fiatP384CmovznzU64(&x85, x84, @intCast(u64, 0x0), 0xffffffffffffffff); + var x86: u64 = undefined; + var x87: u1 = undefined; + fiatP384AddcarryxU64(&x86, &x87, 0x0, x73, (x85 & 0xffffffff)); + var x88: u64 = undefined; + var x89: u1 = undefined; + fiatP384AddcarryxU64(&x88, &x89, x87, x75, (x85 & 0xffffffff00000000)); + var x90: u64 = undefined; + var x91: u1 = undefined; + fiatP384AddcarryxU64(&x90, &x91, x89, x77, (x85 & 0xfffffffffffffffe)); + var x92: u64 = undefined; + var x93: u1 = undefined; + fiatP384AddcarryxU64(&x92, &x93, x91, x79, x85); + var x94: u64 = undefined; + var x95: u1 = undefined; + fiatP384AddcarryxU64(&x94, &x95, x93, x81, x85); + var x96: u64 = undefined; + var x97: u1 = undefined; + fiatP384AddcarryxU64(&x96, &x97, x95, x83, x85); + var x98: u64 = undefined; + fiatP384CmovznzU64(&x98, x3, (arg5[0]), x86); + var x99: u64 = undefined; + fiatP384CmovznzU64(&x99, x3, (arg5[1]), x88); + var x100: u64 = undefined; + fiatP384CmovznzU64(&x100, x3, (arg5[2]), x90); + var x101: u64 = undefined; + fiatP384CmovznzU64(&x101, x3, (arg5[3]), x92); + var x102: u64 = undefined; + fiatP384CmovznzU64(&x102, x3, (arg5[4]), x94); + var x103: u64 = undefined; + fiatP384CmovznzU64(&x103, x3, (arg5[5]), x96); + const x104: u1 = @intCast(u1, (x28 & @intCast(u64, 0x1))); + var x105: u64 = undefined; + fiatP384CmovznzU64(&x105, x104, @intCast(u64, 0x0), x7); + var x106: u64 = undefined; + fiatP384CmovznzU64(&x106, x104, @intCast(u64, 0x0), x8); + var x107: u64 = undefined; + fiatP384CmovznzU64(&x107, x104, @intCast(u64, 0x0), x9); + var x108: u64 = undefined; + fiatP384CmovznzU64(&x108, x104, @intCast(u64, 0x0), x10); + var x109: u64 = undefined; + fiatP384CmovznzU64(&x109, x104, @intCast(u64, 0x0), x11); + var x110: u64 = undefined; + fiatP384CmovznzU64(&x110, x104, @intCast(u64, 0x0), x12); + var x111: u64 = undefined; + fiatP384CmovznzU64(&x111, x104, @intCast(u64, 0x0), x13); + var x112: u64 = undefined; + var x113: u1 = undefined; + fiatP384AddcarryxU64(&x112, &x113, 0x0, x28, x105); + var x114: u64 = undefined; + var x115: u1 = undefined; + fiatP384AddcarryxU64(&x114, &x115, x113, x29, x106); + var x116: u64 = undefined; + var x117: u1 = undefined; + fiatP384AddcarryxU64(&x116, &x117, x115, x30, x107); + var x118: u64 = undefined; + var x119: u1 = undefined; + fiatP384AddcarryxU64(&x118, &x119, x117, x31, x108); + var x120: u64 = undefined; + var x121: u1 = undefined; + fiatP384AddcarryxU64(&x120, &x121, x119, x32, x109); + var x122: u64 = undefined; + var x123: u1 = undefined; + fiatP384AddcarryxU64(&x122, &x123, x121, x33, x110); + var x124: u64 = undefined; + var x125: u1 = undefined; + fiatP384AddcarryxU64(&x124, &x125, x123, x34, x111); + var x126: u64 = undefined; + fiatP384CmovznzU64(&x126, x104, @intCast(u64, 0x0), x35); + var x127: u64 = undefined; + fiatP384CmovznzU64(&x127, x104, @intCast(u64, 0x0), x36); + var x128: u64 = undefined; + fiatP384CmovznzU64(&x128, x104, @intCast(u64, 0x0), x37); + var x129: u64 = undefined; + fiatP384CmovznzU64(&x129, x104, @intCast(u64, 0x0), x38); + var x130: u64 = undefined; + fiatP384CmovznzU64(&x130, x104, @intCast(u64, 0x0), x39); + var x131: u64 = undefined; + fiatP384CmovznzU64(&x131, x104, @intCast(u64, 0x0), x40); + var x132: u64 = undefined; + var x133: u1 = undefined; + fiatP384AddcarryxU64(&x132, &x133, 0x0, x98, x126); + var x134: u64 = undefined; + var x135: u1 = undefined; + fiatP384AddcarryxU64(&x134, &x135, x133, x99, x127); + var x136: u64 = undefined; + var x137: u1 = undefined; + fiatP384AddcarryxU64(&x136, &x137, x135, x100, x128); + var x138: u64 = undefined; + var x139: u1 = undefined; + fiatP384AddcarryxU64(&x138, &x139, x137, x101, x129); + var x140: u64 = undefined; + var x141: u1 = undefined; + fiatP384AddcarryxU64(&x140, &x141, x139, x102, x130); + var x142: u64 = undefined; + var x143: u1 = undefined; + fiatP384AddcarryxU64(&x142, &x143, x141, x103, x131); + var x144: u64 = undefined; + var x145: u1 = undefined; + fiatP384SubborrowxU64(&x144, &x145, 0x0, x132, 0xffffffff); + var x146: u64 = undefined; + var x147: u1 = undefined; + fiatP384SubborrowxU64(&x146, &x147, x145, x134, 0xffffffff00000000); + var x148: u64 = undefined; + var x149: u1 = undefined; + fiatP384SubborrowxU64(&x148, &x149, x147, x136, 0xfffffffffffffffe); + var x150: u64 = undefined; + var x151: u1 = undefined; + fiatP384SubborrowxU64(&x150, &x151, x149, x138, 0xffffffffffffffff); + var x152: u64 = undefined; + var x153: u1 = undefined; + fiatP384SubborrowxU64(&x152, &x153, x151, x140, 0xffffffffffffffff); + var x154: u64 = undefined; + var x155: u1 = undefined; + fiatP384SubborrowxU64(&x154, &x155, x153, x142, 0xffffffffffffffff); + var x156: u64 = undefined; + var x157: u1 = undefined; + fiatP384SubborrowxU64(&x156, &x157, x155, @intCast(u64, x143), @intCast(u64, 0x0)); + var x158: u64 = undefined; + var x159: u1 = undefined; + fiatP384AddcarryxU64(&x158, &x159, 0x0, x6, @intCast(u64, 0x1)); + const x160: u64 = ((x112 >> 1) | ((x114 << 63) & 0xffffffffffffffff)); + const x161: u64 = ((x114 >> 1) | ((x116 << 63) & 0xffffffffffffffff)); + const x162: u64 = ((x116 >> 1) | ((x118 << 63) & 0xffffffffffffffff)); + const x163: u64 = ((x118 >> 1) | ((x120 << 63) & 0xffffffffffffffff)); + const x164: u64 = ((x120 >> 1) | ((x122 << 63) & 0xffffffffffffffff)); + const x165: u64 = ((x122 >> 1) | ((x124 << 63) & 0xffffffffffffffff)); + const x166: u64 = ((x124 & 0x8000000000000000) | (x124 >> 1)); + var x167: u64 = undefined; + fiatP384CmovznzU64(&x167, x66, x53, x41); + var x168: u64 = undefined; + fiatP384CmovznzU64(&x168, x66, x55, x43); + var x169: u64 = undefined; + fiatP384CmovznzU64(&x169, x66, x57, x45); + var x170: u64 = undefined; + fiatP384CmovznzU64(&x170, x66, x59, x47); + var x171: u64 = undefined; + fiatP384CmovznzU64(&x171, x66, x61, x49); + var x172: u64 = undefined; + fiatP384CmovznzU64(&x172, x66, x63, x51); + var x173: u64 = undefined; + fiatP384CmovznzU64(&x173, x157, x144, x132); + var x174: u64 = undefined; + fiatP384CmovznzU64(&x174, x157, x146, x134); + var x175: u64 = undefined; + fiatP384CmovznzU64(&x175, x157, x148, x136); + var x176: u64 = undefined; + fiatP384CmovznzU64(&x176, x157, x150, x138); + var x177: u64 = undefined; + fiatP384CmovznzU64(&x177, x157, x152, x140); + var x178: u64 = undefined; + fiatP384CmovznzU64(&x178, x157, x154, x142); + out1.* = x158; + out2[0] = x7; + out2[1] = x8; + out2[2] = x9; + out2[3] = x10; + out2[4] = x11; + out2[5] = x12; + out2[6] = x13; + out3[0] = x160; + out3[1] = x161; + out3[2] = x162; + out3[3] = x163; + out3[4] = x164; + out3[5] = x165; + out3[6] = x166; + out4[0] = x167; + out4[1] = x168; + out4[2] = x169; + out4[3] = x170; + out4[4] = x171; + out4[5] = x172; + out5[0] = x173; + out5[1] = x174; + out5[2] = x175; + out5[3] = x176; + out5[4] = x177; + out5[5] = x178; +} + +/// The function fiatP384DivstepPrecomp returns the precomputed value for Bernstein-Yang-inversion (in montgomery form). +/// Postconditions: +/// eval (from_montgomery out1) = ⌊(m - 1) / 2⌋^(if (log2 m) + 1 < 46 then ⌊(49 * ((log2 m) + 1) + 80) / 17⌋ else ⌊(49 * ((log2 m) + 1) + 57) / 17⌋) +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +pub fn fiatP384DivstepPrecomp(out1: *[6]u64) void { + out1[0] = 0xfff69400fff18fff; + out1[1] = 0x2b7feffffd3ff; + out1[2] = 0xfffedbfffffe97ff; + out1[3] = 0x2840000002fff; + out1[4] = 0x6040000050400; + out1[5] = 0xfffc480000038000; +} + diff --git a/fiat-zig/src/p434_64.zig b/fiat-zig/src/p434_64.zig new file mode 100644 index 0000000000..f394401728 --- /dev/null +++ b/fiat-zig/src/p434_64.zig @@ -0,0 +1,4461 @@ +/// Autogenerated: 'src/ExtractionOCaml/word_by_word_montgomery' --lang Zig --internal-static --public-function-case camelCase --private-function-case camelCase p434 64 '2^216 * 3^137 - 1' mul square add sub opp from_montgomery to_montgomery nonzero selectznz to_bytes from_bytes one msat divstep divstep_precomp +/// curve description: p434 +/// machine_wordsize = 64 (from "64") +/// requested operations: mul, square, add, sub, opp, from_montgomery, to_montgomery, nonzero, selectznz, to_bytes, from_bytes, one, msat, divstep, divstep_precomp +/// m = 0x2341f271773446cfc5fd681c520567bc65c783158aea3fdc1767ae2ffffffffffffffffffffffffffffffffffffffffffffffffffffff (from "2^216 * 3^137 - 1") +/// +/// NOTE: In addition to the bounds specified above each function, all +/// functions synthesized for this Montgomery arithmetic require the +/// input to be strictly less than the prime modulus (m), and also +/// require the input to be in the unique saturated representation. +/// All functions also ensure that these two properties are true of +/// return values. +/// +/// Computed values: +/// eval z = z[0] + (z[1] << 64) + (z[2] << 128) + (z[3] << 192) + (z[4] << 256) + (z[5] << 0x140) + (z[6] << 0x180) +/// bytes_eval z = z[0] + (z[1] << 8) + (z[2] << 16) + (z[3] << 24) + (z[4] << 32) + (z[5] << 40) + (z[6] << 48) + (z[7] << 56) + (z[8] << 64) + (z[9] << 72) + (z[10] << 80) + (z[11] << 88) + (z[12] << 96) + (z[13] << 104) + (z[14] << 112) + (z[15] << 120) + (z[16] << 128) + (z[17] << 136) + (z[18] << 144) + (z[19] << 152) + (z[20] << 160) + (z[21] << 168) + (z[22] << 176) + (z[23] << 184) + (z[24] << 192) + (z[25] << 200) + (z[26] << 208) + (z[27] << 216) + (z[28] << 224) + (z[29] << 232) + (z[30] << 240) + (z[31] << 248) + (z[32] << 256) + (z[33] << 0x108) + (z[34] << 0x110) + (z[35] << 0x118) + (z[36] << 0x120) + (z[37] << 0x128) + (z[38] << 0x130) + (z[39] << 0x138) + (z[40] << 0x140) + (z[41] << 0x148) + (z[42] << 0x150) + (z[43] << 0x158) + (z[44] << 0x160) + (z[45] << 0x168) + (z[46] << 0x170) + (z[47] << 0x178) + (z[48] << 0x180) + (z[49] << 0x188) + (z[50] << 0x190) + (z[51] << 0x198) + (z[52] << 0x1a0) + (z[53] << 0x1a8) + (z[54] << 0x1b0) + + +/// The function fiatP434AddcarryxU64 is an addition with carry. +/// Postconditions: +/// out1 = (arg1 + arg2 + arg3) mod 2^64 +/// out2 = ⌊(arg1 + arg2 + arg3) / 2^64⌋ +/// +/// Input Bounds: +/// arg1: [0x0 ~> 0x1] +/// arg2: [0x0 ~> 0xffffffffffffffff] +/// arg3: [0x0 ~> 0xffffffffffffffff] +/// Output Bounds: +/// out1: [0x0 ~> 0xffffffffffffffff] +/// out2: [0x0 ~> 0x1] +fn fiatP434AddcarryxU64(out1: *u64, out2: *u1, arg1: u1, arg2: u64, arg3: u64) callconv(.Inline) void { + const x1: u128 = ((@intCast(u128, arg1) + @intCast(u128, arg2)) + @intCast(u128, arg3)); + const x2: u64 = @intCast(u64, (x1 & @intCast(u128, 0xffffffffffffffff))); + const x3: u1 = @intCast(u1, (x1 >> 64)); + out1.* = x2; + out2.* = x3; +} + +/// The function fiatP434SubborrowxU64 is a subtraction with borrow. +/// Postconditions: +/// out1 = (-arg1 + arg2 + -arg3) mod 2^64 +/// out2 = -⌊(-arg1 + arg2 + -arg3) / 2^64⌋ +/// +/// Input Bounds: +/// arg1: [0x0 ~> 0x1] +/// arg2: [0x0 ~> 0xffffffffffffffff] +/// arg3: [0x0 ~> 0xffffffffffffffff] +/// Output Bounds: +/// out1: [0x0 ~> 0xffffffffffffffff] +/// out2: [0x0 ~> 0x1] +fn fiatP434SubborrowxU64(out1: *u64, out2: *u1, arg1: u1, arg2: u64, arg3: u64) callconv(.Inline) void { + const x1: i128 = ((@intCast(i128, arg2) - @intCast(i128, arg1)) - @intCast(i128, arg3)); + const x2: i1 = @intCast(i1, (x1 >> 64)); + const x3: u64 = @intCast(u64, (x1 & @intCast(i128, 0xffffffffffffffff))); + out1.* = x3; + out2.* = @intCast(u1, (@intCast(i2, 0x0) - @intCast(i2, x2))); +} + +/// The function fiatP434MulxU64 is a multiplication, returning the full double-width result. +/// Postconditions: +/// out1 = (arg1 * arg2) mod 2^64 +/// out2 = ⌊arg1 * arg2 / 2^64⌋ +/// +/// Input Bounds: +/// arg1: [0x0 ~> 0xffffffffffffffff] +/// arg2: [0x0 ~> 0xffffffffffffffff] +/// Output Bounds: +/// out1: [0x0 ~> 0xffffffffffffffff] +/// out2: [0x0 ~> 0xffffffffffffffff] +fn fiatP434MulxU64(out1: *u64, out2: *u64, arg1: u64, arg2: u64) callconv(.Inline) void { + const x1: u128 = (@intCast(u128, arg1) * @intCast(u128, arg2)); + const x2: u64 = @intCast(u64, (x1 & @intCast(u128, 0xffffffffffffffff))); + const x3: u64 = @intCast(u64, (x1 >> 64)); + out1.* = x2; + out2.* = x3; +} + +/// The function fiatP434CmovznzU64 is a single-word conditional move. +/// Postconditions: +/// out1 = (if arg1 = 0 then arg2 else arg3) +/// +/// Input Bounds: +/// arg1: [0x0 ~> 0x1] +/// arg2: [0x0 ~> 0xffffffffffffffff] +/// arg3: [0x0 ~> 0xffffffffffffffff] +/// Output Bounds: +/// out1: [0x0 ~> 0xffffffffffffffff] +fn fiatP434CmovznzU64(out1: *u64, arg1: u1, arg2: u64, arg3: u64) callconv(.Inline) void { + const x1: u1 = (~(~arg1)); + const x2: u64 = @intCast(u64, (@intCast(i128, @intCast(i1, (@intCast(i2, 0x0) - @intCast(i2, x1)))) & @intCast(i128, 0xffffffffffffffff))); + const x3: u64 = ((x2 & arg3) | ((~x2) & arg2)); + out1.* = x3; +} + +/// The function fiatP434Mul multiplies two field elements in the Montgomery domain. +/// Preconditions: +/// 0 ≤ eval arg1 < m +/// 0 ≤ eval arg2 < m +/// Postconditions: +/// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg2)) mod m +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +pub fn fiatP434Mul(out1: *[7]u64, arg1: [7]u64, arg2: [7]u64) void { + const x1: u64 = (arg1[1]); + const x2: u64 = (arg1[2]); + const x3: u64 = (arg1[3]); + const x4: u64 = (arg1[4]); + const x5: u64 = (arg1[5]); + const x6: u64 = (arg1[6]); + const x7: u64 = (arg1[0]); + var x8: u64 = undefined; + var x9: u64 = undefined; + fiatP434MulxU64(&x8, &x9, x7, (arg2[6])); + var x10: u64 = undefined; + var x11: u64 = undefined; + fiatP434MulxU64(&x10, &x11, x7, (arg2[5])); + var x12: u64 = undefined; + var x13: u64 = undefined; + fiatP434MulxU64(&x12, &x13, x7, (arg2[4])); + var x14: u64 = undefined; + var x15: u64 = undefined; + fiatP434MulxU64(&x14, &x15, x7, (arg2[3])); + var x16: u64 = undefined; + var x17: u64 = undefined; + fiatP434MulxU64(&x16, &x17, x7, (arg2[2])); + var x18: u64 = undefined; + var x19: u64 = undefined; + fiatP434MulxU64(&x18, &x19, x7, (arg2[1])); + var x20: u64 = undefined; + var x21: u64 = undefined; + fiatP434MulxU64(&x20, &x21, x7, (arg2[0])); + var x22: u64 = undefined; + var x23: u1 = undefined; + fiatP434AddcarryxU64(&x22, &x23, 0x0, x21, x18); + var x24: u64 = undefined; + var x25: u1 = undefined; + fiatP434AddcarryxU64(&x24, &x25, x23, x19, x16); + var x26: u64 = undefined; + var x27: u1 = undefined; + fiatP434AddcarryxU64(&x26, &x27, x25, x17, x14); + var x28: u64 = undefined; + var x29: u1 = undefined; + fiatP434AddcarryxU64(&x28, &x29, x27, x15, x12); + var x30: u64 = undefined; + var x31: u1 = undefined; + fiatP434AddcarryxU64(&x30, &x31, x29, x13, x10); + var x32: u64 = undefined; + var x33: u1 = undefined; + fiatP434AddcarryxU64(&x32, &x33, x31, x11, x8); + const x34: u64 = (@intCast(u64, x33) + x9); + var x35: u64 = undefined; + var x36: u64 = undefined; + fiatP434MulxU64(&x35, &x36, x20, 0x2341f27177344); + var x37: u64 = undefined; + var x38: u64 = undefined; + fiatP434MulxU64(&x37, &x38, x20, 0x6cfc5fd681c52056); + var x39: u64 = undefined; + var x40: u64 = undefined; + fiatP434MulxU64(&x39, &x40, x20, 0x7bc65c783158aea3); + var x41: u64 = undefined; + var x42: u64 = undefined; + fiatP434MulxU64(&x41, &x42, x20, 0xfdc1767ae2ffffff); + var x43: u64 = undefined; + var x44: u64 = undefined; + fiatP434MulxU64(&x43, &x44, x20, 0xffffffffffffffff); + var x45: u64 = undefined; + var x46: u64 = undefined; + fiatP434MulxU64(&x45, &x46, x20, 0xffffffffffffffff); + var x47: u64 = undefined; + var x48: u64 = undefined; + fiatP434MulxU64(&x47, &x48, x20, 0xffffffffffffffff); + var x49: u64 = undefined; + var x50: u1 = undefined; + fiatP434AddcarryxU64(&x49, &x50, 0x0, x48, x45); + var x51: u64 = undefined; + var x52: u1 = undefined; + fiatP434AddcarryxU64(&x51, &x52, x50, x46, x43); + var x53: u64 = undefined; + var x54: u1 = undefined; + fiatP434AddcarryxU64(&x53, &x54, x52, x44, x41); + var x55: u64 = undefined; + var x56: u1 = undefined; + fiatP434AddcarryxU64(&x55, &x56, x54, x42, x39); + var x57: u64 = undefined; + var x58: u1 = undefined; + fiatP434AddcarryxU64(&x57, &x58, x56, x40, x37); + var x59: u64 = undefined; + var x60: u1 = undefined; + fiatP434AddcarryxU64(&x59, &x60, x58, x38, x35); + const x61: u64 = (@intCast(u64, x60) + x36); + var x62: u64 = undefined; + var x63: u1 = undefined; + fiatP434AddcarryxU64(&x62, &x63, 0x0, x20, x47); + var x64: u64 = undefined; + var x65: u1 = undefined; + fiatP434AddcarryxU64(&x64, &x65, x63, x22, x49); + var x66: u64 = undefined; + var x67: u1 = undefined; + fiatP434AddcarryxU64(&x66, &x67, x65, x24, x51); + var x68: u64 = undefined; + var x69: u1 = undefined; + fiatP434AddcarryxU64(&x68, &x69, x67, x26, x53); + var x70: u64 = undefined; + var x71: u1 = undefined; + fiatP434AddcarryxU64(&x70, &x71, x69, x28, x55); + var x72: u64 = undefined; + var x73: u1 = undefined; + fiatP434AddcarryxU64(&x72, &x73, x71, x30, x57); + var x74: u64 = undefined; + var x75: u1 = undefined; + fiatP434AddcarryxU64(&x74, &x75, x73, x32, x59); + var x76: u64 = undefined; + var x77: u1 = undefined; + fiatP434AddcarryxU64(&x76, &x77, x75, x34, x61); + var x78: u64 = undefined; + var x79: u64 = undefined; + fiatP434MulxU64(&x78, &x79, x1, (arg2[6])); + var x80: u64 = undefined; + var x81: u64 = undefined; + fiatP434MulxU64(&x80, &x81, x1, (arg2[5])); + var x82: u64 = undefined; + var x83: u64 = undefined; + fiatP434MulxU64(&x82, &x83, x1, (arg2[4])); + var x84: u64 = undefined; + var x85: u64 = undefined; + fiatP434MulxU64(&x84, &x85, x1, (arg2[3])); + var x86: u64 = undefined; + var x87: u64 = undefined; + fiatP434MulxU64(&x86, &x87, x1, (arg2[2])); + var x88: u64 = undefined; + var x89: u64 = undefined; + fiatP434MulxU64(&x88, &x89, x1, (arg2[1])); + var x90: u64 = undefined; + var x91: u64 = undefined; + fiatP434MulxU64(&x90, &x91, x1, (arg2[0])); + var x92: u64 = undefined; + var x93: u1 = undefined; + fiatP434AddcarryxU64(&x92, &x93, 0x0, x91, x88); + var x94: u64 = undefined; + var x95: u1 = undefined; + fiatP434AddcarryxU64(&x94, &x95, x93, x89, x86); + var x96: u64 = undefined; + var x97: u1 = undefined; + fiatP434AddcarryxU64(&x96, &x97, x95, x87, x84); + var x98: u64 = undefined; + var x99: u1 = undefined; + fiatP434AddcarryxU64(&x98, &x99, x97, x85, x82); + var x100: u64 = undefined; + var x101: u1 = undefined; + fiatP434AddcarryxU64(&x100, &x101, x99, x83, x80); + var x102: u64 = undefined; + var x103: u1 = undefined; + fiatP434AddcarryxU64(&x102, &x103, x101, x81, x78); + const x104: u64 = (@intCast(u64, x103) + x79); + var x105: u64 = undefined; + var x106: u1 = undefined; + fiatP434AddcarryxU64(&x105, &x106, 0x0, x64, x90); + var x107: u64 = undefined; + var x108: u1 = undefined; + fiatP434AddcarryxU64(&x107, &x108, x106, x66, x92); + var x109: u64 = undefined; + var x110: u1 = undefined; + fiatP434AddcarryxU64(&x109, &x110, x108, x68, x94); + var x111: u64 = undefined; + var x112: u1 = undefined; + fiatP434AddcarryxU64(&x111, &x112, x110, x70, x96); + var x113: u64 = undefined; + var x114: u1 = undefined; + fiatP434AddcarryxU64(&x113, &x114, x112, x72, x98); + var x115: u64 = undefined; + var x116: u1 = undefined; + fiatP434AddcarryxU64(&x115, &x116, x114, x74, x100); + var x117: u64 = undefined; + var x118: u1 = undefined; + fiatP434AddcarryxU64(&x117, &x118, x116, x76, x102); + var x119: u64 = undefined; + var x120: u1 = undefined; + fiatP434AddcarryxU64(&x119, &x120, x118, @intCast(u64, x77), x104); + var x121: u64 = undefined; + var x122: u64 = undefined; + fiatP434MulxU64(&x121, &x122, x105, 0x2341f27177344); + var x123: u64 = undefined; + var x124: u64 = undefined; + fiatP434MulxU64(&x123, &x124, x105, 0x6cfc5fd681c52056); + var x125: u64 = undefined; + var x126: u64 = undefined; + fiatP434MulxU64(&x125, &x126, x105, 0x7bc65c783158aea3); + var x127: u64 = undefined; + var x128: u64 = undefined; + fiatP434MulxU64(&x127, &x128, x105, 0xfdc1767ae2ffffff); + var x129: u64 = undefined; + var x130: u64 = undefined; + fiatP434MulxU64(&x129, &x130, x105, 0xffffffffffffffff); + var x131: u64 = undefined; + var x132: u64 = undefined; + fiatP434MulxU64(&x131, &x132, x105, 0xffffffffffffffff); + var x133: u64 = undefined; + var x134: u64 = undefined; + fiatP434MulxU64(&x133, &x134, x105, 0xffffffffffffffff); + var x135: u64 = undefined; + var x136: u1 = undefined; + fiatP434AddcarryxU64(&x135, &x136, 0x0, x134, x131); + var x137: u64 = undefined; + var x138: u1 = undefined; + fiatP434AddcarryxU64(&x137, &x138, x136, x132, x129); + var x139: u64 = undefined; + var x140: u1 = undefined; + fiatP434AddcarryxU64(&x139, &x140, x138, x130, x127); + var x141: u64 = undefined; + var x142: u1 = undefined; + fiatP434AddcarryxU64(&x141, &x142, x140, x128, x125); + var x143: u64 = undefined; + var x144: u1 = undefined; + fiatP434AddcarryxU64(&x143, &x144, x142, x126, x123); + var x145: u64 = undefined; + var x146: u1 = undefined; + fiatP434AddcarryxU64(&x145, &x146, x144, x124, x121); + const x147: u64 = (@intCast(u64, x146) + x122); + var x148: u64 = undefined; + var x149: u1 = undefined; + fiatP434AddcarryxU64(&x148, &x149, 0x0, x105, x133); + var x150: u64 = undefined; + var x151: u1 = undefined; + fiatP434AddcarryxU64(&x150, &x151, x149, x107, x135); + var x152: u64 = undefined; + var x153: u1 = undefined; + fiatP434AddcarryxU64(&x152, &x153, x151, x109, x137); + var x154: u64 = undefined; + var x155: u1 = undefined; + fiatP434AddcarryxU64(&x154, &x155, x153, x111, x139); + var x156: u64 = undefined; + var x157: u1 = undefined; + fiatP434AddcarryxU64(&x156, &x157, x155, x113, x141); + var x158: u64 = undefined; + var x159: u1 = undefined; + fiatP434AddcarryxU64(&x158, &x159, x157, x115, x143); + var x160: u64 = undefined; + var x161: u1 = undefined; + fiatP434AddcarryxU64(&x160, &x161, x159, x117, x145); + var x162: u64 = undefined; + var x163: u1 = undefined; + fiatP434AddcarryxU64(&x162, &x163, x161, x119, x147); + const x164: u64 = (@intCast(u64, x163) + @intCast(u64, x120)); + var x165: u64 = undefined; + var x166: u64 = undefined; + fiatP434MulxU64(&x165, &x166, x2, (arg2[6])); + var x167: u64 = undefined; + var x168: u64 = undefined; + fiatP434MulxU64(&x167, &x168, x2, (arg2[5])); + var x169: u64 = undefined; + var x170: u64 = undefined; + fiatP434MulxU64(&x169, &x170, x2, (arg2[4])); + var x171: u64 = undefined; + var x172: u64 = undefined; + fiatP434MulxU64(&x171, &x172, x2, (arg2[3])); + var x173: u64 = undefined; + var x174: u64 = undefined; + fiatP434MulxU64(&x173, &x174, x2, (arg2[2])); + var x175: u64 = undefined; + var x176: u64 = undefined; + fiatP434MulxU64(&x175, &x176, x2, (arg2[1])); + var x177: u64 = undefined; + var x178: u64 = undefined; + fiatP434MulxU64(&x177, &x178, x2, (arg2[0])); + var x179: u64 = undefined; + var x180: u1 = undefined; + fiatP434AddcarryxU64(&x179, &x180, 0x0, x178, x175); + var x181: u64 = undefined; + var x182: u1 = undefined; + fiatP434AddcarryxU64(&x181, &x182, x180, x176, x173); + var x183: u64 = undefined; + var x184: u1 = undefined; + fiatP434AddcarryxU64(&x183, &x184, x182, x174, x171); + var x185: u64 = undefined; + var x186: u1 = undefined; + fiatP434AddcarryxU64(&x185, &x186, x184, x172, x169); + var x187: u64 = undefined; + var x188: u1 = undefined; + fiatP434AddcarryxU64(&x187, &x188, x186, x170, x167); + var x189: u64 = undefined; + var x190: u1 = undefined; + fiatP434AddcarryxU64(&x189, &x190, x188, x168, x165); + const x191: u64 = (@intCast(u64, x190) + x166); + var x192: u64 = undefined; + var x193: u1 = undefined; + fiatP434AddcarryxU64(&x192, &x193, 0x0, x150, x177); + var x194: u64 = undefined; + var x195: u1 = undefined; + fiatP434AddcarryxU64(&x194, &x195, x193, x152, x179); + var x196: u64 = undefined; + var x197: u1 = undefined; + fiatP434AddcarryxU64(&x196, &x197, x195, x154, x181); + var x198: u64 = undefined; + var x199: u1 = undefined; + fiatP434AddcarryxU64(&x198, &x199, x197, x156, x183); + var x200: u64 = undefined; + var x201: u1 = undefined; + fiatP434AddcarryxU64(&x200, &x201, x199, x158, x185); + var x202: u64 = undefined; + var x203: u1 = undefined; + fiatP434AddcarryxU64(&x202, &x203, x201, x160, x187); + var x204: u64 = undefined; + var x205: u1 = undefined; + fiatP434AddcarryxU64(&x204, &x205, x203, x162, x189); + var x206: u64 = undefined; + var x207: u1 = undefined; + fiatP434AddcarryxU64(&x206, &x207, x205, x164, x191); + var x208: u64 = undefined; + var x209: u64 = undefined; + fiatP434MulxU64(&x208, &x209, x192, 0x2341f27177344); + var x210: u64 = undefined; + var x211: u64 = undefined; + fiatP434MulxU64(&x210, &x211, x192, 0x6cfc5fd681c52056); + var x212: u64 = undefined; + var x213: u64 = undefined; + fiatP434MulxU64(&x212, &x213, x192, 0x7bc65c783158aea3); + var x214: u64 = undefined; + var x215: u64 = undefined; + fiatP434MulxU64(&x214, &x215, x192, 0xfdc1767ae2ffffff); + var x216: u64 = undefined; + var x217: u64 = undefined; + fiatP434MulxU64(&x216, &x217, x192, 0xffffffffffffffff); + var x218: u64 = undefined; + var x219: u64 = undefined; + fiatP434MulxU64(&x218, &x219, x192, 0xffffffffffffffff); + var x220: u64 = undefined; + var x221: u64 = undefined; + fiatP434MulxU64(&x220, &x221, x192, 0xffffffffffffffff); + var x222: u64 = undefined; + var x223: u1 = undefined; + fiatP434AddcarryxU64(&x222, &x223, 0x0, x221, x218); + var x224: u64 = undefined; + var x225: u1 = undefined; + fiatP434AddcarryxU64(&x224, &x225, x223, x219, x216); + var x226: u64 = undefined; + var x227: u1 = undefined; + fiatP434AddcarryxU64(&x226, &x227, x225, x217, x214); + var x228: u64 = undefined; + var x229: u1 = undefined; + fiatP434AddcarryxU64(&x228, &x229, x227, x215, x212); + var x230: u64 = undefined; + var x231: u1 = undefined; + fiatP434AddcarryxU64(&x230, &x231, x229, x213, x210); + var x232: u64 = undefined; + var x233: u1 = undefined; + fiatP434AddcarryxU64(&x232, &x233, x231, x211, x208); + const x234: u64 = (@intCast(u64, x233) + x209); + var x235: u64 = undefined; + var x236: u1 = undefined; + fiatP434AddcarryxU64(&x235, &x236, 0x0, x192, x220); + var x237: u64 = undefined; + var x238: u1 = undefined; + fiatP434AddcarryxU64(&x237, &x238, x236, x194, x222); + var x239: u64 = undefined; + var x240: u1 = undefined; + fiatP434AddcarryxU64(&x239, &x240, x238, x196, x224); + var x241: u64 = undefined; + var x242: u1 = undefined; + fiatP434AddcarryxU64(&x241, &x242, x240, x198, x226); + var x243: u64 = undefined; + var x244: u1 = undefined; + fiatP434AddcarryxU64(&x243, &x244, x242, x200, x228); + var x245: u64 = undefined; + var x246: u1 = undefined; + fiatP434AddcarryxU64(&x245, &x246, x244, x202, x230); + var x247: u64 = undefined; + var x248: u1 = undefined; + fiatP434AddcarryxU64(&x247, &x248, x246, x204, x232); + var x249: u64 = undefined; + var x250: u1 = undefined; + fiatP434AddcarryxU64(&x249, &x250, x248, x206, x234); + const x251: u64 = (@intCast(u64, x250) + @intCast(u64, x207)); + var x252: u64 = undefined; + var x253: u64 = undefined; + fiatP434MulxU64(&x252, &x253, x3, (arg2[6])); + var x254: u64 = undefined; + var x255: u64 = undefined; + fiatP434MulxU64(&x254, &x255, x3, (arg2[5])); + var x256: u64 = undefined; + var x257: u64 = undefined; + fiatP434MulxU64(&x256, &x257, x3, (arg2[4])); + var x258: u64 = undefined; + var x259: u64 = undefined; + fiatP434MulxU64(&x258, &x259, x3, (arg2[3])); + var x260: u64 = undefined; + var x261: u64 = undefined; + fiatP434MulxU64(&x260, &x261, x3, (arg2[2])); + var x262: u64 = undefined; + var x263: u64 = undefined; + fiatP434MulxU64(&x262, &x263, x3, (arg2[1])); + var x264: u64 = undefined; + var x265: u64 = undefined; + fiatP434MulxU64(&x264, &x265, x3, (arg2[0])); + var x266: u64 = undefined; + var x267: u1 = undefined; + fiatP434AddcarryxU64(&x266, &x267, 0x0, x265, x262); + var x268: u64 = undefined; + var x269: u1 = undefined; + fiatP434AddcarryxU64(&x268, &x269, x267, x263, x260); + var x270: u64 = undefined; + var x271: u1 = undefined; + fiatP434AddcarryxU64(&x270, &x271, x269, x261, x258); + var x272: u64 = undefined; + var x273: u1 = undefined; + fiatP434AddcarryxU64(&x272, &x273, x271, x259, x256); + var x274: u64 = undefined; + var x275: u1 = undefined; + fiatP434AddcarryxU64(&x274, &x275, x273, x257, x254); + var x276: u64 = undefined; + var x277: u1 = undefined; + fiatP434AddcarryxU64(&x276, &x277, x275, x255, x252); + const x278: u64 = (@intCast(u64, x277) + x253); + var x279: u64 = undefined; + var x280: u1 = undefined; + fiatP434AddcarryxU64(&x279, &x280, 0x0, x237, x264); + var x281: u64 = undefined; + var x282: u1 = undefined; + fiatP434AddcarryxU64(&x281, &x282, x280, x239, x266); + var x283: u64 = undefined; + var x284: u1 = undefined; + fiatP434AddcarryxU64(&x283, &x284, x282, x241, x268); + var x285: u64 = undefined; + var x286: u1 = undefined; + fiatP434AddcarryxU64(&x285, &x286, x284, x243, x270); + var x287: u64 = undefined; + var x288: u1 = undefined; + fiatP434AddcarryxU64(&x287, &x288, x286, x245, x272); + var x289: u64 = undefined; + var x290: u1 = undefined; + fiatP434AddcarryxU64(&x289, &x290, x288, x247, x274); + var x291: u64 = undefined; + var x292: u1 = undefined; + fiatP434AddcarryxU64(&x291, &x292, x290, x249, x276); + var x293: u64 = undefined; + var x294: u1 = undefined; + fiatP434AddcarryxU64(&x293, &x294, x292, x251, x278); + var x295: u64 = undefined; + var x296: u64 = undefined; + fiatP434MulxU64(&x295, &x296, x279, 0x2341f27177344); + var x297: u64 = undefined; + var x298: u64 = undefined; + fiatP434MulxU64(&x297, &x298, x279, 0x6cfc5fd681c52056); + var x299: u64 = undefined; + var x300: u64 = undefined; + fiatP434MulxU64(&x299, &x300, x279, 0x7bc65c783158aea3); + var x301: u64 = undefined; + var x302: u64 = undefined; + fiatP434MulxU64(&x301, &x302, x279, 0xfdc1767ae2ffffff); + var x303: u64 = undefined; + var x304: u64 = undefined; + fiatP434MulxU64(&x303, &x304, x279, 0xffffffffffffffff); + var x305: u64 = undefined; + var x306: u64 = undefined; + fiatP434MulxU64(&x305, &x306, x279, 0xffffffffffffffff); + var x307: u64 = undefined; + var x308: u64 = undefined; + fiatP434MulxU64(&x307, &x308, x279, 0xffffffffffffffff); + var x309: u64 = undefined; + var x310: u1 = undefined; + fiatP434AddcarryxU64(&x309, &x310, 0x0, x308, x305); + var x311: u64 = undefined; + var x312: u1 = undefined; + fiatP434AddcarryxU64(&x311, &x312, x310, x306, x303); + var x313: u64 = undefined; + var x314: u1 = undefined; + fiatP434AddcarryxU64(&x313, &x314, x312, x304, x301); + var x315: u64 = undefined; + var x316: u1 = undefined; + fiatP434AddcarryxU64(&x315, &x316, x314, x302, x299); + var x317: u64 = undefined; + var x318: u1 = undefined; + fiatP434AddcarryxU64(&x317, &x318, x316, x300, x297); + var x319: u64 = undefined; + var x320: u1 = undefined; + fiatP434AddcarryxU64(&x319, &x320, x318, x298, x295); + const x321: u64 = (@intCast(u64, x320) + x296); + var x322: u64 = undefined; + var x323: u1 = undefined; + fiatP434AddcarryxU64(&x322, &x323, 0x0, x279, x307); + var x324: u64 = undefined; + var x325: u1 = undefined; + fiatP434AddcarryxU64(&x324, &x325, x323, x281, x309); + var x326: u64 = undefined; + var x327: u1 = undefined; + fiatP434AddcarryxU64(&x326, &x327, x325, x283, x311); + var x328: u64 = undefined; + var x329: u1 = undefined; + fiatP434AddcarryxU64(&x328, &x329, x327, x285, x313); + var x330: u64 = undefined; + var x331: u1 = undefined; + fiatP434AddcarryxU64(&x330, &x331, x329, x287, x315); + var x332: u64 = undefined; + var x333: u1 = undefined; + fiatP434AddcarryxU64(&x332, &x333, x331, x289, x317); + var x334: u64 = undefined; + var x335: u1 = undefined; + fiatP434AddcarryxU64(&x334, &x335, x333, x291, x319); + var x336: u64 = undefined; + var x337: u1 = undefined; + fiatP434AddcarryxU64(&x336, &x337, x335, x293, x321); + const x338: u64 = (@intCast(u64, x337) + @intCast(u64, x294)); + var x339: u64 = undefined; + var x340: u64 = undefined; + fiatP434MulxU64(&x339, &x340, x4, (arg2[6])); + var x341: u64 = undefined; + var x342: u64 = undefined; + fiatP434MulxU64(&x341, &x342, x4, (arg2[5])); + var x343: u64 = undefined; + var x344: u64 = undefined; + fiatP434MulxU64(&x343, &x344, x4, (arg2[4])); + var x345: u64 = undefined; + var x346: u64 = undefined; + fiatP434MulxU64(&x345, &x346, x4, (arg2[3])); + var x347: u64 = undefined; + var x348: u64 = undefined; + fiatP434MulxU64(&x347, &x348, x4, (arg2[2])); + var x349: u64 = undefined; + var x350: u64 = undefined; + fiatP434MulxU64(&x349, &x350, x4, (arg2[1])); + var x351: u64 = undefined; + var x352: u64 = undefined; + fiatP434MulxU64(&x351, &x352, x4, (arg2[0])); + var x353: u64 = undefined; + var x354: u1 = undefined; + fiatP434AddcarryxU64(&x353, &x354, 0x0, x352, x349); + var x355: u64 = undefined; + var x356: u1 = undefined; + fiatP434AddcarryxU64(&x355, &x356, x354, x350, x347); + var x357: u64 = undefined; + var x358: u1 = undefined; + fiatP434AddcarryxU64(&x357, &x358, x356, x348, x345); + var x359: u64 = undefined; + var x360: u1 = undefined; + fiatP434AddcarryxU64(&x359, &x360, x358, x346, x343); + var x361: u64 = undefined; + var x362: u1 = undefined; + fiatP434AddcarryxU64(&x361, &x362, x360, x344, x341); + var x363: u64 = undefined; + var x364: u1 = undefined; + fiatP434AddcarryxU64(&x363, &x364, x362, x342, x339); + const x365: u64 = (@intCast(u64, x364) + x340); + var x366: u64 = undefined; + var x367: u1 = undefined; + fiatP434AddcarryxU64(&x366, &x367, 0x0, x324, x351); + var x368: u64 = undefined; + var x369: u1 = undefined; + fiatP434AddcarryxU64(&x368, &x369, x367, x326, x353); + var x370: u64 = undefined; + var x371: u1 = undefined; + fiatP434AddcarryxU64(&x370, &x371, x369, x328, x355); + var x372: u64 = undefined; + var x373: u1 = undefined; + fiatP434AddcarryxU64(&x372, &x373, x371, x330, x357); + var x374: u64 = undefined; + var x375: u1 = undefined; + fiatP434AddcarryxU64(&x374, &x375, x373, x332, x359); + var x376: u64 = undefined; + var x377: u1 = undefined; + fiatP434AddcarryxU64(&x376, &x377, x375, x334, x361); + var x378: u64 = undefined; + var x379: u1 = undefined; + fiatP434AddcarryxU64(&x378, &x379, x377, x336, x363); + var x380: u64 = undefined; + var x381: u1 = undefined; + fiatP434AddcarryxU64(&x380, &x381, x379, x338, x365); + var x382: u64 = undefined; + var x383: u64 = undefined; + fiatP434MulxU64(&x382, &x383, x366, 0x2341f27177344); + var x384: u64 = undefined; + var x385: u64 = undefined; + fiatP434MulxU64(&x384, &x385, x366, 0x6cfc5fd681c52056); + var x386: u64 = undefined; + var x387: u64 = undefined; + fiatP434MulxU64(&x386, &x387, x366, 0x7bc65c783158aea3); + var x388: u64 = undefined; + var x389: u64 = undefined; + fiatP434MulxU64(&x388, &x389, x366, 0xfdc1767ae2ffffff); + var x390: u64 = undefined; + var x391: u64 = undefined; + fiatP434MulxU64(&x390, &x391, x366, 0xffffffffffffffff); + var x392: u64 = undefined; + var x393: u64 = undefined; + fiatP434MulxU64(&x392, &x393, x366, 0xffffffffffffffff); + var x394: u64 = undefined; + var x395: u64 = undefined; + fiatP434MulxU64(&x394, &x395, x366, 0xffffffffffffffff); + var x396: u64 = undefined; + var x397: u1 = undefined; + fiatP434AddcarryxU64(&x396, &x397, 0x0, x395, x392); + var x398: u64 = undefined; + var x399: u1 = undefined; + fiatP434AddcarryxU64(&x398, &x399, x397, x393, x390); + var x400: u64 = undefined; + var x401: u1 = undefined; + fiatP434AddcarryxU64(&x400, &x401, x399, x391, x388); + var x402: u64 = undefined; + var x403: u1 = undefined; + fiatP434AddcarryxU64(&x402, &x403, x401, x389, x386); + var x404: u64 = undefined; + var x405: u1 = undefined; + fiatP434AddcarryxU64(&x404, &x405, x403, x387, x384); + var x406: u64 = undefined; + var x407: u1 = undefined; + fiatP434AddcarryxU64(&x406, &x407, x405, x385, x382); + const x408: u64 = (@intCast(u64, x407) + x383); + var x409: u64 = undefined; + var x410: u1 = undefined; + fiatP434AddcarryxU64(&x409, &x410, 0x0, x366, x394); + var x411: u64 = undefined; + var x412: u1 = undefined; + fiatP434AddcarryxU64(&x411, &x412, x410, x368, x396); + var x413: u64 = undefined; + var x414: u1 = undefined; + fiatP434AddcarryxU64(&x413, &x414, x412, x370, x398); + var x415: u64 = undefined; + var x416: u1 = undefined; + fiatP434AddcarryxU64(&x415, &x416, x414, x372, x400); + var x417: u64 = undefined; + var x418: u1 = undefined; + fiatP434AddcarryxU64(&x417, &x418, x416, x374, x402); + var x419: u64 = undefined; + var x420: u1 = undefined; + fiatP434AddcarryxU64(&x419, &x420, x418, x376, x404); + var x421: u64 = undefined; + var x422: u1 = undefined; + fiatP434AddcarryxU64(&x421, &x422, x420, x378, x406); + var x423: u64 = undefined; + var x424: u1 = undefined; + fiatP434AddcarryxU64(&x423, &x424, x422, x380, x408); + const x425: u64 = (@intCast(u64, x424) + @intCast(u64, x381)); + var x426: u64 = undefined; + var x427: u64 = undefined; + fiatP434MulxU64(&x426, &x427, x5, (arg2[6])); + var x428: u64 = undefined; + var x429: u64 = undefined; + fiatP434MulxU64(&x428, &x429, x5, (arg2[5])); + var x430: u64 = undefined; + var x431: u64 = undefined; + fiatP434MulxU64(&x430, &x431, x5, (arg2[4])); + var x432: u64 = undefined; + var x433: u64 = undefined; + fiatP434MulxU64(&x432, &x433, x5, (arg2[3])); + var x434: u64 = undefined; + var x435: u64 = undefined; + fiatP434MulxU64(&x434, &x435, x5, (arg2[2])); + var x436: u64 = undefined; + var x437: u64 = undefined; + fiatP434MulxU64(&x436, &x437, x5, (arg2[1])); + var x438: u64 = undefined; + var x439: u64 = undefined; + fiatP434MulxU64(&x438, &x439, x5, (arg2[0])); + var x440: u64 = undefined; + var x441: u1 = undefined; + fiatP434AddcarryxU64(&x440, &x441, 0x0, x439, x436); + var x442: u64 = undefined; + var x443: u1 = undefined; + fiatP434AddcarryxU64(&x442, &x443, x441, x437, x434); + var x444: u64 = undefined; + var x445: u1 = undefined; + fiatP434AddcarryxU64(&x444, &x445, x443, x435, x432); + var x446: u64 = undefined; + var x447: u1 = undefined; + fiatP434AddcarryxU64(&x446, &x447, x445, x433, x430); + var x448: u64 = undefined; + var x449: u1 = undefined; + fiatP434AddcarryxU64(&x448, &x449, x447, x431, x428); + var x450: u64 = undefined; + var x451: u1 = undefined; + fiatP434AddcarryxU64(&x450, &x451, x449, x429, x426); + const x452: u64 = (@intCast(u64, x451) + x427); + var x453: u64 = undefined; + var x454: u1 = undefined; + fiatP434AddcarryxU64(&x453, &x454, 0x0, x411, x438); + var x455: u64 = undefined; + var x456: u1 = undefined; + fiatP434AddcarryxU64(&x455, &x456, x454, x413, x440); + var x457: u64 = undefined; + var x458: u1 = undefined; + fiatP434AddcarryxU64(&x457, &x458, x456, x415, x442); + var x459: u64 = undefined; + var x460: u1 = undefined; + fiatP434AddcarryxU64(&x459, &x460, x458, x417, x444); + var x461: u64 = undefined; + var x462: u1 = undefined; + fiatP434AddcarryxU64(&x461, &x462, x460, x419, x446); + var x463: u64 = undefined; + var x464: u1 = undefined; + fiatP434AddcarryxU64(&x463, &x464, x462, x421, x448); + var x465: u64 = undefined; + var x466: u1 = undefined; + fiatP434AddcarryxU64(&x465, &x466, x464, x423, x450); + var x467: u64 = undefined; + var x468: u1 = undefined; + fiatP434AddcarryxU64(&x467, &x468, x466, x425, x452); + var x469: u64 = undefined; + var x470: u64 = undefined; + fiatP434MulxU64(&x469, &x470, x453, 0x2341f27177344); + var x471: u64 = undefined; + var x472: u64 = undefined; + fiatP434MulxU64(&x471, &x472, x453, 0x6cfc5fd681c52056); + var x473: u64 = undefined; + var x474: u64 = undefined; + fiatP434MulxU64(&x473, &x474, x453, 0x7bc65c783158aea3); + var x475: u64 = undefined; + var x476: u64 = undefined; + fiatP434MulxU64(&x475, &x476, x453, 0xfdc1767ae2ffffff); + var x477: u64 = undefined; + var x478: u64 = undefined; + fiatP434MulxU64(&x477, &x478, x453, 0xffffffffffffffff); + var x479: u64 = undefined; + var x480: u64 = undefined; + fiatP434MulxU64(&x479, &x480, x453, 0xffffffffffffffff); + var x481: u64 = undefined; + var x482: u64 = undefined; + fiatP434MulxU64(&x481, &x482, x453, 0xffffffffffffffff); + var x483: u64 = undefined; + var x484: u1 = undefined; + fiatP434AddcarryxU64(&x483, &x484, 0x0, x482, x479); + var x485: u64 = undefined; + var x486: u1 = undefined; + fiatP434AddcarryxU64(&x485, &x486, x484, x480, x477); + var x487: u64 = undefined; + var x488: u1 = undefined; + fiatP434AddcarryxU64(&x487, &x488, x486, x478, x475); + var x489: u64 = undefined; + var x490: u1 = undefined; + fiatP434AddcarryxU64(&x489, &x490, x488, x476, x473); + var x491: u64 = undefined; + var x492: u1 = undefined; + fiatP434AddcarryxU64(&x491, &x492, x490, x474, x471); + var x493: u64 = undefined; + var x494: u1 = undefined; + fiatP434AddcarryxU64(&x493, &x494, x492, x472, x469); + const x495: u64 = (@intCast(u64, x494) + x470); + var x496: u64 = undefined; + var x497: u1 = undefined; + fiatP434AddcarryxU64(&x496, &x497, 0x0, x453, x481); + var x498: u64 = undefined; + var x499: u1 = undefined; + fiatP434AddcarryxU64(&x498, &x499, x497, x455, x483); + var x500: u64 = undefined; + var x501: u1 = undefined; + fiatP434AddcarryxU64(&x500, &x501, x499, x457, x485); + var x502: u64 = undefined; + var x503: u1 = undefined; + fiatP434AddcarryxU64(&x502, &x503, x501, x459, x487); + var x504: u64 = undefined; + var x505: u1 = undefined; + fiatP434AddcarryxU64(&x504, &x505, x503, x461, x489); + var x506: u64 = undefined; + var x507: u1 = undefined; + fiatP434AddcarryxU64(&x506, &x507, x505, x463, x491); + var x508: u64 = undefined; + var x509: u1 = undefined; + fiatP434AddcarryxU64(&x508, &x509, x507, x465, x493); + var x510: u64 = undefined; + var x511: u1 = undefined; + fiatP434AddcarryxU64(&x510, &x511, x509, x467, x495); + const x512: u64 = (@intCast(u64, x511) + @intCast(u64, x468)); + var x513: u64 = undefined; + var x514: u64 = undefined; + fiatP434MulxU64(&x513, &x514, x6, (arg2[6])); + var x515: u64 = undefined; + var x516: u64 = undefined; + fiatP434MulxU64(&x515, &x516, x6, (arg2[5])); + var x517: u64 = undefined; + var x518: u64 = undefined; + fiatP434MulxU64(&x517, &x518, x6, (arg2[4])); + var x519: u64 = undefined; + var x520: u64 = undefined; + fiatP434MulxU64(&x519, &x520, x6, (arg2[3])); + var x521: u64 = undefined; + var x522: u64 = undefined; + fiatP434MulxU64(&x521, &x522, x6, (arg2[2])); + var x523: u64 = undefined; + var x524: u64 = undefined; + fiatP434MulxU64(&x523, &x524, x6, (arg2[1])); + var x525: u64 = undefined; + var x526: u64 = undefined; + fiatP434MulxU64(&x525, &x526, x6, (arg2[0])); + var x527: u64 = undefined; + var x528: u1 = undefined; + fiatP434AddcarryxU64(&x527, &x528, 0x0, x526, x523); + var x529: u64 = undefined; + var x530: u1 = undefined; + fiatP434AddcarryxU64(&x529, &x530, x528, x524, x521); + var x531: u64 = undefined; + var x532: u1 = undefined; + fiatP434AddcarryxU64(&x531, &x532, x530, x522, x519); + var x533: u64 = undefined; + var x534: u1 = undefined; + fiatP434AddcarryxU64(&x533, &x534, x532, x520, x517); + var x535: u64 = undefined; + var x536: u1 = undefined; + fiatP434AddcarryxU64(&x535, &x536, x534, x518, x515); + var x537: u64 = undefined; + var x538: u1 = undefined; + fiatP434AddcarryxU64(&x537, &x538, x536, x516, x513); + const x539: u64 = (@intCast(u64, x538) + x514); + var x540: u64 = undefined; + var x541: u1 = undefined; + fiatP434AddcarryxU64(&x540, &x541, 0x0, x498, x525); + var x542: u64 = undefined; + var x543: u1 = undefined; + fiatP434AddcarryxU64(&x542, &x543, x541, x500, x527); + var x544: u64 = undefined; + var x545: u1 = undefined; + fiatP434AddcarryxU64(&x544, &x545, x543, x502, x529); + var x546: u64 = undefined; + var x547: u1 = undefined; + fiatP434AddcarryxU64(&x546, &x547, x545, x504, x531); + var x548: u64 = undefined; + var x549: u1 = undefined; + fiatP434AddcarryxU64(&x548, &x549, x547, x506, x533); + var x550: u64 = undefined; + var x551: u1 = undefined; + fiatP434AddcarryxU64(&x550, &x551, x549, x508, x535); + var x552: u64 = undefined; + var x553: u1 = undefined; + fiatP434AddcarryxU64(&x552, &x553, x551, x510, x537); + var x554: u64 = undefined; + var x555: u1 = undefined; + fiatP434AddcarryxU64(&x554, &x555, x553, x512, x539); + var x556: u64 = undefined; + var x557: u64 = undefined; + fiatP434MulxU64(&x556, &x557, x540, 0x2341f27177344); + var x558: u64 = undefined; + var x559: u64 = undefined; + fiatP434MulxU64(&x558, &x559, x540, 0x6cfc5fd681c52056); + var x560: u64 = undefined; + var x561: u64 = undefined; + fiatP434MulxU64(&x560, &x561, x540, 0x7bc65c783158aea3); + var x562: u64 = undefined; + var x563: u64 = undefined; + fiatP434MulxU64(&x562, &x563, x540, 0xfdc1767ae2ffffff); + var x564: u64 = undefined; + var x565: u64 = undefined; + fiatP434MulxU64(&x564, &x565, x540, 0xffffffffffffffff); + var x566: u64 = undefined; + var x567: u64 = undefined; + fiatP434MulxU64(&x566, &x567, x540, 0xffffffffffffffff); + var x568: u64 = undefined; + var x569: u64 = undefined; + fiatP434MulxU64(&x568, &x569, x540, 0xffffffffffffffff); + var x570: u64 = undefined; + var x571: u1 = undefined; + fiatP434AddcarryxU64(&x570, &x571, 0x0, x569, x566); + var x572: u64 = undefined; + var x573: u1 = undefined; + fiatP434AddcarryxU64(&x572, &x573, x571, x567, x564); + var x574: u64 = undefined; + var x575: u1 = undefined; + fiatP434AddcarryxU64(&x574, &x575, x573, x565, x562); + var x576: u64 = undefined; + var x577: u1 = undefined; + fiatP434AddcarryxU64(&x576, &x577, x575, x563, x560); + var x578: u64 = undefined; + var x579: u1 = undefined; + fiatP434AddcarryxU64(&x578, &x579, x577, x561, x558); + var x580: u64 = undefined; + var x581: u1 = undefined; + fiatP434AddcarryxU64(&x580, &x581, x579, x559, x556); + const x582: u64 = (@intCast(u64, x581) + x557); + var x583: u64 = undefined; + var x584: u1 = undefined; + fiatP434AddcarryxU64(&x583, &x584, 0x0, x540, x568); + var x585: u64 = undefined; + var x586: u1 = undefined; + fiatP434AddcarryxU64(&x585, &x586, x584, x542, x570); + var x587: u64 = undefined; + var x588: u1 = undefined; + fiatP434AddcarryxU64(&x587, &x588, x586, x544, x572); + var x589: u64 = undefined; + var x590: u1 = undefined; + fiatP434AddcarryxU64(&x589, &x590, x588, x546, x574); + var x591: u64 = undefined; + var x592: u1 = undefined; + fiatP434AddcarryxU64(&x591, &x592, x590, x548, x576); + var x593: u64 = undefined; + var x594: u1 = undefined; + fiatP434AddcarryxU64(&x593, &x594, x592, x550, x578); + var x595: u64 = undefined; + var x596: u1 = undefined; + fiatP434AddcarryxU64(&x595, &x596, x594, x552, x580); + var x597: u64 = undefined; + var x598: u1 = undefined; + fiatP434AddcarryxU64(&x597, &x598, x596, x554, x582); + const x599: u64 = (@intCast(u64, x598) + @intCast(u64, x555)); + var x600: u64 = undefined; + var x601: u1 = undefined; + fiatP434SubborrowxU64(&x600, &x601, 0x0, x585, 0xffffffffffffffff); + var x602: u64 = undefined; + var x603: u1 = undefined; + fiatP434SubborrowxU64(&x602, &x603, x601, x587, 0xffffffffffffffff); + var x604: u64 = undefined; + var x605: u1 = undefined; + fiatP434SubborrowxU64(&x604, &x605, x603, x589, 0xffffffffffffffff); + var x606: u64 = undefined; + var x607: u1 = undefined; + fiatP434SubborrowxU64(&x606, &x607, x605, x591, 0xfdc1767ae2ffffff); + var x608: u64 = undefined; + var x609: u1 = undefined; + fiatP434SubborrowxU64(&x608, &x609, x607, x593, 0x7bc65c783158aea3); + var x610: u64 = undefined; + var x611: u1 = undefined; + fiatP434SubborrowxU64(&x610, &x611, x609, x595, 0x6cfc5fd681c52056); + var x612: u64 = undefined; + var x613: u1 = undefined; + fiatP434SubborrowxU64(&x612, &x613, x611, x597, 0x2341f27177344); + var x614: u64 = undefined; + var x615: u1 = undefined; + fiatP434SubborrowxU64(&x614, &x615, x613, x599, @intCast(u64, 0x0)); + var x616: u64 = undefined; + fiatP434CmovznzU64(&x616, x615, x600, x585); + var x617: u64 = undefined; + fiatP434CmovznzU64(&x617, x615, x602, x587); + var x618: u64 = undefined; + fiatP434CmovznzU64(&x618, x615, x604, x589); + var x619: u64 = undefined; + fiatP434CmovznzU64(&x619, x615, x606, x591); + var x620: u64 = undefined; + fiatP434CmovznzU64(&x620, x615, x608, x593); + var x621: u64 = undefined; + fiatP434CmovznzU64(&x621, x615, x610, x595); + var x622: u64 = undefined; + fiatP434CmovznzU64(&x622, x615, x612, x597); + out1[0] = x616; + out1[1] = x617; + out1[2] = x618; + out1[3] = x619; + out1[4] = x620; + out1[5] = x621; + out1[6] = x622; +} + +/// The function fiatP434Square squares a field element in the Montgomery domain. +/// Preconditions: +/// 0 ≤ eval arg1 < m +/// Postconditions: +/// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg1)) mod m +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +pub fn fiatP434Square(out1: *[7]u64, arg1: [7]u64) void { + const x1: u64 = (arg1[1]); + const x2: u64 = (arg1[2]); + const x3: u64 = (arg1[3]); + const x4: u64 = (arg1[4]); + const x5: u64 = (arg1[5]); + const x6: u64 = (arg1[6]); + const x7: u64 = (arg1[0]); + var x8: u64 = undefined; + var x9: u64 = undefined; + fiatP434MulxU64(&x8, &x9, x7, (arg1[6])); + var x10: u64 = undefined; + var x11: u64 = undefined; + fiatP434MulxU64(&x10, &x11, x7, (arg1[5])); + var x12: u64 = undefined; + var x13: u64 = undefined; + fiatP434MulxU64(&x12, &x13, x7, (arg1[4])); + var x14: u64 = undefined; + var x15: u64 = undefined; + fiatP434MulxU64(&x14, &x15, x7, (arg1[3])); + var x16: u64 = undefined; + var x17: u64 = undefined; + fiatP434MulxU64(&x16, &x17, x7, (arg1[2])); + var x18: u64 = undefined; + var x19: u64 = undefined; + fiatP434MulxU64(&x18, &x19, x7, (arg1[1])); + var x20: u64 = undefined; + var x21: u64 = undefined; + fiatP434MulxU64(&x20, &x21, x7, (arg1[0])); + var x22: u64 = undefined; + var x23: u1 = undefined; + fiatP434AddcarryxU64(&x22, &x23, 0x0, x21, x18); + var x24: u64 = undefined; + var x25: u1 = undefined; + fiatP434AddcarryxU64(&x24, &x25, x23, x19, x16); + var x26: u64 = undefined; + var x27: u1 = undefined; + fiatP434AddcarryxU64(&x26, &x27, x25, x17, x14); + var x28: u64 = undefined; + var x29: u1 = undefined; + fiatP434AddcarryxU64(&x28, &x29, x27, x15, x12); + var x30: u64 = undefined; + var x31: u1 = undefined; + fiatP434AddcarryxU64(&x30, &x31, x29, x13, x10); + var x32: u64 = undefined; + var x33: u1 = undefined; + fiatP434AddcarryxU64(&x32, &x33, x31, x11, x8); + const x34: u64 = (@intCast(u64, x33) + x9); + var x35: u64 = undefined; + var x36: u64 = undefined; + fiatP434MulxU64(&x35, &x36, x20, 0x2341f27177344); + var x37: u64 = undefined; + var x38: u64 = undefined; + fiatP434MulxU64(&x37, &x38, x20, 0x6cfc5fd681c52056); + var x39: u64 = undefined; + var x40: u64 = undefined; + fiatP434MulxU64(&x39, &x40, x20, 0x7bc65c783158aea3); + var x41: u64 = undefined; + var x42: u64 = undefined; + fiatP434MulxU64(&x41, &x42, x20, 0xfdc1767ae2ffffff); + var x43: u64 = undefined; + var x44: u64 = undefined; + fiatP434MulxU64(&x43, &x44, x20, 0xffffffffffffffff); + var x45: u64 = undefined; + var x46: u64 = undefined; + fiatP434MulxU64(&x45, &x46, x20, 0xffffffffffffffff); + var x47: u64 = undefined; + var x48: u64 = undefined; + fiatP434MulxU64(&x47, &x48, x20, 0xffffffffffffffff); + var x49: u64 = undefined; + var x50: u1 = undefined; + fiatP434AddcarryxU64(&x49, &x50, 0x0, x48, x45); + var x51: u64 = undefined; + var x52: u1 = undefined; + fiatP434AddcarryxU64(&x51, &x52, x50, x46, x43); + var x53: u64 = undefined; + var x54: u1 = undefined; + fiatP434AddcarryxU64(&x53, &x54, x52, x44, x41); + var x55: u64 = undefined; + var x56: u1 = undefined; + fiatP434AddcarryxU64(&x55, &x56, x54, x42, x39); + var x57: u64 = undefined; + var x58: u1 = undefined; + fiatP434AddcarryxU64(&x57, &x58, x56, x40, x37); + var x59: u64 = undefined; + var x60: u1 = undefined; + fiatP434AddcarryxU64(&x59, &x60, x58, x38, x35); + const x61: u64 = (@intCast(u64, x60) + x36); + var x62: u64 = undefined; + var x63: u1 = undefined; + fiatP434AddcarryxU64(&x62, &x63, 0x0, x20, x47); + var x64: u64 = undefined; + var x65: u1 = undefined; + fiatP434AddcarryxU64(&x64, &x65, x63, x22, x49); + var x66: u64 = undefined; + var x67: u1 = undefined; + fiatP434AddcarryxU64(&x66, &x67, x65, x24, x51); + var x68: u64 = undefined; + var x69: u1 = undefined; + fiatP434AddcarryxU64(&x68, &x69, x67, x26, x53); + var x70: u64 = undefined; + var x71: u1 = undefined; + fiatP434AddcarryxU64(&x70, &x71, x69, x28, x55); + var x72: u64 = undefined; + var x73: u1 = undefined; + fiatP434AddcarryxU64(&x72, &x73, x71, x30, x57); + var x74: u64 = undefined; + var x75: u1 = undefined; + fiatP434AddcarryxU64(&x74, &x75, x73, x32, x59); + var x76: u64 = undefined; + var x77: u1 = undefined; + fiatP434AddcarryxU64(&x76, &x77, x75, x34, x61); + var x78: u64 = undefined; + var x79: u64 = undefined; + fiatP434MulxU64(&x78, &x79, x1, (arg1[6])); + var x80: u64 = undefined; + var x81: u64 = undefined; + fiatP434MulxU64(&x80, &x81, x1, (arg1[5])); + var x82: u64 = undefined; + var x83: u64 = undefined; + fiatP434MulxU64(&x82, &x83, x1, (arg1[4])); + var x84: u64 = undefined; + var x85: u64 = undefined; + fiatP434MulxU64(&x84, &x85, x1, (arg1[3])); + var x86: u64 = undefined; + var x87: u64 = undefined; + fiatP434MulxU64(&x86, &x87, x1, (arg1[2])); + var x88: u64 = undefined; + var x89: u64 = undefined; + fiatP434MulxU64(&x88, &x89, x1, (arg1[1])); + var x90: u64 = undefined; + var x91: u64 = undefined; + fiatP434MulxU64(&x90, &x91, x1, (arg1[0])); + var x92: u64 = undefined; + var x93: u1 = undefined; + fiatP434AddcarryxU64(&x92, &x93, 0x0, x91, x88); + var x94: u64 = undefined; + var x95: u1 = undefined; + fiatP434AddcarryxU64(&x94, &x95, x93, x89, x86); + var x96: u64 = undefined; + var x97: u1 = undefined; + fiatP434AddcarryxU64(&x96, &x97, x95, x87, x84); + var x98: u64 = undefined; + var x99: u1 = undefined; + fiatP434AddcarryxU64(&x98, &x99, x97, x85, x82); + var x100: u64 = undefined; + var x101: u1 = undefined; + fiatP434AddcarryxU64(&x100, &x101, x99, x83, x80); + var x102: u64 = undefined; + var x103: u1 = undefined; + fiatP434AddcarryxU64(&x102, &x103, x101, x81, x78); + const x104: u64 = (@intCast(u64, x103) + x79); + var x105: u64 = undefined; + var x106: u1 = undefined; + fiatP434AddcarryxU64(&x105, &x106, 0x0, x64, x90); + var x107: u64 = undefined; + var x108: u1 = undefined; + fiatP434AddcarryxU64(&x107, &x108, x106, x66, x92); + var x109: u64 = undefined; + var x110: u1 = undefined; + fiatP434AddcarryxU64(&x109, &x110, x108, x68, x94); + var x111: u64 = undefined; + var x112: u1 = undefined; + fiatP434AddcarryxU64(&x111, &x112, x110, x70, x96); + var x113: u64 = undefined; + var x114: u1 = undefined; + fiatP434AddcarryxU64(&x113, &x114, x112, x72, x98); + var x115: u64 = undefined; + var x116: u1 = undefined; + fiatP434AddcarryxU64(&x115, &x116, x114, x74, x100); + var x117: u64 = undefined; + var x118: u1 = undefined; + fiatP434AddcarryxU64(&x117, &x118, x116, x76, x102); + var x119: u64 = undefined; + var x120: u1 = undefined; + fiatP434AddcarryxU64(&x119, &x120, x118, @intCast(u64, x77), x104); + var x121: u64 = undefined; + var x122: u64 = undefined; + fiatP434MulxU64(&x121, &x122, x105, 0x2341f27177344); + var x123: u64 = undefined; + var x124: u64 = undefined; + fiatP434MulxU64(&x123, &x124, x105, 0x6cfc5fd681c52056); + var x125: u64 = undefined; + var x126: u64 = undefined; + fiatP434MulxU64(&x125, &x126, x105, 0x7bc65c783158aea3); + var x127: u64 = undefined; + var x128: u64 = undefined; + fiatP434MulxU64(&x127, &x128, x105, 0xfdc1767ae2ffffff); + var x129: u64 = undefined; + var x130: u64 = undefined; + fiatP434MulxU64(&x129, &x130, x105, 0xffffffffffffffff); + var x131: u64 = undefined; + var x132: u64 = undefined; + fiatP434MulxU64(&x131, &x132, x105, 0xffffffffffffffff); + var x133: u64 = undefined; + var x134: u64 = undefined; + fiatP434MulxU64(&x133, &x134, x105, 0xffffffffffffffff); + var x135: u64 = undefined; + var x136: u1 = undefined; + fiatP434AddcarryxU64(&x135, &x136, 0x0, x134, x131); + var x137: u64 = undefined; + var x138: u1 = undefined; + fiatP434AddcarryxU64(&x137, &x138, x136, x132, x129); + var x139: u64 = undefined; + var x140: u1 = undefined; + fiatP434AddcarryxU64(&x139, &x140, x138, x130, x127); + var x141: u64 = undefined; + var x142: u1 = undefined; + fiatP434AddcarryxU64(&x141, &x142, x140, x128, x125); + var x143: u64 = undefined; + var x144: u1 = undefined; + fiatP434AddcarryxU64(&x143, &x144, x142, x126, x123); + var x145: u64 = undefined; + var x146: u1 = undefined; + fiatP434AddcarryxU64(&x145, &x146, x144, x124, x121); + const x147: u64 = (@intCast(u64, x146) + x122); + var x148: u64 = undefined; + var x149: u1 = undefined; + fiatP434AddcarryxU64(&x148, &x149, 0x0, x105, x133); + var x150: u64 = undefined; + var x151: u1 = undefined; + fiatP434AddcarryxU64(&x150, &x151, x149, x107, x135); + var x152: u64 = undefined; + var x153: u1 = undefined; + fiatP434AddcarryxU64(&x152, &x153, x151, x109, x137); + var x154: u64 = undefined; + var x155: u1 = undefined; + fiatP434AddcarryxU64(&x154, &x155, x153, x111, x139); + var x156: u64 = undefined; + var x157: u1 = undefined; + fiatP434AddcarryxU64(&x156, &x157, x155, x113, x141); + var x158: u64 = undefined; + var x159: u1 = undefined; + fiatP434AddcarryxU64(&x158, &x159, x157, x115, x143); + var x160: u64 = undefined; + var x161: u1 = undefined; + fiatP434AddcarryxU64(&x160, &x161, x159, x117, x145); + var x162: u64 = undefined; + var x163: u1 = undefined; + fiatP434AddcarryxU64(&x162, &x163, x161, x119, x147); + const x164: u64 = (@intCast(u64, x163) + @intCast(u64, x120)); + var x165: u64 = undefined; + var x166: u64 = undefined; + fiatP434MulxU64(&x165, &x166, x2, (arg1[6])); + var x167: u64 = undefined; + var x168: u64 = undefined; + fiatP434MulxU64(&x167, &x168, x2, (arg1[5])); + var x169: u64 = undefined; + var x170: u64 = undefined; + fiatP434MulxU64(&x169, &x170, x2, (arg1[4])); + var x171: u64 = undefined; + var x172: u64 = undefined; + fiatP434MulxU64(&x171, &x172, x2, (arg1[3])); + var x173: u64 = undefined; + var x174: u64 = undefined; + fiatP434MulxU64(&x173, &x174, x2, (arg1[2])); + var x175: u64 = undefined; + var x176: u64 = undefined; + fiatP434MulxU64(&x175, &x176, x2, (arg1[1])); + var x177: u64 = undefined; + var x178: u64 = undefined; + fiatP434MulxU64(&x177, &x178, x2, (arg1[0])); + var x179: u64 = undefined; + var x180: u1 = undefined; + fiatP434AddcarryxU64(&x179, &x180, 0x0, x178, x175); + var x181: u64 = undefined; + var x182: u1 = undefined; + fiatP434AddcarryxU64(&x181, &x182, x180, x176, x173); + var x183: u64 = undefined; + var x184: u1 = undefined; + fiatP434AddcarryxU64(&x183, &x184, x182, x174, x171); + var x185: u64 = undefined; + var x186: u1 = undefined; + fiatP434AddcarryxU64(&x185, &x186, x184, x172, x169); + var x187: u64 = undefined; + var x188: u1 = undefined; + fiatP434AddcarryxU64(&x187, &x188, x186, x170, x167); + var x189: u64 = undefined; + var x190: u1 = undefined; + fiatP434AddcarryxU64(&x189, &x190, x188, x168, x165); + const x191: u64 = (@intCast(u64, x190) + x166); + var x192: u64 = undefined; + var x193: u1 = undefined; + fiatP434AddcarryxU64(&x192, &x193, 0x0, x150, x177); + var x194: u64 = undefined; + var x195: u1 = undefined; + fiatP434AddcarryxU64(&x194, &x195, x193, x152, x179); + var x196: u64 = undefined; + var x197: u1 = undefined; + fiatP434AddcarryxU64(&x196, &x197, x195, x154, x181); + var x198: u64 = undefined; + var x199: u1 = undefined; + fiatP434AddcarryxU64(&x198, &x199, x197, x156, x183); + var x200: u64 = undefined; + var x201: u1 = undefined; + fiatP434AddcarryxU64(&x200, &x201, x199, x158, x185); + var x202: u64 = undefined; + var x203: u1 = undefined; + fiatP434AddcarryxU64(&x202, &x203, x201, x160, x187); + var x204: u64 = undefined; + var x205: u1 = undefined; + fiatP434AddcarryxU64(&x204, &x205, x203, x162, x189); + var x206: u64 = undefined; + var x207: u1 = undefined; + fiatP434AddcarryxU64(&x206, &x207, x205, x164, x191); + var x208: u64 = undefined; + var x209: u64 = undefined; + fiatP434MulxU64(&x208, &x209, x192, 0x2341f27177344); + var x210: u64 = undefined; + var x211: u64 = undefined; + fiatP434MulxU64(&x210, &x211, x192, 0x6cfc5fd681c52056); + var x212: u64 = undefined; + var x213: u64 = undefined; + fiatP434MulxU64(&x212, &x213, x192, 0x7bc65c783158aea3); + var x214: u64 = undefined; + var x215: u64 = undefined; + fiatP434MulxU64(&x214, &x215, x192, 0xfdc1767ae2ffffff); + var x216: u64 = undefined; + var x217: u64 = undefined; + fiatP434MulxU64(&x216, &x217, x192, 0xffffffffffffffff); + var x218: u64 = undefined; + var x219: u64 = undefined; + fiatP434MulxU64(&x218, &x219, x192, 0xffffffffffffffff); + var x220: u64 = undefined; + var x221: u64 = undefined; + fiatP434MulxU64(&x220, &x221, x192, 0xffffffffffffffff); + var x222: u64 = undefined; + var x223: u1 = undefined; + fiatP434AddcarryxU64(&x222, &x223, 0x0, x221, x218); + var x224: u64 = undefined; + var x225: u1 = undefined; + fiatP434AddcarryxU64(&x224, &x225, x223, x219, x216); + var x226: u64 = undefined; + var x227: u1 = undefined; + fiatP434AddcarryxU64(&x226, &x227, x225, x217, x214); + var x228: u64 = undefined; + var x229: u1 = undefined; + fiatP434AddcarryxU64(&x228, &x229, x227, x215, x212); + var x230: u64 = undefined; + var x231: u1 = undefined; + fiatP434AddcarryxU64(&x230, &x231, x229, x213, x210); + var x232: u64 = undefined; + var x233: u1 = undefined; + fiatP434AddcarryxU64(&x232, &x233, x231, x211, x208); + const x234: u64 = (@intCast(u64, x233) + x209); + var x235: u64 = undefined; + var x236: u1 = undefined; + fiatP434AddcarryxU64(&x235, &x236, 0x0, x192, x220); + var x237: u64 = undefined; + var x238: u1 = undefined; + fiatP434AddcarryxU64(&x237, &x238, x236, x194, x222); + var x239: u64 = undefined; + var x240: u1 = undefined; + fiatP434AddcarryxU64(&x239, &x240, x238, x196, x224); + var x241: u64 = undefined; + var x242: u1 = undefined; + fiatP434AddcarryxU64(&x241, &x242, x240, x198, x226); + var x243: u64 = undefined; + var x244: u1 = undefined; + fiatP434AddcarryxU64(&x243, &x244, x242, x200, x228); + var x245: u64 = undefined; + var x246: u1 = undefined; + fiatP434AddcarryxU64(&x245, &x246, x244, x202, x230); + var x247: u64 = undefined; + var x248: u1 = undefined; + fiatP434AddcarryxU64(&x247, &x248, x246, x204, x232); + var x249: u64 = undefined; + var x250: u1 = undefined; + fiatP434AddcarryxU64(&x249, &x250, x248, x206, x234); + const x251: u64 = (@intCast(u64, x250) + @intCast(u64, x207)); + var x252: u64 = undefined; + var x253: u64 = undefined; + fiatP434MulxU64(&x252, &x253, x3, (arg1[6])); + var x254: u64 = undefined; + var x255: u64 = undefined; + fiatP434MulxU64(&x254, &x255, x3, (arg1[5])); + var x256: u64 = undefined; + var x257: u64 = undefined; + fiatP434MulxU64(&x256, &x257, x3, (arg1[4])); + var x258: u64 = undefined; + var x259: u64 = undefined; + fiatP434MulxU64(&x258, &x259, x3, (arg1[3])); + var x260: u64 = undefined; + var x261: u64 = undefined; + fiatP434MulxU64(&x260, &x261, x3, (arg1[2])); + var x262: u64 = undefined; + var x263: u64 = undefined; + fiatP434MulxU64(&x262, &x263, x3, (arg1[1])); + var x264: u64 = undefined; + var x265: u64 = undefined; + fiatP434MulxU64(&x264, &x265, x3, (arg1[0])); + var x266: u64 = undefined; + var x267: u1 = undefined; + fiatP434AddcarryxU64(&x266, &x267, 0x0, x265, x262); + var x268: u64 = undefined; + var x269: u1 = undefined; + fiatP434AddcarryxU64(&x268, &x269, x267, x263, x260); + var x270: u64 = undefined; + var x271: u1 = undefined; + fiatP434AddcarryxU64(&x270, &x271, x269, x261, x258); + var x272: u64 = undefined; + var x273: u1 = undefined; + fiatP434AddcarryxU64(&x272, &x273, x271, x259, x256); + var x274: u64 = undefined; + var x275: u1 = undefined; + fiatP434AddcarryxU64(&x274, &x275, x273, x257, x254); + var x276: u64 = undefined; + var x277: u1 = undefined; + fiatP434AddcarryxU64(&x276, &x277, x275, x255, x252); + const x278: u64 = (@intCast(u64, x277) + x253); + var x279: u64 = undefined; + var x280: u1 = undefined; + fiatP434AddcarryxU64(&x279, &x280, 0x0, x237, x264); + var x281: u64 = undefined; + var x282: u1 = undefined; + fiatP434AddcarryxU64(&x281, &x282, x280, x239, x266); + var x283: u64 = undefined; + var x284: u1 = undefined; + fiatP434AddcarryxU64(&x283, &x284, x282, x241, x268); + var x285: u64 = undefined; + var x286: u1 = undefined; + fiatP434AddcarryxU64(&x285, &x286, x284, x243, x270); + var x287: u64 = undefined; + var x288: u1 = undefined; + fiatP434AddcarryxU64(&x287, &x288, x286, x245, x272); + var x289: u64 = undefined; + var x290: u1 = undefined; + fiatP434AddcarryxU64(&x289, &x290, x288, x247, x274); + var x291: u64 = undefined; + var x292: u1 = undefined; + fiatP434AddcarryxU64(&x291, &x292, x290, x249, x276); + var x293: u64 = undefined; + var x294: u1 = undefined; + fiatP434AddcarryxU64(&x293, &x294, x292, x251, x278); + var x295: u64 = undefined; + var x296: u64 = undefined; + fiatP434MulxU64(&x295, &x296, x279, 0x2341f27177344); + var x297: u64 = undefined; + var x298: u64 = undefined; + fiatP434MulxU64(&x297, &x298, x279, 0x6cfc5fd681c52056); + var x299: u64 = undefined; + var x300: u64 = undefined; + fiatP434MulxU64(&x299, &x300, x279, 0x7bc65c783158aea3); + var x301: u64 = undefined; + var x302: u64 = undefined; + fiatP434MulxU64(&x301, &x302, x279, 0xfdc1767ae2ffffff); + var x303: u64 = undefined; + var x304: u64 = undefined; + fiatP434MulxU64(&x303, &x304, x279, 0xffffffffffffffff); + var x305: u64 = undefined; + var x306: u64 = undefined; + fiatP434MulxU64(&x305, &x306, x279, 0xffffffffffffffff); + var x307: u64 = undefined; + var x308: u64 = undefined; + fiatP434MulxU64(&x307, &x308, x279, 0xffffffffffffffff); + var x309: u64 = undefined; + var x310: u1 = undefined; + fiatP434AddcarryxU64(&x309, &x310, 0x0, x308, x305); + var x311: u64 = undefined; + var x312: u1 = undefined; + fiatP434AddcarryxU64(&x311, &x312, x310, x306, x303); + var x313: u64 = undefined; + var x314: u1 = undefined; + fiatP434AddcarryxU64(&x313, &x314, x312, x304, x301); + var x315: u64 = undefined; + var x316: u1 = undefined; + fiatP434AddcarryxU64(&x315, &x316, x314, x302, x299); + var x317: u64 = undefined; + var x318: u1 = undefined; + fiatP434AddcarryxU64(&x317, &x318, x316, x300, x297); + var x319: u64 = undefined; + var x320: u1 = undefined; + fiatP434AddcarryxU64(&x319, &x320, x318, x298, x295); + const x321: u64 = (@intCast(u64, x320) + x296); + var x322: u64 = undefined; + var x323: u1 = undefined; + fiatP434AddcarryxU64(&x322, &x323, 0x0, x279, x307); + var x324: u64 = undefined; + var x325: u1 = undefined; + fiatP434AddcarryxU64(&x324, &x325, x323, x281, x309); + var x326: u64 = undefined; + var x327: u1 = undefined; + fiatP434AddcarryxU64(&x326, &x327, x325, x283, x311); + var x328: u64 = undefined; + var x329: u1 = undefined; + fiatP434AddcarryxU64(&x328, &x329, x327, x285, x313); + var x330: u64 = undefined; + var x331: u1 = undefined; + fiatP434AddcarryxU64(&x330, &x331, x329, x287, x315); + var x332: u64 = undefined; + var x333: u1 = undefined; + fiatP434AddcarryxU64(&x332, &x333, x331, x289, x317); + var x334: u64 = undefined; + var x335: u1 = undefined; + fiatP434AddcarryxU64(&x334, &x335, x333, x291, x319); + var x336: u64 = undefined; + var x337: u1 = undefined; + fiatP434AddcarryxU64(&x336, &x337, x335, x293, x321); + const x338: u64 = (@intCast(u64, x337) + @intCast(u64, x294)); + var x339: u64 = undefined; + var x340: u64 = undefined; + fiatP434MulxU64(&x339, &x340, x4, (arg1[6])); + var x341: u64 = undefined; + var x342: u64 = undefined; + fiatP434MulxU64(&x341, &x342, x4, (arg1[5])); + var x343: u64 = undefined; + var x344: u64 = undefined; + fiatP434MulxU64(&x343, &x344, x4, (arg1[4])); + var x345: u64 = undefined; + var x346: u64 = undefined; + fiatP434MulxU64(&x345, &x346, x4, (arg1[3])); + var x347: u64 = undefined; + var x348: u64 = undefined; + fiatP434MulxU64(&x347, &x348, x4, (arg1[2])); + var x349: u64 = undefined; + var x350: u64 = undefined; + fiatP434MulxU64(&x349, &x350, x4, (arg1[1])); + var x351: u64 = undefined; + var x352: u64 = undefined; + fiatP434MulxU64(&x351, &x352, x4, (arg1[0])); + var x353: u64 = undefined; + var x354: u1 = undefined; + fiatP434AddcarryxU64(&x353, &x354, 0x0, x352, x349); + var x355: u64 = undefined; + var x356: u1 = undefined; + fiatP434AddcarryxU64(&x355, &x356, x354, x350, x347); + var x357: u64 = undefined; + var x358: u1 = undefined; + fiatP434AddcarryxU64(&x357, &x358, x356, x348, x345); + var x359: u64 = undefined; + var x360: u1 = undefined; + fiatP434AddcarryxU64(&x359, &x360, x358, x346, x343); + var x361: u64 = undefined; + var x362: u1 = undefined; + fiatP434AddcarryxU64(&x361, &x362, x360, x344, x341); + var x363: u64 = undefined; + var x364: u1 = undefined; + fiatP434AddcarryxU64(&x363, &x364, x362, x342, x339); + const x365: u64 = (@intCast(u64, x364) + x340); + var x366: u64 = undefined; + var x367: u1 = undefined; + fiatP434AddcarryxU64(&x366, &x367, 0x0, x324, x351); + var x368: u64 = undefined; + var x369: u1 = undefined; + fiatP434AddcarryxU64(&x368, &x369, x367, x326, x353); + var x370: u64 = undefined; + var x371: u1 = undefined; + fiatP434AddcarryxU64(&x370, &x371, x369, x328, x355); + var x372: u64 = undefined; + var x373: u1 = undefined; + fiatP434AddcarryxU64(&x372, &x373, x371, x330, x357); + var x374: u64 = undefined; + var x375: u1 = undefined; + fiatP434AddcarryxU64(&x374, &x375, x373, x332, x359); + var x376: u64 = undefined; + var x377: u1 = undefined; + fiatP434AddcarryxU64(&x376, &x377, x375, x334, x361); + var x378: u64 = undefined; + var x379: u1 = undefined; + fiatP434AddcarryxU64(&x378, &x379, x377, x336, x363); + var x380: u64 = undefined; + var x381: u1 = undefined; + fiatP434AddcarryxU64(&x380, &x381, x379, x338, x365); + var x382: u64 = undefined; + var x383: u64 = undefined; + fiatP434MulxU64(&x382, &x383, x366, 0x2341f27177344); + var x384: u64 = undefined; + var x385: u64 = undefined; + fiatP434MulxU64(&x384, &x385, x366, 0x6cfc5fd681c52056); + var x386: u64 = undefined; + var x387: u64 = undefined; + fiatP434MulxU64(&x386, &x387, x366, 0x7bc65c783158aea3); + var x388: u64 = undefined; + var x389: u64 = undefined; + fiatP434MulxU64(&x388, &x389, x366, 0xfdc1767ae2ffffff); + var x390: u64 = undefined; + var x391: u64 = undefined; + fiatP434MulxU64(&x390, &x391, x366, 0xffffffffffffffff); + var x392: u64 = undefined; + var x393: u64 = undefined; + fiatP434MulxU64(&x392, &x393, x366, 0xffffffffffffffff); + var x394: u64 = undefined; + var x395: u64 = undefined; + fiatP434MulxU64(&x394, &x395, x366, 0xffffffffffffffff); + var x396: u64 = undefined; + var x397: u1 = undefined; + fiatP434AddcarryxU64(&x396, &x397, 0x0, x395, x392); + var x398: u64 = undefined; + var x399: u1 = undefined; + fiatP434AddcarryxU64(&x398, &x399, x397, x393, x390); + var x400: u64 = undefined; + var x401: u1 = undefined; + fiatP434AddcarryxU64(&x400, &x401, x399, x391, x388); + var x402: u64 = undefined; + var x403: u1 = undefined; + fiatP434AddcarryxU64(&x402, &x403, x401, x389, x386); + var x404: u64 = undefined; + var x405: u1 = undefined; + fiatP434AddcarryxU64(&x404, &x405, x403, x387, x384); + var x406: u64 = undefined; + var x407: u1 = undefined; + fiatP434AddcarryxU64(&x406, &x407, x405, x385, x382); + const x408: u64 = (@intCast(u64, x407) + x383); + var x409: u64 = undefined; + var x410: u1 = undefined; + fiatP434AddcarryxU64(&x409, &x410, 0x0, x366, x394); + var x411: u64 = undefined; + var x412: u1 = undefined; + fiatP434AddcarryxU64(&x411, &x412, x410, x368, x396); + var x413: u64 = undefined; + var x414: u1 = undefined; + fiatP434AddcarryxU64(&x413, &x414, x412, x370, x398); + var x415: u64 = undefined; + var x416: u1 = undefined; + fiatP434AddcarryxU64(&x415, &x416, x414, x372, x400); + var x417: u64 = undefined; + var x418: u1 = undefined; + fiatP434AddcarryxU64(&x417, &x418, x416, x374, x402); + var x419: u64 = undefined; + var x420: u1 = undefined; + fiatP434AddcarryxU64(&x419, &x420, x418, x376, x404); + var x421: u64 = undefined; + var x422: u1 = undefined; + fiatP434AddcarryxU64(&x421, &x422, x420, x378, x406); + var x423: u64 = undefined; + var x424: u1 = undefined; + fiatP434AddcarryxU64(&x423, &x424, x422, x380, x408); + const x425: u64 = (@intCast(u64, x424) + @intCast(u64, x381)); + var x426: u64 = undefined; + var x427: u64 = undefined; + fiatP434MulxU64(&x426, &x427, x5, (arg1[6])); + var x428: u64 = undefined; + var x429: u64 = undefined; + fiatP434MulxU64(&x428, &x429, x5, (arg1[5])); + var x430: u64 = undefined; + var x431: u64 = undefined; + fiatP434MulxU64(&x430, &x431, x5, (arg1[4])); + var x432: u64 = undefined; + var x433: u64 = undefined; + fiatP434MulxU64(&x432, &x433, x5, (arg1[3])); + var x434: u64 = undefined; + var x435: u64 = undefined; + fiatP434MulxU64(&x434, &x435, x5, (arg1[2])); + var x436: u64 = undefined; + var x437: u64 = undefined; + fiatP434MulxU64(&x436, &x437, x5, (arg1[1])); + var x438: u64 = undefined; + var x439: u64 = undefined; + fiatP434MulxU64(&x438, &x439, x5, (arg1[0])); + var x440: u64 = undefined; + var x441: u1 = undefined; + fiatP434AddcarryxU64(&x440, &x441, 0x0, x439, x436); + var x442: u64 = undefined; + var x443: u1 = undefined; + fiatP434AddcarryxU64(&x442, &x443, x441, x437, x434); + var x444: u64 = undefined; + var x445: u1 = undefined; + fiatP434AddcarryxU64(&x444, &x445, x443, x435, x432); + var x446: u64 = undefined; + var x447: u1 = undefined; + fiatP434AddcarryxU64(&x446, &x447, x445, x433, x430); + var x448: u64 = undefined; + var x449: u1 = undefined; + fiatP434AddcarryxU64(&x448, &x449, x447, x431, x428); + var x450: u64 = undefined; + var x451: u1 = undefined; + fiatP434AddcarryxU64(&x450, &x451, x449, x429, x426); + const x452: u64 = (@intCast(u64, x451) + x427); + var x453: u64 = undefined; + var x454: u1 = undefined; + fiatP434AddcarryxU64(&x453, &x454, 0x0, x411, x438); + var x455: u64 = undefined; + var x456: u1 = undefined; + fiatP434AddcarryxU64(&x455, &x456, x454, x413, x440); + var x457: u64 = undefined; + var x458: u1 = undefined; + fiatP434AddcarryxU64(&x457, &x458, x456, x415, x442); + var x459: u64 = undefined; + var x460: u1 = undefined; + fiatP434AddcarryxU64(&x459, &x460, x458, x417, x444); + var x461: u64 = undefined; + var x462: u1 = undefined; + fiatP434AddcarryxU64(&x461, &x462, x460, x419, x446); + var x463: u64 = undefined; + var x464: u1 = undefined; + fiatP434AddcarryxU64(&x463, &x464, x462, x421, x448); + var x465: u64 = undefined; + var x466: u1 = undefined; + fiatP434AddcarryxU64(&x465, &x466, x464, x423, x450); + var x467: u64 = undefined; + var x468: u1 = undefined; + fiatP434AddcarryxU64(&x467, &x468, x466, x425, x452); + var x469: u64 = undefined; + var x470: u64 = undefined; + fiatP434MulxU64(&x469, &x470, x453, 0x2341f27177344); + var x471: u64 = undefined; + var x472: u64 = undefined; + fiatP434MulxU64(&x471, &x472, x453, 0x6cfc5fd681c52056); + var x473: u64 = undefined; + var x474: u64 = undefined; + fiatP434MulxU64(&x473, &x474, x453, 0x7bc65c783158aea3); + var x475: u64 = undefined; + var x476: u64 = undefined; + fiatP434MulxU64(&x475, &x476, x453, 0xfdc1767ae2ffffff); + var x477: u64 = undefined; + var x478: u64 = undefined; + fiatP434MulxU64(&x477, &x478, x453, 0xffffffffffffffff); + var x479: u64 = undefined; + var x480: u64 = undefined; + fiatP434MulxU64(&x479, &x480, x453, 0xffffffffffffffff); + var x481: u64 = undefined; + var x482: u64 = undefined; + fiatP434MulxU64(&x481, &x482, x453, 0xffffffffffffffff); + var x483: u64 = undefined; + var x484: u1 = undefined; + fiatP434AddcarryxU64(&x483, &x484, 0x0, x482, x479); + var x485: u64 = undefined; + var x486: u1 = undefined; + fiatP434AddcarryxU64(&x485, &x486, x484, x480, x477); + var x487: u64 = undefined; + var x488: u1 = undefined; + fiatP434AddcarryxU64(&x487, &x488, x486, x478, x475); + var x489: u64 = undefined; + var x490: u1 = undefined; + fiatP434AddcarryxU64(&x489, &x490, x488, x476, x473); + var x491: u64 = undefined; + var x492: u1 = undefined; + fiatP434AddcarryxU64(&x491, &x492, x490, x474, x471); + var x493: u64 = undefined; + var x494: u1 = undefined; + fiatP434AddcarryxU64(&x493, &x494, x492, x472, x469); + const x495: u64 = (@intCast(u64, x494) + x470); + var x496: u64 = undefined; + var x497: u1 = undefined; + fiatP434AddcarryxU64(&x496, &x497, 0x0, x453, x481); + var x498: u64 = undefined; + var x499: u1 = undefined; + fiatP434AddcarryxU64(&x498, &x499, x497, x455, x483); + var x500: u64 = undefined; + var x501: u1 = undefined; + fiatP434AddcarryxU64(&x500, &x501, x499, x457, x485); + var x502: u64 = undefined; + var x503: u1 = undefined; + fiatP434AddcarryxU64(&x502, &x503, x501, x459, x487); + var x504: u64 = undefined; + var x505: u1 = undefined; + fiatP434AddcarryxU64(&x504, &x505, x503, x461, x489); + var x506: u64 = undefined; + var x507: u1 = undefined; + fiatP434AddcarryxU64(&x506, &x507, x505, x463, x491); + var x508: u64 = undefined; + var x509: u1 = undefined; + fiatP434AddcarryxU64(&x508, &x509, x507, x465, x493); + var x510: u64 = undefined; + var x511: u1 = undefined; + fiatP434AddcarryxU64(&x510, &x511, x509, x467, x495); + const x512: u64 = (@intCast(u64, x511) + @intCast(u64, x468)); + var x513: u64 = undefined; + var x514: u64 = undefined; + fiatP434MulxU64(&x513, &x514, x6, (arg1[6])); + var x515: u64 = undefined; + var x516: u64 = undefined; + fiatP434MulxU64(&x515, &x516, x6, (arg1[5])); + var x517: u64 = undefined; + var x518: u64 = undefined; + fiatP434MulxU64(&x517, &x518, x6, (arg1[4])); + var x519: u64 = undefined; + var x520: u64 = undefined; + fiatP434MulxU64(&x519, &x520, x6, (arg1[3])); + var x521: u64 = undefined; + var x522: u64 = undefined; + fiatP434MulxU64(&x521, &x522, x6, (arg1[2])); + var x523: u64 = undefined; + var x524: u64 = undefined; + fiatP434MulxU64(&x523, &x524, x6, (arg1[1])); + var x525: u64 = undefined; + var x526: u64 = undefined; + fiatP434MulxU64(&x525, &x526, x6, (arg1[0])); + var x527: u64 = undefined; + var x528: u1 = undefined; + fiatP434AddcarryxU64(&x527, &x528, 0x0, x526, x523); + var x529: u64 = undefined; + var x530: u1 = undefined; + fiatP434AddcarryxU64(&x529, &x530, x528, x524, x521); + var x531: u64 = undefined; + var x532: u1 = undefined; + fiatP434AddcarryxU64(&x531, &x532, x530, x522, x519); + var x533: u64 = undefined; + var x534: u1 = undefined; + fiatP434AddcarryxU64(&x533, &x534, x532, x520, x517); + var x535: u64 = undefined; + var x536: u1 = undefined; + fiatP434AddcarryxU64(&x535, &x536, x534, x518, x515); + var x537: u64 = undefined; + var x538: u1 = undefined; + fiatP434AddcarryxU64(&x537, &x538, x536, x516, x513); + const x539: u64 = (@intCast(u64, x538) + x514); + var x540: u64 = undefined; + var x541: u1 = undefined; + fiatP434AddcarryxU64(&x540, &x541, 0x0, x498, x525); + var x542: u64 = undefined; + var x543: u1 = undefined; + fiatP434AddcarryxU64(&x542, &x543, x541, x500, x527); + var x544: u64 = undefined; + var x545: u1 = undefined; + fiatP434AddcarryxU64(&x544, &x545, x543, x502, x529); + var x546: u64 = undefined; + var x547: u1 = undefined; + fiatP434AddcarryxU64(&x546, &x547, x545, x504, x531); + var x548: u64 = undefined; + var x549: u1 = undefined; + fiatP434AddcarryxU64(&x548, &x549, x547, x506, x533); + var x550: u64 = undefined; + var x551: u1 = undefined; + fiatP434AddcarryxU64(&x550, &x551, x549, x508, x535); + var x552: u64 = undefined; + var x553: u1 = undefined; + fiatP434AddcarryxU64(&x552, &x553, x551, x510, x537); + var x554: u64 = undefined; + var x555: u1 = undefined; + fiatP434AddcarryxU64(&x554, &x555, x553, x512, x539); + var x556: u64 = undefined; + var x557: u64 = undefined; + fiatP434MulxU64(&x556, &x557, x540, 0x2341f27177344); + var x558: u64 = undefined; + var x559: u64 = undefined; + fiatP434MulxU64(&x558, &x559, x540, 0x6cfc5fd681c52056); + var x560: u64 = undefined; + var x561: u64 = undefined; + fiatP434MulxU64(&x560, &x561, x540, 0x7bc65c783158aea3); + var x562: u64 = undefined; + var x563: u64 = undefined; + fiatP434MulxU64(&x562, &x563, x540, 0xfdc1767ae2ffffff); + var x564: u64 = undefined; + var x565: u64 = undefined; + fiatP434MulxU64(&x564, &x565, x540, 0xffffffffffffffff); + var x566: u64 = undefined; + var x567: u64 = undefined; + fiatP434MulxU64(&x566, &x567, x540, 0xffffffffffffffff); + var x568: u64 = undefined; + var x569: u64 = undefined; + fiatP434MulxU64(&x568, &x569, x540, 0xffffffffffffffff); + var x570: u64 = undefined; + var x571: u1 = undefined; + fiatP434AddcarryxU64(&x570, &x571, 0x0, x569, x566); + var x572: u64 = undefined; + var x573: u1 = undefined; + fiatP434AddcarryxU64(&x572, &x573, x571, x567, x564); + var x574: u64 = undefined; + var x575: u1 = undefined; + fiatP434AddcarryxU64(&x574, &x575, x573, x565, x562); + var x576: u64 = undefined; + var x577: u1 = undefined; + fiatP434AddcarryxU64(&x576, &x577, x575, x563, x560); + var x578: u64 = undefined; + var x579: u1 = undefined; + fiatP434AddcarryxU64(&x578, &x579, x577, x561, x558); + var x580: u64 = undefined; + var x581: u1 = undefined; + fiatP434AddcarryxU64(&x580, &x581, x579, x559, x556); + const x582: u64 = (@intCast(u64, x581) + x557); + var x583: u64 = undefined; + var x584: u1 = undefined; + fiatP434AddcarryxU64(&x583, &x584, 0x0, x540, x568); + var x585: u64 = undefined; + var x586: u1 = undefined; + fiatP434AddcarryxU64(&x585, &x586, x584, x542, x570); + var x587: u64 = undefined; + var x588: u1 = undefined; + fiatP434AddcarryxU64(&x587, &x588, x586, x544, x572); + var x589: u64 = undefined; + var x590: u1 = undefined; + fiatP434AddcarryxU64(&x589, &x590, x588, x546, x574); + var x591: u64 = undefined; + var x592: u1 = undefined; + fiatP434AddcarryxU64(&x591, &x592, x590, x548, x576); + var x593: u64 = undefined; + var x594: u1 = undefined; + fiatP434AddcarryxU64(&x593, &x594, x592, x550, x578); + var x595: u64 = undefined; + var x596: u1 = undefined; + fiatP434AddcarryxU64(&x595, &x596, x594, x552, x580); + var x597: u64 = undefined; + var x598: u1 = undefined; + fiatP434AddcarryxU64(&x597, &x598, x596, x554, x582); + const x599: u64 = (@intCast(u64, x598) + @intCast(u64, x555)); + var x600: u64 = undefined; + var x601: u1 = undefined; + fiatP434SubborrowxU64(&x600, &x601, 0x0, x585, 0xffffffffffffffff); + var x602: u64 = undefined; + var x603: u1 = undefined; + fiatP434SubborrowxU64(&x602, &x603, x601, x587, 0xffffffffffffffff); + var x604: u64 = undefined; + var x605: u1 = undefined; + fiatP434SubborrowxU64(&x604, &x605, x603, x589, 0xffffffffffffffff); + var x606: u64 = undefined; + var x607: u1 = undefined; + fiatP434SubborrowxU64(&x606, &x607, x605, x591, 0xfdc1767ae2ffffff); + var x608: u64 = undefined; + var x609: u1 = undefined; + fiatP434SubborrowxU64(&x608, &x609, x607, x593, 0x7bc65c783158aea3); + var x610: u64 = undefined; + var x611: u1 = undefined; + fiatP434SubborrowxU64(&x610, &x611, x609, x595, 0x6cfc5fd681c52056); + var x612: u64 = undefined; + var x613: u1 = undefined; + fiatP434SubborrowxU64(&x612, &x613, x611, x597, 0x2341f27177344); + var x614: u64 = undefined; + var x615: u1 = undefined; + fiatP434SubborrowxU64(&x614, &x615, x613, x599, @intCast(u64, 0x0)); + var x616: u64 = undefined; + fiatP434CmovznzU64(&x616, x615, x600, x585); + var x617: u64 = undefined; + fiatP434CmovznzU64(&x617, x615, x602, x587); + var x618: u64 = undefined; + fiatP434CmovznzU64(&x618, x615, x604, x589); + var x619: u64 = undefined; + fiatP434CmovznzU64(&x619, x615, x606, x591); + var x620: u64 = undefined; + fiatP434CmovznzU64(&x620, x615, x608, x593); + var x621: u64 = undefined; + fiatP434CmovznzU64(&x621, x615, x610, x595); + var x622: u64 = undefined; + fiatP434CmovznzU64(&x622, x615, x612, x597); + out1[0] = x616; + out1[1] = x617; + out1[2] = x618; + out1[3] = x619; + out1[4] = x620; + out1[5] = x621; + out1[6] = x622; +} + +/// The function fiatP434Add adds two field elements in the Montgomery domain. +/// Preconditions: +/// 0 ≤ eval arg1 < m +/// 0 ≤ eval arg2 < m +/// Postconditions: +/// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) + eval (from_montgomery arg2)) mod m +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +pub fn fiatP434Add(out1: *[7]u64, arg1: [7]u64, arg2: [7]u64) void { + var x1: u64 = undefined; + var x2: u1 = undefined; + fiatP434AddcarryxU64(&x1, &x2, 0x0, (arg1[0]), (arg2[0])); + var x3: u64 = undefined; + var x4: u1 = undefined; + fiatP434AddcarryxU64(&x3, &x4, x2, (arg1[1]), (arg2[1])); + var x5: u64 = undefined; + var x6: u1 = undefined; + fiatP434AddcarryxU64(&x5, &x6, x4, (arg1[2]), (arg2[2])); + var x7: u64 = undefined; + var x8: u1 = undefined; + fiatP434AddcarryxU64(&x7, &x8, x6, (arg1[3]), (arg2[3])); + var x9: u64 = undefined; + var x10: u1 = undefined; + fiatP434AddcarryxU64(&x9, &x10, x8, (arg1[4]), (arg2[4])); + var x11: u64 = undefined; + var x12: u1 = undefined; + fiatP434AddcarryxU64(&x11, &x12, x10, (arg1[5]), (arg2[5])); + var x13: u64 = undefined; + var x14: u1 = undefined; + fiatP434AddcarryxU64(&x13, &x14, x12, (arg1[6]), (arg2[6])); + var x15: u64 = undefined; + var x16: u1 = undefined; + fiatP434SubborrowxU64(&x15, &x16, 0x0, x1, 0xffffffffffffffff); + var x17: u64 = undefined; + var x18: u1 = undefined; + fiatP434SubborrowxU64(&x17, &x18, x16, x3, 0xffffffffffffffff); + var x19: u64 = undefined; + var x20: u1 = undefined; + fiatP434SubborrowxU64(&x19, &x20, x18, x5, 0xffffffffffffffff); + var x21: u64 = undefined; + var x22: u1 = undefined; + fiatP434SubborrowxU64(&x21, &x22, x20, x7, 0xfdc1767ae2ffffff); + var x23: u64 = undefined; + var x24: u1 = undefined; + fiatP434SubborrowxU64(&x23, &x24, x22, x9, 0x7bc65c783158aea3); + var x25: u64 = undefined; + var x26: u1 = undefined; + fiatP434SubborrowxU64(&x25, &x26, x24, x11, 0x6cfc5fd681c52056); + var x27: u64 = undefined; + var x28: u1 = undefined; + fiatP434SubborrowxU64(&x27, &x28, x26, x13, 0x2341f27177344); + var x29: u64 = undefined; + var x30: u1 = undefined; + fiatP434SubborrowxU64(&x29, &x30, x28, @intCast(u64, x14), @intCast(u64, 0x0)); + var x31: u64 = undefined; + fiatP434CmovznzU64(&x31, x30, x15, x1); + var x32: u64 = undefined; + fiatP434CmovznzU64(&x32, x30, x17, x3); + var x33: u64 = undefined; + fiatP434CmovznzU64(&x33, x30, x19, x5); + var x34: u64 = undefined; + fiatP434CmovznzU64(&x34, x30, x21, x7); + var x35: u64 = undefined; + fiatP434CmovznzU64(&x35, x30, x23, x9); + var x36: u64 = undefined; + fiatP434CmovznzU64(&x36, x30, x25, x11); + var x37: u64 = undefined; + fiatP434CmovznzU64(&x37, x30, x27, x13); + out1[0] = x31; + out1[1] = x32; + out1[2] = x33; + out1[3] = x34; + out1[4] = x35; + out1[5] = x36; + out1[6] = x37; +} + +/// The function fiatP434Sub subtracts two field elements in the Montgomery domain. +/// Preconditions: +/// 0 ≤ eval arg1 < m +/// 0 ≤ eval arg2 < m +/// Postconditions: +/// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) - eval (from_montgomery arg2)) mod m +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +pub fn fiatP434Sub(out1: *[7]u64, arg1: [7]u64, arg2: [7]u64) void { + var x1: u64 = undefined; + var x2: u1 = undefined; + fiatP434SubborrowxU64(&x1, &x2, 0x0, (arg1[0]), (arg2[0])); + var x3: u64 = undefined; + var x4: u1 = undefined; + fiatP434SubborrowxU64(&x3, &x4, x2, (arg1[1]), (arg2[1])); + var x5: u64 = undefined; + var x6: u1 = undefined; + fiatP434SubborrowxU64(&x5, &x6, x4, (arg1[2]), (arg2[2])); + var x7: u64 = undefined; + var x8: u1 = undefined; + fiatP434SubborrowxU64(&x7, &x8, x6, (arg1[3]), (arg2[3])); + var x9: u64 = undefined; + var x10: u1 = undefined; + fiatP434SubborrowxU64(&x9, &x10, x8, (arg1[4]), (arg2[4])); + var x11: u64 = undefined; + var x12: u1 = undefined; + fiatP434SubborrowxU64(&x11, &x12, x10, (arg1[5]), (arg2[5])); + var x13: u64 = undefined; + var x14: u1 = undefined; + fiatP434SubborrowxU64(&x13, &x14, x12, (arg1[6]), (arg2[6])); + var x15: u64 = undefined; + fiatP434CmovznzU64(&x15, x14, @intCast(u64, 0x0), 0xffffffffffffffff); + var x16: u64 = undefined; + var x17: u1 = undefined; + fiatP434AddcarryxU64(&x16, &x17, 0x0, x1, x15); + var x18: u64 = undefined; + var x19: u1 = undefined; + fiatP434AddcarryxU64(&x18, &x19, x17, x3, x15); + var x20: u64 = undefined; + var x21: u1 = undefined; + fiatP434AddcarryxU64(&x20, &x21, x19, x5, x15); + var x22: u64 = undefined; + var x23: u1 = undefined; + fiatP434AddcarryxU64(&x22, &x23, x21, x7, (x15 & 0xfdc1767ae2ffffff)); + var x24: u64 = undefined; + var x25: u1 = undefined; + fiatP434AddcarryxU64(&x24, &x25, x23, x9, (x15 & 0x7bc65c783158aea3)); + var x26: u64 = undefined; + var x27: u1 = undefined; + fiatP434AddcarryxU64(&x26, &x27, x25, x11, (x15 & 0x6cfc5fd681c52056)); + var x28: u64 = undefined; + var x29: u1 = undefined; + fiatP434AddcarryxU64(&x28, &x29, x27, x13, (x15 & 0x2341f27177344)); + out1[0] = x16; + out1[1] = x18; + out1[2] = x20; + out1[3] = x22; + out1[4] = x24; + out1[5] = x26; + out1[6] = x28; +} + +/// The function fiatP434Opp negates a field element in the Montgomery domain. +/// Preconditions: +/// 0 ≤ eval arg1 < m +/// Postconditions: +/// eval (from_montgomery out1) mod m = -eval (from_montgomery arg1) mod m +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +pub fn fiatP434Opp(out1: *[7]u64, arg1: [7]u64) void { + var x1: u64 = undefined; + var x2: u1 = undefined; + fiatP434SubborrowxU64(&x1, &x2, 0x0, @intCast(u64, 0x0), (arg1[0])); + var x3: u64 = undefined; + var x4: u1 = undefined; + fiatP434SubborrowxU64(&x3, &x4, x2, @intCast(u64, 0x0), (arg1[1])); + var x5: u64 = undefined; + var x6: u1 = undefined; + fiatP434SubborrowxU64(&x5, &x6, x4, @intCast(u64, 0x0), (arg1[2])); + var x7: u64 = undefined; + var x8: u1 = undefined; + fiatP434SubborrowxU64(&x7, &x8, x6, @intCast(u64, 0x0), (arg1[3])); + var x9: u64 = undefined; + var x10: u1 = undefined; + fiatP434SubborrowxU64(&x9, &x10, x8, @intCast(u64, 0x0), (arg1[4])); + var x11: u64 = undefined; + var x12: u1 = undefined; + fiatP434SubborrowxU64(&x11, &x12, x10, @intCast(u64, 0x0), (arg1[5])); + var x13: u64 = undefined; + var x14: u1 = undefined; + fiatP434SubborrowxU64(&x13, &x14, x12, @intCast(u64, 0x0), (arg1[6])); + var x15: u64 = undefined; + fiatP434CmovznzU64(&x15, x14, @intCast(u64, 0x0), 0xffffffffffffffff); + var x16: u64 = undefined; + var x17: u1 = undefined; + fiatP434AddcarryxU64(&x16, &x17, 0x0, x1, x15); + var x18: u64 = undefined; + var x19: u1 = undefined; + fiatP434AddcarryxU64(&x18, &x19, x17, x3, x15); + var x20: u64 = undefined; + var x21: u1 = undefined; + fiatP434AddcarryxU64(&x20, &x21, x19, x5, x15); + var x22: u64 = undefined; + var x23: u1 = undefined; + fiatP434AddcarryxU64(&x22, &x23, x21, x7, (x15 & 0xfdc1767ae2ffffff)); + var x24: u64 = undefined; + var x25: u1 = undefined; + fiatP434AddcarryxU64(&x24, &x25, x23, x9, (x15 & 0x7bc65c783158aea3)); + var x26: u64 = undefined; + var x27: u1 = undefined; + fiatP434AddcarryxU64(&x26, &x27, x25, x11, (x15 & 0x6cfc5fd681c52056)); + var x28: u64 = undefined; + var x29: u1 = undefined; + fiatP434AddcarryxU64(&x28, &x29, x27, x13, (x15 & 0x2341f27177344)); + out1[0] = x16; + out1[1] = x18; + out1[2] = x20; + out1[3] = x22; + out1[4] = x24; + out1[5] = x26; + out1[6] = x28; +} + +/// The function fiatP434FromMontgomery translates a field element out of the Montgomery domain. +/// Preconditions: +/// 0 ≤ eval arg1 < m +/// Postconditions: +/// eval out1 mod m = (eval arg1 * ((2^64)⁻¹ mod m)^7) mod m +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +pub fn fiatP434FromMontgomery(out1: *[7]u64, arg1: [7]u64) void { + const x1: u64 = (arg1[0]); + var x2: u64 = undefined; + var x3: u64 = undefined; + fiatP434MulxU64(&x2, &x3, x1, 0x2341f27177344); + var x4: u64 = undefined; + var x5: u64 = undefined; + fiatP434MulxU64(&x4, &x5, x1, 0x6cfc5fd681c52056); + var x6: u64 = undefined; + var x7: u64 = undefined; + fiatP434MulxU64(&x6, &x7, x1, 0x7bc65c783158aea3); + var x8: u64 = undefined; + var x9: u64 = undefined; + fiatP434MulxU64(&x8, &x9, x1, 0xfdc1767ae2ffffff); + var x10: u64 = undefined; + var x11: u64 = undefined; + fiatP434MulxU64(&x10, &x11, x1, 0xffffffffffffffff); + var x12: u64 = undefined; + var x13: u64 = undefined; + fiatP434MulxU64(&x12, &x13, x1, 0xffffffffffffffff); + var x14: u64 = undefined; + var x15: u64 = undefined; + fiatP434MulxU64(&x14, &x15, x1, 0xffffffffffffffff); + var x16: u64 = undefined; + var x17: u1 = undefined; + fiatP434AddcarryxU64(&x16, &x17, 0x0, x15, x12); + var x18: u64 = undefined; + var x19: u1 = undefined; + fiatP434AddcarryxU64(&x18, &x19, x17, x13, x10); + var x20: u64 = undefined; + var x21: u1 = undefined; + fiatP434AddcarryxU64(&x20, &x21, x19, x11, x8); + var x22: u64 = undefined; + var x23: u1 = undefined; + fiatP434AddcarryxU64(&x22, &x23, x21, x9, x6); + var x24: u64 = undefined; + var x25: u1 = undefined; + fiatP434AddcarryxU64(&x24, &x25, x23, x7, x4); + var x26: u64 = undefined; + var x27: u1 = undefined; + fiatP434AddcarryxU64(&x26, &x27, x25, x5, x2); + var x28: u64 = undefined; + var x29: u1 = undefined; + fiatP434AddcarryxU64(&x28, &x29, 0x0, x1, x14); + var x30: u64 = undefined; + var x31: u1 = undefined; + fiatP434AddcarryxU64(&x30, &x31, x29, @intCast(u64, 0x0), x16); + var x32: u64 = undefined; + var x33: u1 = undefined; + fiatP434AddcarryxU64(&x32, &x33, x31, @intCast(u64, 0x0), x18); + var x34: u64 = undefined; + var x35: u1 = undefined; + fiatP434AddcarryxU64(&x34, &x35, x33, @intCast(u64, 0x0), x20); + var x36: u64 = undefined; + var x37: u1 = undefined; + fiatP434AddcarryxU64(&x36, &x37, x35, @intCast(u64, 0x0), x22); + var x38: u64 = undefined; + var x39: u1 = undefined; + fiatP434AddcarryxU64(&x38, &x39, x37, @intCast(u64, 0x0), x24); + var x40: u64 = undefined; + var x41: u1 = undefined; + fiatP434AddcarryxU64(&x40, &x41, x39, @intCast(u64, 0x0), x26); + var x42: u64 = undefined; + var x43: u1 = undefined; + fiatP434AddcarryxU64(&x42, &x43, 0x0, x30, (arg1[1])); + var x44: u64 = undefined; + var x45: u1 = undefined; + fiatP434AddcarryxU64(&x44, &x45, x43, x32, @intCast(u64, 0x0)); + var x46: u64 = undefined; + var x47: u1 = undefined; + fiatP434AddcarryxU64(&x46, &x47, x45, x34, @intCast(u64, 0x0)); + var x48: u64 = undefined; + var x49: u1 = undefined; + fiatP434AddcarryxU64(&x48, &x49, x47, x36, @intCast(u64, 0x0)); + var x50: u64 = undefined; + var x51: u1 = undefined; + fiatP434AddcarryxU64(&x50, &x51, x49, x38, @intCast(u64, 0x0)); + var x52: u64 = undefined; + var x53: u1 = undefined; + fiatP434AddcarryxU64(&x52, &x53, x51, x40, @intCast(u64, 0x0)); + var x54: u64 = undefined; + var x55: u64 = undefined; + fiatP434MulxU64(&x54, &x55, x42, 0x2341f27177344); + var x56: u64 = undefined; + var x57: u64 = undefined; + fiatP434MulxU64(&x56, &x57, x42, 0x6cfc5fd681c52056); + var x58: u64 = undefined; + var x59: u64 = undefined; + fiatP434MulxU64(&x58, &x59, x42, 0x7bc65c783158aea3); + var x60: u64 = undefined; + var x61: u64 = undefined; + fiatP434MulxU64(&x60, &x61, x42, 0xfdc1767ae2ffffff); + var x62: u64 = undefined; + var x63: u64 = undefined; + fiatP434MulxU64(&x62, &x63, x42, 0xffffffffffffffff); + var x64: u64 = undefined; + var x65: u64 = undefined; + fiatP434MulxU64(&x64, &x65, x42, 0xffffffffffffffff); + var x66: u64 = undefined; + var x67: u64 = undefined; + fiatP434MulxU64(&x66, &x67, x42, 0xffffffffffffffff); + var x68: u64 = undefined; + var x69: u1 = undefined; + fiatP434AddcarryxU64(&x68, &x69, 0x0, x67, x64); + var x70: u64 = undefined; + var x71: u1 = undefined; + fiatP434AddcarryxU64(&x70, &x71, x69, x65, x62); + var x72: u64 = undefined; + var x73: u1 = undefined; + fiatP434AddcarryxU64(&x72, &x73, x71, x63, x60); + var x74: u64 = undefined; + var x75: u1 = undefined; + fiatP434AddcarryxU64(&x74, &x75, x73, x61, x58); + var x76: u64 = undefined; + var x77: u1 = undefined; + fiatP434AddcarryxU64(&x76, &x77, x75, x59, x56); + var x78: u64 = undefined; + var x79: u1 = undefined; + fiatP434AddcarryxU64(&x78, &x79, x77, x57, x54); + var x80: u64 = undefined; + var x81: u1 = undefined; + fiatP434AddcarryxU64(&x80, &x81, 0x0, x42, x66); + var x82: u64 = undefined; + var x83: u1 = undefined; + fiatP434AddcarryxU64(&x82, &x83, x81, x44, x68); + var x84: u64 = undefined; + var x85: u1 = undefined; + fiatP434AddcarryxU64(&x84, &x85, x83, x46, x70); + var x86: u64 = undefined; + var x87: u1 = undefined; + fiatP434AddcarryxU64(&x86, &x87, x85, x48, x72); + var x88: u64 = undefined; + var x89: u1 = undefined; + fiatP434AddcarryxU64(&x88, &x89, x87, x50, x74); + var x90: u64 = undefined; + var x91: u1 = undefined; + fiatP434AddcarryxU64(&x90, &x91, x89, x52, x76); + var x92: u64 = undefined; + var x93: u1 = undefined; + fiatP434AddcarryxU64(&x92, &x93, x91, (@intCast(u64, x53) + (@intCast(u64, x41) + (@intCast(u64, x27) + x3))), x78); + var x94: u64 = undefined; + var x95: u1 = undefined; + fiatP434AddcarryxU64(&x94, &x95, 0x0, x82, (arg1[2])); + var x96: u64 = undefined; + var x97: u1 = undefined; + fiatP434AddcarryxU64(&x96, &x97, x95, x84, @intCast(u64, 0x0)); + var x98: u64 = undefined; + var x99: u1 = undefined; + fiatP434AddcarryxU64(&x98, &x99, x97, x86, @intCast(u64, 0x0)); + var x100: u64 = undefined; + var x101: u1 = undefined; + fiatP434AddcarryxU64(&x100, &x101, x99, x88, @intCast(u64, 0x0)); + var x102: u64 = undefined; + var x103: u1 = undefined; + fiatP434AddcarryxU64(&x102, &x103, x101, x90, @intCast(u64, 0x0)); + var x104: u64 = undefined; + var x105: u1 = undefined; + fiatP434AddcarryxU64(&x104, &x105, x103, x92, @intCast(u64, 0x0)); + var x106: u64 = undefined; + var x107: u64 = undefined; + fiatP434MulxU64(&x106, &x107, x94, 0x2341f27177344); + var x108: u64 = undefined; + var x109: u64 = undefined; + fiatP434MulxU64(&x108, &x109, x94, 0x6cfc5fd681c52056); + var x110: u64 = undefined; + var x111: u64 = undefined; + fiatP434MulxU64(&x110, &x111, x94, 0x7bc65c783158aea3); + var x112: u64 = undefined; + var x113: u64 = undefined; + fiatP434MulxU64(&x112, &x113, x94, 0xfdc1767ae2ffffff); + var x114: u64 = undefined; + var x115: u64 = undefined; + fiatP434MulxU64(&x114, &x115, x94, 0xffffffffffffffff); + var x116: u64 = undefined; + var x117: u64 = undefined; + fiatP434MulxU64(&x116, &x117, x94, 0xffffffffffffffff); + var x118: u64 = undefined; + var x119: u64 = undefined; + fiatP434MulxU64(&x118, &x119, x94, 0xffffffffffffffff); + var x120: u64 = undefined; + var x121: u1 = undefined; + fiatP434AddcarryxU64(&x120, &x121, 0x0, x119, x116); + var x122: u64 = undefined; + var x123: u1 = undefined; + fiatP434AddcarryxU64(&x122, &x123, x121, x117, x114); + var x124: u64 = undefined; + var x125: u1 = undefined; + fiatP434AddcarryxU64(&x124, &x125, x123, x115, x112); + var x126: u64 = undefined; + var x127: u1 = undefined; + fiatP434AddcarryxU64(&x126, &x127, x125, x113, x110); + var x128: u64 = undefined; + var x129: u1 = undefined; + fiatP434AddcarryxU64(&x128, &x129, x127, x111, x108); + var x130: u64 = undefined; + var x131: u1 = undefined; + fiatP434AddcarryxU64(&x130, &x131, x129, x109, x106); + var x132: u64 = undefined; + var x133: u1 = undefined; + fiatP434AddcarryxU64(&x132, &x133, 0x0, x94, x118); + var x134: u64 = undefined; + var x135: u1 = undefined; + fiatP434AddcarryxU64(&x134, &x135, x133, x96, x120); + var x136: u64 = undefined; + var x137: u1 = undefined; + fiatP434AddcarryxU64(&x136, &x137, x135, x98, x122); + var x138: u64 = undefined; + var x139: u1 = undefined; + fiatP434AddcarryxU64(&x138, &x139, x137, x100, x124); + var x140: u64 = undefined; + var x141: u1 = undefined; + fiatP434AddcarryxU64(&x140, &x141, x139, x102, x126); + var x142: u64 = undefined; + var x143: u1 = undefined; + fiatP434AddcarryxU64(&x142, &x143, x141, x104, x128); + var x144: u64 = undefined; + var x145: u1 = undefined; + fiatP434AddcarryxU64(&x144, &x145, x143, (@intCast(u64, x105) + (@intCast(u64, x93) + (@intCast(u64, x79) + x55))), x130); + var x146: u64 = undefined; + var x147: u1 = undefined; + fiatP434AddcarryxU64(&x146, &x147, 0x0, x134, (arg1[3])); + var x148: u64 = undefined; + var x149: u1 = undefined; + fiatP434AddcarryxU64(&x148, &x149, x147, x136, @intCast(u64, 0x0)); + var x150: u64 = undefined; + var x151: u1 = undefined; + fiatP434AddcarryxU64(&x150, &x151, x149, x138, @intCast(u64, 0x0)); + var x152: u64 = undefined; + var x153: u1 = undefined; + fiatP434AddcarryxU64(&x152, &x153, x151, x140, @intCast(u64, 0x0)); + var x154: u64 = undefined; + var x155: u1 = undefined; + fiatP434AddcarryxU64(&x154, &x155, x153, x142, @intCast(u64, 0x0)); + var x156: u64 = undefined; + var x157: u1 = undefined; + fiatP434AddcarryxU64(&x156, &x157, x155, x144, @intCast(u64, 0x0)); + var x158: u64 = undefined; + var x159: u64 = undefined; + fiatP434MulxU64(&x158, &x159, x146, 0x2341f27177344); + var x160: u64 = undefined; + var x161: u64 = undefined; + fiatP434MulxU64(&x160, &x161, x146, 0x6cfc5fd681c52056); + var x162: u64 = undefined; + var x163: u64 = undefined; + fiatP434MulxU64(&x162, &x163, x146, 0x7bc65c783158aea3); + var x164: u64 = undefined; + var x165: u64 = undefined; + fiatP434MulxU64(&x164, &x165, x146, 0xfdc1767ae2ffffff); + var x166: u64 = undefined; + var x167: u64 = undefined; + fiatP434MulxU64(&x166, &x167, x146, 0xffffffffffffffff); + var x168: u64 = undefined; + var x169: u64 = undefined; + fiatP434MulxU64(&x168, &x169, x146, 0xffffffffffffffff); + var x170: u64 = undefined; + var x171: u64 = undefined; + fiatP434MulxU64(&x170, &x171, x146, 0xffffffffffffffff); + var x172: u64 = undefined; + var x173: u1 = undefined; + fiatP434AddcarryxU64(&x172, &x173, 0x0, x171, x168); + var x174: u64 = undefined; + var x175: u1 = undefined; + fiatP434AddcarryxU64(&x174, &x175, x173, x169, x166); + var x176: u64 = undefined; + var x177: u1 = undefined; + fiatP434AddcarryxU64(&x176, &x177, x175, x167, x164); + var x178: u64 = undefined; + var x179: u1 = undefined; + fiatP434AddcarryxU64(&x178, &x179, x177, x165, x162); + var x180: u64 = undefined; + var x181: u1 = undefined; + fiatP434AddcarryxU64(&x180, &x181, x179, x163, x160); + var x182: u64 = undefined; + var x183: u1 = undefined; + fiatP434AddcarryxU64(&x182, &x183, x181, x161, x158); + var x184: u64 = undefined; + var x185: u1 = undefined; + fiatP434AddcarryxU64(&x184, &x185, 0x0, x146, x170); + var x186: u64 = undefined; + var x187: u1 = undefined; + fiatP434AddcarryxU64(&x186, &x187, x185, x148, x172); + var x188: u64 = undefined; + var x189: u1 = undefined; + fiatP434AddcarryxU64(&x188, &x189, x187, x150, x174); + var x190: u64 = undefined; + var x191: u1 = undefined; + fiatP434AddcarryxU64(&x190, &x191, x189, x152, x176); + var x192: u64 = undefined; + var x193: u1 = undefined; + fiatP434AddcarryxU64(&x192, &x193, x191, x154, x178); + var x194: u64 = undefined; + var x195: u1 = undefined; + fiatP434AddcarryxU64(&x194, &x195, x193, x156, x180); + var x196: u64 = undefined; + var x197: u1 = undefined; + fiatP434AddcarryxU64(&x196, &x197, x195, (@intCast(u64, x157) + (@intCast(u64, x145) + (@intCast(u64, x131) + x107))), x182); + var x198: u64 = undefined; + var x199: u1 = undefined; + fiatP434AddcarryxU64(&x198, &x199, 0x0, x186, (arg1[4])); + var x200: u64 = undefined; + var x201: u1 = undefined; + fiatP434AddcarryxU64(&x200, &x201, x199, x188, @intCast(u64, 0x0)); + var x202: u64 = undefined; + var x203: u1 = undefined; + fiatP434AddcarryxU64(&x202, &x203, x201, x190, @intCast(u64, 0x0)); + var x204: u64 = undefined; + var x205: u1 = undefined; + fiatP434AddcarryxU64(&x204, &x205, x203, x192, @intCast(u64, 0x0)); + var x206: u64 = undefined; + var x207: u1 = undefined; + fiatP434AddcarryxU64(&x206, &x207, x205, x194, @intCast(u64, 0x0)); + var x208: u64 = undefined; + var x209: u1 = undefined; + fiatP434AddcarryxU64(&x208, &x209, x207, x196, @intCast(u64, 0x0)); + var x210: u64 = undefined; + var x211: u64 = undefined; + fiatP434MulxU64(&x210, &x211, x198, 0x2341f27177344); + var x212: u64 = undefined; + var x213: u64 = undefined; + fiatP434MulxU64(&x212, &x213, x198, 0x6cfc5fd681c52056); + var x214: u64 = undefined; + var x215: u64 = undefined; + fiatP434MulxU64(&x214, &x215, x198, 0x7bc65c783158aea3); + var x216: u64 = undefined; + var x217: u64 = undefined; + fiatP434MulxU64(&x216, &x217, x198, 0xfdc1767ae2ffffff); + var x218: u64 = undefined; + var x219: u64 = undefined; + fiatP434MulxU64(&x218, &x219, x198, 0xffffffffffffffff); + var x220: u64 = undefined; + var x221: u64 = undefined; + fiatP434MulxU64(&x220, &x221, x198, 0xffffffffffffffff); + var x222: u64 = undefined; + var x223: u64 = undefined; + fiatP434MulxU64(&x222, &x223, x198, 0xffffffffffffffff); + var x224: u64 = undefined; + var x225: u1 = undefined; + fiatP434AddcarryxU64(&x224, &x225, 0x0, x223, x220); + var x226: u64 = undefined; + var x227: u1 = undefined; + fiatP434AddcarryxU64(&x226, &x227, x225, x221, x218); + var x228: u64 = undefined; + var x229: u1 = undefined; + fiatP434AddcarryxU64(&x228, &x229, x227, x219, x216); + var x230: u64 = undefined; + var x231: u1 = undefined; + fiatP434AddcarryxU64(&x230, &x231, x229, x217, x214); + var x232: u64 = undefined; + var x233: u1 = undefined; + fiatP434AddcarryxU64(&x232, &x233, x231, x215, x212); + var x234: u64 = undefined; + var x235: u1 = undefined; + fiatP434AddcarryxU64(&x234, &x235, x233, x213, x210); + var x236: u64 = undefined; + var x237: u1 = undefined; + fiatP434AddcarryxU64(&x236, &x237, 0x0, x198, x222); + var x238: u64 = undefined; + var x239: u1 = undefined; + fiatP434AddcarryxU64(&x238, &x239, x237, x200, x224); + var x240: u64 = undefined; + var x241: u1 = undefined; + fiatP434AddcarryxU64(&x240, &x241, x239, x202, x226); + var x242: u64 = undefined; + var x243: u1 = undefined; + fiatP434AddcarryxU64(&x242, &x243, x241, x204, x228); + var x244: u64 = undefined; + var x245: u1 = undefined; + fiatP434AddcarryxU64(&x244, &x245, x243, x206, x230); + var x246: u64 = undefined; + var x247: u1 = undefined; + fiatP434AddcarryxU64(&x246, &x247, x245, x208, x232); + var x248: u64 = undefined; + var x249: u1 = undefined; + fiatP434AddcarryxU64(&x248, &x249, x247, (@intCast(u64, x209) + (@intCast(u64, x197) + (@intCast(u64, x183) + x159))), x234); + var x250: u64 = undefined; + var x251: u1 = undefined; + fiatP434AddcarryxU64(&x250, &x251, 0x0, x238, (arg1[5])); + var x252: u64 = undefined; + var x253: u1 = undefined; + fiatP434AddcarryxU64(&x252, &x253, x251, x240, @intCast(u64, 0x0)); + var x254: u64 = undefined; + var x255: u1 = undefined; + fiatP434AddcarryxU64(&x254, &x255, x253, x242, @intCast(u64, 0x0)); + var x256: u64 = undefined; + var x257: u1 = undefined; + fiatP434AddcarryxU64(&x256, &x257, x255, x244, @intCast(u64, 0x0)); + var x258: u64 = undefined; + var x259: u1 = undefined; + fiatP434AddcarryxU64(&x258, &x259, x257, x246, @intCast(u64, 0x0)); + var x260: u64 = undefined; + var x261: u1 = undefined; + fiatP434AddcarryxU64(&x260, &x261, x259, x248, @intCast(u64, 0x0)); + var x262: u64 = undefined; + var x263: u64 = undefined; + fiatP434MulxU64(&x262, &x263, x250, 0x2341f27177344); + var x264: u64 = undefined; + var x265: u64 = undefined; + fiatP434MulxU64(&x264, &x265, x250, 0x6cfc5fd681c52056); + var x266: u64 = undefined; + var x267: u64 = undefined; + fiatP434MulxU64(&x266, &x267, x250, 0x7bc65c783158aea3); + var x268: u64 = undefined; + var x269: u64 = undefined; + fiatP434MulxU64(&x268, &x269, x250, 0xfdc1767ae2ffffff); + var x270: u64 = undefined; + var x271: u64 = undefined; + fiatP434MulxU64(&x270, &x271, x250, 0xffffffffffffffff); + var x272: u64 = undefined; + var x273: u64 = undefined; + fiatP434MulxU64(&x272, &x273, x250, 0xffffffffffffffff); + var x274: u64 = undefined; + var x275: u64 = undefined; + fiatP434MulxU64(&x274, &x275, x250, 0xffffffffffffffff); + var x276: u64 = undefined; + var x277: u1 = undefined; + fiatP434AddcarryxU64(&x276, &x277, 0x0, x275, x272); + var x278: u64 = undefined; + var x279: u1 = undefined; + fiatP434AddcarryxU64(&x278, &x279, x277, x273, x270); + var x280: u64 = undefined; + var x281: u1 = undefined; + fiatP434AddcarryxU64(&x280, &x281, x279, x271, x268); + var x282: u64 = undefined; + var x283: u1 = undefined; + fiatP434AddcarryxU64(&x282, &x283, x281, x269, x266); + var x284: u64 = undefined; + var x285: u1 = undefined; + fiatP434AddcarryxU64(&x284, &x285, x283, x267, x264); + var x286: u64 = undefined; + var x287: u1 = undefined; + fiatP434AddcarryxU64(&x286, &x287, x285, x265, x262); + var x288: u64 = undefined; + var x289: u1 = undefined; + fiatP434AddcarryxU64(&x288, &x289, 0x0, x250, x274); + var x290: u64 = undefined; + var x291: u1 = undefined; + fiatP434AddcarryxU64(&x290, &x291, x289, x252, x276); + var x292: u64 = undefined; + var x293: u1 = undefined; + fiatP434AddcarryxU64(&x292, &x293, x291, x254, x278); + var x294: u64 = undefined; + var x295: u1 = undefined; + fiatP434AddcarryxU64(&x294, &x295, x293, x256, x280); + var x296: u64 = undefined; + var x297: u1 = undefined; + fiatP434AddcarryxU64(&x296, &x297, x295, x258, x282); + var x298: u64 = undefined; + var x299: u1 = undefined; + fiatP434AddcarryxU64(&x298, &x299, x297, x260, x284); + var x300: u64 = undefined; + var x301: u1 = undefined; + fiatP434AddcarryxU64(&x300, &x301, x299, (@intCast(u64, x261) + (@intCast(u64, x249) + (@intCast(u64, x235) + x211))), x286); + var x302: u64 = undefined; + var x303: u1 = undefined; + fiatP434AddcarryxU64(&x302, &x303, 0x0, x290, (arg1[6])); + var x304: u64 = undefined; + var x305: u1 = undefined; + fiatP434AddcarryxU64(&x304, &x305, x303, x292, @intCast(u64, 0x0)); + var x306: u64 = undefined; + var x307: u1 = undefined; + fiatP434AddcarryxU64(&x306, &x307, x305, x294, @intCast(u64, 0x0)); + var x308: u64 = undefined; + var x309: u1 = undefined; + fiatP434AddcarryxU64(&x308, &x309, x307, x296, @intCast(u64, 0x0)); + var x310: u64 = undefined; + var x311: u1 = undefined; + fiatP434AddcarryxU64(&x310, &x311, x309, x298, @intCast(u64, 0x0)); + var x312: u64 = undefined; + var x313: u1 = undefined; + fiatP434AddcarryxU64(&x312, &x313, x311, x300, @intCast(u64, 0x0)); + var x314: u64 = undefined; + var x315: u64 = undefined; + fiatP434MulxU64(&x314, &x315, x302, 0x2341f27177344); + var x316: u64 = undefined; + var x317: u64 = undefined; + fiatP434MulxU64(&x316, &x317, x302, 0x6cfc5fd681c52056); + var x318: u64 = undefined; + var x319: u64 = undefined; + fiatP434MulxU64(&x318, &x319, x302, 0x7bc65c783158aea3); + var x320: u64 = undefined; + var x321: u64 = undefined; + fiatP434MulxU64(&x320, &x321, x302, 0xfdc1767ae2ffffff); + var x322: u64 = undefined; + var x323: u64 = undefined; + fiatP434MulxU64(&x322, &x323, x302, 0xffffffffffffffff); + var x324: u64 = undefined; + var x325: u64 = undefined; + fiatP434MulxU64(&x324, &x325, x302, 0xffffffffffffffff); + var x326: u64 = undefined; + var x327: u64 = undefined; + fiatP434MulxU64(&x326, &x327, x302, 0xffffffffffffffff); + var x328: u64 = undefined; + var x329: u1 = undefined; + fiatP434AddcarryxU64(&x328, &x329, 0x0, x327, x324); + var x330: u64 = undefined; + var x331: u1 = undefined; + fiatP434AddcarryxU64(&x330, &x331, x329, x325, x322); + var x332: u64 = undefined; + var x333: u1 = undefined; + fiatP434AddcarryxU64(&x332, &x333, x331, x323, x320); + var x334: u64 = undefined; + var x335: u1 = undefined; + fiatP434AddcarryxU64(&x334, &x335, x333, x321, x318); + var x336: u64 = undefined; + var x337: u1 = undefined; + fiatP434AddcarryxU64(&x336, &x337, x335, x319, x316); + var x338: u64 = undefined; + var x339: u1 = undefined; + fiatP434AddcarryxU64(&x338, &x339, x337, x317, x314); + var x340: u64 = undefined; + var x341: u1 = undefined; + fiatP434AddcarryxU64(&x340, &x341, 0x0, x302, x326); + var x342: u64 = undefined; + var x343: u1 = undefined; + fiatP434AddcarryxU64(&x342, &x343, x341, x304, x328); + var x344: u64 = undefined; + var x345: u1 = undefined; + fiatP434AddcarryxU64(&x344, &x345, x343, x306, x330); + var x346: u64 = undefined; + var x347: u1 = undefined; + fiatP434AddcarryxU64(&x346, &x347, x345, x308, x332); + var x348: u64 = undefined; + var x349: u1 = undefined; + fiatP434AddcarryxU64(&x348, &x349, x347, x310, x334); + var x350: u64 = undefined; + var x351: u1 = undefined; + fiatP434AddcarryxU64(&x350, &x351, x349, x312, x336); + var x352: u64 = undefined; + var x353: u1 = undefined; + fiatP434AddcarryxU64(&x352, &x353, x351, (@intCast(u64, x313) + (@intCast(u64, x301) + (@intCast(u64, x287) + x263))), x338); + const x354: u64 = (@intCast(u64, x353) + (@intCast(u64, x339) + x315)); + var x355: u64 = undefined; + var x356: u1 = undefined; + fiatP434SubborrowxU64(&x355, &x356, 0x0, x342, 0xffffffffffffffff); + var x357: u64 = undefined; + var x358: u1 = undefined; + fiatP434SubborrowxU64(&x357, &x358, x356, x344, 0xffffffffffffffff); + var x359: u64 = undefined; + var x360: u1 = undefined; + fiatP434SubborrowxU64(&x359, &x360, x358, x346, 0xffffffffffffffff); + var x361: u64 = undefined; + var x362: u1 = undefined; + fiatP434SubborrowxU64(&x361, &x362, x360, x348, 0xfdc1767ae2ffffff); + var x363: u64 = undefined; + var x364: u1 = undefined; + fiatP434SubborrowxU64(&x363, &x364, x362, x350, 0x7bc65c783158aea3); + var x365: u64 = undefined; + var x366: u1 = undefined; + fiatP434SubborrowxU64(&x365, &x366, x364, x352, 0x6cfc5fd681c52056); + var x367: u64 = undefined; + var x368: u1 = undefined; + fiatP434SubborrowxU64(&x367, &x368, x366, x354, 0x2341f27177344); + var x369: u64 = undefined; + var x370: u1 = undefined; + fiatP434SubborrowxU64(&x369, &x370, x368, @intCast(u64, 0x0), @intCast(u64, 0x0)); + var x371: u64 = undefined; + fiatP434CmovznzU64(&x371, x370, x355, x342); + var x372: u64 = undefined; + fiatP434CmovznzU64(&x372, x370, x357, x344); + var x373: u64 = undefined; + fiatP434CmovznzU64(&x373, x370, x359, x346); + var x374: u64 = undefined; + fiatP434CmovznzU64(&x374, x370, x361, x348); + var x375: u64 = undefined; + fiatP434CmovznzU64(&x375, x370, x363, x350); + var x376: u64 = undefined; + fiatP434CmovznzU64(&x376, x370, x365, x352); + var x377: u64 = undefined; + fiatP434CmovznzU64(&x377, x370, x367, x354); + out1[0] = x371; + out1[1] = x372; + out1[2] = x373; + out1[3] = x374; + out1[4] = x375; + out1[5] = x376; + out1[6] = x377; +} + +/// The function fiatP434ToMontgomery translates a field element into the Montgomery domain. +/// Preconditions: +/// 0 ≤ eval arg1 < m +/// Postconditions: +/// eval (from_montgomery out1) mod m = eval arg1 mod m +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +pub fn fiatP434ToMontgomery(out1: *[7]u64, arg1: [7]u64) void { + const x1: u64 = (arg1[1]); + const x2: u64 = (arg1[2]); + const x3: u64 = (arg1[3]); + const x4: u64 = (arg1[4]); + const x5: u64 = (arg1[5]); + const x6: u64 = (arg1[6]); + const x7: u64 = (arg1[0]); + var x8: u64 = undefined; + var x9: u64 = undefined; + fiatP434MulxU64(&x8, &x9, x7, 0x25a89bcdd12a); + var x10: u64 = undefined; + var x11: u64 = undefined; + fiatP434MulxU64(&x10, &x11, x7, 0x69e16a61c7686d9a); + var x12: u64 = undefined; + var x13: u64 = undefined; + fiatP434MulxU64(&x12, &x13, x7, 0xabcd92bf2dde347e); + var x14: u64 = undefined; + var x15: u64 = undefined; + fiatP434MulxU64(&x14, &x15, x7, 0x175cc6af8d6c7c0b); + var x16: u64 = undefined; + var x17: u64 = undefined; + fiatP434MulxU64(&x16, &x17, x7, 0xab27973f8311688d); + var x18: u64 = undefined; + var x19: u64 = undefined; + fiatP434MulxU64(&x18, &x19, x7, 0xacec7367768798c2); + var x20: u64 = undefined; + var x21: u64 = undefined; + fiatP434MulxU64(&x20, &x21, x7, 0x28e55b65dcd69b30); + var x22: u64 = undefined; + var x23: u1 = undefined; + fiatP434AddcarryxU64(&x22, &x23, 0x0, x21, x18); + var x24: u64 = undefined; + var x25: u1 = undefined; + fiatP434AddcarryxU64(&x24, &x25, x23, x19, x16); + var x26: u64 = undefined; + var x27: u1 = undefined; + fiatP434AddcarryxU64(&x26, &x27, x25, x17, x14); + var x28: u64 = undefined; + var x29: u1 = undefined; + fiatP434AddcarryxU64(&x28, &x29, x27, x15, x12); + var x30: u64 = undefined; + var x31: u1 = undefined; + fiatP434AddcarryxU64(&x30, &x31, x29, x13, x10); + var x32: u64 = undefined; + var x33: u1 = undefined; + fiatP434AddcarryxU64(&x32, &x33, x31, x11, x8); + var x34: u64 = undefined; + var x35: u64 = undefined; + fiatP434MulxU64(&x34, &x35, x20, 0x2341f27177344); + var x36: u64 = undefined; + var x37: u64 = undefined; + fiatP434MulxU64(&x36, &x37, x20, 0x6cfc5fd681c52056); + var x38: u64 = undefined; + var x39: u64 = undefined; + fiatP434MulxU64(&x38, &x39, x20, 0x7bc65c783158aea3); + var x40: u64 = undefined; + var x41: u64 = undefined; + fiatP434MulxU64(&x40, &x41, x20, 0xfdc1767ae2ffffff); + var x42: u64 = undefined; + var x43: u64 = undefined; + fiatP434MulxU64(&x42, &x43, x20, 0xffffffffffffffff); + var x44: u64 = undefined; + var x45: u64 = undefined; + fiatP434MulxU64(&x44, &x45, x20, 0xffffffffffffffff); + var x46: u64 = undefined; + var x47: u64 = undefined; + fiatP434MulxU64(&x46, &x47, x20, 0xffffffffffffffff); + var x48: u64 = undefined; + var x49: u1 = undefined; + fiatP434AddcarryxU64(&x48, &x49, 0x0, x47, x44); + var x50: u64 = undefined; + var x51: u1 = undefined; + fiatP434AddcarryxU64(&x50, &x51, x49, x45, x42); + var x52: u64 = undefined; + var x53: u1 = undefined; + fiatP434AddcarryxU64(&x52, &x53, x51, x43, x40); + var x54: u64 = undefined; + var x55: u1 = undefined; + fiatP434AddcarryxU64(&x54, &x55, x53, x41, x38); + var x56: u64 = undefined; + var x57: u1 = undefined; + fiatP434AddcarryxU64(&x56, &x57, x55, x39, x36); + var x58: u64 = undefined; + var x59: u1 = undefined; + fiatP434AddcarryxU64(&x58, &x59, x57, x37, x34); + var x60: u64 = undefined; + var x61: u1 = undefined; + fiatP434AddcarryxU64(&x60, &x61, 0x0, x20, x46); + var x62: u64 = undefined; + var x63: u1 = undefined; + fiatP434AddcarryxU64(&x62, &x63, x61, x22, x48); + var x64: u64 = undefined; + var x65: u1 = undefined; + fiatP434AddcarryxU64(&x64, &x65, x63, x24, x50); + var x66: u64 = undefined; + var x67: u1 = undefined; + fiatP434AddcarryxU64(&x66, &x67, x65, x26, x52); + var x68: u64 = undefined; + var x69: u1 = undefined; + fiatP434AddcarryxU64(&x68, &x69, x67, x28, x54); + var x70: u64 = undefined; + var x71: u1 = undefined; + fiatP434AddcarryxU64(&x70, &x71, x69, x30, x56); + var x72: u64 = undefined; + var x73: u1 = undefined; + fiatP434AddcarryxU64(&x72, &x73, x71, x32, x58); + var x74: u64 = undefined; + var x75: u64 = undefined; + fiatP434MulxU64(&x74, &x75, x1, 0x25a89bcdd12a); + var x76: u64 = undefined; + var x77: u64 = undefined; + fiatP434MulxU64(&x76, &x77, x1, 0x69e16a61c7686d9a); + var x78: u64 = undefined; + var x79: u64 = undefined; + fiatP434MulxU64(&x78, &x79, x1, 0xabcd92bf2dde347e); + var x80: u64 = undefined; + var x81: u64 = undefined; + fiatP434MulxU64(&x80, &x81, x1, 0x175cc6af8d6c7c0b); + var x82: u64 = undefined; + var x83: u64 = undefined; + fiatP434MulxU64(&x82, &x83, x1, 0xab27973f8311688d); + var x84: u64 = undefined; + var x85: u64 = undefined; + fiatP434MulxU64(&x84, &x85, x1, 0xacec7367768798c2); + var x86: u64 = undefined; + var x87: u64 = undefined; + fiatP434MulxU64(&x86, &x87, x1, 0x28e55b65dcd69b30); + var x88: u64 = undefined; + var x89: u1 = undefined; + fiatP434AddcarryxU64(&x88, &x89, 0x0, x87, x84); + var x90: u64 = undefined; + var x91: u1 = undefined; + fiatP434AddcarryxU64(&x90, &x91, x89, x85, x82); + var x92: u64 = undefined; + var x93: u1 = undefined; + fiatP434AddcarryxU64(&x92, &x93, x91, x83, x80); + var x94: u64 = undefined; + var x95: u1 = undefined; + fiatP434AddcarryxU64(&x94, &x95, x93, x81, x78); + var x96: u64 = undefined; + var x97: u1 = undefined; + fiatP434AddcarryxU64(&x96, &x97, x95, x79, x76); + var x98: u64 = undefined; + var x99: u1 = undefined; + fiatP434AddcarryxU64(&x98, &x99, x97, x77, x74); + var x100: u64 = undefined; + var x101: u1 = undefined; + fiatP434AddcarryxU64(&x100, &x101, 0x0, x62, x86); + var x102: u64 = undefined; + var x103: u1 = undefined; + fiatP434AddcarryxU64(&x102, &x103, x101, x64, x88); + var x104: u64 = undefined; + var x105: u1 = undefined; + fiatP434AddcarryxU64(&x104, &x105, x103, x66, x90); + var x106: u64 = undefined; + var x107: u1 = undefined; + fiatP434AddcarryxU64(&x106, &x107, x105, x68, x92); + var x108: u64 = undefined; + var x109: u1 = undefined; + fiatP434AddcarryxU64(&x108, &x109, x107, x70, x94); + var x110: u64 = undefined; + var x111: u1 = undefined; + fiatP434AddcarryxU64(&x110, &x111, x109, x72, x96); + var x112: u64 = undefined; + var x113: u1 = undefined; + fiatP434AddcarryxU64(&x112, &x113, x111, ((@intCast(u64, x73) + (@intCast(u64, x33) + x9)) + (@intCast(u64, x59) + x35)), x98); + var x114: u64 = undefined; + var x115: u64 = undefined; + fiatP434MulxU64(&x114, &x115, x100, 0x2341f27177344); + var x116: u64 = undefined; + var x117: u64 = undefined; + fiatP434MulxU64(&x116, &x117, x100, 0x6cfc5fd681c52056); + var x118: u64 = undefined; + var x119: u64 = undefined; + fiatP434MulxU64(&x118, &x119, x100, 0x7bc65c783158aea3); + var x120: u64 = undefined; + var x121: u64 = undefined; + fiatP434MulxU64(&x120, &x121, x100, 0xfdc1767ae2ffffff); + var x122: u64 = undefined; + var x123: u64 = undefined; + fiatP434MulxU64(&x122, &x123, x100, 0xffffffffffffffff); + var x124: u64 = undefined; + var x125: u64 = undefined; + fiatP434MulxU64(&x124, &x125, x100, 0xffffffffffffffff); + var x126: u64 = undefined; + var x127: u64 = undefined; + fiatP434MulxU64(&x126, &x127, x100, 0xffffffffffffffff); + var x128: u64 = undefined; + var x129: u1 = undefined; + fiatP434AddcarryxU64(&x128, &x129, 0x0, x127, x124); + var x130: u64 = undefined; + var x131: u1 = undefined; + fiatP434AddcarryxU64(&x130, &x131, x129, x125, x122); + var x132: u64 = undefined; + var x133: u1 = undefined; + fiatP434AddcarryxU64(&x132, &x133, x131, x123, x120); + var x134: u64 = undefined; + var x135: u1 = undefined; + fiatP434AddcarryxU64(&x134, &x135, x133, x121, x118); + var x136: u64 = undefined; + var x137: u1 = undefined; + fiatP434AddcarryxU64(&x136, &x137, x135, x119, x116); + var x138: u64 = undefined; + var x139: u1 = undefined; + fiatP434AddcarryxU64(&x138, &x139, x137, x117, x114); + var x140: u64 = undefined; + var x141: u1 = undefined; + fiatP434AddcarryxU64(&x140, &x141, 0x0, x100, x126); + var x142: u64 = undefined; + var x143: u1 = undefined; + fiatP434AddcarryxU64(&x142, &x143, x141, x102, x128); + var x144: u64 = undefined; + var x145: u1 = undefined; + fiatP434AddcarryxU64(&x144, &x145, x143, x104, x130); + var x146: u64 = undefined; + var x147: u1 = undefined; + fiatP434AddcarryxU64(&x146, &x147, x145, x106, x132); + var x148: u64 = undefined; + var x149: u1 = undefined; + fiatP434AddcarryxU64(&x148, &x149, x147, x108, x134); + var x150: u64 = undefined; + var x151: u1 = undefined; + fiatP434AddcarryxU64(&x150, &x151, x149, x110, x136); + var x152: u64 = undefined; + var x153: u1 = undefined; + fiatP434AddcarryxU64(&x152, &x153, x151, x112, x138); + var x154: u64 = undefined; + var x155: u64 = undefined; + fiatP434MulxU64(&x154, &x155, x2, 0x25a89bcdd12a); + var x156: u64 = undefined; + var x157: u64 = undefined; + fiatP434MulxU64(&x156, &x157, x2, 0x69e16a61c7686d9a); + var x158: u64 = undefined; + var x159: u64 = undefined; + fiatP434MulxU64(&x158, &x159, x2, 0xabcd92bf2dde347e); + var x160: u64 = undefined; + var x161: u64 = undefined; + fiatP434MulxU64(&x160, &x161, x2, 0x175cc6af8d6c7c0b); + var x162: u64 = undefined; + var x163: u64 = undefined; + fiatP434MulxU64(&x162, &x163, x2, 0xab27973f8311688d); + var x164: u64 = undefined; + var x165: u64 = undefined; + fiatP434MulxU64(&x164, &x165, x2, 0xacec7367768798c2); + var x166: u64 = undefined; + var x167: u64 = undefined; + fiatP434MulxU64(&x166, &x167, x2, 0x28e55b65dcd69b30); + var x168: u64 = undefined; + var x169: u1 = undefined; + fiatP434AddcarryxU64(&x168, &x169, 0x0, x167, x164); + var x170: u64 = undefined; + var x171: u1 = undefined; + fiatP434AddcarryxU64(&x170, &x171, x169, x165, x162); + var x172: u64 = undefined; + var x173: u1 = undefined; + fiatP434AddcarryxU64(&x172, &x173, x171, x163, x160); + var x174: u64 = undefined; + var x175: u1 = undefined; + fiatP434AddcarryxU64(&x174, &x175, x173, x161, x158); + var x176: u64 = undefined; + var x177: u1 = undefined; + fiatP434AddcarryxU64(&x176, &x177, x175, x159, x156); + var x178: u64 = undefined; + var x179: u1 = undefined; + fiatP434AddcarryxU64(&x178, &x179, x177, x157, x154); + var x180: u64 = undefined; + var x181: u1 = undefined; + fiatP434AddcarryxU64(&x180, &x181, 0x0, x142, x166); + var x182: u64 = undefined; + var x183: u1 = undefined; + fiatP434AddcarryxU64(&x182, &x183, x181, x144, x168); + var x184: u64 = undefined; + var x185: u1 = undefined; + fiatP434AddcarryxU64(&x184, &x185, x183, x146, x170); + var x186: u64 = undefined; + var x187: u1 = undefined; + fiatP434AddcarryxU64(&x186, &x187, x185, x148, x172); + var x188: u64 = undefined; + var x189: u1 = undefined; + fiatP434AddcarryxU64(&x188, &x189, x187, x150, x174); + var x190: u64 = undefined; + var x191: u1 = undefined; + fiatP434AddcarryxU64(&x190, &x191, x189, x152, x176); + var x192: u64 = undefined; + var x193: u1 = undefined; + fiatP434AddcarryxU64(&x192, &x193, x191, ((@intCast(u64, x153) + (@intCast(u64, x113) + (@intCast(u64, x99) + x75))) + (@intCast(u64, x139) + x115)), x178); + var x194: u64 = undefined; + var x195: u64 = undefined; + fiatP434MulxU64(&x194, &x195, x180, 0x2341f27177344); + var x196: u64 = undefined; + var x197: u64 = undefined; + fiatP434MulxU64(&x196, &x197, x180, 0x6cfc5fd681c52056); + var x198: u64 = undefined; + var x199: u64 = undefined; + fiatP434MulxU64(&x198, &x199, x180, 0x7bc65c783158aea3); + var x200: u64 = undefined; + var x201: u64 = undefined; + fiatP434MulxU64(&x200, &x201, x180, 0xfdc1767ae2ffffff); + var x202: u64 = undefined; + var x203: u64 = undefined; + fiatP434MulxU64(&x202, &x203, x180, 0xffffffffffffffff); + var x204: u64 = undefined; + var x205: u64 = undefined; + fiatP434MulxU64(&x204, &x205, x180, 0xffffffffffffffff); + var x206: u64 = undefined; + var x207: u64 = undefined; + fiatP434MulxU64(&x206, &x207, x180, 0xffffffffffffffff); + var x208: u64 = undefined; + var x209: u1 = undefined; + fiatP434AddcarryxU64(&x208, &x209, 0x0, x207, x204); + var x210: u64 = undefined; + var x211: u1 = undefined; + fiatP434AddcarryxU64(&x210, &x211, x209, x205, x202); + var x212: u64 = undefined; + var x213: u1 = undefined; + fiatP434AddcarryxU64(&x212, &x213, x211, x203, x200); + var x214: u64 = undefined; + var x215: u1 = undefined; + fiatP434AddcarryxU64(&x214, &x215, x213, x201, x198); + var x216: u64 = undefined; + var x217: u1 = undefined; + fiatP434AddcarryxU64(&x216, &x217, x215, x199, x196); + var x218: u64 = undefined; + var x219: u1 = undefined; + fiatP434AddcarryxU64(&x218, &x219, x217, x197, x194); + var x220: u64 = undefined; + var x221: u1 = undefined; + fiatP434AddcarryxU64(&x220, &x221, 0x0, x180, x206); + var x222: u64 = undefined; + var x223: u1 = undefined; + fiatP434AddcarryxU64(&x222, &x223, x221, x182, x208); + var x224: u64 = undefined; + var x225: u1 = undefined; + fiatP434AddcarryxU64(&x224, &x225, x223, x184, x210); + var x226: u64 = undefined; + var x227: u1 = undefined; + fiatP434AddcarryxU64(&x226, &x227, x225, x186, x212); + var x228: u64 = undefined; + var x229: u1 = undefined; + fiatP434AddcarryxU64(&x228, &x229, x227, x188, x214); + var x230: u64 = undefined; + var x231: u1 = undefined; + fiatP434AddcarryxU64(&x230, &x231, x229, x190, x216); + var x232: u64 = undefined; + var x233: u1 = undefined; + fiatP434AddcarryxU64(&x232, &x233, x231, x192, x218); + var x234: u64 = undefined; + var x235: u64 = undefined; + fiatP434MulxU64(&x234, &x235, x3, 0x25a89bcdd12a); + var x236: u64 = undefined; + var x237: u64 = undefined; + fiatP434MulxU64(&x236, &x237, x3, 0x69e16a61c7686d9a); + var x238: u64 = undefined; + var x239: u64 = undefined; + fiatP434MulxU64(&x238, &x239, x3, 0xabcd92bf2dde347e); + var x240: u64 = undefined; + var x241: u64 = undefined; + fiatP434MulxU64(&x240, &x241, x3, 0x175cc6af8d6c7c0b); + var x242: u64 = undefined; + var x243: u64 = undefined; + fiatP434MulxU64(&x242, &x243, x3, 0xab27973f8311688d); + var x244: u64 = undefined; + var x245: u64 = undefined; + fiatP434MulxU64(&x244, &x245, x3, 0xacec7367768798c2); + var x246: u64 = undefined; + var x247: u64 = undefined; + fiatP434MulxU64(&x246, &x247, x3, 0x28e55b65dcd69b30); + var x248: u64 = undefined; + var x249: u1 = undefined; + fiatP434AddcarryxU64(&x248, &x249, 0x0, x247, x244); + var x250: u64 = undefined; + var x251: u1 = undefined; + fiatP434AddcarryxU64(&x250, &x251, x249, x245, x242); + var x252: u64 = undefined; + var x253: u1 = undefined; + fiatP434AddcarryxU64(&x252, &x253, x251, x243, x240); + var x254: u64 = undefined; + var x255: u1 = undefined; + fiatP434AddcarryxU64(&x254, &x255, x253, x241, x238); + var x256: u64 = undefined; + var x257: u1 = undefined; + fiatP434AddcarryxU64(&x256, &x257, x255, x239, x236); + var x258: u64 = undefined; + var x259: u1 = undefined; + fiatP434AddcarryxU64(&x258, &x259, x257, x237, x234); + var x260: u64 = undefined; + var x261: u1 = undefined; + fiatP434AddcarryxU64(&x260, &x261, 0x0, x222, x246); + var x262: u64 = undefined; + var x263: u1 = undefined; + fiatP434AddcarryxU64(&x262, &x263, x261, x224, x248); + var x264: u64 = undefined; + var x265: u1 = undefined; + fiatP434AddcarryxU64(&x264, &x265, x263, x226, x250); + var x266: u64 = undefined; + var x267: u1 = undefined; + fiatP434AddcarryxU64(&x266, &x267, x265, x228, x252); + var x268: u64 = undefined; + var x269: u1 = undefined; + fiatP434AddcarryxU64(&x268, &x269, x267, x230, x254); + var x270: u64 = undefined; + var x271: u1 = undefined; + fiatP434AddcarryxU64(&x270, &x271, x269, x232, x256); + var x272: u64 = undefined; + var x273: u1 = undefined; + fiatP434AddcarryxU64(&x272, &x273, x271, ((@intCast(u64, x233) + (@intCast(u64, x193) + (@intCast(u64, x179) + x155))) + (@intCast(u64, x219) + x195)), x258); + var x274: u64 = undefined; + var x275: u64 = undefined; + fiatP434MulxU64(&x274, &x275, x260, 0x2341f27177344); + var x276: u64 = undefined; + var x277: u64 = undefined; + fiatP434MulxU64(&x276, &x277, x260, 0x6cfc5fd681c52056); + var x278: u64 = undefined; + var x279: u64 = undefined; + fiatP434MulxU64(&x278, &x279, x260, 0x7bc65c783158aea3); + var x280: u64 = undefined; + var x281: u64 = undefined; + fiatP434MulxU64(&x280, &x281, x260, 0xfdc1767ae2ffffff); + var x282: u64 = undefined; + var x283: u64 = undefined; + fiatP434MulxU64(&x282, &x283, x260, 0xffffffffffffffff); + var x284: u64 = undefined; + var x285: u64 = undefined; + fiatP434MulxU64(&x284, &x285, x260, 0xffffffffffffffff); + var x286: u64 = undefined; + var x287: u64 = undefined; + fiatP434MulxU64(&x286, &x287, x260, 0xffffffffffffffff); + var x288: u64 = undefined; + var x289: u1 = undefined; + fiatP434AddcarryxU64(&x288, &x289, 0x0, x287, x284); + var x290: u64 = undefined; + var x291: u1 = undefined; + fiatP434AddcarryxU64(&x290, &x291, x289, x285, x282); + var x292: u64 = undefined; + var x293: u1 = undefined; + fiatP434AddcarryxU64(&x292, &x293, x291, x283, x280); + var x294: u64 = undefined; + var x295: u1 = undefined; + fiatP434AddcarryxU64(&x294, &x295, x293, x281, x278); + var x296: u64 = undefined; + var x297: u1 = undefined; + fiatP434AddcarryxU64(&x296, &x297, x295, x279, x276); + var x298: u64 = undefined; + var x299: u1 = undefined; + fiatP434AddcarryxU64(&x298, &x299, x297, x277, x274); + var x300: u64 = undefined; + var x301: u1 = undefined; + fiatP434AddcarryxU64(&x300, &x301, 0x0, x260, x286); + var x302: u64 = undefined; + var x303: u1 = undefined; + fiatP434AddcarryxU64(&x302, &x303, x301, x262, x288); + var x304: u64 = undefined; + var x305: u1 = undefined; + fiatP434AddcarryxU64(&x304, &x305, x303, x264, x290); + var x306: u64 = undefined; + var x307: u1 = undefined; + fiatP434AddcarryxU64(&x306, &x307, x305, x266, x292); + var x308: u64 = undefined; + var x309: u1 = undefined; + fiatP434AddcarryxU64(&x308, &x309, x307, x268, x294); + var x310: u64 = undefined; + var x311: u1 = undefined; + fiatP434AddcarryxU64(&x310, &x311, x309, x270, x296); + var x312: u64 = undefined; + var x313: u1 = undefined; + fiatP434AddcarryxU64(&x312, &x313, x311, x272, x298); + var x314: u64 = undefined; + var x315: u64 = undefined; + fiatP434MulxU64(&x314, &x315, x4, 0x25a89bcdd12a); + var x316: u64 = undefined; + var x317: u64 = undefined; + fiatP434MulxU64(&x316, &x317, x4, 0x69e16a61c7686d9a); + var x318: u64 = undefined; + var x319: u64 = undefined; + fiatP434MulxU64(&x318, &x319, x4, 0xabcd92bf2dde347e); + var x320: u64 = undefined; + var x321: u64 = undefined; + fiatP434MulxU64(&x320, &x321, x4, 0x175cc6af8d6c7c0b); + var x322: u64 = undefined; + var x323: u64 = undefined; + fiatP434MulxU64(&x322, &x323, x4, 0xab27973f8311688d); + var x324: u64 = undefined; + var x325: u64 = undefined; + fiatP434MulxU64(&x324, &x325, x4, 0xacec7367768798c2); + var x326: u64 = undefined; + var x327: u64 = undefined; + fiatP434MulxU64(&x326, &x327, x4, 0x28e55b65dcd69b30); + var x328: u64 = undefined; + var x329: u1 = undefined; + fiatP434AddcarryxU64(&x328, &x329, 0x0, x327, x324); + var x330: u64 = undefined; + var x331: u1 = undefined; + fiatP434AddcarryxU64(&x330, &x331, x329, x325, x322); + var x332: u64 = undefined; + var x333: u1 = undefined; + fiatP434AddcarryxU64(&x332, &x333, x331, x323, x320); + var x334: u64 = undefined; + var x335: u1 = undefined; + fiatP434AddcarryxU64(&x334, &x335, x333, x321, x318); + var x336: u64 = undefined; + var x337: u1 = undefined; + fiatP434AddcarryxU64(&x336, &x337, x335, x319, x316); + var x338: u64 = undefined; + var x339: u1 = undefined; + fiatP434AddcarryxU64(&x338, &x339, x337, x317, x314); + var x340: u64 = undefined; + var x341: u1 = undefined; + fiatP434AddcarryxU64(&x340, &x341, 0x0, x302, x326); + var x342: u64 = undefined; + var x343: u1 = undefined; + fiatP434AddcarryxU64(&x342, &x343, x341, x304, x328); + var x344: u64 = undefined; + var x345: u1 = undefined; + fiatP434AddcarryxU64(&x344, &x345, x343, x306, x330); + var x346: u64 = undefined; + var x347: u1 = undefined; + fiatP434AddcarryxU64(&x346, &x347, x345, x308, x332); + var x348: u64 = undefined; + var x349: u1 = undefined; + fiatP434AddcarryxU64(&x348, &x349, x347, x310, x334); + var x350: u64 = undefined; + var x351: u1 = undefined; + fiatP434AddcarryxU64(&x350, &x351, x349, x312, x336); + var x352: u64 = undefined; + var x353: u1 = undefined; + fiatP434AddcarryxU64(&x352, &x353, x351, ((@intCast(u64, x313) + (@intCast(u64, x273) + (@intCast(u64, x259) + x235))) + (@intCast(u64, x299) + x275)), x338); + var x354: u64 = undefined; + var x355: u64 = undefined; + fiatP434MulxU64(&x354, &x355, x340, 0x2341f27177344); + var x356: u64 = undefined; + var x357: u64 = undefined; + fiatP434MulxU64(&x356, &x357, x340, 0x6cfc5fd681c52056); + var x358: u64 = undefined; + var x359: u64 = undefined; + fiatP434MulxU64(&x358, &x359, x340, 0x7bc65c783158aea3); + var x360: u64 = undefined; + var x361: u64 = undefined; + fiatP434MulxU64(&x360, &x361, x340, 0xfdc1767ae2ffffff); + var x362: u64 = undefined; + var x363: u64 = undefined; + fiatP434MulxU64(&x362, &x363, x340, 0xffffffffffffffff); + var x364: u64 = undefined; + var x365: u64 = undefined; + fiatP434MulxU64(&x364, &x365, x340, 0xffffffffffffffff); + var x366: u64 = undefined; + var x367: u64 = undefined; + fiatP434MulxU64(&x366, &x367, x340, 0xffffffffffffffff); + var x368: u64 = undefined; + var x369: u1 = undefined; + fiatP434AddcarryxU64(&x368, &x369, 0x0, x367, x364); + var x370: u64 = undefined; + var x371: u1 = undefined; + fiatP434AddcarryxU64(&x370, &x371, x369, x365, x362); + var x372: u64 = undefined; + var x373: u1 = undefined; + fiatP434AddcarryxU64(&x372, &x373, x371, x363, x360); + var x374: u64 = undefined; + var x375: u1 = undefined; + fiatP434AddcarryxU64(&x374, &x375, x373, x361, x358); + var x376: u64 = undefined; + var x377: u1 = undefined; + fiatP434AddcarryxU64(&x376, &x377, x375, x359, x356); + var x378: u64 = undefined; + var x379: u1 = undefined; + fiatP434AddcarryxU64(&x378, &x379, x377, x357, x354); + var x380: u64 = undefined; + var x381: u1 = undefined; + fiatP434AddcarryxU64(&x380, &x381, 0x0, x340, x366); + var x382: u64 = undefined; + var x383: u1 = undefined; + fiatP434AddcarryxU64(&x382, &x383, x381, x342, x368); + var x384: u64 = undefined; + var x385: u1 = undefined; + fiatP434AddcarryxU64(&x384, &x385, x383, x344, x370); + var x386: u64 = undefined; + var x387: u1 = undefined; + fiatP434AddcarryxU64(&x386, &x387, x385, x346, x372); + var x388: u64 = undefined; + var x389: u1 = undefined; + fiatP434AddcarryxU64(&x388, &x389, x387, x348, x374); + var x390: u64 = undefined; + var x391: u1 = undefined; + fiatP434AddcarryxU64(&x390, &x391, x389, x350, x376); + var x392: u64 = undefined; + var x393: u1 = undefined; + fiatP434AddcarryxU64(&x392, &x393, x391, x352, x378); + var x394: u64 = undefined; + var x395: u64 = undefined; + fiatP434MulxU64(&x394, &x395, x5, 0x25a89bcdd12a); + var x396: u64 = undefined; + var x397: u64 = undefined; + fiatP434MulxU64(&x396, &x397, x5, 0x69e16a61c7686d9a); + var x398: u64 = undefined; + var x399: u64 = undefined; + fiatP434MulxU64(&x398, &x399, x5, 0xabcd92bf2dde347e); + var x400: u64 = undefined; + var x401: u64 = undefined; + fiatP434MulxU64(&x400, &x401, x5, 0x175cc6af8d6c7c0b); + var x402: u64 = undefined; + var x403: u64 = undefined; + fiatP434MulxU64(&x402, &x403, x5, 0xab27973f8311688d); + var x404: u64 = undefined; + var x405: u64 = undefined; + fiatP434MulxU64(&x404, &x405, x5, 0xacec7367768798c2); + var x406: u64 = undefined; + var x407: u64 = undefined; + fiatP434MulxU64(&x406, &x407, x5, 0x28e55b65dcd69b30); + var x408: u64 = undefined; + var x409: u1 = undefined; + fiatP434AddcarryxU64(&x408, &x409, 0x0, x407, x404); + var x410: u64 = undefined; + var x411: u1 = undefined; + fiatP434AddcarryxU64(&x410, &x411, x409, x405, x402); + var x412: u64 = undefined; + var x413: u1 = undefined; + fiatP434AddcarryxU64(&x412, &x413, x411, x403, x400); + var x414: u64 = undefined; + var x415: u1 = undefined; + fiatP434AddcarryxU64(&x414, &x415, x413, x401, x398); + var x416: u64 = undefined; + var x417: u1 = undefined; + fiatP434AddcarryxU64(&x416, &x417, x415, x399, x396); + var x418: u64 = undefined; + var x419: u1 = undefined; + fiatP434AddcarryxU64(&x418, &x419, x417, x397, x394); + var x420: u64 = undefined; + var x421: u1 = undefined; + fiatP434AddcarryxU64(&x420, &x421, 0x0, x382, x406); + var x422: u64 = undefined; + var x423: u1 = undefined; + fiatP434AddcarryxU64(&x422, &x423, x421, x384, x408); + var x424: u64 = undefined; + var x425: u1 = undefined; + fiatP434AddcarryxU64(&x424, &x425, x423, x386, x410); + var x426: u64 = undefined; + var x427: u1 = undefined; + fiatP434AddcarryxU64(&x426, &x427, x425, x388, x412); + var x428: u64 = undefined; + var x429: u1 = undefined; + fiatP434AddcarryxU64(&x428, &x429, x427, x390, x414); + var x430: u64 = undefined; + var x431: u1 = undefined; + fiatP434AddcarryxU64(&x430, &x431, x429, x392, x416); + var x432: u64 = undefined; + var x433: u1 = undefined; + fiatP434AddcarryxU64(&x432, &x433, x431, ((@intCast(u64, x393) + (@intCast(u64, x353) + (@intCast(u64, x339) + x315))) + (@intCast(u64, x379) + x355)), x418); + var x434: u64 = undefined; + var x435: u64 = undefined; + fiatP434MulxU64(&x434, &x435, x420, 0x2341f27177344); + var x436: u64 = undefined; + var x437: u64 = undefined; + fiatP434MulxU64(&x436, &x437, x420, 0x6cfc5fd681c52056); + var x438: u64 = undefined; + var x439: u64 = undefined; + fiatP434MulxU64(&x438, &x439, x420, 0x7bc65c783158aea3); + var x440: u64 = undefined; + var x441: u64 = undefined; + fiatP434MulxU64(&x440, &x441, x420, 0xfdc1767ae2ffffff); + var x442: u64 = undefined; + var x443: u64 = undefined; + fiatP434MulxU64(&x442, &x443, x420, 0xffffffffffffffff); + var x444: u64 = undefined; + var x445: u64 = undefined; + fiatP434MulxU64(&x444, &x445, x420, 0xffffffffffffffff); + var x446: u64 = undefined; + var x447: u64 = undefined; + fiatP434MulxU64(&x446, &x447, x420, 0xffffffffffffffff); + var x448: u64 = undefined; + var x449: u1 = undefined; + fiatP434AddcarryxU64(&x448, &x449, 0x0, x447, x444); + var x450: u64 = undefined; + var x451: u1 = undefined; + fiatP434AddcarryxU64(&x450, &x451, x449, x445, x442); + var x452: u64 = undefined; + var x453: u1 = undefined; + fiatP434AddcarryxU64(&x452, &x453, x451, x443, x440); + var x454: u64 = undefined; + var x455: u1 = undefined; + fiatP434AddcarryxU64(&x454, &x455, x453, x441, x438); + var x456: u64 = undefined; + var x457: u1 = undefined; + fiatP434AddcarryxU64(&x456, &x457, x455, x439, x436); + var x458: u64 = undefined; + var x459: u1 = undefined; + fiatP434AddcarryxU64(&x458, &x459, x457, x437, x434); + var x460: u64 = undefined; + var x461: u1 = undefined; + fiatP434AddcarryxU64(&x460, &x461, 0x0, x420, x446); + var x462: u64 = undefined; + var x463: u1 = undefined; + fiatP434AddcarryxU64(&x462, &x463, x461, x422, x448); + var x464: u64 = undefined; + var x465: u1 = undefined; + fiatP434AddcarryxU64(&x464, &x465, x463, x424, x450); + var x466: u64 = undefined; + var x467: u1 = undefined; + fiatP434AddcarryxU64(&x466, &x467, x465, x426, x452); + var x468: u64 = undefined; + var x469: u1 = undefined; + fiatP434AddcarryxU64(&x468, &x469, x467, x428, x454); + var x470: u64 = undefined; + var x471: u1 = undefined; + fiatP434AddcarryxU64(&x470, &x471, x469, x430, x456); + var x472: u64 = undefined; + var x473: u1 = undefined; + fiatP434AddcarryxU64(&x472, &x473, x471, x432, x458); + var x474: u64 = undefined; + var x475: u64 = undefined; + fiatP434MulxU64(&x474, &x475, x6, 0x25a89bcdd12a); + var x476: u64 = undefined; + var x477: u64 = undefined; + fiatP434MulxU64(&x476, &x477, x6, 0x69e16a61c7686d9a); + var x478: u64 = undefined; + var x479: u64 = undefined; + fiatP434MulxU64(&x478, &x479, x6, 0xabcd92bf2dde347e); + var x480: u64 = undefined; + var x481: u64 = undefined; + fiatP434MulxU64(&x480, &x481, x6, 0x175cc6af8d6c7c0b); + var x482: u64 = undefined; + var x483: u64 = undefined; + fiatP434MulxU64(&x482, &x483, x6, 0xab27973f8311688d); + var x484: u64 = undefined; + var x485: u64 = undefined; + fiatP434MulxU64(&x484, &x485, x6, 0xacec7367768798c2); + var x486: u64 = undefined; + var x487: u64 = undefined; + fiatP434MulxU64(&x486, &x487, x6, 0x28e55b65dcd69b30); + var x488: u64 = undefined; + var x489: u1 = undefined; + fiatP434AddcarryxU64(&x488, &x489, 0x0, x487, x484); + var x490: u64 = undefined; + var x491: u1 = undefined; + fiatP434AddcarryxU64(&x490, &x491, x489, x485, x482); + var x492: u64 = undefined; + var x493: u1 = undefined; + fiatP434AddcarryxU64(&x492, &x493, x491, x483, x480); + var x494: u64 = undefined; + var x495: u1 = undefined; + fiatP434AddcarryxU64(&x494, &x495, x493, x481, x478); + var x496: u64 = undefined; + var x497: u1 = undefined; + fiatP434AddcarryxU64(&x496, &x497, x495, x479, x476); + var x498: u64 = undefined; + var x499: u1 = undefined; + fiatP434AddcarryxU64(&x498, &x499, x497, x477, x474); + var x500: u64 = undefined; + var x501: u1 = undefined; + fiatP434AddcarryxU64(&x500, &x501, 0x0, x462, x486); + var x502: u64 = undefined; + var x503: u1 = undefined; + fiatP434AddcarryxU64(&x502, &x503, x501, x464, x488); + var x504: u64 = undefined; + var x505: u1 = undefined; + fiatP434AddcarryxU64(&x504, &x505, x503, x466, x490); + var x506: u64 = undefined; + var x507: u1 = undefined; + fiatP434AddcarryxU64(&x506, &x507, x505, x468, x492); + var x508: u64 = undefined; + var x509: u1 = undefined; + fiatP434AddcarryxU64(&x508, &x509, x507, x470, x494); + var x510: u64 = undefined; + var x511: u1 = undefined; + fiatP434AddcarryxU64(&x510, &x511, x509, x472, x496); + var x512: u64 = undefined; + var x513: u1 = undefined; + fiatP434AddcarryxU64(&x512, &x513, x511, ((@intCast(u64, x473) + (@intCast(u64, x433) + (@intCast(u64, x419) + x395))) + (@intCast(u64, x459) + x435)), x498); + var x514: u64 = undefined; + var x515: u64 = undefined; + fiatP434MulxU64(&x514, &x515, x500, 0x2341f27177344); + var x516: u64 = undefined; + var x517: u64 = undefined; + fiatP434MulxU64(&x516, &x517, x500, 0x6cfc5fd681c52056); + var x518: u64 = undefined; + var x519: u64 = undefined; + fiatP434MulxU64(&x518, &x519, x500, 0x7bc65c783158aea3); + var x520: u64 = undefined; + var x521: u64 = undefined; + fiatP434MulxU64(&x520, &x521, x500, 0xfdc1767ae2ffffff); + var x522: u64 = undefined; + var x523: u64 = undefined; + fiatP434MulxU64(&x522, &x523, x500, 0xffffffffffffffff); + var x524: u64 = undefined; + var x525: u64 = undefined; + fiatP434MulxU64(&x524, &x525, x500, 0xffffffffffffffff); + var x526: u64 = undefined; + var x527: u64 = undefined; + fiatP434MulxU64(&x526, &x527, x500, 0xffffffffffffffff); + var x528: u64 = undefined; + var x529: u1 = undefined; + fiatP434AddcarryxU64(&x528, &x529, 0x0, x527, x524); + var x530: u64 = undefined; + var x531: u1 = undefined; + fiatP434AddcarryxU64(&x530, &x531, x529, x525, x522); + var x532: u64 = undefined; + var x533: u1 = undefined; + fiatP434AddcarryxU64(&x532, &x533, x531, x523, x520); + var x534: u64 = undefined; + var x535: u1 = undefined; + fiatP434AddcarryxU64(&x534, &x535, x533, x521, x518); + var x536: u64 = undefined; + var x537: u1 = undefined; + fiatP434AddcarryxU64(&x536, &x537, x535, x519, x516); + var x538: u64 = undefined; + var x539: u1 = undefined; + fiatP434AddcarryxU64(&x538, &x539, x537, x517, x514); + var x540: u64 = undefined; + var x541: u1 = undefined; + fiatP434AddcarryxU64(&x540, &x541, 0x0, x500, x526); + var x542: u64 = undefined; + var x543: u1 = undefined; + fiatP434AddcarryxU64(&x542, &x543, x541, x502, x528); + var x544: u64 = undefined; + var x545: u1 = undefined; + fiatP434AddcarryxU64(&x544, &x545, x543, x504, x530); + var x546: u64 = undefined; + var x547: u1 = undefined; + fiatP434AddcarryxU64(&x546, &x547, x545, x506, x532); + var x548: u64 = undefined; + var x549: u1 = undefined; + fiatP434AddcarryxU64(&x548, &x549, x547, x508, x534); + var x550: u64 = undefined; + var x551: u1 = undefined; + fiatP434AddcarryxU64(&x550, &x551, x549, x510, x536); + var x552: u64 = undefined; + var x553: u1 = undefined; + fiatP434AddcarryxU64(&x552, &x553, x551, x512, x538); + const x554: u64 = ((@intCast(u64, x553) + (@intCast(u64, x513) + (@intCast(u64, x499) + x475))) + (@intCast(u64, x539) + x515)); + var x555: u64 = undefined; + var x556: u1 = undefined; + fiatP434SubborrowxU64(&x555, &x556, 0x0, x542, 0xffffffffffffffff); + var x557: u64 = undefined; + var x558: u1 = undefined; + fiatP434SubborrowxU64(&x557, &x558, x556, x544, 0xffffffffffffffff); + var x559: u64 = undefined; + var x560: u1 = undefined; + fiatP434SubborrowxU64(&x559, &x560, x558, x546, 0xffffffffffffffff); + var x561: u64 = undefined; + var x562: u1 = undefined; + fiatP434SubborrowxU64(&x561, &x562, x560, x548, 0xfdc1767ae2ffffff); + var x563: u64 = undefined; + var x564: u1 = undefined; + fiatP434SubborrowxU64(&x563, &x564, x562, x550, 0x7bc65c783158aea3); + var x565: u64 = undefined; + var x566: u1 = undefined; + fiatP434SubborrowxU64(&x565, &x566, x564, x552, 0x6cfc5fd681c52056); + var x567: u64 = undefined; + var x568: u1 = undefined; + fiatP434SubborrowxU64(&x567, &x568, x566, x554, 0x2341f27177344); + var x569: u64 = undefined; + var x570: u1 = undefined; + fiatP434SubborrowxU64(&x569, &x570, x568, @intCast(u64, 0x0), @intCast(u64, 0x0)); + var x571: u64 = undefined; + fiatP434CmovznzU64(&x571, x570, x555, x542); + var x572: u64 = undefined; + fiatP434CmovznzU64(&x572, x570, x557, x544); + var x573: u64 = undefined; + fiatP434CmovznzU64(&x573, x570, x559, x546); + var x574: u64 = undefined; + fiatP434CmovznzU64(&x574, x570, x561, x548); + var x575: u64 = undefined; + fiatP434CmovznzU64(&x575, x570, x563, x550); + var x576: u64 = undefined; + fiatP434CmovznzU64(&x576, x570, x565, x552); + var x577: u64 = undefined; + fiatP434CmovznzU64(&x577, x570, x567, x554); + out1[0] = x571; + out1[1] = x572; + out1[2] = x573; + out1[3] = x574; + out1[4] = x575; + out1[5] = x576; + out1[6] = x577; +} + +/// The function fiatP434Nonzero outputs a single non-zero word if the input is non-zero and zero otherwise. +/// Preconditions: +/// 0 ≤ eval arg1 < m +/// Postconditions: +/// out1 = 0 ↔ eval (from_montgomery arg1) mod m = 0 +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// Output Bounds: +/// out1: [0x0 ~> 0xffffffffffffffff] +pub fn fiatP434Nonzero(out1: *u64, arg1: [7]u64) void { + const x1: u64 = ((arg1[0]) | ((arg1[1]) | ((arg1[2]) | ((arg1[3]) | ((arg1[4]) | ((arg1[5]) | (arg1[6]))))))); + out1.* = x1; +} + +/// The function fiatP434Selectznz is a multi-limb conditional select. +/// Postconditions: +/// eval out1 = (if arg1 = 0 then eval arg2 else eval arg3) +/// +/// Input Bounds: +/// arg1: [0x0 ~> 0x1] +/// arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// arg3: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +pub fn fiatP434Selectznz(out1: *[7]u64, arg1: u1, arg2: [7]u64, arg3: [7]u64) void { + var x1: u64 = undefined; + fiatP434CmovznzU64(&x1, arg1, (arg2[0]), (arg3[0])); + var x2: u64 = undefined; + fiatP434CmovznzU64(&x2, arg1, (arg2[1]), (arg3[1])); + var x3: u64 = undefined; + fiatP434CmovznzU64(&x3, arg1, (arg2[2]), (arg3[2])); + var x4: u64 = undefined; + fiatP434CmovznzU64(&x4, arg1, (arg2[3]), (arg3[3])); + var x5: u64 = undefined; + fiatP434CmovznzU64(&x5, arg1, (arg2[4]), (arg3[4])); + var x6: u64 = undefined; + fiatP434CmovznzU64(&x6, arg1, (arg2[5]), (arg3[5])); + var x7: u64 = undefined; + fiatP434CmovznzU64(&x7, arg1, (arg2[6]), (arg3[6])); + out1[0] = x1; + out1[1] = x2; + out1[2] = x3; + out1[3] = x4; + out1[4] = x5; + out1[5] = x6; + out1[6] = x7; +} + +/// The function fiatP434ToBytes serializes a field element NOT in the Montgomery domain to bytes in little-endian order. +/// Preconditions: +/// 0 ≤ eval arg1 < m +/// Postconditions: +/// out1 = map (λ x, ⌊((eval arg1 mod m) mod 2^(8 * (x + 1))) / 2^(8 * x)⌋) [0..54] +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0x3ffffffffffff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0x3]] +pub fn fiatP434ToBytes(out1: *[55]u8, arg1: [7]u64) void { + const x1: u64 = (arg1[6]); + const x2: u64 = (arg1[5]); + const x3: u64 = (arg1[4]); + const x4: u64 = (arg1[3]); + const x5: u64 = (arg1[2]); + const x6: u64 = (arg1[1]); + const x7: u64 = (arg1[0]); + const x8: u8 = @intCast(u8, (x7 & @intCast(u64, 0xff))); + const x9: u64 = (x7 >> 8); + const x10: u8 = @intCast(u8, (x9 & @intCast(u64, 0xff))); + const x11: u64 = (x9 >> 8); + const x12: u8 = @intCast(u8, (x11 & @intCast(u64, 0xff))); + const x13: u64 = (x11 >> 8); + const x14: u8 = @intCast(u8, (x13 & @intCast(u64, 0xff))); + const x15: u64 = (x13 >> 8); + const x16: u8 = @intCast(u8, (x15 & @intCast(u64, 0xff))); + const x17: u64 = (x15 >> 8); + const x18: u8 = @intCast(u8, (x17 & @intCast(u64, 0xff))); + const x19: u64 = (x17 >> 8); + const x20: u8 = @intCast(u8, (x19 & @intCast(u64, 0xff))); + const x21: u8 = @intCast(u8, (x19 >> 8)); + const x22: u8 = @intCast(u8, (x6 & @intCast(u64, 0xff))); + const x23: u64 = (x6 >> 8); + const x24: u8 = @intCast(u8, (x23 & @intCast(u64, 0xff))); + const x25: u64 = (x23 >> 8); + const x26: u8 = @intCast(u8, (x25 & @intCast(u64, 0xff))); + const x27: u64 = (x25 >> 8); + const x28: u8 = @intCast(u8, (x27 & @intCast(u64, 0xff))); + const x29: u64 = (x27 >> 8); + const x30: u8 = @intCast(u8, (x29 & @intCast(u64, 0xff))); + const x31: u64 = (x29 >> 8); + const x32: u8 = @intCast(u8, (x31 & @intCast(u64, 0xff))); + const x33: u64 = (x31 >> 8); + const x34: u8 = @intCast(u8, (x33 & @intCast(u64, 0xff))); + const x35: u8 = @intCast(u8, (x33 >> 8)); + const x36: u8 = @intCast(u8, (x5 & @intCast(u64, 0xff))); + const x37: u64 = (x5 >> 8); + const x38: u8 = @intCast(u8, (x37 & @intCast(u64, 0xff))); + const x39: u64 = (x37 >> 8); + const x40: u8 = @intCast(u8, (x39 & @intCast(u64, 0xff))); + const x41: u64 = (x39 >> 8); + const x42: u8 = @intCast(u8, (x41 & @intCast(u64, 0xff))); + const x43: u64 = (x41 >> 8); + const x44: u8 = @intCast(u8, (x43 & @intCast(u64, 0xff))); + const x45: u64 = (x43 >> 8); + const x46: u8 = @intCast(u8, (x45 & @intCast(u64, 0xff))); + const x47: u64 = (x45 >> 8); + const x48: u8 = @intCast(u8, (x47 & @intCast(u64, 0xff))); + const x49: u8 = @intCast(u8, (x47 >> 8)); + const x50: u8 = @intCast(u8, (x4 & @intCast(u64, 0xff))); + const x51: u64 = (x4 >> 8); + const x52: u8 = @intCast(u8, (x51 & @intCast(u64, 0xff))); + const x53: u64 = (x51 >> 8); + const x54: u8 = @intCast(u8, (x53 & @intCast(u64, 0xff))); + const x55: u64 = (x53 >> 8); + const x56: u8 = @intCast(u8, (x55 & @intCast(u64, 0xff))); + const x57: u64 = (x55 >> 8); + const x58: u8 = @intCast(u8, (x57 & @intCast(u64, 0xff))); + const x59: u64 = (x57 >> 8); + const x60: u8 = @intCast(u8, (x59 & @intCast(u64, 0xff))); + const x61: u64 = (x59 >> 8); + const x62: u8 = @intCast(u8, (x61 & @intCast(u64, 0xff))); + const x63: u8 = @intCast(u8, (x61 >> 8)); + const x64: u8 = @intCast(u8, (x3 & @intCast(u64, 0xff))); + const x65: u64 = (x3 >> 8); + const x66: u8 = @intCast(u8, (x65 & @intCast(u64, 0xff))); + const x67: u64 = (x65 >> 8); + const x68: u8 = @intCast(u8, (x67 & @intCast(u64, 0xff))); + const x69: u64 = (x67 >> 8); + const x70: u8 = @intCast(u8, (x69 & @intCast(u64, 0xff))); + const x71: u64 = (x69 >> 8); + const x72: u8 = @intCast(u8, (x71 & @intCast(u64, 0xff))); + const x73: u64 = (x71 >> 8); + const x74: u8 = @intCast(u8, (x73 & @intCast(u64, 0xff))); + const x75: u64 = (x73 >> 8); + const x76: u8 = @intCast(u8, (x75 & @intCast(u64, 0xff))); + const x77: u8 = @intCast(u8, (x75 >> 8)); + const x78: u8 = @intCast(u8, (x2 & @intCast(u64, 0xff))); + const x79: u64 = (x2 >> 8); + const x80: u8 = @intCast(u8, (x79 & @intCast(u64, 0xff))); + const x81: u64 = (x79 >> 8); + const x82: u8 = @intCast(u8, (x81 & @intCast(u64, 0xff))); + const x83: u64 = (x81 >> 8); + const x84: u8 = @intCast(u8, (x83 & @intCast(u64, 0xff))); + const x85: u64 = (x83 >> 8); + const x86: u8 = @intCast(u8, (x85 & @intCast(u64, 0xff))); + const x87: u64 = (x85 >> 8); + const x88: u8 = @intCast(u8, (x87 & @intCast(u64, 0xff))); + const x89: u64 = (x87 >> 8); + const x90: u8 = @intCast(u8, (x89 & @intCast(u64, 0xff))); + const x91: u8 = @intCast(u8, (x89 >> 8)); + const x92: u8 = @intCast(u8, (x1 & @intCast(u64, 0xff))); + const x93: u64 = (x1 >> 8); + const x94: u8 = @intCast(u8, (x93 & @intCast(u64, 0xff))); + const x95: u64 = (x93 >> 8); + const x96: u8 = @intCast(u8, (x95 & @intCast(u64, 0xff))); + const x97: u64 = (x95 >> 8); + const x98: u8 = @intCast(u8, (x97 & @intCast(u64, 0xff))); + const x99: u64 = (x97 >> 8); + const x100: u8 = @intCast(u8, (x99 & @intCast(u64, 0xff))); + const x101: u64 = (x99 >> 8); + const x102: u8 = @intCast(u8, (x101 & @intCast(u64, 0xff))); + const x103: u8 = @intCast(u8, (x101 >> 8)); + out1[0] = x8; + out1[1] = x10; + out1[2] = x12; + out1[3] = x14; + out1[4] = x16; + out1[5] = x18; + out1[6] = x20; + out1[7] = x21; + out1[8] = x22; + out1[9] = x24; + out1[10] = x26; + out1[11] = x28; + out1[12] = x30; + out1[13] = x32; + out1[14] = x34; + out1[15] = x35; + out1[16] = x36; + out1[17] = x38; + out1[18] = x40; + out1[19] = x42; + out1[20] = x44; + out1[21] = x46; + out1[22] = x48; + out1[23] = x49; + out1[24] = x50; + out1[25] = x52; + out1[26] = x54; + out1[27] = x56; + out1[28] = x58; + out1[29] = x60; + out1[30] = x62; + out1[31] = x63; + out1[32] = x64; + out1[33] = x66; + out1[34] = x68; + out1[35] = x70; + out1[36] = x72; + out1[37] = x74; + out1[38] = x76; + out1[39] = x77; + out1[40] = x78; + out1[41] = x80; + out1[42] = x82; + out1[43] = x84; + out1[44] = x86; + out1[45] = x88; + out1[46] = x90; + out1[47] = x91; + out1[48] = x92; + out1[49] = x94; + out1[50] = x96; + out1[51] = x98; + out1[52] = x100; + out1[53] = x102; + out1[54] = x103; +} + +/// The function fiatP434FromBytes deserializes a field element NOT in the Montgomery domain from bytes in little-endian order. +/// Preconditions: +/// 0 ≤ bytes_eval arg1 < m +/// Postconditions: +/// eval out1 mod m = bytes_eval arg1 mod m +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0x3]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0x3ffffffffffff]] +pub fn fiatP434FromBytes(out1: *[7]u64, arg1: [55]u8) void { + const x1: u64 = (@intCast(u64, (arg1[54])) << 48); + const x2: u64 = (@intCast(u64, (arg1[53])) << 40); + const x3: u64 = (@intCast(u64, (arg1[52])) << 32); + const x4: u64 = (@intCast(u64, (arg1[51])) << 24); + const x5: u64 = (@intCast(u64, (arg1[50])) << 16); + const x6: u64 = (@intCast(u64, (arg1[49])) << 8); + const x7: u8 = (arg1[48]); + const x8: u64 = (@intCast(u64, (arg1[47])) << 56); + const x9: u64 = (@intCast(u64, (arg1[46])) << 48); + const x10: u64 = (@intCast(u64, (arg1[45])) << 40); + const x11: u64 = (@intCast(u64, (arg1[44])) << 32); + const x12: u64 = (@intCast(u64, (arg1[43])) << 24); + const x13: u64 = (@intCast(u64, (arg1[42])) << 16); + const x14: u64 = (@intCast(u64, (arg1[41])) << 8); + const x15: u8 = (arg1[40]); + const x16: u64 = (@intCast(u64, (arg1[39])) << 56); + const x17: u64 = (@intCast(u64, (arg1[38])) << 48); + const x18: u64 = (@intCast(u64, (arg1[37])) << 40); + const x19: u64 = (@intCast(u64, (arg1[36])) << 32); + const x20: u64 = (@intCast(u64, (arg1[35])) << 24); + const x21: u64 = (@intCast(u64, (arg1[34])) << 16); + const x22: u64 = (@intCast(u64, (arg1[33])) << 8); + const x23: u8 = (arg1[32]); + const x24: u64 = (@intCast(u64, (arg1[31])) << 56); + const x25: u64 = (@intCast(u64, (arg1[30])) << 48); + const x26: u64 = (@intCast(u64, (arg1[29])) << 40); + const x27: u64 = (@intCast(u64, (arg1[28])) << 32); + const x28: u64 = (@intCast(u64, (arg1[27])) << 24); + const x29: u64 = (@intCast(u64, (arg1[26])) << 16); + const x30: u64 = (@intCast(u64, (arg1[25])) << 8); + const x31: u8 = (arg1[24]); + const x32: u64 = (@intCast(u64, (arg1[23])) << 56); + const x33: u64 = (@intCast(u64, (arg1[22])) << 48); + const x34: u64 = (@intCast(u64, (arg1[21])) << 40); + const x35: u64 = (@intCast(u64, (arg1[20])) << 32); + const x36: u64 = (@intCast(u64, (arg1[19])) << 24); + const x37: u64 = (@intCast(u64, (arg1[18])) << 16); + const x38: u64 = (@intCast(u64, (arg1[17])) << 8); + const x39: u8 = (arg1[16]); + const x40: u64 = (@intCast(u64, (arg1[15])) << 56); + const x41: u64 = (@intCast(u64, (arg1[14])) << 48); + const x42: u64 = (@intCast(u64, (arg1[13])) << 40); + const x43: u64 = (@intCast(u64, (arg1[12])) << 32); + const x44: u64 = (@intCast(u64, (arg1[11])) << 24); + const x45: u64 = (@intCast(u64, (arg1[10])) << 16); + const x46: u64 = (@intCast(u64, (arg1[9])) << 8); + const x47: u8 = (arg1[8]); + const x48: u64 = (@intCast(u64, (arg1[7])) << 56); + const x49: u64 = (@intCast(u64, (arg1[6])) << 48); + const x50: u64 = (@intCast(u64, (arg1[5])) << 40); + const x51: u64 = (@intCast(u64, (arg1[4])) << 32); + const x52: u64 = (@intCast(u64, (arg1[3])) << 24); + const x53: u64 = (@intCast(u64, (arg1[2])) << 16); + const x54: u64 = (@intCast(u64, (arg1[1])) << 8); + const x55: u8 = (arg1[0]); + const x56: u64 = (x54 + @intCast(u64, x55)); + const x57: u64 = (x53 + x56); + const x58: u64 = (x52 + x57); + const x59: u64 = (x51 + x58); + const x60: u64 = (x50 + x59); + const x61: u64 = (x49 + x60); + const x62: u64 = (x48 + x61); + const x63: u64 = (x46 + @intCast(u64, x47)); + const x64: u64 = (x45 + x63); + const x65: u64 = (x44 + x64); + const x66: u64 = (x43 + x65); + const x67: u64 = (x42 + x66); + const x68: u64 = (x41 + x67); + const x69: u64 = (x40 + x68); + const x70: u64 = (x38 + @intCast(u64, x39)); + const x71: u64 = (x37 + x70); + const x72: u64 = (x36 + x71); + const x73: u64 = (x35 + x72); + const x74: u64 = (x34 + x73); + const x75: u64 = (x33 + x74); + const x76: u64 = (x32 + x75); + const x77: u64 = (x30 + @intCast(u64, x31)); + const x78: u64 = (x29 + x77); + const x79: u64 = (x28 + x78); + const x80: u64 = (x27 + x79); + const x81: u64 = (x26 + x80); + const x82: u64 = (x25 + x81); + const x83: u64 = (x24 + x82); + const x84: u64 = (x22 + @intCast(u64, x23)); + const x85: u64 = (x21 + x84); + const x86: u64 = (x20 + x85); + const x87: u64 = (x19 + x86); + const x88: u64 = (x18 + x87); + const x89: u64 = (x17 + x88); + const x90: u64 = (x16 + x89); + const x91: u64 = (x14 + @intCast(u64, x15)); + const x92: u64 = (x13 + x91); + const x93: u64 = (x12 + x92); + const x94: u64 = (x11 + x93); + const x95: u64 = (x10 + x94); + const x96: u64 = (x9 + x95); + const x97: u64 = (x8 + x96); + const x98: u64 = (x6 + @intCast(u64, x7)); + const x99: u64 = (x5 + x98); + const x100: u64 = (x4 + x99); + const x101: u64 = (x3 + x100); + const x102: u64 = (x2 + x101); + const x103: u64 = (x1 + x102); + out1[0] = x62; + out1[1] = x69; + out1[2] = x76; + out1[3] = x83; + out1[4] = x90; + out1[5] = x97; + out1[6] = x103; +} + +/// The function fiatP434SetOne returns the field element one in the Montgomery domain. +/// Postconditions: +/// eval (from_montgomery out1) mod m = 1 mod m +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +pub fn fiatP434SetOne(out1: *[7]u64) void { + out1[0] = 0x742c; + out1[1] = @intCast(u64, 0x0); + out1[2] = @intCast(u64, 0x0); + out1[3] = 0xb90ff404fc000000; + out1[4] = 0xd801a4fb559facd4; + out1[5] = 0xe93254545f77410c; + out1[6] = 0xeceea7bd2eda; +} + +/// The function fiatP434Msat returns the saturated representation of the prime modulus. +/// Postconditions: +/// twos_complement_eval out1 = m +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +pub fn fiatP434Msat(out1: *[8]u64) void { + out1[0] = 0xffffffffffffffff; + out1[1] = 0xffffffffffffffff; + out1[2] = 0xffffffffffffffff; + out1[3] = 0xfdc1767ae2ffffff; + out1[4] = 0x7bc65c783158aea3; + out1[5] = 0x6cfc5fd681c52056; + out1[6] = 0x2341f27177344; + out1[7] = @intCast(u64, 0x0); +} + +/// The function fiatP434Divstep computes a divstep. +/// Preconditions: +/// 0 ≤ eval arg4 < m +/// 0 ≤ eval arg5 < m +/// Postconditions: +/// out1 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then 1 - arg1 else 1 + arg1) +/// twos_complement_eval out2 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then twos_complement_eval arg3 else twos_complement_eval arg2) +/// twos_complement_eval out3 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then ⌊(twos_complement_eval arg3 - twos_complement_eval arg2) / 2⌋ else ⌊(twos_complement_eval arg3 + (twos_complement_eval arg3 mod 2) * twos_complement_eval arg2) / 2⌋) +/// eval (from_montgomery out4) mod m = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then (2 * eval (from_montgomery arg5)) mod m else (2 * eval (from_montgomery arg4)) mod m) +/// eval (from_montgomery out5) mod m = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then (eval (from_montgomery arg4) - eval (from_montgomery arg4)) mod m else (eval (from_montgomery arg5) + (twos_complement_eval arg3 mod 2) * eval (from_montgomery arg4)) mod m) +/// 0 ≤ eval out5 < m +/// 0 ≤ eval out5 < m +/// 0 ≤ eval out2 < m +/// 0 ≤ eval out3 < m +/// +/// Input Bounds: +/// arg1: [0x0 ~> 0xffffffffffffffff] +/// arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// arg3: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// arg4: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// arg5: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// Output Bounds: +/// out1: [0x0 ~> 0xffffffffffffffff] +/// out2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// out3: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// out4: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// out5: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +pub fn fiatP434Divstep(out1: *u64, out2: *[8]u64, out3: *[8]u64, out4: *[7]u64, out5: *[7]u64, arg1: u64, arg2: [8]u64, arg3: [8]u64, arg4: [7]u64, arg5: [7]u64) void { + var x1: u64 = undefined; + var x2: u1 = undefined; + fiatP434AddcarryxU64(&x1, &x2, 0x0, (~arg1), @intCast(u64, 0x1)); + const x3: u1 = (@intCast(u1, (x1 >> 63)) & @intCast(u1, ((arg3[0]) & @intCast(u64, 0x1)))); + var x4: u64 = undefined; + var x5: u1 = undefined; + fiatP434AddcarryxU64(&x4, &x5, 0x0, (~arg1), @intCast(u64, 0x1)); + var x6: u64 = undefined; + fiatP434CmovznzU64(&x6, x3, arg1, x4); + var x7: u64 = undefined; + fiatP434CmovznzU64(&x7, x3, (arg2[0]), (arg3[0])); + var x8: u64 = undefined; + fiatP434CmovznzU64(&x8, x3, (arg2[1]), (arg3[1])); + var x9: u64 = undefined; + fiatP434CmovznzU64(&x9, x3, (arg2[2]), (arg3[2])); + var x10: u64 = undefined; + fiatP434CmovznzU64(&x10, x3, (arg2[3]), (arg3[3])); + var x11: u64 = undefined; + fiatP434CmovznzU64(&x11, x3, (arg2[4]), (arg3[4])); + var x12: u64 = undefined; + fiatP434CmovznzU64(&x12, x3, (arg2[5]), (arg3[5])); + var x13: u64 = undefined; + fiatP434CmovznzU64(&x13, x3, (arg2[6]), (arg3[6])); + var x14: u64 = undefined; + fiatP434CmovznzU64(&x14, x3, (arg2[7]), (arg3[7])); + var x15: u64 = undefined; + var x16: u1 = undefined; + fiatP434AddcarryxU64(&x15, &x16, 0x0, @intCast(u64, 0x1), (~(arg2[0]))); + var x17: u64 = undefined; + var x18: u1 = undefined; + fiatP434AddcarryxU64(&x17, &x18, x16, @intCast(u64, 0x0), (~(arg2[1]))); + var x19: u64 = undefined; + var x20: u1 = undefined; + fiatP434AddcarryxU64(&x19, &x20, x18, @intCast(u64, 0x0), (~(arg2[2]))); + var x21: u64 = undefined; + var x22: u1 = undefined; + fiatP434AddcarryxU64(&x21, &x22, x20, @intCast(u64, 0x0), (~(arg2[3]))); + var x23: u64 = undefined; + var x24: u1 = undefined; + fiatP434AddcarryxU64(&x23, &x24, x22, @intCast(u64, 0x0), (~(arg2[4]))); + var x25: u64 = undefined; + var x26: u1 = undefined; + fiatP434AddcarryxU64(&x25, &x26, x24, @intCast(u64, 0x0), (~(arg2[5]))); + var x27: u64 = undefined; + var x28: u1 = undefined; + fiatP434AddcarryxU64(&x27, &x28, x26, @intCast(u64, 0x0), (~(arg2[6]))); + var x29: u64 = undefined; + var x30: u1 = undefined; + fiatP434AddcarryxU64(&x29, &x30, x28, @intCast(u64, 0x0), (~(arg2[7]))); + var x31: u64 = undefined; + fiatP434CmovznzU64(&x31, x3, (arg3[0]), x15); + var x32: u64 = undefined; + fiatP434CmovznzU64(&x32, x3, (arg3[1]), x17); + var x33: u64 = undefined; + fiatP434CmovznzU64(&x33, x3, (arg3[2]), x19); + var x34: u64 = undefined; + fiatP434CmovznzU64(&x34, x3, (arg3[3]), x21); + var x35: u64 = undefined; + fiatP434CmovznzU64(&x35, x3, (arg3[4]), x23); + var x36: u64 = undefined; + fiatP434CmovznzU64(&x36, x3, (arg3[5]), x25); + var x37: u64 = undefined; + fiatP434CmovznzU64(&x37, x3, (arg3[6]), x27); + var x38: u64 = undefined; + fiatP434CmovznzU64(&x38, x3, (arg3[7]), x29); + var x39: u64 = undefined; + fiatP434CmovznzU64(&x39, x3, (arg4[0]), (arg5[0])); + var x40: u64 = undefined; + fiatP434CmovznzU64(&x40, x3, (arg4[1]), (arg5[1])); + var x41: u64 = undefined; + fiatP434CmovznzU64(&x41, x3, (arg4[2]), (arg5[2])); + var x42: u64 = undefined; + fiatP434CmovznzU64(&x42, x3, (arg4[3]), (arg5[3])); + var x43: u64 = undefined; + fiatP434CmovznzU64(&x43, x3, (arg4[4]), (arg5[4])); + var x44: u64 = undefined; + fiatP434CmovznzU64(&x44, x3, (arg4[5]), (arg5[5])); + var x45: u64 = undefined; + fiatP434CmovznzU64(&x45, x3, (arg4[6]), (arg5[6])); + var x46: u64 = undefined; + var x47: u1 = undefined; + fiatP434AddcarryxU64(&x46, &x47, 0x0, x39, x39); + var x48: u64 = undefined; + var x49: u1 = undefined; + fiatP434AddcarryxU64(&x48, &x49, x47, x40, x40); + var x50: u64 = undefined; + var x51: u1 = undefined; + fiatP434AddcarryxU64(&x50, &x51, x49, x41, x41); + var x52: u64 = undefined; + var x53: u1 = undefined; + fiatP434AddcarryxU64(&x52, &x53, x51, x42, x42); + var x54: u64 = undefined; + var x55: u1 = undefined; + fiatP434AddcarryxU64(&x54, &x55, x53, x43, x43); + var x56: u64 = undefined; + var x57: u1 = undefined; + fiatP434AddcarryxU64(&x56, &x57, x55, x44, x44); + var x58: u64 = undefined; + var x59: u1 = undefined; + fiatP434AddcarryxU64(&x58, &x59, x57, x45, x45); + var x60: u64 = undefined; + var x61: u1 = undefined; + fiatP434SubborrowxU64(&x60, &x61, 0x0, x46, 0xffffffffffffffff); + var x62: u64 = undefined; + var x63: u1 = undefined; + fiatP434SubborrowxU64(&x62, &x63, x61, x48, 0xffffffffffffffff); + var x64: u64 = undefined; + var x65: u1 = undefined; + fiatP434SubborrowxU64(&x64, &x65, x63, x50, 0xffffffffffffffff); + var x66: u64 = undefined; + var x67: u1 = undefined; + fiatP434SubborrowxU64(&x66, &x67, x65, x52, 0xfdc1767ae2ffffff); + var x68: u64 = undefined; + var x69: u1 = undefined; + fiatP434SubborrowxU64(&x68, &x69, x67, x54, 0x7bc65c783158aea3); + var x70: u64 = undefined; + var x71: u1 = undefined; + fiatP434SubborrowxU64(&x70, &x71, x69, x56, 0x6cfc5fd681c52056); + var x72: u64 = undefined; + var x73: u1 = undefined; + fiatP434SubborrowxU64(&x72, &x73, x71, x58, 0x2341f27177344); + var x74: u64 = undefined; + var x75: u1 = undefined; + fiatP434SubborrowxU64(&x74, &x75, x73, @intCast(u64, x59), @intCast(u64, 0x0)); + const x76: u64 = (arg4[6]); + const x77: u64 = (arg4[5]); + const x78: u64 = (arg4[4]); + const x79: u64 = (arg4[3]); + const x80: u64 = (arg4[2]); + const x81: u64 = (arg4[1]); + const x82: u64 = (arg4[0]); + var x83: u64 = undefined; + var x84: u1 = undefined; + fiatP434SubborrowxU64(&x83, &x84, 0x0, @intCast(u64, 0x0), x82); + var x85: u64 = undefined; + var x86: u1 = undefined; + fiatP434SubborrowxU64(&x85, &x86, x84, @intCast(u64, 0x0), x81); + var x87: u64 = undefined; + var x88: u1 = undefined; + fiatP434SubborrowxU64(&x87, &x88, x86, @intCast(u64, 0x0), x80); + var x89: u64 = undefined; + var x90: u1 = undefined; + fiatP434SubborrowxU64(&x89, &x90, x88, @intCast(u64, 0x0), x79); + var x91: u64 = undefined; + var x92: u1 = undefined; + fiatP434SubborrowxU64(&x91, &x92, x90, @intCast(u64, 0x0), x78); + var x93: u64 = undefined; + var x94: u1 = undefined; + fiatP434SubborrowxU64(&x93, &x94, x92, @intCast(u64, 0x0), x77); + var x95: u64 = undefined; + var x96: u1 = undefined; + fiatP434SubborrowxU64(&x95, &x96, x94, @intCast(u64, 0x0), x76); + var x97: u64 = undefined; + fiatP434CmovznzU64(&x97, x96, @intCast(u64, 0x0), 0xffffffffffffffff); + var x98: u64 = undefined; + var x99: u1 = undefined; + fiatP434AddcarryxU64(&x98, &x99, 0x0, x83, x97); + var x100: u64 = undefined; + var x101: u1 = undefined; + fiatP434AddcarryxU64(&x100, &x101, x99, x85, x97); + var x102: u64 = undefined; + var x103: u1 = undefined; + fiatP434AddcarryxU64(&x102, &x103, x101, x87, x97); + var x104: u64 = undefined; + var x105: u1 = undefined; + fiatP434AddcarryxU64(&x104, &x105, x103, x89, (x97 & 0xfdc1767ae2ffffff)); + var x106: u64 = undefined; + var x107: u1 = undefined; + fiatP434AddcarryxU64(&x106, &x107, x105, x91, (x97 & 0x7bc65c783158aea3)); + var x108: u64 = undefined; + var x109: u1 = undefined; + fiatP434AddcarryxU64(&x108, &x109, x107, x93, (x97 & 0x6cfc5fd681c52056)); + var x110: u64 = undefined; + var x111: u1 = undefined; + fiatP434AddcarryxU64(&x110, &x111, x109, x95, (x97 & 0x2341f27177344)); + var x112: u64 = undefined; + fiatP434CmovznzU64(&x112, x3, (arg5[0]), x98); + var x113: u64 = undefined; + fiatP434CmovznzU64(&x113, x3, (arg5[1]), x100); + var x114: u64 = undefined; + fiatP434CmovznzU64(&x114, x3, (arg5[2]), x102); + var x115: u64 = undefined; + fiatP434CmovznzU64(&x115, x3, (arg5[3]), x104); + var x116: u64 = undefined; + fiatP434CmovznzU64(&x116, x3, (arg5[4]), x106); + var x117: u64 = undefined; + fiatP434CmovznzU64(&x117, x3, (arg5[5]), x108); + var x118: u64 = undefined; + fiatP434CmovznzU64(&x118, x3, (arg5[6]), x110); + const x119: u1 = @intCast(u1, (x31 & @intCast(u64, 0x1))); + var x120: u64 = undefined; + fiatP434CmovznzU64(&x120, x119, @intCast(u64, 0x0), x7); + var x121: u64 = undefined; + fiatP434CmovznzU64(&x121, x119, @intCast(u64, 0x0), x8); + var x122: u64 = undefined; + fiatP434CmovznzU64(&x122, x119, @intCast(u64, 0x0), x9); + var x123: u64 = undefined; + fiatP434CmovznzU64(&x123, x119, @intCast(u64, 0x0), x10); + var x124: u64 = undefined; + fiatP434CmovznzU64(&x124, x119, @intCast(u64, 0x0), x11); + var x125: u64 = undefined; + fiatP434CmovznzU64(&x125, x119, @intCast(u64, 0x0), x12); + var x126: u64 = undefined; + fiatP434CmovznzU64(&x126, x119, @intCast(u64, 0x0), x13); + var x127: u64 = undefined; + fiatP434CmovznzU64(&x127, x119, @intCast(u64, 0x0), x14); + var x128: u64 = undefined; + var x129: u1 = undefined; + fiatP434AddcarryxU64(&x128, &x129, 0x0, x31, x120); + var x130: u64 = undefined; + var x131: u1 = undefined; + fiatP434AddcarryxU64(&x130, &x131, x129, x32, x121); + var x132: u64 = undefined; + var x133: u1 = undefined; + fiatP434AddcarryxU64(&x132, &x133, x131, x33, x122); + var x134: u64 = undefined; + var x135: u1 = undefined; + fiatP434AddcarryxU64(&x134, &x135, x133, x34, x123); + var x136: u64 = undefined; + var x137: u1 = undefined; + fiatP434AddcarryxU64(&x136, &x137, x135, x35, x124); + var x138: u64 = undefined; + var x139: u1 = undefined; + fiatP434AddcarryxU64(&x138, &x139, x137, x36, x125); + var x140: u64 = undefined; + var x141: u1 = undefined; + fiatP434AddcarryxU64(&x140, &x141, x139, x37, x126); + var x142: u64 = undefined; + var x143: u1 = undefined; + fiatP434AddcarryxU64(&x142, &x143, x141, x38, x127); + var x144: u64 = undefined; + fiatP434CmovznzU64(&x144, x119, @intCast(u64, 0x0), x39); + var x145: u64 = undefined; + fiatP434CmovznzU64(&x145, x119, @intCast(u64, 0x0), x40); + var x146: u64 = undefined; + fiatP434CmovznzU64(&x146, x119, @intCast(u64, 0x0), x41); + var x147: u64 = undefined; + fiatP434CmovznzU64(&x147, x119, @intCast(u64, 0x0), x42); + var x148: u64 = undefined; + fiatP434CmovznzU64(&x148, x119, @intCast(u64, 0x0), x43); + var x149: u64 = undefined; + fiatP434CmovznzU64(&x149, x119, @intCast(u64, 0x0), x44); + var x150: u64 = undefined; + fiatP434CmovznzU64(&x150, x119, @intCast(u64, 0x0), x45); + var x151: u64 = undefined; + var x152: u1 = undefined; + fiatP434AddcarryxU64(&x151, &x152, 0x0, x112, x144); + var x153: u64 = undefined; + var x154: u1 = undefined; + fiatP434AddcarryxU64(&x153, &x154, x152, x113, x145); + var x155: u64 = undefined; + var x156: u1 = undefined; + fiatP434AddcarryxU64(&x155, &x156, x154, x114, x146); + var x157: u64 = undefined; + var x158: u1 = undefined; + fiatP434AddcarryxU64(&x157, &x158, x156, x115, x147); + var x159: u64 = undefined; + var x160: u1 = undefined; + fiatP434AddcarryxU64(&x159, &x160, x158, x116, x148); + var x161: u64 = undefined; + var x162: u1 = undefined; + fiatP434AddcarryxU64(&x161, &x162, x160, x117, x149); + var x163: u64 = undefined; + var x164: u1 = undefined; + fiatP434AddcarryxU64(&x163, &x164, x162, x118, x150); + var x165: u64 = undefined; + var x166: u1 = undefined; + fiatP434SubborrowxU64(&x165, &x166, 0x0, x151, 0xffffffffffffffff); + var x167: u64 = undefined; + var x168: u1 = undefined; + fiatP434SubborrowxU64(&x167, &x168, x166, x153, 0xffffffffffffffff); + var x169: u64 = undefined; + var x170: u1 = undefined; + fiatP434SubborrowxU64(&x169, &x170, x168, x155, 0xffffffffffffffff); + var x171: u64 = undefined; + var x172: u1 = undefined; + fiatP434SubborrowxU64(&x171, &x172, x170, x157, 0xfdc1767ae2ffffff); + var x173: u64 = undefined; + var x174: u1 = undefined; + fiatP434SubborrowxU64(&x173, &x174, x172, x159, 0x7bc65c783158aea3); + var x175: u64 = undefined; + var x176: u1 = undefined; + fiatP434SubborrowxU64(&x175, &x176, x174, x161, 0x6cfc5fd681c52056); + var x177: u64 = undefined; + var x178: u1 = undefined; + fiatP434SubborrowxU64(&x177, &x178, x176, x163, 0x2341f27177344); + var x179: u64 = undefined; + var x180: u1 = undefined; + fiatP434SubborrowxU64(&x179, &x180, x178, @intCast(u64, x164), @intCast(u64, 0x0)); + var x181: u64 = undefined; + var x182: u1 = undefined; + fiatP434AddcarryxU64(&x181, &x182, 0x0, x6, @intCast(u64, 0x1)); + const x183: u64 = ((x128 >> 1) | ((x130 << 63) & 0xffffffffffffffff)); + const x184: u64 = ((x130 >> 1) | ((x132 << 63) & 0xffffffffffffffff)); + const x185: u64 = ((x132 >> 1) | ((x134 << 63) & 0xffffffffffffffff)); + const x186: u64 = ((x134 >> 1) | ((x136 << 63) & 0xffffffffffffffff)); + const x187: u64 = ((x136 >> 1) | ((x138 << 63) & 0xffffffffffffffff)); + const x188: u64 = ((x138 >> 1) | ((x140 << 63) & 0xffffffffffffffff)); + const x189: u64 = ((x140 >> 1) | ((x142 << 63) & 0xffffffffffffffff)); + const x190: u64 = ((x142 & 0x8000000000000000) | (x142 >> 1)); + var x191: u64 = undefined; + fiatP434CmovznzU64(&x191, x75, x60, x46); + var x192: u64 = undefined; + fiatP434CmovznzU64(&x192, x75, x62, x48); + var x193: u64 = undefined; + fiatP434CmovznzU64(&x193, x75, x64, x50); + var x194: u64 = undefined; + fiatP434CmovznzU64(&x194, x75, x66, x52); + var x195: u64 = undefined; + fiatP434CmovznzU64(&x195, x75, x68, x54); + var x196: u64 = undefined; + fiatP434CmovznzU64(&x196, x75, x70, x56); + var x197: u64 = undefined; + fiatP434CmovznzU64(&x197, x75, x72, x58); + var x198: u64 = undefined; + fiatP434CmovznzU64(&x198, x180, x165, x151); + var x199: u64 = undefined; + fiatP434CmovznzU64(&x199, x180, x167, x153); + var x200: u64 = undefined; + fiatP434CmovznzU64(&x200, x180, x169, x155); + var x201: u64 = undefined; + fiatP434CmovznzU64(&x201, x180, x171, x157); + var x202: u64 = undefined; + fiatP434CmovznzU64(&x202, x180, x173, x159); + var x203: u64 = undefined; + fiatP434CmovznzU64(&x203, x180, x175, x161); + var x204: u64 = undefined; + fiatP434CmovznzU64(&x204, x180, x177, x163); + out1.* = x181; + out2[0] = x7; + out2[1] = x8; + out2[2] = x9; + out2[3] = x10; + out2[4] = x11; + out2[5] = x12; + out2[6] = x13; + out2[7] = x14; + out3[0] = x183; + out3[1] = x184; + out3[2] = x185; + out3[3] = x186; + out3[4] = x187; + out3[5] = x188; + out3[6] = x189; + out3[7] = x190; + out4[0] = x191; + out4[1] = x192; + out4[2] = x193; + out4[3] = x194; + out4[4] = x195; + out4[5] = x196; + out4[6] = x197; + out5[0] = x198; + out5[1] = x199; + out5[2] = x200; + out5[3] = x201; + out5[4] = x202; + out5[5] = x203; + out5[6] = x204; +} + +/// The function fiatP434DivstepPrecomp returns the precomputed value for Bernstein-Yang-inversion (in montgomery form). +/// Postconditions: +/// eval (from_montgomery out1) = ⌊(m - 1) / 2⌋^(if (log2 m) + 1 < 46 then ⌊(49 * ((log2 m) + 1) + 80) / 17⌋ else ⌊(49 * ((log2 m) + 1) + 57) / 17⌋) +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +pub fn fiatP434DivstepPrecomp(out1: *[7]u64) void { + out1[0] = 0x9f9776e27e1a2b72; + out1[1] = 0x28b59f067e2393d0; + out1[2] = 0xcf316ce1572add54; + out1[3] = 0x312c8965f9032c2f; + out1[4] = 0x9d9cab29ad90d34c; + out1[5] = 0x6e1ddae1d9609ae1; + out1[6] = 0x6df82285eec6; +} + diff --git a/fiat-zig/src/p448_solinas_32.zig b/fiat-zig/src/p448_solinas_32.zig new file mode 100644 index 0000000000..b75c24bc2e --- /dev/null +++ b/fiat-zig/src/p448_solinas_32.zig @@ -0,0 +1,1629 @@ +/// Autogenerated: 'src/ExtractionOCaml/unsaturated_solinas' --lang Zig --internal-static --public-function-case camelCase --private-function-case camelCase p448 32 16 '2^448 - 2^224 - 1' carry_mul carry_square carry add sub opp selectznz to_bytes from_bytes +/// curve description: p448 +/// machine_wordsize = 32 (from "32") +/// requested operations: carry_mul, carry_square, carry, add, sub, opp, selectznz, to_bytes, from_bytes +/// n = 16 (from "16") +/// s-c = 2^448 - [(2^224, 1), (1, 1)] (from "2^448 - 2^224 - 1") +/// tight_bounds_multiplier = 1 (from "") +/// +/// Computed values: +/// carry_chain = [7, 15, 8, 0, 9, 1, 10, 2, 11, 3, 12, 4, 13, 5, 14, 6, 15, 7, 8, 0] +/// eval z = z[0] + (z[1] << 28) + (z[2] << 56) + (z[3] << 84) + (z[4] << 112) + (z[5] << 140) + (z[6] << 168) + (z[7] << 196) + (z[8] << 224) + (z[9] << 252) + (z[10] << 0x118) + (z[11] << 0x134) + (z[12] << 0x150) + (z[13] << 0x16c) + (z[14] << 0x188) + (z[15] << 0x1a4) +/// bytes_eval z = z[0] + (z[1] << 8) + (z[2] << 16) + (z[3] << 24) + (z[4] << 32) + (z[5] << 40) + (z[6] << 48) + (z[7] << 56) + (z[8] << 64) + (z[9] << 72) + (z[10] << 80) + (z[11] << 88) + (z[12] << 96) + (z[13] << 104) + (z[14] << 112) + (z[15] << 120) + (z[16] << 128) + (z[17] << 136) + (z[18] << 144) + (z[19] << 152) + (z[20] << 160) + (z[21] << 168) + (z[22] << 176) + (z[23] << 184) + (z[24] << 192) + (z[25] << 200) + (z[26] << 208) + (z[27] << 216) + (z[28] << 224) + (z[29] << 232) + (z[30] << 240) + (z[31] << 248) + (z[32] << 256) + (z[33] << 0x108) + (z[34] << 0x110) + (z[35] << 0x118) + (z[36] << 0x120) + (z[37] << 0x128) + (z[38] << 0x130) + (z[39] << 0x138) + (z[40] << 0x140) + (z[41] << 0x148) + (z[42] << 0x150) + (z[43] << 0x158) + (z[44] << 0x160) + (z[45] << 0x168) + (z[46] << 0x170) + (z[47] << 0x178) + (z[48] << 0x180) + (z[49] << 0x188) + (z[50] << 0x190) + (z[51] << 0x198) + (z[52] << 0x1a0) + (z[53] << 0x1a8) + (z[54] << 0x1b0) + (z[55] << 0x1b8) +/// balance = [0x1ffffffe, 0x1ffffffe, 0x1ffffffe, 0x1ffffffe, 0x1ffffffe, 0x1ffffffe, 0x1ffffffe, 0x1ffffffe, 0x1ffffffc, 0x1ffffffe, 0x1ffffffe, 0x1ffffffe, 0x1ffffffe, 0x1ffffffe, 0x1ffffffe, 0x1ffffffe] + + +/// The function fiatP448AddcarryxU28 is an addition with carry. +/// Postconditions: +/// out1 = (arg1 + arg2 + arg3) mod 2^28 +/// out2 = ⌊(arg1 + arg2 + arg3) / 2^28⌋ +/// +/// Input Bounds: +/// arg1: [0x0 ~> 0x1] +/// arg2: [0x0 ~> 0xfffffff] +/// arg3: [0x0 ~> 0xfffffff] +/// Output Bounds: +/// out1: [0x0 ~> 0xfffffff] +/// out2: [0x0 ~> 0x1] +fn fiatP448AddcarryxU28(out1: *u32, out2: *u1, arg1: u1, arg2: u32, arg3: u32) callconv(.Inline) void { + const x1: u32 = ((@intCast(u32, arg1) + arg2) + arg3); + const x2: u32 = (x1 & 0xfffffff); + const x3: u1 = @intCast(u1, (x1 >> 28)); + out1.* = x2; + out2.* = x3; +} + +/// The function fiatP448SubborrowxU28 is a subtraction with borrow. +/// Postconditions: +/// out1 = (-arg1 + arg2 + -arg3) mod 2^28 +/// out2 = -⌊(-arg1 + arg2 + -arg3) / 2^28⌋ +/// +/// Input Bounds: +/// arg1: [0x0 ~> 0x1] +/// arg2: [0x0 ~> 0xfffffff] +/// arg3: [0x0 ~> 0xfffffff] +/// Output Bounds: +/// out1: [0x0 ~> 0xfffffff] +/// out2: [0x0 ~> 0x1] +fn fiatP448SubborrowxU28(out1: *u32, out2: *u1, arg1: u1, arg2: u32, arg3: u32) callconv(.Inline) void { + const x1: i32 = @intCast(i32, (@intCast(i64, @intCast(i32, (@intCast(i64, arg2) - @intCast(i64, arg1)))) - @intCast(i64, arg3))); + const x2: i1 = @intCast(i1, (x1 >> 28)); + const x3: u32 = @intCast(u32, (@intCast(i64, x1) & @intCast(i64, 0xfffffff))); + out1.* = x3; + out2.* = @intCast(u1, (@intCast(i2, 0x0) - @intCast(i2, x2))); +} + +/// The function fiatP448CmovznzU32 is a single-word conditional move. +/// Postconditions: +/// out1 = (if arg1 = 0 then arg2 else arg3) +/// +/// Input Bounds: +/// arg1: [0x0 ~> 0x1] +/// arg2: [0x0 ~> 0xffffffff] +/// arg3: [0x0 ~> 0xffffffff] +/// Output Bounds: +/// out1: [0x0 ~> 0xffffffff] +fn fiatP448CmovznzU32(out1: *u32, arg1: u1, arg2: u32, arg3: u32) callconv(.Inline) void { + const x1: u1 = (~(~arg1)); + const x2: u32 = @intCast(u32, (@intCast(i64, @intCast(i1, (@intCast(i2, 0x0) - @intCast(i2, x1)))) & @intCast(i64, 0xffffffff))); + const x3: u32 = ((x2 & arg3) | ((~x2) & arg2)); + out1.* = x3; +} + +/// The function fiatP448CarryMul multiplies two field elements and reduces the result. +/// Postconditions: +/// eval out1 mod m = (eval arg1 * eval arg2) mod m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000]] +/// arg2: [[0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000]] +/// Output Bounds: +/// out1: [[0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000]] +pub fn fiatP448CarryMul(out1: *[16]u32, arg1: [16]u32, arg2: [16]u32) void { + const x1: u64 = (@intCast(u64, (arg1[15])) * @intCast(u64, (arg2[15]))); + const x2: u64 = (@intCast(u64, (arg1[15])) * @intCast(u64, (arg2[14]))); + const x3: u64 = (@intCast(u64, (arg1[15])) * @intCast(u64, (arg2[13]))); + const x4: u64 = (@intCast(u64, (arg1[15])) * @intCast(u64, (arg2[12]))); + const x5: u64 = (@intCast(u64, (arg1[15])) * @intCast(u64, (arg2[11]))); + const x6: u64 = (@intCast(u64, (arg1[15])) * @intCast(u64, (arg2[10]))); + const x7: u64 = (@intCast(u64, (arg1[15])) * @intCast(u64, (arg2[9]))); + const x8: u64 = (@intCast(u64, (arg1[14])) * @intCast(u64, (arg2[15]))); + const x9: u64 = (@intCast(u64, (arg1[14])) * @intCast(u64, (arg2[14]))); + const x10: u64 = (@intCast(u64, (arg1[14])) * @intCast(u64, (arg2[13]))); + const x11: u64 = (@intCast(u64, (arg1[14])) * @intCast(u64, (arg2[12]))); + const x12: u64 = (@intCast(u64, (arg1[14])) * @intCast(u64, (arg2[11]))); + const x13: u64 = (@intCast(u64, (arg1[14])) * @intCast(u64, (arg2[10]))); + const x14: u64 = (@intCast(u64, (arg1[13])) * @intCast(u64, (arg2[15]))); + const x15: u64 = (@intCast(u64, (arg1[13])) * @intCast(u64, (arg2[14]))); + const x16: u64 = (@intCast(u64, (arg1[13])) * @intCast(u64, (arg2[13]))); + const x17: u64 = (@intCast(u64, (arg1[13])) * @intCast(u64, (arg2[12]))); + const x18: u64 = (@intCast(u64, (arg1[13])) * @intCast(u64, (arg2[11]))); + const x19: u64 = (@intCast(u64, (arg1[12])) * @intCast(u64, (arg2[15]))); + const x20: u64 = (@intCast(u64, (arg1[12])) * @intCast(u64, (arg2[14]))); + const x21: u64 = (@intCast(u64, (arg1[12])) * @intCast(u64, (arg2[13]))); + const x22: u64 = (@intCast(u64, (arg1[12])) * @intCast(u64, (arg2[12]))); + const x23: u64 = (@intCast(u64, (arg1[11])) * @intCast(u64, (arg2[15]))); + const x24: u64 = (@intCast(u64, (arg1[11])) * @intCast(u64, (arg2[14]))); + const x25: u64 = (@intCast(u64, (arg1[11])) * @intCast(u64, (arg2[13]))); + const x26: u64 = (@intCast(u64, (arg1[10])) * @intCast(u64, (arg2[15]))); + const x27: u64 = (@intCast(u64, (arg1[10])) * @intCast(u64, (arg2[14]))); + const x28: u64 = (@intCast(u64, (arg1[9])) * @intCast(u64, (arg2[15]))); + const x29: u64 = (@intCast(u64, (arg1[15])) * @intCast(u64, (arg2[15]))); + const x30: u64 = (@intCast(u64, (arg1[15])) * @intCast(u64, (arg2[14]))); + const x31: u64 = (@intCast(u64, (arg1[15])) * @intCast(u64, (arg2[13]))); + const x32: u64 = (@intCast(u64, (arg1[15])) * @intCast(u64, (arg2[12]))); + const x33: u64 = (@intCast(u64, (arg1[15])) * @intCast(u64, (arg2[11]))); + const x34: u64 = (@intCast(u64, (arg1[15])) * @intCast(u64, (arg2[10]))); + const x35: u64 = (@intCast(u64, (arg1[15])) * @intCast(u64, (arg2[9]))); + const x36: u64 = (@intCast(u64, (arg1[14])) * @intCast(u64, (arg2[15]))); + const x37: u64 = (@intCast(u64, (arg1[14])) * @intCast(u64, (arg2[14]))); + const x38: u64 = (@intCast(u64, (arg1[14])) * @intCast(u64, (arg2[13]))); + const x39: u64 = (@intCast(u64, (arg1[14])) * @intCast(u64, (arg2[12]))); + const x40: u64 = (@intCast(u64, (arg1[14])) * @intCast(u64, (arg2[11]))); + const x41: u64 = (@intCast(u64, (arg1[14])) * @intCast(u64, (arg2[10]))); + const x42: u64 = (@intCast(u64, (arg1[13])) * @intCast(u64, (arg2[15]))); + const x43: u64 = (@intCast(u64, (arg1[13])) * @intCast(u64, (arg2[14]))); + const x44: u64 = (@intCast(u64, (arg1[13])) * @intCast(u64, (arg2[13]))); + const x45: u64 = (@intCast(u64, (arg1[13])) * @intCast(u64, (arg2[12]))); + const x46: u64 = (@intCast(u64, (arg1[13])) * @intCast(u64, (arg2[11]))); + const x47: u64 = (@intCast(u64, (arg1[12])) * @intCast(u64, (arg2[15]))); + const x48: u64 = (@intCast(u64, (arg1[12])) * @intCast(u64, (arg2[14]))); + const x49: u64 = (@intCast(u64, (arg1[12])) * @intCast(u64, (arg2[13]))); + const x50: u64 = (@intCast(u64, (arg1[12])) * @intCast(u64, (arg2[12]))); + const x51: u64 = (@intCast(u64, (arg1[11])) * @intCast(u64, (arg2[15]))); + const x52: u64 = (@intCast(u64, (arg1[11])) * @intCast(u64, (arg2[14]))); + const x53: u64 = (@intCast(u64, (arg1[11])) * @intCast(u64, (arg2[13]))); + const x54: u64 = (@intCast(u64, (arg1[10])) * @intCast(u64, (arg2[15]))); + const x55: u64 = (@intCast(u64, (arg1[10])) * @intCast(u64, (arg2[14]))); + const x56: u64 = (@intCast(u64, (arg1[9])) * @intCast(u64, (arg2[15]))); + const x57: u64 = (@intCast(u64, (arg1[15])) * @intCast(u64, (arg2[15]))); + const x58: u64 = (@intCast(u64, (arg1[15])) * @intCast(u64, (arg2[14]))); + const x59: u64 = (@intCast(u64, (arg1[15])) * @intCast(u64, (arg2[13]))); + const x60: u64 = (@intCast(u64, (arg1[15])) * @intCast(u64, (arg2[12]))); + const x61: u64 = (@intCast(u64, (arg1[15])) * @intCast(u64, (arg2[11]))); + const x62: u64 = (@intCast(u64, (arg1[15])) * @intCast(u64, (arg2[10]))); + const x63: u64 = (@intCast(u64, (arg1[15])) * @intCast(u64, (arg2[9]))); + const x64: u64 = (@intCast(u64, (arg1[15])) * @intCast(u64, (arg2[8]))); + const x65: u64 = (@intCast(u64, (arg1[15])) * @intCast(u64, (arg2[7]))); + const x66: u64 = (@intCast(u64, (arg1[15])) * @intCast(u64, (arg2[6]))); + const x67: u64 = (@intCast(u64, (arg1[15])) * @intCast(u64, (arg2[5]))); + const x68: u64 = (@intCast(u64, (arg1[15])) * @intCast(u64, (arg2[4]))); + const x69: u64 = (@intCast(u64, (arg1[15])) * @intCast(u64, (arg2[3]))); + const x70: u64 = (@intCast(u64, (arg1[15])) * @intCast(u64, (arg2[2]))); + const x71: u64 = (@intCast(u64, (arg1[15])) * @intCast(u64, (arg2[1]))); + const x72: u64 = (@intCast(u64, (arg1[14])) * @intCast(u64, (arg2[15]))); + const x73: u64 = (@intCast(u64, (arg1[14])) * @intCast(u64, (arg2[14]))); + const x74: u64 = (@intCast(u64, (arg1[14])) * @intCast(u64, (arg2[13]))); + const x75: u64 = (@intCast(u64, (arg1[14])) * @intCast(u64, (arg2[12]))); + const x76: u64 = (@intCast(u64, (arg1[14])) * @intCast(u64, (arg2[11]))); + const x77: u64 = (@intCast(u64, (arg1[14])) * @intCast(u64, (arg2[10]))); + const x78: u64 = (@intCast(u64, (arg1[14])) * @intCast(u64, (arg2[9]))); + const x79: u64 = (@intCast(u64, (arg1[14])) * @intCast(u64, (arg2[8]))); + const x80: u64 = (@intCast(u64, (arg1[14])) * @intCast(u64, (arg2[7]))); + const x81: u64 = (@intCast(u64, (arg1[14])) * @intCast(u64, (arg2[6]))); + const x82: u64 = (@intCast(u64, (arg1[14])) * @intCast(u64, (arg2[5]))); + const x83: u64 = (@intCast(u64, (arg1[14])) * @intCast(u64, (arg2[4]))); + const x84: u64 = (@intCast(u64, (arg1[14])) * @intCast(u64, (arg2[3]))); + const x85: u64 = (@intCast(u64, (arg1[14])) * @intCast(u64, (arg2[2]))); + const x86: u64 = (@intCast(u64, (arg1[13])) * @intCast(u64, (arg2[15]))); + const x87: u64 = (@intCast(u64, (arg1[13])) * @intCast(u64, (arg2[14]))); + const x88: u64 = (@intCast(u64, (arg1[13])) * @intCast(u64, (arg2[13]))); + const x89: u64 = (@intCast(u64, (arg1[13])) * @intCast(u64, (arg2[12]))); + const x90: u64 = (@intCast(u64, (arg1[13])) * @intCast(u64, (arg2[11]))); + const x91: u64 = (@intCast(u64, (arg1[13])) * @intCast(u64, (arg2[10]))); + const x92: u64 = (@intCast(u64, (arg1[13])) * @intCast(u64, (arg2[9]))); + const x93: u64 = (@intCast(u64, (arg1[13])) * @intCast(u64, (arg2[8]))); + const x94: u64 = (@intCast(u64, (arg1[13])) * @intCast(u64, (arg2[7]))); + const x95: u64 = (@intCast(u64, (arg1[13])) * @intCast(u64, (arg2[6]))); + const x96: u64 = (@intCast(u64, (arg1[13])) * @intCast(u64, (arg2[5]))); + const x97: u64 = (@intCast(u64, (arg1[13])) * @intCast(u64, (arg2[4]))); + const x98: u64 = (@intCast(u64, (arg1[13])) * @intCast(u64, (arg2[3]))); + const x99: u64 = (@intCast(u64, (arg1[12])) * @intCast(u64, (arg2[15]))); + const x100: u64 = (@intCast(u64, (arg1[12])) * @intCast(u64, (arg2[14]))); + const x101: u64 = (@intCast(u64, (arg1[12])) * @intCast(u64, (arg2[13]))); + const x102: u64 = (@intCast(u64, (arg1[12])) * @intCast(u64, (arg2[12]))); + const x103: u64 = (@intCast(u64, (arg1[12])) * @intCast(u64, (arg2[11]))); + const x104: u64 = (@intCast(u64, (arg1[12])) * @intCast(u64, (arg2[10]))); + const x105: u64 = (@intCast(u64, (arg1[12])) * @intCast(u64, (arg2[9]))); + const x106: u64 = (@intCast(u64, (arg1[12])) * @intCast(u64, (arg2[8]))); + const x107: u64 = (@intCast(u64, (arg1[12])) * @intCast(u64, (arg2[7]))); + const x108: u64 = (@intCast(u64, (arg1[12])) * @intCast(u64, (arg2[6]))); + const x109: u64 = (@intCast(u64, (arg1[12])) * @intCast(u64, (arg2[5]))); + const x110: u64 = (@intCast(u64, (arg1[12])) * @intCast(u64, (arg2[4]))); + const x111: u64 = (@intCast(u64, (arg1[11])) * @intCast(u64, (arg2[15]))); + const x112: u64 = (@intCast(u64, (arg1[11])) * @intCast(u64, (arg2[14]))); + const x113: u64 = (@intCast(u64, (arg1[11])) * @intCast(u64, (arg2[13]))); + const x114: u64 = (@intCast(u64, (arg1[11])) * @intCast(u64, (arg2[12]))); + const x115: u64 = (@intCast(u64, (arg1[11])) * @intCast(u64, (arg2[11]))); + const x116: u64 = (@intCast(u64, (arg1[11])) * @intCast(u64, (arg2[10]))); + const x117: u64 = (@intCast(u64, (arg1[11])) * @intCast(u64, (arg2[9]))); + const x118: u64 = (@intCast(u64, (arg1[11])) * @intCast(u64, (arg2[8]))); + const x119: u64 = (@intCast(u64, (arg1[11])) * @intCast(u64, (arg2[7]))); + const x120: u64 = (@intCast(u64, (arg1[11])) * @intCast(u64, (arg2[6]))); + const x121: u64 = (@intCast(u64, (arg1[11])) * @intCast(u64, (arg2[5]))); + const x122: u64 = (@intCast(u64, (arg1[10])) * @intCast(u64, (arg2[15]))); + const x123: u64 = (@intCast(u64, (arg1[10])) * @intCast(u64, (arg2[14]))); + const x124: u64 = (@intCast(u64, (arg1[10])) * @intCast(u64, (arg2[13]))); + const x125: u64 = (@intCast(u64, (arg1[10])) * @intCast(u64, (arg2[12]))); + const x126: u64 = (@intCast(u64, (arg1[10])) * @intCast(u64, (arg2[11]))); + const x127: u64 = (@intCast(u64, (arg1[10])) * @intCast(u64, (arg2[10]))); + const x128: u64 = (@intCast(u64, (arg1[10])) * @intCast(u64, (arg2[9]))); + const x129: u64 = (@intCast(u64, (arg1[10])) * @intCast(u64, (arg2[8]))); + const x130: u64 = (@intCast(u64, (arg1[10])) * @intCast(u64, (arg2[7]))); + const x131: u64 = (@intCast(u64, (arg1[10])) * @intCast(u64, (arg2[6]))); + const x132: u64 = (@intCast(u64, (arg1[9])) * @intCast(u64, (arg2[15]))); + const x133: u64 = (@intCast(u64, (arg1[9])) * @intCast(u64, (arg2[14]))); + const x134: u64 = (@intCast(u64, (arg1[9])) * @intCast(u64, (arg2[13]))); + const x135: u64 = (@intCast(u64, (arg1[9])) * @intCast(u64, (arg2[12]))); + const x136: u64 = (@intCast(u64, (arg1[9])) * @intCast(u64, (arg2[11]))); + const x137: u64 = (@intCast(u64, (arg1[9])) * @intCast(u64, (arg2[10]))); + const x138: u64 = (@intCast(u64, (arg1[9])) * @intCast(u64, (arg2[9]))); + const x139: u64 = (@intCast(u64, (arg1[9])) * @intCast(u64, (arg2[8]))); + const x140: u64 = (@intCast(u64, (arg1[9])) * @intCast(u64, (arg2[7]))); + const x141: u64 = (@intCast(u64, (arg1[8])) * @intCast(u64, (arg2[15]))); + const x142: u64 = (@intCast(u64, (arg1[8])) * @intCast(u64, (arg2[14]))); + const x143: u64 = (@intCast(u64, (arg1[8])) * @intCast(u64, (arg2[13]))); + const x144: u64 = (@intCast(u64, (arg1[8])) * @intCast(u64, (arg2[12]))); + const x145: u64 = (@intCast(u64, (arg1[8])) * @intCast(u64, (arg2[11]))); + const x146: u64 = (@intCast(u64, (arg1[8])) * @intCast(u64, (arg2[10]))); + const x147: u64 = (@intCast(u64, (arg1[8])) * @intCast(u64, (arg2[9]))); + const x148: u64 = (@intCast(u64, (arg1[8])) * @intCast(u64, (arg2[8]))); + const x149: u64 = (@intCast(u64, (arg1[7])) * @intCast(u64, (arg2[15]))); + const x150: u64 = (@intCast(u64, (arg1[7])) * @intCast(u64, (arg2[14]))); + const x151: u64 = (@intCast(u64, (arg1[7])) * @intCast(u64, (arg2[13]))); + const x152: u64 = (@intCast(u64, (arg1[7])) * @intCast(u64, (arg2[12]))); + const x153: u64 = (@intCast(u64, (arg1[7])) * @intCast(u64, (arg2[11]))); + const x154: u64 = (@intCast(u64, (arg1[7])) * @intCast(u64, (arg2[10]))); + const x155: u64 = (@intCast(u64, (arg1[7])) * @intCast(u64, (arg2[9]))); + const x156: u64 = (@intCast(u64, (arg1[6])) * @intCast(u64, (arg2[15]))); + const x157: u64 = (@intCast(u64, (arg1[6])) * @intCast(u64, (arg2[14]))); + const x158: u64 = (@intCast(u64, (arg1[6])) * @intCast(u64, (arg2[13]))); + const x159: u64 = (@intCast(u64, (arg1[6])) * @intCast(u64, (arg2[12]))); + const x160: u64 = (@intCast(u64, (arg1[6])) * @intCast(u64, (arg2[11]))); + const x161: u64 = (@intCast(u64, (arg1[6])) * @intCast(u64, (arg2[10]))); + const x162: u64 = (@intCast(u64, (arg1[5])) * @intCast(u64, (arg2[15]))); + const x163: u64 = (@intCast(u64, (arg1[5])) * @intCast(u64, (arg2[14]))); + const x164: u64 = (@intCast(u64, (arg1[5])) * @intCast(u64, (arg2[13]))); + const x165: u64 = (@intCast(u64, (arg1[5])) * @intCast(u64, (arg2[12]))); + const x166: u64 = (@intCast(u64, (arg1[5])) * @intCast(u64, (arg2[11]))); + const x167: u64 = (@intCast(u64, (arg1[4])) * @intCast(u64, (arg2[15]))); + const x168: u64 = (@intCast(u64, (arg1[4])) * @intCast(u64, (arg2[14]))); + const x169: u64 = (@intCast(u64, (arg1[4])) * @intCast(u64, (arg2[13]))); + const x170: u64 = (@intCast(u64, (arg1[4])) * @intCast(u64, (arg2[12]))); + const x171: u64 = (@intCast(u64, (arg1[3])) * @intCast(u64, (arg2[15]))); + const x172: u64 = (@intCast(u64, (arg1[3])) * @intCast(u64, (arg2[14]))); + const x173: u64 = (@intCast(u64, (arg1[3])) * @intCast(u64, (arg2[13]))); + const x174: u64 = (@intCast(u64, (arg1[2])) * @intCast(u64, (arg2[15]))); + const x175: u64 = (@intCast(u64, (arg1[2])) * @intCast(u64, (arg2[14]))); + const x176: u64 = (@intCast(u64, (arg1[1])) * @intCast(u64, (arg2[15]))); + const x177: u64 = (@intCast(u64, (arg1[15])) * @intCast(u64, (arg2[8]))); + const x178: u64 = (@intCast(u64, (arg1[15])) * @intCast(u64, (arg2[7]))); + const x179: u64 = (@intCast(u64, (arg1[15])) * @intCast(u64, (arg2[6]))); + const x180: u64 = (@intCast(u64, (arg1[15])) * @intCast(u64, (arg2[5]))); + const x181: u64 = (@intCast(u64, (arg1[15])) * @intCast(u64, (arg2[4]))); + const x182: u64 = (@intCast(u64, (arg1[15])) * @intCast(u64, (arg2[3]))); + const x183: u64 = (@intCast(u64, (arg1[15])) * @intCast(u64, (arg2[2]))); + const x184: u64 = (@intCast(u64, (arg1[15])) * @intCast(u64, (arg2[1]))); + const x185: u64 = (@intCast(u64, (arg1[14])) * @intCast(u64, (arg2[9]))); + const x186: u64 = (@intCast(u64, (arg1[14])) * @intCast(u64, (arg2[8]))); + const x187: u64 = (@intCast(u64, (arg1[14])) * @intCast(u64, (arg2[7]))); + const x188: u64 = (@intCast(u64, (arg1[14])) * @intCast(u64, (arg2[6]))); + const x189: u64 = (@intCast(u64, (arg1[14])) * @intCast(u64, (arg2[5]))); + const x190: u64 = (@intCast(u64, (arg1[14])) * @intCast(u64, (arg2[4]))); + const x191: u64 = (@intCast(u64, (arg1[14])) * @intCast(u64, (arg2[3]))); + const x192: u64 = (@intCast(u64, (arg1[14])) * @intCast(u64, (arg2[2]))); + const x193: u64 = (@intCast(u64, (arg1[13])) * @intCast(u64, (arg2[10]))); + const x194: u64 = (@intCast(u64, (arg1[13])) * @intCast(u64, (arg2[9]))); + const x195: u64 = (@intCast(u64, (arg1[13])) * @intCast(u64, (arg2[8]))); + const x196: u64 = (@intCast(u64, (arg1[13])) * @intCast(u64, (arg2[7]))); + const x197: u64 = (@intCast(u64, (arg1[13])) * @intCast(u64, (arg2[6]))); + const x198: u64 = (@intCast(u64, (arg1[13])) * @intCast(u64, (arg2[5]))); + const x199: u64 = (@intCast(u64, (arg1[13])) * @intCast(u64, (arg2[4]))); + const x200: u64 = (@intCast(u64, (arg1[13])) * @intCast(u64, (arg2[3]))); + const x201: u64 = (@intCast(u64, (arg1[12])) * @intCast(u64, (arg2[11]))); + const x202: u64 = (@intCast(u64, (arg1[12])) * @intCast(u64, (arg2[10]))); + const x203: u64 = (@intCast(u64, (arg1[12])) * @intCast(u64, (arg2[9]))); + const x204: u64 = (@intCast(u64, (arg1[12])) * @intCast(u64, (arg2[8]))); + const x205: u64 = (@intCast(u64, (arg1[12])) * @intCast(u64, (arg2[7]))); + const x206: u64 = (@intCast(u64, (arg1[12])) * @intCast(u64, (arg2[6]))); + const x207: u64 = (@intCast(u64, (arg1[12])) * @intCast(u64, (arg2[5]))); + const x208: u64 = (@intCast(u64, (arg1[12])) * @intCast(u64, (arg2[4]))); + const x209: u64 = (@intCast(u64, (arg1[11])) * @intCast(u64, (arg2[12]))); + const x210: u64 = (@intCast(u64, (arg1[11])) * @intCast(u64, (arg2[11]))); + const x211: u64 = (@intCast(u64, (arg1[11])) * @intCast(u64, (arg2[10]))); + const x212: u64 = (@intCast(u64, (arg1[11])) * @intCast(u64, (arg2[9]))); + const x213: u64 = (@intCast(u64, (arg1[11])) * @intCast(u64, (arg2[8]))); + const x214: u64 = (@intCast(u64, (arg1[11])) * @intCast(u64, (arg2[7]))); + const x215: u64 = (@intCast(u64, (arg1[11])) * @intCast(u64, (arg2[6]))); + const x216: u64 = (@intCast(u64, (arg1[11])) * @intCast(u64, (arg2[5]))); + const x217: u64 = (@intCast(u64, (arg1[10])) * @intCast(u64, (arg2[13]))); + const x218: u64 = (@intCast(u64, (arg1[10])) * @intCast(u64, (arg2[12]))); + const x219: u64 = (@intCast(u64, (arg1[10])) * @intCast(u64, (arg2[11]))); + const x220: u64 = (@intCast(u64, (arg1[10])) * @intCast(u64, (arg2[10]))); + const x221: u64 = (@intCast(u64, (arg1[10])) * @intCast(u64, (arg2[9]))); + const x222: u64 = (@intCast(u64, (arg1[10])) * @intCast(u64, (arg2[8]))); + const x223: u64 = (@intCast(u64, (arg1[10])) * @intCast(u64, (arg2[7]))); + const x224: u64 = (@intCast(u64, (arg1[10])) * @intCast(u64, (arg2[6]))); + const x225: u64 = (@intCast(u64, (arg1[9])) * @intCast(u64, (arg2[14]))); + const x226: u64 = (@intCast(u64, (arg1[9])) * @intCast(u64, (arg2[13]))); + const x227: u64 = (@intCast(u64, (arg1[9])) * @intCast(u64, (arg2[12]))); + const x228: u64 = (@intCast(u64, (arg1[9])) * @intCast(u64, (arg2[11]))); + const x229: u64 = (@intCast(u64, (arg1[9])) * @intCast(u64, (arg2[10]))); + const x230: u64 = (@intCast(u64, (arg1[9])) * @intCast(u64, (arg2[9]))); + const x231: u64 = (@intCast(u64, (arg1[9])) * @intCast(u64, (arg2[8]))); + const x232: u64 = (@intCast(u64, (arg1[9])) * @intCast(u64, (arg2[7]))); + const x233: u64 = (@intCast(u64, (arg1[8])) * @intCast(u64, (arg2[15]))); + const x234: u64 = (@intCast(u64, (arg1[8])) * @intCast(u64, (arg2[14]))); + const x235: u64 = (@intCast(u64, (arg1[8])) * @intCast(u64, (arg2[13]))); + const x236: u64 = (@intCast(u64, (arg1[8])) * @intCast(u64, (arg2[12]))); + const x237: u64 = (@intCast(u64, (arg1[8])) * @intCast(u64, (arg2[11]))); + const x238: u64 = (@intCast(u64, (arg1[8])) * @intCast(u64, (arg2[10]))); + const x239: u64 = (@intCast(u64, (arg1[8])) * @intCast(u64, (arg2[9]))); + const x240: u64 = (@intCast(u64, (arg1[8])) * @intCast(u64, (arg2[8]))); + const x241: u64 = (@intCast(u64, (arg1[7])) * @intCast(u64, (arg2[15]))); + const x242: u64 = (@intCast(u64, (arg1[7])) * @intCast(u64, (arg2[14]))); + const x243: u64 = (@intCast(u64, (arg1[7])) * @intCast(u64, (arg2[13]))); + const x244: u64 = (@intCast(u64, (arg1[7])) * @intCast(u64, (arg2[12]))); + const x245: u64 = (@intCast(u64, (arg1[7])) * @intCast(u64, (arg2[11]))); + const x246: u64 = (@intCast(u64, (arg1[7])) * @intCast(u64, (arg2[10]))); + const x247: u64 = (@intCast(u64, (arg1[7])) * @intCast(u64, (arg2[9]))); + const x248: u64 = (@intCast(u64, (arg1[6])) * @intCast(u64, (arg2[15]))); + const x249: u64 = (@intCast(u64, (arg1[6])) * @intCast(u64, (arg2[14]))); + const x250: u64 = (@intCast(u64, (arg1[6])) * @intCast(u64, (arg2[13]))); + const x251: u64 = (@intCast(u64, (arg1[6])) * @intCast(u64, (arg2[12]))); + const x252: u64 = (@intCast(u64, (arg1[6])) * @intCast(u64, (arg2[11]))); + const x253: u64 = (@intCast(u64, (arg1[6])) * @intCast(u64, (arg2[10]))); + const x254: u64 = (@intCast(u64, (arg1[5])) * @intCast(u64, (arg2[15]))); + const x255: u64 = (@intCast(u64, (arg1[5])) * @intCast(u64, (arg2[14]))); + const x256: u64 = (@intCast(u64, (arg1[5])) * @intCast(u64, (arg2[13]))); + const x257: u64 = (@intCast(u64, (arg1[5])) * @intCast(u64, (arg2[12]))); + const x258: u64 = (@intCast(u64, (arg1[5])) * @intCast(u64, (arg2[11]))); + const x259: u64 = (@intCast(u64, (arg1[4])) * @intCast(u64, (arg2[15]))); + const x260: u64 = (@intCast(u64, (arg1[4])) * @intCast(u64, (arg2[14]))); + const x261: u64 = (@intCast(u64, (arg1[4])) * @intCast(u64, (arg2[13]))); + const x262: u64 = (@intCast(u64, (arg1[4])) * @intCast(u64, (arg2[12]))); + const x263: u64 = (@intCast(u64, (arg1[3])) * @intCast(u64, (arg2[15]))); + const x264: u64 = (@intCast(u64, (arg1[3])) * @intCast(u64, (arg2[14]))); + const x265: u64 = (@intCast(u64, (arg1[3])) * @intCast(u64, (arg2[13]))); + const x266: u64 = (@intCast(u64, (arg1[2])) * @intCast(u64, (arg2[15]))); + const x267: u64 = (@intCast(u64, (arg1[2])) * @intCast(u64, (arg2[14]))); + const x268: u64 = (@intCast(u64, (arg1[1])) * @intCast(u64, (arg2[15]))); + const x269: u64 = (@intCast(u64, (arg1[15])) * @intCast(u64, (arg2[0]))); + const x270: u64 = (@intCast(u64, (arg1[14])) * @intCast(u64, (arg2[1]))); + const x271: u64 = (@intCast(u64, (arg1[14])) * @intCast(u64, (arg2[0]))); + const x272: u64 = (@intCast(u64, (arg1[13])) * @intCast(u64, (arg2[2]))); + const x273: u64 = (@intCast(u64, (arg1[13])) * @intCast(u64, (arg2[1]))); + const x274: u64 = (@intCast(u64, (arg1[13])) * @intCast(u64, (arg2[0]))); + const x275: u64 = (@intCast(u64, (arg1[12])) * @intCast(u64, (arg2[3]))); + const x276: u64 = (@intCast(u64, (arg1[12])) * @intCast(u64, (arg2[2]))); + const x277: u64 = (@intCast(u64, (arg1[12])) * @intCast(u64, (arg2[1]))); + const x278: u64 = (@intCast(u64, (arg1[12])) * @intCast(u64, (arg2[0]))); + const x279: u64 = (@intCast(u64, (arg1[11])) * @intCast(u64, (arg2[4]))); + const x280: u64 = (@intCast(u64, (arg1[11])) * @intCast(u64, (arg2[3]))); + const x281: u64 = (@intCast(u64, (arg1[11])) * @intCast(u64, (arg2[2]))); + const x282: u64 = (@intCast(u64, (arg1[11])) * @intCast(u64, (arg2[1]))); + const x283: u64 = (@intCast(u64, (arg1[11])) * @intCast(u64, (arg2[0]))); + const x284: u64 = (@intCast(u64, (arg1[10])) * @intCast(u64, (arg2[5]))); + const x285: u64 = (@intCast(u64, (arg1[10])) * @intCast(u64, (arg2[4]))); + const x286: u64 = (@intCast(u64, (arg1[10])) * @intCast(u64, (arg2[3]))); + const x287: u64 = (@intCast(u64, (arg1[10])) * @intCast(u64, (arg2[2]))); + const x288: u64 = (@intCast(u64, (arg1[10])) * @intCast(u64, (arg2[1]))); + const x289: u64 = (@intCast(u64, (arg1[10])) * @intCast(u64, (arg2[0]))); + const x290: u64 = (@intCast(u64, (arg1[9])) * @intCast(u64, (arg2[6]))); + const x291: u64 = (@intCast(u64, (arg1[9])) * @intCast(u64, (arg2[5]))); + const x292: u64 = (@intCast(u64, (arg1[9])) * @intCast(u64, (arg2[4]))); + const x293: u64 = (@intCast(u64, (arg1[9])) * @intCast(u64, (arg2[3]))); + const x294: u64 = (@intCast(u64, (arg1[9])) * @intCast(u64, (arg2[2]))); + const x295: u64 = (@intCast(u64, (arg1[9])) * @intCast(u64, (arg2[1]))); + const x296: u64 = (@intCast(u64, (arg1[9])) * @intCast(u64, (arg2[0]))); + const x297: u64 = (@intCast(u64, (arg1[8])) * @intCast(u64, (arg2[7]))); + const x298: u64 = (@intCast(u64, (arg1[8])) * @intCast(u64, (arg2[6]))); + const x299: u64 = (@intCast(u64, (arg1[8])) * @intCast(u64, (arg2[5]))); + const x300: u64 = (@intCast(u64, (arg1[8])) * @intCast(u64, (arg2[4]))); + const x301: u64 = (@intCast(u64, (arg1[8])) * @intCast(u64, (arg2[3]))); + const x302: u64 = (@intCast(u64, (arg1[8])) * @intCast(u64, (arg2[2]))); + const x303: u64 = (@intCast(u64, (arg1[8])) * @intCast(u64, (arg2[1]))); + const x304: u64 = (@intCast(u64, (arg1[8])) * @intCast(u64, (arg2[0]))); + const x305: u64 = (@intCast(u64, (arg1[7])) * @intCast(u64, (arg2[8]))); + const x306: u64 = (@intCast(u64, (arg1[7])) * @intCast(u64, (arg2[7]))); + const x307: u64 = (@intCast(u64, (arg1[7])) * @intCast(u64, (arg2[6]))); + const x308: u64 = (@intCast(u64, (arg1[7])) * @intCast(u64, (arg2[5]))); + const x309: u64 = (@intCast(u64, (arg1[7])) * @intCast(u64, (arg2[4]))); + const x310: u64 = (@intCast(u64, (arg1[7])) * @intCast(u64, (arg2[3]))); + const x311: u64 = (@intCast(u64, (arg1[7])) * @intCast(u64, (arg2[2]))); + const x312: u64 = (@intCast(u64, (arg1[7])) * @intCast(u64, (arg2[1]))); + const x313: u64 = (@intCast(u64, (arg1[7])) * @intCast(u64, (arg2[0]))); + const x314: u64 = (@intCast(u64, (arg1[6])) * @intCast(u64, (arg2[9]))); + const x315: u64 = (@intCast(u64, (arg1[6])) * @intCast(u64, (arg2[8]))); + const x316: u64 = (@intCast(u64, (arg1[6])) * @intCast(u64, (arg2[7]))); + const x317: u64 = (@intCast(u64, (arg1[6])) * @intCast(u64, (arg2[6]))); + const x318: u64 = (@intCast(u64, (arg1[6])) * @intCast(u64, (arg2[5]))); + const x319: u64 = (@intCast(u64, (arg1[6])) * @intCast(u64, (arg2[4]))); + const x320: u64 = (@intCast(u64, (arg1[6])) * @intCast(u64, (arg2[3]))); + const x321: u64 = (@intCast(u64, (arg1[6])) * @intCast(u64, (arg2[2]))); + const x322: u64 = (@intCast(u64, (arg1[6])) * @intCast(u64, (arg2[1]))); + const x323: u64 = (@intCast(u64, (arg1[6])) * @intCast(u64, (arg2[0]))); + const x324: u64 = (@intCast(u64, (arg1[5])) * @intCast(u64, (arg2[10]))); + const x325: u64 = (@intCast(u64, (arg1[5])) * @intCast(u64, (arg2[9]))); + const x326: u64 = (@intCast(u64, (arg1[5])) * @intCast(u64, (arg2[8]))); + const x327: u64 = (@intCast(u64, (arg1[5])) * @intCast(u64, (arg2[7]))); + const x328: u64 = (@intCast(u64, (arg1[5])) * @intCast(u64, (arg2[6]))); + const x329: u64 = (@intCast(u64, (arg1[5])) * @intCast(u64, (arg2[5]))); + const x330: u64 = (@intCast(u64, (arg1[5])) * @intCast(u64, (arg2[4]))); + const x331: u64 = (@intCast(u64, (arg1[5])) * @intCast(u64, (arg2[3]))); + const x332: u64 = (@intCast(u64, (arg1[5])) * @intCast(u64, (arg2[2]))); + const x333: u64 = (@intCast(u64, (arg1[5])) * @intCast(u64, (arg2[1]))); + const x334: u64 = (@intCast(u64, (arg1[5])) * @intCast(u64, (arg2[0]))); + const x335: u64 = (@intCast(u64, (arg1[4])) * @intCast(u64, (arg2[11]))); + const x336: u64 = (@intCast(u64, (arg1[4])) * @intCast(u64, (arg2[10]))); + const x337: u64 = (@intCast(u64, (arg1[4])) * @intCast(u64, (arg2[9]))); + const x338: u64 = (@intCast(u64, (arg1[4])) * @intCast(u64, (arg2[8]))); + const x339: u64 = (@intCast(u64, (arg1[4])) * @intCast(u64, (arg2[7]))); + const x340: u64 = (@intCast(u64, (arg1[4])) * @intCast(u64, (arg2[6]))); + const x341: u64 = (@intCast(u64, (arg1[4])) * @intCast(u64, (arg2[5]))); + const x342: u64 = (@intCast(u64, (arg1[4])) * @intCast(u64, (arg2[4]))); + const x343: u64 = (@intCast(u64, (arg1[4])) * @intCast(u64, (arg2[3]))); + const x344: u64 = (@intCast(u64, (arg1[4])) * @intCast(u64, (arg2[2]))); + const x345: u64 = (@intCast(u64, (arg1[4])) * @intCast(u64, (arg2[1]))); + const x346: u64 = (@intCast(u64, (arg1[4])) * @intCast(u64, (arg2[0]))); + const x347: u64 = (@intCast(u64, (arg1[3])) * @intCast(u64, (arg2[12]))); + const x348: u64 = (@intCast(u64, (arg1[3])) * @intCast(u64, (arg2[11]))); + const x349: u64 = (@intCast(u64, (arg1[3])) * @intCast(u64, (arg2[10]))); + const x350: u64 = (@intCast(u64, (arg1[3])) * @intCast(u64, (arg2[9]))); + const x351: u64 = (@intCast(u64, (arg1[3])) * @intCast(u64, (arg2[8]))); + const x352: u64 = (@intCast(u64, (arg1[3])) * @intCast(u64, (arg2[7]))); + const x353: u64 = (@intCast(u64, (arg1[3])) * @intCast(u64, (arg2[6]))); + const x354: u64 = (@intCast(u64, (arg1[3])) * @intCast(u64, (arg2[5]))); + const x355: u64 = (@intCast(u64, (arg1[3])) * @intCast(u64, (arg2[4]))); + const x356: u64 = (@intCast(u64, (arg1[3])) * @intCast(u64, (arg2[3]))); + const x357: u64 = (@intCast(u64, (arg1[3])) * @intCast(u64, (arg2[2]))); + const x358: u64 = (@intCast(u64, (arg1[3])) * @intCast(u64, (arg2[1]))); + const x359: u64 = (@intCast(u64, (arg1[3])) * @intCast(u64, (arg2[0]))); + const x360: u64 = (@intCast(u64, (arg1[2])) * @intCast(u64, (arg2[13]))); + const x361: u64 = (@intCast(u64, (arg1[2])) * @intCast(u64, (arg2[12]))); + const x362: u64 = (@intCast(u64, (arg1[2])) * @intCast(u64, (arg2[11]))); + const x363: u64 = (@intCast(u64, (arg1[2])) * @intCast(u64, (arg2[10]))); + const x364: u64 = (@intCast(u64, (arg1[2])) * @intCast(u64, (arg2[9]))); + const x365: u64 = (@intCast(u64, (arg1[2])) * @intCast(u64, (arg2[8]))); + const x366: u64 = (@intCast(u64, (arg1[2])) * @intCast(u64, (arg2[7]))); + const x367: u64 = (@intCast(u64, (arg1[2])) * @intCast(u64, (arg2[6]))); + const x368: u64 = (@intCast(u64, (arg1[2])) * @intCast(u64, (arg2[5]))); + const x369: u64 = (@intCast(u64, (arg1[2])) * @intCast(u64, (arg2[4]))); + const x370: u64 = (@intCast(u64, (arg1[2])) * @intCast(u64, (arg2[3]))); + const x371: u64 = (@intCast(u64, (arg1[2])) * @intCast(u64, (arg2[2]))); + const x372: u64 = (@intCast(u64, (arg1[2])) * @intCast(u64, (arg2[1]))); + const x373: u64 = (@intCast(u64, (arg1[2])) * @intCast(u64, (arg2[0]))); + const x374: u64 = (@intCast(u64, (arg1[1])) * @intCast(u64, (arg2[14]))); + const x375: u64 = (@intCast(u64, (arg1[1])) * @intCast(u64, (arg2[13]))); + const x376: u64 = (@intCast(u64, (arg1[1])) * @intCast(u64, (arg2[12]))); + const x377: u64 = (@intCast(u64, (arg1[1])) * @intCast(u64, (arg2[11]))); + const x378: u64 = (@intCast(u64, (arg1[1])) * @intCast(u64, (arg2[10]))); + const x379: u64 = (@intCast(u64, (arg1[1])) * @intCast(u64, (arg2[9]))); + const x380: u64 = (@intCast(u64, (arg1[1])) * @intCast(u64, (arg2[8]))); + const x381: u64 = (@intCast(u64, (arg1[1])) * @intCast(u64, (arg2[7]))); + const x382: u64 = (@intCast(u64, (arg1[1])) * @intCast(u64, (arg2[6]))); + const x383: u64 = (@intCast(u64, (arg1[1])) * @intCast(u64, (arg2[5]))); + const x384: u64 = (@intCast(u64, (arg1[1])) * @intCast(u64, (arg2[4]))); + const x385: u64 = (@intCast(u64, (arg1[1])) * @intCast(u64, (arg2[3]))); + const x386: u64 = (@intCast(u64, (arg1[1])) * @intCast(u64, (arg2[2]))); + const x387: u64 = (@intCast(u64, (arg1[1])) * @intCast(u64, (arg2[1]))); + const x388: u64 = (@intCast(u64, (arg1[1])) * @intCast(u64, (arg2[0]))); + const x389: u64 = (@intCast(u64, (arg1[0])) * @intCast(u64, (arg2[15]))); + const x390: u64 = (@intCast(u64, (arg1[0])) * @intCast(u64, (arg2[14]))); + const x391: u64 = (@intCast(u64, (arg1[0])) * @intCast(u64, (arg2[13]))); + const x392: u64 = (@intCast(u64, (arg1[0])) * @intCast(u64, (arg2[12]))); + const x393: u64 = (@intCast(u64, (arg1[0])) * @intCast(u64, (arg2[11]))); + const x394: u64 = (@intCast(u64, (arg1[0])) * @intCast(u64, (arg2[10]))); + const x395: u64 = (@intCast(u64, (arg1[0])) * @intCast(u64, (arg2[9]))); + const x396: u64 = (@intCast(u64, (arg1[0])) * @intCast(u64, (arg2[8]))); + const x397: u64 = (@intCast(u64, (arg1[0])) * @intCast(u64, (arg2[7]))); + const x398: u64 = (@intCast(u64, (arg1[0])) * @intCast(u64, (arg2[6]))); + const x399: u64 = (@intCast(u64, (arg1[0])) * @intCast(u64, (arg2[5]))); + const x400: u64 = (@intCast(u64, (arg1[0])) * @intCast(u64, (arg2[4]))); + const x401: u64 = (@intCast(u64, (arg1[0])) * @intCast(u64, (arg2[3]))); + const x402: u64 = (@intCast(u64, (arg1[0])) * @intCast(u64, (arg2[2]))); + const x403: u64 = (@intCast(u64, (arg1[0])) * @intCast(u64, (arg2[1]))); + const x404: u64 = (@intCast(u64, (arg1[0])) * @intCast(u64, (arg2[0]))); + const x405: u64 = (x397 + (x382 + (x368 + (x355 + (x343 + (x332 + (x322 + (x313 + (x141 + (x133 + (x124 + (x114 + (x103 + (x91 + (x78 + x64))))))))))))))); + const x406: u64 = (x405 >> 28); + const x407: u32 = @intCast(u32, (x405 & @intCast(u64, 0xfffffff))); + const x408: u64 = (x389 + (x374 + (x360 + (x347 + (x335 + (x324 + (x314 + (x305 + (x297 + (x290 + (x284 + (x279 + (x275 + (x272 + (x270 + (x269 + (x233 + (x225 + (x217 + (x209 + (x201 + (x193 + (x185 + x177))))))))))))))))))))))); + const x409: u64 = (x390 + (x375 + (x361 + (x348 + (x336 + (x325 + (x315 + (x306 + (x298 + (x291 + (x285 + (x280 + (x276 + (x273 + (x271 + (x241 + (x234 + (x226 + (x218 + (x210 + (x202 + (x194 + (x186 + (x178 + (x57 + x29))))))))))))))))))))))))); + const x410: u64 = (x391 + (x376 + (x362 + (x349 + (x337 + (x326 + (x316 + (x307 + (x299 + (x292 + (x286 + (x281 + (x277 + (x274 + (x248 + (x242 + (x235 + (x227 + (x219 + (x211 + (x203 + (x195 + (x187 + (x179 + (x72 + (x58 + (x36 + x30))))))))))))))))))))))))))); + const x411: u128 = (@intCast(u128, x392) + (@intCast(u128, x377) + @intCast(u128, (x363 + (x350 + (x338 + (x327 + (x317 + (x308 + (x300 + (x293 + (x287 + (x282 + (x278 + (x254 + (x249 + (x243 + (x236 + (x228 + (x220 + (x212 + (x204 + (x196 + (x188 + (x180 + (x86 + (x73 + (x59 + (x42 + (x37 + x31)))))))))))))))))))))))))))))); + const x412: u128 = (@intCast(u128, x393) + (@intCast(u128, x378) + (@intCast(u128, x364) + (@intCast(u128, x351) + @intCast(u128, (x339 + (x328 + (x318 + (x309 + (x301 + (x294 + (x288 + (x283 + (x259 + (x255 + (x250 + (x244 + (x237 + (x229 + (x221 + (x213 + (x205 + (x197 + (x189 + (x181 + (x99 + (x87 + (x74 + (x60 + (x47 + (x43 + (x38 + x32)))))))))))))))))))))))))))))))); + const x413: u128 = (@intCast(u128, x394) + (@intCast(u128, x379) + (@intCast(u128, x365) + (@intCast(u128, x352) + (@intCast(u128, x340) + (@intCast(u128, x329) + @intCast(u128, (x319 + (x310 + (x302 + (x295 + (x289 + (x263 + (x260 + (x256 + (x251 + (x245 + (x238 + (x230 + (x222 + (x214 + (x206 + (x198 + (x190 + (x182 + (x111 + (x100 + (x88 + (x75 + (x61 + (x51 + (x48 + (x44 + (x39 + x33)))))))))))))))))))))))))))))))))); + const x414: u128 = (@intCast(u128, x395) + (@intCast(u128, x380) + (@intCast(u128, x366) + (@intCast(u128, x353) + (@intCast(u128, x341) + (@intCast(u128, x330) + (@intCast(u128, x320) + (@intCast(u128, x311) + @intCast(u128, (x303 + (x296 + (x266 + (x264 + (x261 + (x257 + (x252 + (x246 + (x239 + (x231 + (x223 + (x215 + (x207 + (x199 + (x191 + (x183 + (x122 + (x112 + (x101 + (x89 + (x76 + (x62 + (x54 + (x52 + (x49 + (x45 + (x40 + x34)))))))))))))))))))))))))))))))))))); + const x415: u128 = (@intCast(u128, x396) + (@intCast(u128, x381) + (@intCast(u128, x367) + (@intCast(u128, x354) + (@intCast(u128, x342) + (@intCast(u128, x331) + (@intCast(u128, x321) + (@intCast(u128, x312) + (@intCast(u128, x304) + (@intCast(u128, x268) + @intCast(u128, (x267 + (x265 + (x262 + (x258 + (x253 + (x247 + (x240 + (x232 + (x224 + (x216 + (x208 + (x200 + (x192 + (x184 + (x132 + (x123 + (x113 + (x102 + (x90 + (x77 + (x63 + (x56 + (x55 + (x53 + (x50 + (x46 + (x41 + x35)))))))))))))))))))))))))))))))))))))); + const x416: u64 = (x398 + (x383 + (x369 + (x356 + (x344 + (x333 + (x323 + (x149 + (x142 + (x134 + (x125 + (x115 + (x104 + (x92 + (x79 + (x65 + x1)))))))))))))))); + const x417: u64 = (x399 + (x384 + (x370 + (x357 + (x345 + (x334 + (x156 + (x150 + (x143 + (x135 + (x126 + (x116 + (x105 + (x93 + (x80 + (x66 + (x8 + x2))))))))))))))))); + const x418: u64 = (x400 + (x385 + (x371 + (x358 + (x346 + (x162 + (x157 + (x151 + (x144 + (x136 + (x127 + (x117 + (x106 + (x94 + (x81 + (x67 + (x14 + (x9 + x3)))))))))))))))))); + const x419: u64 = (x401 + (x386 + (x372 + (x359 + (x167 + (x163 + (x158 + (x152 + (x145 + (x137 + (x128 + (x118 + (x107 + (x95 + (x82 + (x68 + (x19 + (x15 + (x10 + x4))))))))))))))))))); + const x420: u64 = (x402 + (x387 + (x373 + (x171 + (x168 + (x164 + (x159 + (x153 + (x146 + (x138 + (x129 + (x119 + (x108 + (x96 + (x83 + (x69 + (x23 + (x20 + (x16 + (x11 + x5)))))))))))))))))))); + const x421: u64 = (x403 + (x388 + (x174 + (x172 + (x169 + (x165 + (x160 + (x154 + (x147 + (x139 + (x130 + (x120 + (x109 + (x97 + (x84 + (x70 + (x26 + (x24 + (x21 + (x17 + (x12 + x6))))))))))))))))))))); + const x422: u64 = (x404 + (x176 + (x175 + (x173 + (x170 + (x166 + (x161 + (x155 + (x148 + (x140 + (x131 + (x121 + (x110 + (x98 + (x85 + (x71 + (x28 + (x27 + (x25 + (x22 + (x18 + (x13 + x7)))))))))))))))))))))); + const x423: u128 = (@intCast(u128, x406) + x415); + const x424: u64 = (x408 >> 28); + const x425: u32 = @intCast(u32, (x408 & @intCast(u64, 0xfffffff))); + const x426: u128 = (x423 + @intCast(u128, x424)); + const x427: u64 = @intCast(u64, (x426 >> 28)); + const x428: u32 = @intCast(u32, (x426 & @intCast(u128, 0xfffffff))); + const x429: u64 = (x422 + x424); + const x430: u128 = (@intCast(u128, x427) + x414); + const x431: u64 = (x429 >> 28); + const x432: u32 = @intCast(u32, (x429 & @intCast(u64, 0xfffffff))); + const x433: u64 = (x431 + x421); + const x434: u64 = @intCast(u64, (x430 >> 28)); + const x435: u32 = @intCast(u32, (x430 & @intCast(u128, 0xfffffff))); + const x436: u128 = (@intCast(u128, x434) + x413); + const x437: u64 = (x433 >> 28); + const x438: u32 = @intCast(u32, (x433 & @intCast(u64, 0xfffffff))); + const x439: u64 = (x437 + x420); + const x440: u64 = @intCast(u64, (x436 >> 28)); + const x441: u32 = @intCast(u32, (x436 & @intCast(u128, 0xfffffff))); + const x442: u128 = (@intCast(u128, x440) + x412); + const x443: u64 = (x439 >> 28); + const x444: u32 = @intCast(u32, (x439 & @intCast(u64, 0xfffffff))); + const x445: u64 = (x443 + x419); + const x446: u64 = @intCast(u64, (x442 >> 28)); + const x447: u32 = @intCast(u32, (x442 & @intCast(u128, 0xfffffff))); + const x448: u128 = (@intCast(u128, x446) + x411); + const x449: u64 = (x445 >> 28); + const x450: u32 = @intCast(u32, (x445 & @intCast(u64, 0xfffffff))); + const x451: u64 = (x449 + x418); + const x452: u64 = @intCast(u64, (x448 >> 28)); + const x453: u32 = @intCast(u32, (x448 & @intCast(u128, 0xfffffff))); + const x454: u64 = (x452 + x410); + const x455: u64 = (x451 >> 28); + const x456: u32 = @intCast(u32, (x451 & @intCast(u64, 0xfffffff))); + const x457: u64 = (x455 + x417); + const x458: u64 = (x454 >> 28); + const x459: u32 = @intCast(u32, (x454 & @intCast(u64, 0xfffffff))); + const x460: u64 = (x458 + x409); + const x461: u64 = (x457 >> 28); + const x462: u32 = @intCast(u32, (x457 & @intCast(u64, 0xfffffff))); + const x463: u64 = (x461 + x416); + const x464: u64 = (x460 >> 28); + const x465: u32 = @intCast(u32, (x460 & @intCast(u64, 0xfffffff))); + const x466: u64 = (x464 + @intCast(u64, x425)); + const x467: u64 = (x463 >> 28); + const x468: u32 = @intCast(u32, (x463 & @intCast(u64, 0xfffffff))); + const x469: u64 = (x467 + @intCast(u64, x407)); + const x470: u32 = @intCast(u32, (x466 >> 28)); + const x471: u32 = @intCast(u32, (x466 & @intCast(u64, 0xfffffff))); + const x472: u32 = @intCast(u32, (x469 >> 28)); + const x473: u32 = @intCast(u32, (x469 & @intCast(u64, 0xfffffff))); + const x474: u32 = (x428 + x470); + const x475: u32 = (x432 + x470); + const x476: u32 = (x472 + x474); + const x477: u1 = @intCast(u1, (x476 >> 28)); + const x478: u32 = (x476 & 0xfffffff); + const x479: u32 = (@intCast(u32, x477) + x435); + const x480: u1 = @intCast(u1, (x475 >> 28)); + const x481: u32 = (x475 & 0xfffffff); + const x482: u32 = (@intCast(u32, x480) + x438); + out1[0] = x481; + out1[1] = x482; + out1[2] = x444; + out1[3] = x450; + out1[4] = x456; + out1[5] = x462; + out1[6] = x468; + out1[7] = x473; + out1[8] = x478; + out1[9] = x479; + out1[10] = x441; + out1[11] = x447; + out1[12] = x453; + out1[13] = x459; + out1[14] = x465; + out1[15] = x471; +} + +/// The function fiatP448CarrySquare squares a field element and reduces the result. +/// Postconditions: +/// eval out1 mod m = (eval arg1 * eval arg1) mod m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000]] +/// Output Bounds: +/// out1: [[0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000]] +pub fn fiatP448CarrySquare(out1: *[16]u32, arg1: [16]u32) void { + const x1: u32 = (arg1[15]); + const x2: u32 = (arg1[15]); + const x3: u32 = (x1 * 0x2); + const x4: u32 = (x2 * 0x2); + const x5: u32 = ((arg1[15]) * 0x2); + const x6: u32 = (arg1[14]); + const x7: u32 = (arg1[14]); + const x8: u32 = (x6 * 0x2); + const x9: u32 = (x7 * 0x2); + const x10: u32 = ((arg1[14]) * 0x2); + const x11: u32 = (arg1[13]); + const x12: u32 = (arg1[13]); + const x13: u32 = (x11 * 0x2); + const x14: u32 = (x12 * 0x2); + const x15: u32 = ((arg1[13]) * 0x2); + const x16: u32 = (arg1[12]); + const x17: u32 = (arg1[12]); + const x18: u32 = (x16 * 0x2); + const x19: u32 = (x17 * 0x2); + const x20: u32 = ((arg1[12]) * 0x2); + const x21: u32 = (arg1[11]); + const x22: u32 = (arg1[11]); + const x23: u32 = (x21 * 0x2); + const x24: u32 = (x22 * 0x2); + const x25: u32 = ((arg1[11]) * 0x2); + const x26: u32 = (arg1[10]); + const x27: u32 = (arg1[10]); + const x28: u32 = (x26 * 0x2); + const x29: u32 = (x27 * 0x2); + const x30: u32 = ((arg1[10]) * 0x2); + const x31: u32 = (arg1[9]); + const x32: u32 = (arg1[9]); + const x33: u32 = (x31 * 0x2); + const x34: u32 = (x32 * 0x2); + const x35: u32 = ((arg1[9]) * 0x2); + const x36: u32 = (arg1[8]); + const x37: u32 = (arg1[8]); + const x38: u32 = ((arg1[8]) * 0x2); + const x39: u32 = ((arg1[7]) * 0x2); + const x40: u32 = ((arg1[6]) * 0x2); + const x41: u32 = ((arg1[5]) * 0x2); + const x42: u32 = ((arg1[4]) * 0x2); + const x43: u32 = ((arg1[3]) * 0x2); + const x44: u32 = ((arg1[2]) * 0x2); + const x45: u32 = ((arg1[1]) * 0x2); + const x46: u64 = (@intCast(u64, (arg1[15])) * @intCast(u64, x1)); + const x47: u64 = (@intCast(u64, (arg1[14])) * @intCast(u64, x3)); + const x48: u64 = (@intCast(u64, (arg1[14])) * @intCast(u64, x6)); + const x49: u64 = (@intCast(u64, (arg1[13])) * @intCast(u64, x3)); + const x50: u64 = (@intCast(u64, (arg1[13])) * @intCast(u64, x8)); + const x51: u64 = (@intCast(u64, (arg1[13])) * @intCast(u64, x11)); + const x52: u64 = (@intCast(u64, (arg1[12])) * @intCast(u64, x3)); + const x53: u64 = (@intCast(u64, (arg1[12])) * @intCast(u64, x8)); + const x54: u64 = (@intCast(u64, (arg1[12])) * @intCast(u64, x13)); + const x55: u64 = (@intCast(u64, (arg1[12])) * @intCast(u64, x16)); + const x56: u64 = (@intCast(u64, (arg1[11])) * @intCast(u64, x3)); + const x57: u64 = (@intCast(u64, (arg1[11])) * @intCast(u64, x8)); + const x58: u64 = (@intCast(u64, (arg1[11])) * @intCast(u64, x13)); + const x59: u64 = (@intCast(u64, (arg1[10])) * @intCast(u64, x3)); + const x60: u64 = (@intCast(u64, (arg1[10])) * @intCast(u64, x8)); + const x61: u64 = (@intCast(u64, (arg1[9])) * @intCast(u64, x3)); + const x62: u64 = (@intCast(u64, (arg1[15])) * @intCast(u64, x1)); + const x63: u64 = (@intCast(u64, (arg1[14])) * @intCast(u64, x3)); + const x64: u64 = (@intCast(u64, (arg1[14])) * @intCast(u64, x6)); + const x65: u64 = (@intCast(u64, (arg1[13])) * @intCast(u64, x3)); + const x66: u64 = (@intCast(u64, (arg1[13])) * @intCast(u64, x8)); + const x67: u64 = (@intCast(u64, (arg1[13])) * @intCast(u64, x11)); + const x68: u64 = (@intCast(u64, (arg1[12])) * @intCast(u64, x3)); + const x69: u64 = (@intCast(u64, (arg1[12])) * @intCast(u64, x8)); + const x70: u64 = (@intCast(u64, (arg1[12])) * @intCast(u64, x13)); + const x71: u64 = (@intCast(u64, (arg1[12])) * @intCast(u64, x16)); + const x72: u64 = (@intCast(u64, (arg1[11])) * @intCast(u64, x3)); + const x73: u64 = (@intCast(u64, (arg1[11])) * @intCast(u64, x8)); + const x74: u64 = (@intCast(u64, (arg1[11])) * @intCast(u64, x13)); + const x75: u64 = (@intCast(u64, (arg1[10])) * @intCast(u64, x3)); + const x76: u64 = (@intCast(u64, (arg1[10])) * @intCast(u64, x8)); + const x77: u64 = (@intCast(u64, (arg1[9])) * @intCast(u64, x3)); + const x78: u64 = (@intCast(u64, (arg1[15])) * @intCast(u64, x2)); + const x79: u64 = (@intCast(u64, (arg1[14])) * @intCast(u64, x4)); + const x80: u64 = (@intCast(u64, (arg1[14])) * @intCast(u64, x7)); + const x81: u64 = (@intCast(u64, (arg1[13])) * @intCast(u64, x4)); + const x82: u64 = (@intCast(u64, (arg1[13])) * @intCast(u64, x9)); + const x83: u64 = (@intCast(u64, (arg1[13])) * @intCast(u64, x12)); + const x84: u64 = (@intCast(u64, (arg1[12])) * @intCast(u64, x4)); + const x85: u64 = (@intCast(u64, (arg1[12])) * @intCast(u64, x9)); + const x86: u64 = (@intCast(u64, (arg1[12])) * @intCast(u64, x14)); + const x87: u64 = (@intCast(u64, (arg1[12])) * @intCast(u64, x17)); + const x88: u64 = (@intCast(u64, (arg1[11])) * @intCast(u64, x4)); + const x89: u64 = (@intCast(u64, (arg1[11])) * @intCast(u64, x9)); + const x90: u64 = (@intCast(u64, (arg1[11])) * @intCast(u64, x14)); + const x91: u64 = (@intCast(u64, (arg1[11])) * @intCast(u64, x19)); + const x92: u64 = (@intCast(u64, (arg1[11])) * @intCast(u64, x18)); + const x93: u64 = (@intCast(u64, (arg1[11])) * @intCast(u64, x22)); + const x94: u64 = (@intCast(u64, (arg1[11])) * @intCast(u64, x21)); + const x95: u64 = (@intCast(u64, (arg1[10])) * @intCast(u64, x4)); + const x96: u64 = (@intCast(u64, (arg1[10])) * @intCast(u64, x9)); + const x97: u64 = (@intCast(u64, (arg1[10])) * @intCast(u64, x14)); + const x98: u64 = (@intCast(u64, (arg1[10])) * @intCast(u64, x13)); + const x99: u64 = (@intCast(u64, (arg1[10])) * @intCast(u64, x19)); + const x100: u64 = (@intCast(u64, (arg1[10])) * @intCast(u64, x18)); + const x101: u64 = (@intCast(u64, (arg1[10])) * @intCast(u64, x24)); + const x102: u64 = (@intCast(u64, (arg1[10])) * @intCast(u64, x23)); + const x103: u64 = (@intCast(u64, (arg1[10])) * @intCast(u64, x27)); + const x104: u64 = (@intCast(u64, (arg1[10])) * @intCast(u64, x26)); + const x105: u64 = (@intCast(u64, (arg1[9])) * @intCast(u64, x4)); + const x106: u64 = (@intCast(u64, (arg1[9])) * @intCast(u64, x9)); + const x107: u64 = (@intCast(u64, (arg1[9])) * @intCast(u64, x8)); + const x108: u64 = (@intCast(u64, (arg1[9])) * @intCast(u64, x14)); + const x109: u64 = (@intCast(u64, (arg1[9])) * @intCast(u64, x13)); + const x110: u64 = (@intCast(u64, (arg1[9])) * @intCast(u64, x19)); + const x111: u64 = (@intCast(u64, (arg1[9])) * @intCast(u64, x18)); + const x112: u64 = (@intCast(u64, (arg1[9])) * @intCast(u64, x24)); + const x113: u64 = (@intCast(u64, (arg1[9])) * @intCast(u64, x23)); + const x114: u64 = (@intCast(u64, (arg1[9])) * @intCast(u64, x29)); + const x115: u64 = (@intCast(u64, (arg1[9])) * @intCast(u64, x28)); + const x116: u64 = (@intCast(u64, (arg1[9])) * @intCast(u64, x32)); + const x117: u64 = (@intCast(u64, (arg1[9])) * @intCast(u64, x31)); + const x118: u64 = (@intCast(u64, (arg1[8])) * @intCast(u64, x4)); + const x119: u64 = (@intCast(u64, (arg1[8])) * @intCast(u64, x3)); + const x120: u64 = (@intCast(u64, (arg1[8])) * @intCast(u64, x9)); + const x121: u64 = (@intCast(u64, (arg1[8])) * @intCast(u64, x8)); + const x122: u64 = (@intCast(u64, (arg1[8])) * @intCast(u64, x14)); + const x123: u64 = (@intCast(u64, (arg1[8])) * @intCast(u64, x13)); + const x124: u64 = (@intCast(u64, (arg1[8])) * @intCast(u64, x19)); + const x125: u64 = (@intCast(u64, (arg1[8])) * @intCast(u64, x18)); + const x126: u64 = (@intCast(u64, (arg1[8])) * @intCast(u64, x24)); + const x127: u64 = (@intCast(u64, (arg1[8])) * @intCast(u64, x23)); + const x128: u64 = (@intCast(u64, (arg1[8])) * @intCast(u64, x29)); + const x129: u64 = (@intCast(u64, (arg1[8])) * @intCast(u64, x28)); + const x130: u64 = (@intCast(u64, (arg1[8])) * @intCast(u64, x34)); + const x131: u64 = (@intCast(u64, (arg1[8])) * @intCast(u64, x33)); + const x132: u64 = (@intCast(u64, (arg1[8])) * @intCast(u64, x37)); + const x133: u64 = (@intCast(u64, (arg1[8])) * @intCast(u64, x36)); + const x134: u64 = (@intCast(u64, (arg1[7])) * @intCast(u64, x4)); + const x135: u64 = (@intCast(u64, (arg1[7])) * @intCast(u64, x3)); + const x136: u64 = (@intCast(u64, (arg1[7])) * @intCast(u64, x9)); + const x137: u64 = (@intCast(u64, (arg1[7])) * @intCast(u64, x8)); + const x138: u64 = (@intCast(u64, (arg1[7])) * @intCast(u64, x14)); + const x139: u64 = (@intCast(u64, (arg1[7])) * @intCast(u64, x13)); + const x140: u64 = (@intCast(u64, (arg1[7])) * @intCast(u64, x19)); + const x141: u64 = (@intCast(u64, (arg1[7])) * @intCast(u64, x18)); + const x142: u64 = (@intCast(u64, (arg1[7])) * @intCast(u64, x24)); + const x143: u64 = (@intCast(u64, (arg1[7])) * @intCast(u64, x23)); + const x144: u64 = (@intCast(u64, (arg1[7])) * @intCast(u64, x29)); + const x145: u64 = (@intCast(u64, (arg1[7])) * @intCast(u64, x28)); + const x146: u64 = (@intCast(u64, (arg1[7])) * @intCast(u64, x34)); + const x147: u64 = (@intCast(u64, (arg1[7])) * @intCast(u64, x33)); + const x148: u64 = (@intCast(u64, (arg1[7])) * @intCast(u64, x38)); + const x149: u64 = (@intCast(u64, (arg1[7])) * @intCast(u64, (arg1[7]))); + const x150: u64 = (@intCast(u64, (arg1[6])) * @intCast(u64, x4)); + const x151: u64 = (@intCast(u64, (arg1[6])) * @intCast(u64, x3)); + const x152: u64 = (@intCast(u64, (arg1[6])) * @intCast(u64, x9)); + const x153: u64 = (@intCast(u64, (arg1[6])) * @intCast(u64, x8)); + const x154: u64 = (@intCast(u64, (arg1[6])) * @intCast(u64, x14)); + const x155: u64 = (@intCast(u64, (arg1[6])) * @intCast(u64, x13)); + const x156: u64 = (@intCast(u64, (arg1[6])) * @intCast(u64, x19)); + const x157: u64 = (@intCast(u64, (arg1[6])) * @intCast(u64, x18)); + const x158: u64 = (@intCast(u64, (arg1[6])) * @intCast(u64, x24)); + const x159: u64 = (@intCast(u64, (arg1[6])) * @intCast(u64, x23)); + const x160: u64 = (@intCast(u64, (arg1[6])) * @intCast(u64, x29)); + const x161: u64 = (@intCast(u64, (arg1[6])) * @intCast(u64, x28)); + const x162: u64 = (@intCast(u64, (arg1[6])) * @intCast(u64, x35)); + const x163: u64 = (@intCast(u64, (arg1[6])) * @intCast(u64, x38)); + const x164: u64 = (@intCast(u64, (arg1[6])) * @intCast(u64, x39)); + const x165: u64 = (@intCast(u64, (arg1[6])) * @intCast(u64, (arg1[6]))); + const x166: u64 = (@intCast(u64, (arg1[5])) * @intCast(u64, x4)); + const x167: u64 = (@intCast(u64, (arg1[5])) * @intCast(u64, x3)); + const x168: u64 = (@intCast(u64, (arg1[5])) * @intCast(u64, x9)); + const x169: u64 = (@intCast(u64, (arg1[5])) * @intCast(u64, x8)); + const x170: u64 = (@intCast(u64, (arg1[5])) * @intCast(u64, x14)); + const x171: u64 = (@intCast(u64, (arg1[5])) * @intCast(u64, x13)); + const x172: u64 = (@intCast(u64, (arg1[5])) * @intCast(u64, x19)); + const x173: u64 = (@intCast(u64, (arg1[5])) * @intCast(u64, x18)); + const x174: u64 = (@intCast(u64, (arg1[5])) * @intCast(u64, x24)); + const x175: u64 = (@intCast(u64, (arg1[5])) * @intCast(u64, x23)); + const x176: u64 = (@intCast(u64, (arg1[5])) * @intCast(u64, x30)); + const x177: u64 = (@intCast(u64, (arg1[5])) * @intCast(u64, x35)); + const x178: u64 = (@intCast(u64, (arg1[5])) * @intCast(u64, x38)); + const x179: u64 = (@intCast(u64, (arg1[5])) * @intCast(u64, x39)); + const x180: u64 = (@intCast(u64, (arg1[5])) * @intCast(u64, x40)); + const x181: u64 = (@intCast(u64, (arg1[5])) * @intCast(u64, (arg1[5]))); + const x182: u64 = (@intCast(u64, (arg1[4])) * @intCast(u64, x4)); + const x183: u64 = (@intCast(u64, (arg1[4])) * @intCast(u64, x3)); + const x184: u64 = (@intCast(u64, (arg1[4])) * @intCast(u64, x9)); + const x185: u64 = (@intCast(u64, (arg1[4])) * @intCast(u64, x8)); + const x186: u64 = (@intCast(u64, (arg1[4])) * @intCast(u64, x14)); + const x187: u64 = (@intCast(u64, (arg1[4])) * @intCast(u64, x13)); + const x188: u64 = (@intCast(u64, (arg1[4])) * @intCast(u64, x19)); + const x189: u64 = (@intCast(u64, (arg1[4])) * @intCast(u64, x18)); + const x190: u64 = (@intCast(u64, (arg1[4])) * @intCast(u64, x25)); + const x191: u64 = (@intCast(u64, (arg1[4])) * @intCast(u64, x30)); + const x192: u64 = (@intCast(u64, (arg1[4])) * @intCast(u64, x35)); + const x193: u64 = (@intCast(u64, (arg1[4])) * @intCast(u64, x38)); + const x194: u64 = (@intCast(u64, (arg1[4])) * @intCast(u64, x39)); + const x195: u64 = (@intCast(u64, (arg1[4])) * @intCast(u64, x40)); + const x196: u64 = (@intCast(u64, (arg1[4])) * @intCast(u64, x41)); + const x197: u64 = (@intCast(u64, (arg1[4])) * @intCast(u64, (arg1[4]))); + const x198: u64 = (@intCast(u64, (arg1[3])) * @intCast(u64, x4)); + const x199: u64 = (@intCast(u64, (arg1[3])) * @intCast(u64, x3)); + const x200: u64 = (@intCast(u64, (arg1[3])) * @intCast(u64, x9)); + const x201: u64 = (@intCast(u64, (arg1[3])) * @intCast(u64, x8)); + const x202: u64 = (@intCast(u64, (arg1[3])) * @intCast(u64, x14)); + const x203: u64 = (@intCast(u64, (arg1[3])) * @intCast(u64, x13)); + const x204: u64 = (@intCast(u64, (arg1[3])) * @intCast(u64, x20)); + const x205: u64 = (@intCast(u64, (arg1[3])) * @intCast(u64, x25)); + const x206: u64 = (@intCast(u64, (arg1[3])) * @intCast(u64, x30)); + const x207: u64 = (@intCast(u64, (arg1[3])) * @intCast(u64, x35)); + const x208: u64 = (@intCast(u64, (arg1[3])) * @intCast(u64, x38)); + const x209: u64 = (@intCast(u64, (arg1[3])) * @intCast(u64, x39)); + const x210: u64 = (@intCast(u64, (arg1[3])) * @intCast(u64, x40)); + const x211: u64 = (@intCast(u64, (arg1[3])) * @intCast(u64, x41)); + const x212: u64 = (@intCast(u64, (arg1[3])) * @intCast(u64, x42)); + const x213: u64 = (@intCast(u64, (arg1[3])) * @intCast(u64, (arg1[3]))); + const x214: u64 = (@intCast(u64, (arg1[2])) * @intCast(u64, x4)); + const x215: u64 = (@intCast(u64, (arg1[2])) * @intCast(u64, x3)); + const x216: u64 = (@intCast(u64, (arg1[2])) * @intCast(u64, x9)); + const x217: u64 = (@intCast(u64, (arg1[2])) * @intCast(u64, x8)); + const x218: u64 = (@intCast(u64, (arg1[2])) * @intCast(u64, x15)); + const x219: u64 = (@intCast(u64, (arg1[2])) * @intCast(u64, x20)); + const x220: u64 = (@intCast(u64, (arg1[2])) * @intCast(u64, x25)); + const x221: u64 = (@intCast(u64, (arg1[2])) * @intCast(u64, x30)); + const x222: u64 = (@intCast(u64, (arg1[2])) * @intCast(u64, x35)); + const x223: u64 = (@intCast(u64, (arg1[2])) * @intCast(u64, x38)); + const x224: u64 = (@intCast(u64, (arg1[2])) * @intCast(u64, x39)); + const x225: u64 = (@intCast(u64, (arg1[2])) * @intCast(u64, x40)); + const x226: u64 = (@intCast(u64, (arg1[2])) * @intCast(u64, x41)); + const x227: u64 = (@intCast(u64, (arg1[2])) * @intCast(u64, x42)); + const x228: u64 = (@intCast(u64, (arg1[2])) * @intCast(u64, x43)); + const x229: u64 = (@intCast(u64, (arg1[2])) * @intCast(u64, (arg1[2]))); + const x230: u64 = (@intCast(u64, (arg1[1])) * @intCast(u64, x4)); + const x231: u64 = (@intCast(u64, (arg1[1])) * @intCast(u64, x3)); + const x232: u64 = (@intCast(u64, (arg1[1])) * @intCast(u64, x10)); + const x233: u64 = (@intCast(u64, (arg1[1])) * @intCast(u64, x15)); + const x234: u64 = (@intCast(u64, (arg1[1])) * @intCast(u64, x20)); + const x235: u64 = (@intCast(u64, (arg1[1])) * @intCast(u64, x25)); + const x236: u64 = (@intCast(u64, (arg1[1])) * @intCast(u64, x30)); + const x237: u64 = (@intCast(u64, (arg1[1])) * @intCast(u64, x35)); + const x238: u64 = (@intCast(u64, (arg1[1])) * @intCast(u64, x38)); + const x239: u64 = (@intCast(u64, (arg1[1])) * @intCast(u64, x39)); + const x240: u64 = (@intCast(u64, (arg1[1])) * @intCast(u64, x40)); + const x241: u64 = (@intCast(u64, (arg1[1])) * @intCast(u64, x41)); + const x242: u64 = (@intCast(u64, (arg1[1])) * @intCast(u64, x42)); + const x243: u64 = (@intCast(u64, (arg1[1])) * @intCast(u64, x43)); + const x244: u64 = (@intCast(u64, (arg1[1])) * @intCast(u64, x44)); + const x245: u64 = (@intCast(u64, (arg1[1])) * @intCast(u64, (arg1[1]))); + const x246: u64 = (@intCast(u64, (arg1[0])) * @intCast(u64, x5)); + const x247: u64 = (@intCast(u64, (arg1[0])) * @intCast(u64, x10)); + const x248: u64 = (@intCast(u64, (arg1[0])) * @intCast(u64, x15)); + const x249: u64 = (@intCast(u64, (arg1[0])) * @intCast(u64, x20)); + const x250: u64 = (@intCast(u64, (arg1[0])) * @intCast(u64, x25)); + const x251: u64 = (@intCast(u64, (arg1[0])) * @intCast(u64, x30)); + const x252: u64 = (@intCast(u64, (arg1[0])) * @intCast(u64, x35)); + const x253: u64 = (@intCast(u64, (arg1[0])) * @intCast(u64, x38)); + const x254: u64 = (@intCast(u64, (arg1[0])) * @intCast(u64, x39)); + const x255: u64 = (@intCast(u64, (arg1[0])) * @intCast(u64, x40)); + const x256: u64 = (@intCast(u64, (arg1[0])) * @intCast(u64, x41)); + const x257: u64 = (@intCast(u64, (arg1[0])) * @intCast(u64, x42)); + const x258: u64 = (@intCast(u64, (arg1[0])) * @intCast(u64, x43)); + const x259: u64 = (@intCast(u64, (arg1[0])) * @intCast(u64, x44)); + const x260: u64 = (@intCast(u64, (arg1[0])) * @intCast(u64, x45)); + const x261: u64 = (@intCast(u64, (arg1[0])) * @intCast(u64, (arg1[0]))); + const x262: u64 = (x254 + (x240 + (x226 + (x212 + (x118 + (x106 + (x97 + x91))))))); + const x263: u64 = (x262 >> 28); + const x264: u32 = @intCast(u32, (x262 & @intCast(u64, 0xfffffff))); + const x265: u64 = (x246 + (x232 + (x218 + (x204 + (x190 + (x176 + (x162 + (x148 + (x119 + (x107 + (x98 + x92))))))))))); + const x266: u64 = (x247 + (x233 + (x219 + (x205 + (x191 + (x177 + (x163 + (x149 + (x135 + (x121 + (x109 + (x100 + (x94 + (x78 + x62)))))))))))))); + const x267: u64 = (x248 + (x234 + (x220 + (x206 + (x192 + (x178 + (x164 + (x151 + (x137 + (x123 + (x111 + (x102 + (x79 + x63))))))))))))); + const x268: u128 = (@intCast(u128, x249) + @intCast(u128, (x235 + (x221 + (x207 + (x193 + (x179 + (x167 + (x165 + (x153 + (x139 + (x125 + (x113 + (x104 + (x81 + (x80 + (x65 + x64))))))))))))))))); + const x269: u128 = (@intCast(u128, x250) + (@intCast(u128, x236) + @intCast(u128, (x222 + (x208 + (x194 + (x183 + (x180 + (x169 + (x155 + (x141 + (x127 + (x115 + (x84 + (x82 + (x68 + x66)))))))))))))))); + const x270: u128 = (@intCast(u128, x251) + (@intCast(u128, x237) + (@intCast(u128, x223) + @intCast(u128, (x209 + (x199 + (x195 + (x185 + (x181 + (x171 + (x157 + (x143 + (x129 + (x117 + (x88 + (x85 + (x83 + (x72 + (x69 + x67))))))))))))))))))); + const x271: u128 = (@intCast(u128, x252) + (@intCast(u128, x238) + (@intCast(u128, x224) + (@intCast(u128, x215) + @intCast(u128, (x210 + (x201 + (x196 + (x187 + (x173 + (x159 + (x145 + (x131 + (x95 + (x89 + (x86 + (x75 + (x73 + x70)))))))))))))))))); + const x272: u128 = (@intCast(u128, x253) + (@intCast(u128, x239) + (@intCast(u128, x231) + (@intCast(u128, x225) + (@intCast(u128, x217) + @intCast(u128, (x211 + (x203 + (x197 + (x189 + (x175 + (x161 + (x147 + (x133 + (x105 + (x96 + (x90 + (x87 + (x77 + (x76 + (x74 + x71))))))))))))))))))))); + const x273: u64 = (x255 + (x241 + (x227 + (x213 + (x134 + (x120 + (x108 + (x99 + (x93 + x46))))))))); + const x274: u64 = (x256 + (x242 + (x228 + (x150 + (x136 + (x122 + (x110 + (x101 + x47)))))))); + const x275: u64 = (x257 + (x243 + (x229 + (x166 + (x152 + (x138 + (x124 + (x112 + (x103 + (x49 + x48)))))))))); + const x276: u64 = (x258 + (x244 + (x182 + (x168 + (x154 + (x140 + (x126 + (x114 + (x52 + x50))))))))); + const x277: u64 = (x259 + (x245 + (x198 + (x184 + (x170 + (x156 + (x142 + (x128 + (x116 + (x56 + (x53 + x51))))))))))); + const x278: u64 = (x260 + (x214 + (x200 + (x186 + (x172 + (x158 + (x144 + (x130 + (x59 + (x57 + x54)))))))))); + const x279: u64 = (x261 + (x230 + (x216 + (x202 + (x188 + (x174 + (x160 + (x146 + (x132 + (x61 + (x60 + (x58 + x55)))))))))))); + const x280: u128 = (@intCast(u128, x263) + x272); + const x281: u64 = (x265 >> 28); + const x282: u32 = @intCast(u32, (x265 & @intCast(u64, 0xfffffff))); + const x283: u128 = (x280 + @intCast(u128, x281)); + const x284: u64 = @intCast(u64, (x283 >> 28)); + const x285: u32 = @intCast(u32, (x283 & @intCast(u128, 0xfffffff))); + const x286: u64 = (x279 + x281); + const x287: u128 = (@intCast(u128, x284) + x271); + const x288: u64 = (x286 >> 28); + const x289: u32 = @intCast(u32, (x286 & @intCast(u64, 0xfffffff))); + const x290: u64 = (x288 + x278); + const x291: u64 = @intCast(u64, (x287 >> 28)); + const x292: u32 = @intCast(u32, (x287 & @intCast(u128, 0xfffffff))); + const x293: u128 = (@intCast(u128, x291) + x270); + const x294: u64 = (x290 >> 28); + const x295: u32 = @intCast(u32, (x290 & @intCast(u64, 0xfffffff))); + const x296: u64 = (x294 + x277); + const x297: u64 = @intCast(u64, (x293 >> 28)); + const x298: u32 = @intCast(u32, (x293 & @intCast(u128, 0xfffffff))); + const x299: u128 = (@intCast(u128, x297) + x269); + const x300: u64 = (x296 >> 28); + const x301: u32 = @intCast(u32, (x296 & @intCast(u64, 0xfffffff))); + const x302: u64 = (x300 + x276); + const x303: u64 = @intCast(u64, (x299 >> 28)); + const x304: u32 = @intCast(u32, (x299 & @intCast(u128, 0xfffffff))); + const x305: u128 = (@intCast(u128, x303) + x268); + const x306: u64 = (x302 >> 28); + const x307: u32 = @intCast(u32, (x302 & @intCast(u64, 0xfffffff))); + const x308: u64 = (x306 + x275); + const x309: u64 = @intCast(u64, (x305 >> 28)); + const x310: u32 = @intCast(u32, (x305 & @intCast(u128, 0xfffffff))); + const x311: u64 = (x309 + x267); + const x312: u64 = (x308 >> 28); + const x313: u32 = @intCast(u32, (x308 & @intCast(u64, 0xfffffff))); + const x314: u64 = (x312 + x274); + const x315: u64 = (x311 >> 28); + const x316: u32 = @intCast(u32, (x311 & @intCast(u64, 0xfffffff))); + const x317: u64 = (x315 + x266); + const x318: u64 = (x314 >> 28); + const x319: u32 = @intCast(u32, (x314 & @intCast(u64, 0xfffffff))); + const x320: u64 = (x318 + x273); + const x321: u64 = (x317 >> 28); + const x322: u32 = @intCast(u32, (x317 & @intCast(u64, 0xfffffff))); + const x323: u64 = (x321 + @intCast(u64, x282)); + const x324: u64 = (x320 >> 28); + const x325: u32 = @intCast(u32, (x320 & @intCast(u64, 0xfffffff))); + const x326: u64 = (x324 + @intCast(u64, x264)); + const x327: u32 = @intCast(u32, (x323 >> 28)); + const x328: u32 = @intCast(u32, (x323 & @intCast(u64, 0xfffffff))); + const x329: u32 = @intCast(u32, (x326 >> 28)); + const x330: u32 = @intCast(u32, (x326 & @intCast(u64, 0xfffffff))); + const x331: u32 = (x285 + x327); + const x332: u32 = (x289 + x327); + const x333: u32 = (x329 + x331); + const x334: u1 = @intCast(u1, (x333 >> 28)); + const x335: u32 = (x333 & 0xfffffff); + const x336: u32 = (@intCast(u32, x334) + x292); + const x337: u1 = @intCast(u1, (x332 >> 28)); + const x338: u32 = (x332 & 0xfffffff); + const x339: u32 = (@intCast(u32, x337) + x295); + out1[0] = x338; + out1[1] = x339; + out1[2] = x301; + out1[3] = x307; + out1[4] = x313; + out1[5] = x319; + out1[6] = x325; + out1[7] = x330; + out1[8] = x335; + out1[9] = x336; + out1[10] = x298; + out1[11] = x304; + out1[12] = x310; + out1[13] = x316; + out1[14] = x322; + out1[15] = x328; +} + +/// The function fiatP448Carry reduces a field element. +/// Postconditions: +/// eval out1 mod m = eval arg1 mod m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000]] +/// Output Bounds: +/// out1: [[0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000]] +pub fn fiatP448Carry(out1: *[16]u32, arg1: [16]u32) void { + const x1: u32 = (arg1[7]); + const x2: u32 = (arg1[15]); + const x3: u32 = (x2 >> 28); + const x4: u32 = (((x1 >> 28) + (arg1[8])) + x3); + const x5: u32 = ((arg1[0]) + x3); + const x6: u32 = ((x4 >> 28) + (arg1[9])); + const x7: u32 = ((x5 >> 28) + (arg1[1])); + const x8: u32 = ((x6 >> 28) + (arg1[10])); + const x9: u32 = ((x7 >> 28) + (arg1[2])); + const x10: u32 = ((x8 >> 28) + (arg1[11])); + const x11: u32 = ((x9 >> 28) + (arg1[3])); + const x12: u32 = ((x10 >> 28) + (arg1[12])); + const x13: u32 = ((x11 >> 28) + (arg1[4])); + const x14: u32 = ((x12 >> 28) + (arg1[13])); + const x15: u32 = ((x13 >> 28) + (arg1[5])); + const x16: u32 = ((x14 >> 28) + (arg1[14])); + const x17: u32 = ((x15 >> 28) + (arg1[6])); + const x18: u32 = ((x16 >> 28) + (x2 & 0xfffffff)); + const x19: u32 = ((x17 >> 28) + (x1 & 0xfffffff)); + const x20: u1 = @intCast(u1, (x18 >> 28)); + const x21: u32 = ((x5 & 0xfffffff) + @intCast(u32, x20)); + const x22: u32 = (@intCast(u32, @intCast(u1, (x19 >> 28))) + ((x4 & 0xfffffff) + @intCast(u32, x20))); + const x23: u32 = (x21 & 0xfffffff); + const x24: u32 = (@intCast(u32, @intCast(u1, (x21 >> 28))) + (x7 & 0xfffffff)); + const x25: u32 = (x9 & 0xfffffff); + const x26: u32 = (x11 & 0xfffffff); + const x27: u32 = (x13 & 0xfffffff); + const x28: u32 = (x15 & 0xfffffff); + const x29: u32 = (x17 & 0xfffffff); + const x30: u32 = (x19 & 0xfffffff); + const x31: u32 = (x22 & 0xfffffff); + const x32: u32 = (@intCast(u32, @intCast(u1, (x22 >> 28))) + (x6 & 0xfffffff)); + const x33: u32 = (x8 & 0xfffffff); + const x34: u32 = (x10 & 0xfffffff); + const x35: u32 = (x12 & 0xfffffff); + const x36: u32 = (x14 & 0xfffffff); + const x37: u32 = (x16 & 0xfffffff); + const x38: u32 = (x18 & 0xfffffff); + out1[0] = x23; + out1[1] = x24; + out1[2] = x25; + out1[3] = x26; + out1[4] = x27; + out1[5] = x28; + out1[6] = x29; + out1[7] = x30; + out1[8] = x31; + out1[9] = x32; + out1[10] = x33; + out1[11] = x34; + out1[12] = x35; + out1[13] = x36; + out1[14] = x37; + out1[15] = x38; +} + +/// The function fiatP448Add adds two field elements. +/// Postconditions: +/// eval out1 mod m = (eval arg1 + eval arg2) mod m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000]] +/// arg2: [[0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000]] +/// Output Bounds: +/// out1: [[0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000]] +pub fn fiatP448Add(out1: *[16]u32, arg1: [16]u32, arg2: [16]u32) void { + const x1: u32 = ((arg1[0]) + (arg2[0])); + const x2: u32 = ((arg1[1]) + (arg2[1])); + const x3: u32 = ((arg1[2]) + (arg2[2])); + const x4: u32 = ((arg1[3]) + (arg2[3])); + const x5: u32 = ((arg1[4]) + (arg2[4])); + const x6: u32 = ((arg1[5]) + (arg2[5])); + const x7: u32 = ((arg1[6]) + (arg2[6])); + const x8: u32 = ((arg1[7]) + (arg2[7])); + const x9: u32 = ((arg1[8]) + (arg2[8])); + const x10: u32 = ((arg1[9]) + (arg2[9])); + const x11: u32 = ((arg1[10]) + (arg2[10])); + const x12: u32 = ((arg1[11]) + (arg2[11])); + const x13: u32 = ((arg1[12]) + (arg2[12])); + const x14: u32 = ((arg1[13]) + (arg2[13])); + const x15: u32 = ((arg1[14]) + (arg2[14])); + const x16: u32 = ((arg1[15]) + (arg2[15])); + out1[0] = x1; + out1[1] = x2; + out1[2] = x3; + out1[3] = x4; + out1[4] = x5; + out1[5] = x6; + out1[6] = x7; + out1[7] = x8; + out1[8] = x9; + out1[9] = x10; + out1[10] = x11; + out1[11] = x12; + out1[12] = x13; + out1[13] = x14; + out1[14] = x15; + out1[15] = x16; +} + +/// The function fiatP448Sub subtracts two field elements. +/// Postconditions: +/// eval out1 mod m = (eval arg1 - eval arg2) mod m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000]] +/// arg2: [[0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000]] +/// Output Bounds: +/// out1: [[0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000]] +pub fn fiatP448Sub(out1: *[16]u32, arg1: [16]u32, arg2: [16]u32) void { + const x1: u32 = ((0x1ffffffe + (arg1[0])) - (arg2[0])); + const x2: u32 = ((0x1ffffffe + (arg1[1])) - (arg2[1])); + const x3: u32 = ((0x1ffffffe + (arg1[2])) - (arg2[2])); + const x4: u32 = ((0x1ffffffe + (arg1[3])) - (arg2[3])); + const x5: u32 = ((0x1ffffffe + (arg1[4])) - (arg2[4])); + const x6: u32 = ((0x1ffffffe + (arg1[5])) - (arg2[5])); + const x7: u32 = ((0x1ffffffe + (arg1[6])) - (arg2[6])); + const x8: u32 = ((0x1ffffffe + (arg1[7])) - (arg2[7])); + const x9: u32 = ((0x1ffffffc + (arg1[8])) - (arg2[8])); + const x10: u32 = ((0x1ffffffe + (arg1[9])) - (arg2[9])); + const x11: u32 = ((0x1ffffffe + (arg1[10])) - (arg2[10])); + const x12: u32 = ((0x1ffffffe + (arg1[11])) - (arg2[11])); + const x13: u32 = ((0x1ffffffe + (arg1[12])) - (arg2[12])); + const x14: u32 = ((0x1ffffffe + (arg1[13])) - (arg2[13])); + const x15: u32 = ((0x1ffffffe + (arg1[14])) - (arg2[14])); + const x16: u32 = ((0x1ffffffe + (arg1[15])) - (arg2[15])); + out1[0] = x1; + out1[1] = x2; + out1[2] = x3; + out1[3] = x4; + out1[4] = x5; + out1[5] = x6; + out1[6] = x7; + out1[7] = x8; + out1[8] = x9; + out1[9] = x10; + out1[10] = x11; + out1[11] = x12; + out1[12] = x13; + out1[13] = x14; + out1[14] = x15; + out1[15] = x16; +} + +/// The function fiatP448Opp negates a field element. +/// Postconditions: +/// eval out1 mod m = -eval arg1 mod m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000]] +/// Output Bounds: +/// out1: [[0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000], [0x0 ~> 0x30000000]] +pub fn fiatP448Opp(out1: *[16]u32, arg1: [16]u32) void { + const x1: u32 = (0x1ffffffe - (arg1[0])); + const x2: u32 = (0x1ffffffe - (arg1[1])); + const x3: u32 = (0x1ffffffe - (arg1[2])); + const x4: u32 = (0x1ffffffe - (arg1[3])); + const x5: u32 = (0x1ffffffe - (arg1[4])); + const x6: u32 = (0x1ffffffe - (arg1[5])); + const x7: u32 = (0x1ffffffe - (arg1[6])); + const x8: u32 = (0x1ffffffe - (arg1[7])); + const x9: u32 = (0x1ffffffc - (arg1[8])); + const x10: u32 = (0x1ffffffe - (arg1[9])); + const x11: u32 = (0x1ffffffe - (arg1[10])); + const x12: u32 = (0x1ffffffe - (arg1[11])); + const x13: u32 = (0x1ffffffe - (arg1[12])); + const x14: u32 = (0x1ffffffe - (arg1[13])); + const x15: u32 = (0x1ffffffe - (arg1[14])); + const x16: u32 = (0x1ffffffe - (arg1[15])); + out1[0] = x1; + out1[1] = x2; + out1[2] = x3; + out1[3] = x4; + out1[4] = x5; + out1[5] = x6; + out1[6] = x7; + out1[7] = x8; + out1[8] = x9; + out1[9] = x10; + out1[10] = x11; + out1[11] = x12; + out1[12] = x13; + out1[13] = x14; + out1[14] = x15; + out1[15] = x16; +} + +/// The function fiatP448Selectznz is a multi-limb conditional select. +/// Postconditions: +/// eval out1 = (if arg1 = 0 then eval arg2 else eval arg3) +/// +/// Input Bounds: +/// arg1: [0x0 ~> 0x1] +/// arg2: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +/// arg3: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +pub fn fiatP448Selectznz(out1: *[16]u32, arg1: u1, arg2: [16]u32, arg3: [16]u32) void { + var x1: u32 = undefined; + fiatP448CmovznzU32(&x1, arg1, (arg2[0]), (arg3[0])); + var x2: u32 = undefined; + fiatP448CmovznzU32(&x2, arg1, (arg2[1]), (arg3[1])); + var x3: u32 = undefined; + fiatP448CmovznzU32(&x3, arg1, (arg2[2]), (arg3[2])); + var x4: u32 = undefined; + fiatP448CmovznzU32(&x4, arg1, (arg2[3]), (arg3[3])); + var x5: u32 = undefined; + fiatP448CmovznzU32(&x5, arg1, (arg2[4]), (arg3[4])); + var x6: u32 = undefined; + fiatP448CmovznzU32(&x6, arg1, (arg2[5]), (arg3[5])); + var x7: u32 = undefined; + fiatP448CmovznzU32(&x7, arg1, (arg2[6]), (arg3[6])); + var x8: u32 = undefined; + fiatP448CmovznzU32(&x8, arg1, (arg2[7]), (arg3[7])); + var x9: u32 = undefined; + fiatP448CmovznzU32(&x9, arg1, (arg2[8]), (arg3[8])); + var x10: u32 = undefined; + fiatP448CmovznzU32(&x10, arg1, (arg2[9]), (arg3[9])); + var x11: u32 = undefined; + fiatP448CmovznzU32(&x11, arg1, (arg2[10]), (arg3[10])); + var x12: u32 = undefined; + fiatP448CmovznzU32(&x12, arg1, (arg2[11]), (arg3[11])); + var x13: u32 = undefined; + fiatP448CmovznzU32(&x13, arg1, (arg2[12]), (arg3[12])); + var x14: u32 = undefined; + fiatP448CmovznzU32(&x14, arg1, (arg2[13]), (arg3[13])); + var x15: u32 = undefined; + fiatP448CmovznzU32(&x15, arg1, (arg2[14]), (arg3[14])); + var x16: u32 = undefined; + fiatP448CmovznzU32(&x16, arg1, (arg2[15]), (arg3[15])); + out1[0] = x1; + out1[1] = x2; + out1[2] = x3; + out1[3] = x4; + out1[4] = x5; + out1[5] = x6; + out1[6] = x7; + out1[7] = x8; + out1[8] = x9; + out1[9] = x10; + out1[10] = x11; + out1[11] = x12; + out1[12] = x13; + out1[13] = x14; + out1[14] = x15; + out1[15] = x16; +} + +/// The function fiatP448ToBytes serializes a field element to bytes in little-endian order. +/// Postconditions: +/// out1 = map (λ x, ⌊((eval arg1 mod m) mod 2^(8 * (x + 1))) / 2^(8 * x)⌋) [0..55] +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff]] +pub fn fiatP448ToBytes(out1: *[56]u8, arg1: [16]u32) void { + var x1: u32 = undefined; + var x2: u1 = undefined; + fiatP448SubborrowxU28(&x1, &x2, 0x0, (arg1[0]), 0xfffffff); + var x3: u32 = undefined; + var x4: u1 = undefined; + fiatP448SubborrowxU28(&x3, &x4, x2, (arg1[1]), 0xfffffff); + var x5: u32 = undefined; + var x6: u1 = undefined; + fiatP448SubborrowxU28(&x5, &x6, x4, (arg1[2]), 0xfffffff); + var x7: u32 = undefined; + var x8: u1 = undefined; + fiatP448SubborrowxU28(&x7, &x8, x6, (arg1[3]), 0xfffffff); + var x9: u32 = undefined; + var x10: u1 = undefined; + fiatP448SubborrowxU28(&x9, &x10, x8, (arg1[4]), 0xfffffff); + var x11: u32 = undefined; + var x12: u1 = undefined; + fiatP448SubborrowxU28(&x11, &x12, x10, (arg1[5]), 0xfffffff); + var x13: u32 = undefined; + var x14: u1 = undefined; + fiatP448SubborrowxU28(&x13, &x14, x12, (arg1[6]), 0xfffffff); + var x15: u32 = undefined; + var x16: u1 = undefined; + fiatP448SubborrowxU28(&x15, &x16, x14, (arg1[7]), 0xfffffff); + var x17: u32 = undefined; + var x18: u1 = undefined; + fiatP448SubborrowxU28(&x17, &x18, x16, (arg1[8]), 0xffffffe); + var x19: u32 = undefined; + var x20: u1 = undefined; + fiatP448SubborrowxU28(&x19, &x20, x18, (arg1[9]), 0xfffffff); + var x21: u32 = undefined; + var x22: u1 = undefined; + fiatP448SubborrowxU28(&x21, &x22, x20, (arg1[10]), 0xfffffff); + var x23: u32 = undefined; + var x24: u1 = undefined; + fiatP448SubborrowxU28(&x23, &x24, x22, (arg1[11]), 0xfffffff); + var x25: u32 = undefined; + var x26: u1 = undefined; + fiatP448SubborrowxU28(&x25, &x26, x24, (arg1[12]), 0xfffffff); + var x27: u32 = undefined; + var x28: u1 = undefined; + fiatP448SubborrowxU28(&x27, &x28, x26, (arg1[13]), 0xfffffff); + var x29: u32 = undefined; + var x30: u1 = undefined; + fiatP448SubborrowxU28(&x29, &x30, x28, (arg1[14]), 0xfffffff); + var x31: u32 = undefined; + var x32: u1 = undefined; + fiatP448SubborrowxU28(&x31, &x32, x30, (arg1[15]), 0xfffffff); + var x33: u32 = undefined; + fiatP448CmovznzU32(&x33, x32, @intCast(u32, 0x0), 0xffffffff); + var x34: u32 = undefined; + var x35: u1 = undefined; + fiatP448AddcarryxU28(&x34, &x35, 0x0, x1, (x33 & 0xfffffff)); + var x36: u32 = undefined; + var x37: u1 = undefined; + fiatP448AddcarryxU28(&x36, &x37, x35, x3, (x33 & 0xfffffff)); + var x38: u32 = undefined; + var x39: u1 = undefined; + fiatP448AddcarryxU28(&x38, &x39, x37, x5, (x33 & 0xfffffff)); + var x40: u32 = undefined; + var x41: u1 = undefined; + fiatP448AddcarryxU28(&x40, &x41, x39, x7, (x33 & 0xfffffff)); + var x42: u32 = undefined; + var x43: u1 = undefined; + fiatP448AddcarryxU28(&x42, &x43, x41, x9, (x33 & 0xfffffff)); + var x44: u32 = undefined; + var x45: u1 = undefined; + fiatP448AddcarryxU28(&x44, &x45, x43, x11, (x33 & 0xfffffff)); + var x46: u32 = undefined; + var x47: u1 = undefined; + fiatP448AddcarryxU28(&x46, &x47, x45, x13, (x33 & 0xfffffff)); + var x48: u32 = undefined; + var x49: u1 = undefined; + fiatP448AddcarryxU28(&x48, &x49, x47, x15, (x33 & 0xfffffff)); + var x50: u32 = undefined; + var x51: u1 = undefined; + fiatP448AddcarryxU28(&x50, &x51, x49, x17, (x33 & 0xffffffe)); + var x52: u32 = undefined; + var x53: u1 = undefined; + fiatP448AddcarryxU28(&x52, &x53, x51, x19, (x33 & 0xfffffff)); + var x54: u32 = undefined; + var x55: u1 = undefined; + fiatP448AddcarryxU28(&x54, &x55, x53, x21, (x33 & 0xfffffff)); + var x56: u32 = undefined; + var x57: u1 = undefined; + fiatP448AddcarryxU28(&x56, &x57, x55, x23, (x33 & 0xfffffff)); + var x58: u32 = undefined; + var x59: u1 = undefined; + fiatP448AddcarryxU28(&x58, &x59, x57, x25, (x33 & 0xfffffff)); + var x60: u32 = undefined; + var x61: u1 = undefined; + fiatP448AddcarryxU28(&x60, &x61, x59, x27, (x33 & 0xfffffff)); + var x62: u32 = undefined; + var x63: u1 = undefined; + fiatP448AddcarryxU28(&x62, &x63, x61, x29, (x33 & 0xfffffff)); + var x64: u32 = undefined; + var x65: u1 = undefined; + fiatP448AddcarryxU28(&x64, &x65, x63, x31, (x33 & 0xfffffff)); + const x66: u32 = (x64 << 4); + const x67: u32 = (x60 << 4); + const x68: u32 = (x56 << 4); + const x69: u32 = (x52 << 4); + const x70: u32 = (x48 << 4); + const x71: u32 = (x44 << 4); + const x72: u32 = (x40 << 4); + const x73: u32 = (x36 << 4); + const x74: u8 = @intCast(u8, (x34 & @intCast(u32, 0xff))); + const x75: u32 = (x34 >> 8); + const x76: u8 = @intCast(u8, (x75 & @intCast(u32, 0xff))); + const x77: u32 = (x75 >> 8); + const x78: u8 = @intCast(u8, (x77 & @intCast(u32, 0xff))); + const x79: u8 = @intCast(u8, (x77 >> 8)); + const x80: u32 = (x73 + @intCast(u32, x79)); + const x81: u8 = @intCast(u8, (x80 & @intCast(u32, 0xff))); + const x82: u32 = (x80 >> 8); + const x83: u8 = @intCast(u8, (x82 & @intCast(u32, 0xff))); + const x84: u32 = (x82 >> 8); + const x85: u8 = @intCast(u8, (x84 & @intCast(u32, 0xff))); + const x86: u8 = @intCast(u8, (x84 >> 8)); + const x87: u8 = @intCast(u8, (x38 & @intCast(u32, 0xff))); + const x88: u32 = (x38 >> 8); + const x89: u8 = @intCast(u8, (x88 & @intCast(u32, 0xff))); + const x90: u32 = (x88 >> 8); + const x91: u8 = @intCast(u8, (x90 & @intCast(u32, 0xff))); + const x92: u8 = @intCast(u8, (x90 >> 8)); + const x93: u32 = (x72 + @intCast(u32, x92)); + const x94: u8 = @intCast(u8, (x93 & @intCast(u32, 0xff))); + const x95: u32 = (x93 >> 8); + const x96: u8 = @intCast(u8, (x95 & @intCast(u32, 0xff))); + const x97: u32 = (x95 >> 8); + const x98: u8 = @intCast(u8, (x97 & @intCast(u32, 0xff))); + const x99: u8 = @intCast(u8, (x97 >> 8)); + const x100: u8 = @intCast(u8, (x42 & @intCast(u32, 0xff))); + const x101: u32 = (x42 >> 8); + const x102: u8 = @intCast(u8, (x101 & @intCast(u32, 0xff))); + const x103: u32 = (x101 >> 8); + const x104: u8 = @intCast(u8, (x103 & @intCast(u32, 0xff))); + const x105: u8 = @intCast(u8, (x103 >> 8)); + const x106: u32 = (x71 + @intCast(u32, x105)); + const x107: u8 = @intCast(u8, (x106 & @intCast(u32, 0xff))); + const x108: u32 = (x106 >> 8); + const x109: u8 = @intCast(u8, (x108 & @intCast(u32, 0xff))); + const x110: u32 = (x108 >> 8); + const x111: u8 = @intCast(u8, (x110 & @intCast(u32, 0xff))); + const x112: u8 = @intCast(u8, (x110 >> 8)); + const x113: u8 = @intCast(u8, (x46 & @intCast(u32, 0xff))); + const x114: u32 = (x46 >> 8); + const x115: u8 = @intCast(u8, (x114 & @intCast(u32, 0xff))); + const x116: u32 = (x114 >> 8); + const x117: u8 = @intCast(u8, (x116 & @intCast(u32, 0xff))); + const x118: u8 = @intCast(u8, (x116 >> 8)); + const x119: u32 = (x70 + @intCast(u32, x118)); + const x120: u8 = @intCast(u8, (x119 & @intCast(u32, 0xff))); + const x121: u32 = (x119 >> 8); + const x122: u8 = @intCast(u8, (x121 & @intCast(u32, 0xff))); + const x123: u32 = (x121 >> 8); + const x124: u8 = @intCast(u8, (x123 & @intCast(u32, 0xff))); + const x125: u8 = @intCast(u8, (x123 >> 8)); + const x126: u8 = @intCast(u8, (x50 & @intCast(u32, 0xff))); + const x127: u32 = (x50 >> 8); + const x128: u8 = @intCast(u8, (x127 & @intCast(u32, 0xff))); + const x129: u32 = (x127 >> 8); + const x130: u8 = @intCast(u8, (x129 & @intCast(u32, 0xff))); + const x131: u8 = @intCast(u8, (x129 >> 8)); + const x132: u32 = (x69 + @intCast(u32, x131)); + const x133: u8 = @intCast(u8, (x132 & @intCast(u32, 0xff))); + const x134: u32 = (x132 >> 8); + const x135: u8 = @intCast(u8, (x134 & @intCast(u32, 0xff))); + const x136: u32 = (x134 >> 8); + const x137: u8 = @intCast(u8, (x136 & @intCast(u32, 0xff))); + const x138: u8 = @intCast(u8, (x136 >> 8)); + const x139: u8 = @intCast(u8, (x54 & @intCast(u32, 0xff))); + const x140: u32 = (x54 >> 8); + const x141: u8 = @intCast(u8, (x140 & @intCast(u32, 0xff))); + const x142: u32 = (x140 >> 8); + const x143: u8 = @intCast(u8, (x142 & @intCast(u32, 0xff))); + const x144: u8 = @intCast(u8, (x142 >> 8)); + const x145: u32 = (x68 + @intCast(u32, x144)); + const x146: u8 = @intCast(u8, (x145 & @intCast(u32, 0xff))); + const x147: u32 = (x145 >> 8); + const x148: u8 = @intCast(u8, (x147 & @intCast(u32, 0xff))); + const x149: u32 = (x147 >> 8); + const x150: u8 = @intCast(u8, (x149 & @intCast(u32, 0xff))); + const x151: u8 = @intCast(u8, (x149 >> 8)); + const x152: u8 = @intCast(u8, (x58 & @intCast(u32, 0xff))); + const x153: u32 = (x58 >> 8); + const x154: u8 = @intCast(u8, (x153 & @intCast(u32, 0xff))); + const x155: u32 = (x153 >> 8); + const x156: u8 = @intCast(u8, (x155 & @intCast(u32, 0xff))); + const x157: u8 = @intCast(u8, (x155 >> 8)); + const x158: u32 = (x67 + @intCast(u32, x157)); + const x159: u8 = @intCast(u8, (x158 & @intCast(u32, 0xff))); + const x160: u32 = (x158 >> 8); + const x161: u8 = @intCast(u8, (x160 & @intCast(u32, 0xff))); + const x162: u32 = (x160 >> 8); + const x163: u8 = @intCast(u8, (x162 & @intCast(u32, 0xff))); + const x164: u8 = @intCast(u8, (x162 >> 8)); + const x165: u8 = @intCast(u8, (x62 & @intCast(u32, 0xff))); + const x166: u32 = (x62 >> 8); + const x167: u8 = @intCast(u8, (x166 & @intCast(u32, 0xff))); + const x168: u32 = (x166 >> 8); + const x169: u8 = @intCast(u8, (x168 & @intCast(u32, 0xff))); + const x170: u8 = @intCast(u8, (x168 >> 8)); + const x171: u32 = (x66 + @intCast(u32, x170)); + const x172: u8 = @intCast(u8, (x171 & @intCast(u32, 0xff))); + const x173: u32 = (x171 >> 8); + const x174: u8 = @intCast(u8, (x173 & @intCast(u32, 0xff))); + const x175: u32 = (x173 >> 8); + const x176: u8 = @intCast(u8, (x175 & @intCast(u32, 0xff))); + const x177: u8 = @intCast(u8, (x175 >> 8)); + out1[0] = x74; + out1[1] = x76; + out1[2] = x78; + out1[3] = x81; + out1[4] = x83; + out1[5] = x85; + out1[6] = x86; + out1[7] = x87; + out1[8] = x89; + out1[9] = x91; + out1[10] = x94; + out1[11] = x96; + out1[12] = x98; + out1[13] = x99; + out1[14] = x100; + out1[15] = x102; + out1[16] = x104; + out1[17] = x107; + out1[18] = x109; + out1[19] = x111; + out1[20] = x112; + out1[21] = x113; + out1[22] = x115; + out1[23] = x117; + out1[24] = x120; + out1[25] = x122; + out1[26] = x124; + out1[27] = x125; + out1[28] = x126; + out1[29] = x128; + out1[30] = x130; + out1[31] = x133; + out1[32] = x135; + out1[33] = x137; + out1[34] = x138; + out1[35] = x139; + out1[36] = x141; + out1[37] = x143; + out1[38] = x146; + out1[39] = x148; + out1[40] = x150; + out1[41] = x151; + out1[42] = x152; + out1[43] = x154; + out1[44] = x156; + out1[45] = x159; + out1[46] = x161; + out1[47] = x163; + out1[48] = x164; + out1[49] = x165; + out1[50] = x167; + out1[51] = x169; + out1[52] = x172; + out1[53] = x174; + out1[54] = x176; + out1[55] = x177; +} + +/// The function fiatP448FromBytes deserializes a field element from bytes in little-endian order. +/// Postconditions: +/// eval out1 mod m = bytes_eval arg1 mod m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000], [0x0 ~> 0x10000000]] +pub fn fiatP448FromBytes(out1: *[16]u32, arg1: [56]u8) void { + const x1: u32 = (@intCast(u32, (arg1[55])) << 20); + const x2: u32 = (@intCast(u32, (arg1[54])) << 12); + const x3: u32 = (@intCast(u32, (arg1[53])) << 4); + const x4: u32 = (@intCast(u32, (arg1[52])) << 24); + const x5: u32 = (@intCast(u32, (arg1[51])) << 16); + const x6: u32 = (@intCast(u32, (arg1[50])) << 8); + const x7: u8 = (arg1[49]); + const x8: u32 = (@intCast(u32, (arg1[48])) << 20); + const x9: u32 = (@intCast(u32, (arg1[47])) << 12); + const x10: u32 = (@intCast(u32, (arg1[46])) << 4); + const x11: u32 = (@intCast(u32, (arg1[45])) << 24); + const x12: u32 = (@intCast(u32, (arg1[44])) << 16); + const x13: u32 = (@intCast(u32, (arg1[43])) << 8); + const x14: u8 = (arg1[42]); + const x15: u32 = (@intCast(u32, (arg1[41])) << 20); + const x16: u32 = (@intCast(u32, (arg1[40])) << 12); + const x17: u32 = (@intCast(u32, (arg1[39])) << 4); + const x18: u32 = (@intCast(u32, (arg1[38])) << 24); + const x19: u32 = (@intCast(u32, (arg1[37])) << 16); + const x20: u32 = (@intCast(u32, (arg1[36])) << 8); + const x21: u8 = (arg1[35]); + const x22: u32 = (@intCast(u32, (arg1[34])) << 20); + const x23: u32 = (@intCast(u32, (arg1[33])) << 12); + const x24: u32 = (@intCast(u32, (arg1[32])) << 4); + const x25: u32 = (@intCast(u32, (arg1[31])) << 24); + const x26: u32 = (@intCast(u32, (arg1[30])) << 16); + const x27: u32 = (@intCast(u32, (arg1[29])) << 8); + const x28: u8 = (arg1[28]); + const x29: u32 = (@intCast(u32, (arg1[27])) << 20); + const x30: u32 = (@intCast(u32, (arg1[26])) << 12); + const x31: u32 = (@intCast(u32, (arg1[25])) << 4); + const x32: u32 = (@intCast(u32, (arg1[24])) << 24); + const x33: u32 = (@intCast(u32, (arg1[23])) << 16); + const x34: u32 = (@intCast(u32, (arg1[22])) << 8); + const x35: u8 = (arg1[21]); + const x36: u32 = (@intCast(u32, (arg1[20])) << 20); + const x37: u32 = (@intCast(u32, (arg1[19])) << 12); + const x38: u32 = (@intCast(u32, (arg1[18])) << 4); + const x39: u32 = (@intCast(u32, (arg1[17])) << 24); + const x40: u32 = (@intCast(u32, (arg1[16])) << 16); + const x41: u32 = (@intCast(u32, (arg1[15])) << 8); + const x42: u8 = (arg1[14]); + const x43: u32 = (@intCast(u32, (arg1[13])) << 20); + const x44: u32 = (@intCast(u32, (arg1[12])) << 12); + const x45: u32 = (@intCast(u32, (arg1[11])) << 4); + const x46: u32 = (@intCast(u32, (arg1[10])) << 24); + const x47: u32 = (@intCast(u32, (arg1[9])) << 16); + const x48: u32 = (@intCast(u32, (arg1[8])) << 8); + const x49: u8 = (arg1[7]); + const x50: u32 = (@intCast(u32, (arg1[6])) << 20); + const x51: u32 = (@intCast(u32, (arg1[5])) << 12); + const x52: u32 = (@intCast(u32, (arg1[4])) << 4); + const x53: u32 = (@intCast(u32, (arg1[3])) << 24); + const x54: u32 = (@intCast(u32, (arg1[2])) << 16); + const x55: u32 = (@intCast(u32, (arg1[1])) << 8); + const x56: u8 = (arg1[0]); + const x57: u32 = (x55 + @intCast(u32, x56)); + const x58: u32 = (x54 + x57); + const x59: u32 = (x53 + x58); + const x60: u32 = (x59 & 0xfffffff); + const x61: u8 = @intCast(u8, (x59 >> 28)); + const x62: u32 = (x52 + @intCast(u32, x61)); + const x63: u32 = (x51 + x62); + const x64: u32 = (x50 + x63); + const x65: u32 = (x48 + @intCast(u32, x49)); + const x66: u32 = (x47 + x65); + const x67: u32 = (x46 + x66); + const x68: u32 = (x67 & 0xfffffff); + const x69: u8 = @intCast(u8, (x67 >> 28)); + const x70: u32 = (x45 + @intCast(u32, x69)); + const x71: u32 = (x44 + x70); + const x72: u32 = (x43 + x71); + const x73: u32 = (x41 + @intCast(u32, x42)); + const x74: u32 = (x40 + x73); + const x75: u32 = (x39 + x74); + const x76: u32 = (x75 & 0xfffffff); + const x77: u8 = @intCast(u8, (x75 >> 28)); + const x78: u32 = (x38 + @intCast(u32, x77)); + const x79: u32 = (x37 + x78); + const x80: u32 = (x36 + x79); + const x81: u32 = (x34 + @intCast(u32, x35)); + const x82: u32 = (x33 + x81); + const x83: u32 = (x32 + x82); + const x84: u32 = (x83 & 0xfffffff); + const x85: u8 = @intCast(u8, (x83 >> 28)); + const x86: u32 = (x31 + @intCast(u32, x85)); + const x87: u32 = (x30 + x86); + const x88: u32 = (x29 + x87); + const x89: u32 = (x27 + @intCast(u32, x28)); + const x90: u32 = (x26 + x89); + const x91: u32 = (x25 + x90); + const x92: u32 = (x91 & 0xfffffff); + const x93: u8 = @intCast(u8, (x91 >> 28)); + const x94: u32 = (x24 + @intCast(u32, x93)); + const x95: u32 = (x23 + x94); + const x96: u32 = (x22 + x95); + const x97: u32 = (x20 + @intCast(u32, x21)); + const x98: u32 = (x19 + x97); + const x99: u32 = (x18 + x98); + const x100: u32 = (x99 & 0xfffffff); + const x101: u8 = @intCast(u8, (x99 >> 28)); + const x102: u32 = (x17 + @intCast(u32, x101)); + const x103: u32 = (x16 + x102); + const x104: u32 = (x15 + x103); + const x105: u32 = (x13 + @intCast(u32, x14)); + const x106: u32 = (x12 + x105); + const x107: u32 = (x11 + x106); + const x108: u32 = (x107 & 0xfffffff); + const x109: u8 = @intCast(u8, (x107 >> 28)); + const x110: u32 = (x10 + @intCast(u32, x109)); + const x111: u32 = (x9 + x110); + const x112: u32 = (x8 + x111); + const x113: u32 = (x6 + @intCast(u32, x7)); + const x114: u32 = (x5 + x113); + const x115: u32 = (x4 + x114); + const x116: u32 = (x115 & 0xfffffff); + const x117: u8 = @intCast(u8, (x115 >> 28)); + const x118: u32 = (x3 + @intCast(u32, x117)); + const x119: u32 = (x2 + x118); + const x120: u32 = (x1 + x119); + out1[0] = x60; + out1[1] = x64; + out1[2] = x68; + out1[3] = x72; + out1[4] = x76; + out1[5] = x80; + out1[6] = x84; + out1[7] = x88; + out1[8] = x92; + out1[9] = x96; + out1[10] = x100; + out1[11] = x104; + out1[12] = x108; + out1[13] = x112; + out1[14] = x116; + out1[15] = x120; +} + diff --git a/fiat-zig/src/p448_solinas_64.zig b/fiat-zig/src/p448_solinas_64.zig new file mode 100644 index 0000000000..614514af49 --- /dev/null +++ b/fiat-zig/src/p448_solinas_64.zig @@ -0,0 +1,875 @@ +/// Autogenerated: 'src/ExtractionOCaml/unsaturated_solinas' --lang Zig --internal-static --public-function-case camelCase --private-function-case camelCase p448 64 8 '2^448 - 2^224 - 1' carry_mul carry_square carry add sub opp selectznz to_bytes from_bytes +/// curve description: p448 +/// machine_wordsize = 64 (from "64") +/// requested operations: carry_mul, carry_square, carry, add, sub, opp, selectznz, to_bytes, from_bytes +/// n = 8 (from "8") +/// s-c = 2^448 - [(2^224, 1), (1, 1)] (from "2^448 - 2^224 - 1") +/// tight_bounds_multiplier = 1 (from "") +/// +/// Computed values: +/// carry_chain = [3, 7, 4, 0, 5, 1, 6, 2, 7, 3, 4, 0] +/// eval z = z[0] + (z[1] << 56) + (z[2] << 112) + (z[3] << 168) + (z[4] << 224) + (z[5] << 0x118) + (z[6] << 0x150) + (z[7] << 0x188) +/// bytes_eval z = z[0] + (z[1] << 8) + (z[2] << 16) + (z[3] << 24) + (z[4] << 32) + (z[5] << 40) + (z[6] << 48) + (z[7] << 56) + (z[8] << 64) + (z[9] << 72) + (z[10] << 80) + (z[11] << 88) + (z[12] << 96) + (z[13] << 104) + (z[14] << 112) + (z[15] << 120) + (z[16] << 128) + (z[17] << 136) + (z[18] << 144) + (z[19] << 152) + (z[20] << 160) + (z[21] << 168) + (z[22] << 176) + (z[23] << 184) + (z[24] << 192) + (z[25] << 200) + (z[26] << 208) + (z[27] << 216) + (z[28] << 224) + (z[29] << 232) + (z[30] << 240) + (z[31] << 248) + (z[32] << 256) + (z[33] << 0x108) + (z[34] << 0x110) + (z[35] << 0x118) + (z[36] << 0x120) + (z[37] << 0x128) + (z[38] << 0x130) + (z[39] << 0x138) + (z[40] << 0x140) + (z[41] << 0x148) + (z[42] << 0x150) + (z[43] << 0x158) + (z[44] << 0x160) + (z[45] << 0x168) + (z[46] << 0x170) + (z[47] << 0x178) + (z[48] << 0x180) + (z[49] << 0x188) + (z[50] << 0x190) + (z[51] << 0x198) + (z[52] << 0x1a0) + (z[53] << 0x1a8) + (z[54] << 0x1b0) + (z[55] << 0x1b8) +/// balance = [0x1fffffffffffffe, 0x1fffffffffffffe, 0x1fffffffffffffe, 0x1fffffffffffffe, 0x1fffffffffffffc, 0x1fffffffffffffe, 0x1fffffffffffffe, 0x1fffffffffffffe] + + +/// The function fiatP448AddcarryxU56 is an addition with carry. +/// Postconditions: +/// out1 = (arg1 + arg2 + arg3) mod 2^56 +/// out2 = ⌊(arg1 + arg2 + arg3) / 2^56⌋ +/// +/// Input Bounds: +/// arg1: [0x0 ~> 0x1] +/// arg2: [0x0 ~> 0xffffffffffffff] +/// arg3: [0x0 ~> 0xffffffffffffff] +/// Output Bounds: +/// out1: [0x0 ~> 0xffffffffffffff] +/// out2: [0x0 ~> 0x1] +fn fiatP448AddcarryxU56(out1: *u64, out2: *u1, arg1: u1, arg2: u64, arg3: u64) callconv(.Inline) void { + const x1: u64 = ((@intCast(u64, arg1) + arg2) + arg3); + const x2: u64 = (x1 & 0xffffffffffffff); + const x3: u1 = @intCast(u1, (x1 >> 56)); + out1.* = x2; + out2.* = x3; +} + +/// The function fiatP448SubborrowxU56 is a subtraction with borrow. +/// Postconditions: +/// out1 = (-arg1 + arg2 + -arg3) mod 2^56 +/// out2 = -⌊(-arg1 + arg2 + -arg3) / 2^56⌋ +/// +/// Input Bounds: +/// arg1: [0x0 ~> 0x1] +/// arg2: [0x0 ~> 0xffffffffffffff] +/// arg3: [0x0 ~> 0xffffffffffffff] +/// Output Bounds: +/// out1: [0x0 ~> 0xffffffffffffff] +/// out2: [0x0 ~> 0x1] +fn fiatP448SubborrowxU56(out1: *u64, out2: *u1, arg1: u1, arg2: u64, arg3: u64) callconv(.Inline) void { + const x1: i64 = @intCast(i64, (@intCast(i128, @intCast(i64, (@intCast(i128, arg2) - @intCast(i128, arg1)))) - @intCast(i128, arg3))); + const x2: i1 = @intCast(i1, (x1 >> 56)); + const x3: u64 = @intCast(u64, (@intCast(i128, x1) & @intCast(i128, 0xffffffffffffff))); + out1.* = x3; + out2.* = @intCast(u1, (@intCast(i2, 0x0) - @intCast(i2, x2))); +} + +/// The function fiatP448CmovznzU64 is a single-word conditional move. +/// Postconditions: +/// out1 = (if arg1 = 0 then arg2 else arg3) +/// +/// Input Bounds: +/// arg1: [0x0 ~> 0x1] +/// arg2: [0x0 ~> 0xffffffffffffffff] +/// arg3: [0x0 ~> 0xffffffffffffffff] +/// Output Bounds: +/// out1: [0x0 ~> 0xffffffffffffffff] +fn fiatP448CmovznzU64(out1: *u64, arg1: u1, arg2: u64, arg3: u64) callconv(.Inline) void { + const x1: u1 = (~(~arg1)); + const x2: u64 = @intCast(u64, (@intCast(i128, @intCast(i1, (@intCast(i2, 0x0) - @intCast(i2, x1)))) & @intCast(i128, 0xffffffffffffffff))); + const x3: u64 = ((x2 & arg3) | ((~x2) & arg2)); + out1.* = x3; +} + +/// The function fiatP448CarryMul multiplies two field elements and reduces the result. +/// Postconditions: +/// eval out1 mod m = (eval arg1 * eval arg2) mod m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0x300000000000000], [0x0 ~> 0x300000000000000], [0x0 ~> 0x300000000000000], [0x0 ~> 0x300000000000000], [0x0 ~> 0x300000000000000], [0x0 ~> 0x300000000000000], [0x0 ~> 0x300000000000000], [0x0 ~> 0x300000000000000]] +/// arg2: [[0x0 ~> 0x300000000000000], [0x0 ~> 0x300000000000000], [0x0 ~> 0x300000000000000], [0x0 ~> 0x300000000000000], [0x0 ~> 0x300000000000000], [0x0 ~> 0x300000000000000], [0x0 ~> 0x300000000000000], [0x0 ~> 0x300000000000000]] +/// Output Bounds: +/// out1: [[0x0 ~> 0x100000000000000], [0x0 ~> 0x100000000000000], [0x0 ~> 0x100000000000000], [0x0 ~> 0x100000000000000], [0x0 ~> 0x100000000000000], [0x0 ~> 0x100000000000000], [0x0 ~> 0x100000000000000], [0x0 ~> 0x100000000000000]] +pub fn fiatP448CarryMul(out1: *[8]u64, arg1: [8]u64, arg2: [8]u64) void { + const x1: u128 = (@intCast(u128, (arg1[7])) * @intCast(u128, (arg2[7]))); + const x2: u128 = (@intCast(u128, (arg1[7])) * @intCast(u128, (arg2[6]))); + const x3: u128 = (@intCast(u128, (arg1[7])) * @intCast(u128, (arg2[5]))); + const x4: u128 = (@intCast(u128, (arg1[6])) * @intCast(u128, (arg2[7]))); + const x5: u128 = (@intCast(u128, (arg1[6])) * @intCast(u128, (arg2[6]))); + const x6: u128 = (@intCast(u128, (arg1[5])) * @intCast(u128, (arg2[7]))); + const x7: u128 = (@intCast(u128, (arg1[7])) * @intCast(u128, (arg2[7]))); + const x8: u128 = (@intCast(u128, (arg1[7])) * @intCast(u128, (arg2[6]))); + const x9: u128 = (@intCast(u128, (arg1[7])) * @intCast(u128, (arg2[5]))); + const x10: u128 = (@intCast(u128, (arg1[6])) * @intCast(u128, (arg2[7]))); + const x11: u128 = (@intCast(u128, (arg1[6])) * @intCast(u128, (arg2[6]))); + const x12: u128 = (@intCast(u128, (arg1[5])) * @intCast(u128, (arg2[7]))); + const x13: u128 = (@intCast(u128, (arg1[7])) * @intCast(u128, (arg2[7]))); + const x14: u128 = (@intCast(u128, (arg1[7])) * @intCast(u128, (arg2[6]))); + const x15: u128 = (@intCast(u128, (arg1[7])) * @intCast(u128, (arg2[5]))); + const x16: u128 = (@intCast(u128, (arg1[7])) * @intCast(u128, (arg2[4]))); + const x17: u128 = (@intCast(u128, (arg1[7])) * @intCast(u128, (arg2[3]))); + const x18: u128 = (@intCast(u128, (arg1[7])) * @intCast(u128, (arg2[2]))); + const x19: u128 = (@intCast(u128, (arg1[7])) * @intCast(u128, (arg2[1]))); + const x20: u128 = (@intCast(u128, (arg1[6])) * @intCast(u128, (arg2[7]))); + const x21: u128 = (@intCast(u128, (arg1[6])) * @intCast(u128, (arg2[6]))); + const x22: u128 = (@intCast(u128, (arg1[6])) * @intCast(u128, (arg2[5]))); + const x23: u128 = (@intCast(u128, (arg1[6])) * @intCast(u128, (arg2[4]))); + const x24: u128 = (@intCast(u128, (arg1[6])) * @intCast(u128, (arg2[3]))); + const x25: u128 = (@intCast(u128, (arg1[6])) * @intCast(u128, (arg2[2]))); + const x26: u128 = (@intCast(u128, (arg1[5])) * @intCast(u128, (arg2[7]))); + const x27: u128 = (@intCast(u128, (arg1[5])) * @intCast(u128, (arg2[6]))); + const x28: u128 = (@intCast(u128, (arg1[5])) * @intCast(u128, (arg2[5]))); + const x29: u128 = (@intCast(u128, (arg1[5])) * @intCast(u128, (arg2[4]))); + const x30: u128 = (@intCast(u128, (arg1[5])) * @intCast(u128, (arg2[3]))); + const x31: u128 = (@intCast(u128, (arg1[4])) * @intCast(u128, (arg2[7]))); + const x32: u128 = (@intCast(u128, (arg1[4])) * @intCast(u128, (arg2[6]))); + const x33: u128 = (@intCast(u128, (arg1[4])) * @intCast(u128, (arg2[5]))); + const x34: u128 = (@intCast(u128, (arg1[4])) * @intCast(u128, (arg2[4]))); + const x35: u128 = (@intCast(u128, (arg1[3])) * @intCast(u128, (arg2[7]))); + const x36: u128 = (@intCast(u128, (arg1[3])) * @intCast(u128, (arg2[6]))); + const x37: u128 = (@intCast(u128, (arg1[3])) * @intCast(u128, (arg2[5]))); + const x38: u128 = (@intCast(u128, (arg1[2])) * @intCast(u128, (arg2[7]))); + const x39: u128 = (@intCast(u128, (arg1[2])) * @intCast(u128, (arg2[6]))); + const x40: u128 = (@intCast(u128, (arg1[1])) * @intCast(u128, (arg2[7]))); + const x41: u128 = (@intCast(u128, (arg1[7])) * @intCast(u128, (arg2[4]))); + const x42: u128 = (@intCast(u128, (arg1[7])) * @intCast(u128, (arg2[3]))); + const x43: u128 = (@intCast(u128, (arg1[7])) * @intCast(u128, (arg2[2]))); + const x44: u128 = (@intCast(u128, (arg1[7])) * @intCast(u128, (arg2[1]))); + const x45: u128 = (@intCast(u128, (arg1[6])) * @intCast(u128, (arg2[5]))); + const x46: u128 = (@intCast(u128, (arg1[6])) * @intCast(u128, (arg2[4]))); + const x47: u128 = (@intCast(u128, (arg1[6])) * @intCast(u128, (arg2[3]))); + const x48: u128 = (@intCast(u128, (arg1[6])) * @intCast(u128, (arg2[2]))); + const x49: u128 = (@intCast(u128, (arg1[5])) * @intCast(u128, (arg2[6]))); + const x50: u128 = (@intCast(u128, (arg1[5])) * @intCast(u128, (arg2[5]))); + const x51: u128 = (@intCast(u128, (arg1[5])) * @intCast(u128, (arg2[4]))); + const x52: u128 = (@intCast(u128, (arg1[5])) * @intCast(u128, (arg2[3]))); + const x53: u128 = (@intCast(u128, (arg1[4])) * @intCast(u128, (arg2[7]))); + const x54: u128 = (@intCast(u128, (arg1[4])) * @intCast(u128, (arg2[6]))); + const x55: u128 = (@intCast(u128, (arg1[4])) * @intCast(u128, (arg2[5]))); + const x56: u128 = (@intCast(u128, (arg1[4])) * @intCast(u128, (arg2[4]))); + const x57: u128 = (@intCast(u128, (arg1[3])) * @intCast(u128, (arg2[7]))); + const x58: u128 = (@intCast(u128, (arg1[3])) * @intCast(u128, (arg2[6]))); + const x59: u128 = (@intCast(u128, (arg1[3])) * @intCast(u128, (arg2[5]))); + const x60: u128 = (@intCast(u128, (arg1[2])) * @intCast(u128, (arg2[7]))); + const x61: u128 = (@intCast(u128, (arg1[2])) * @intCast(u128, (arg2[6]))); + const x62: u128 = (@intCast(u128, (arg1[1])) * @intCast(u128, (arg2[7]))); + const x63: u128 = (@intCast(u128, (arg1[7])) * @intCast(u128, (arg2[0]))); + const x64: u128 = (@intCast(u128, (arg1[6])) * @intCast(u128, (arg2[1]))); + const x65: u128 = (@intCast(u128, (arg1[6])) * @intCast(u128, (arg2[0]))); + const x66: u128 = (@intCast(u128, (arg1[5])) * @intCast(u128, (arg2[2]))); + const x67: u128 = (@intCast(u128, (arg1[5])) * @intCast(u128, (arg2[1]))); + const x68: u128 = (@intCast(u128, (arg1[5])) * @intCast(u128, (arg2[0]))); + const x69: u128 = (@intCast(u128, (arg1[4])) * @intCast(u128, (arg2[3]))); + const x70: u128 = (@intCast(u128, (arg1[4])) * @intCast(u128, (arg2[2]))); + const x71: u128 = (@intCast(u128, (arg1[4])) * @intCast(u128, (arg2[1]))); + const x72: u128 = (@intCast(u128, (arg1[4])) * @intCast(u128, (arg2[0]))); + const x73: u128 = (@intCast(u128, (arg1[3])) * @intCast(u128, (arg2[4]))); + const x74: u128 = (@intCast(u128, (arg1[3])) * @intCast(u128, (arg2[3]))); + const x75: u128 = (@intCast(u128, (arg1[3])) * @intCast(u128, (arg2[2]))); + const x76: u128 = (@intCast(u128, (arg1[3])) * @intCast(u128, (arg2[1]))); + const x77: u128 = (@intCast(u128, (arg1[3])) * @intCast(u128, (arg2[0]))); + const x78: u128 = (@intCast(u128, (arg1[2])) * @intCast(u128, (arg2[5]))); + const x79: u128 = (@intCast(u128, (arg1[2])) * @intCast(u128, (arg2[4]))); + const x80: u128 = (@intCast(u128, (arg1[2])) * @intCast(u128, (arg2[3]))); + const x81: u128 = (@intCast(u128, (arg1[2])) * @intCast(u128, (arg2[2]))); + const x82: u128 = (@intCast(u128, (arg1[2])) * @intCast(u128, (arg2[1]))); + const x83: u128 = (@intCast(u128, (arg1[2])) * @intCast(u128, (arg2[0]))); + const x84: u128 = (@intCast(u128, (arg1[1])) * @intCast(u128, (arg2[6]))); + const x85: u128 = (@intCast(u128, (arg1[1])) * @intCast(u128, (arg2[5]))); + const x86: u128 = (@intCast(u128, (arg1[1])) * @intCast(u128, (arg2[4]))); + const x87: u128 = (@intCast(u128, (arg1[1])) * @intCast(u128, (arg2[3]))); + const x88: u128 = (@intCast(u128, (arg1[1])) * @intCast(u128, (arg2[2]))); + const x89: u128 = (@intCast(u128, (arg1[1])) * @intCast(u128, (arg2[1]))); + const x90: u128 = (@intCast(u128, (arg1[1])) * @intCast(u128, (arg2[0]))); + const x91: u128 = (@intCast(u128, (arg1[0])) * @intCast(u128, (arg2[7]))); + const x92: u128 = (@intCast(u128, (arg1[0])) * @intCast(u128, (arg2[6]))); + const x93: u128 = (@intCast(u128, (arg1[0])) * @intCast(u128, (arg2[5]))); + const x94: u128 = (@intCast(u128, (arg1[0])) * @intCast(u128, (arg2[4]))); + const x95: u128 = (@intCast(u128, (arg1[0])) * @intCast(u128, (arg2[3]))); + const x96: u128 = (@intCast(u128, (arg1[0])) * @intCast(u128, (arg2[2]))); + const x97: u128 = (@intCast(u128, (arg1[0])) * @intCast(u128, (arg2[1]))); + const x98: u128 = (@intCast(u128, (arg1[0])) * @intCast(u128, (arg2[0]))); + const x99: u128 = (x95 + (x88 + (x82 + (x77 + (x31 + (x27 + (x22 + x16))))))); + const x100: u64 = @intCast(u64, (x99 >> 56)); + const x101: u64 = @intCast(u64, (x99 & @intCast(u128, 0xffffffffffffff))); + const x102: u128 = (x91 + (x84 + (x78 + (x73 + (x69 + (x66 + (x64 + (x63 + (x53 + (x49 + (x45 + x41))))))))))); + const x103: u128 = (x92 + (x85 + (x79 + (x74 + (x70 + (x67 + (x65 + (x57 + (x54 + (x50 + (x46 + (x42 + (x13 + x7))))))))))))); + const x104: u128 = (x93 + (x86 + (x80 + (x75 + (x71 + (x68 + (x60 + (x58 + (x55 + (x51 + (x47 + (x43 + (x20 + (x14 + (x10 + x8))))))))))))))); + const x105: u128 = (x94 + (x87 + (x81 + (x76 + (x72 + (x62 + (x61 + (x59 + (x56 + (x52 + (x48 + (x44 + (x26 + (x21 + (x15 + (x12 + (x11 + x9))))))))))))))))); + const x106: u128 = (x96 + (x89 + (x83 + (x35 + (x32 + (x28 + (x23 + (x17 + x1)))))))); + const x107: u128 = (x97 + (x90 + (x38 + (x36 + (x33 + (x29 + (x24 + (x18 + (x4 + x2))))))))); + const x108: u128 = (x98 + (x40 + (x39 + (x37 + (x34 + (x30 + (x25 + (x19 + (x6 + (x5 + x3)))))))))); + const x109: u128 = (@intCast(u128, x100) + x105); + const x110: u64 = @intCast(u64, (x102 >> 56)); + const x111: u64 = @intCast(u64, (x102 & @intCast(u128, 0xffffffffffffff))); + const x112: u128 = (x109 + @intCast(u128, x110)); + const x113: u64 = @intCast(u64, (x112 >> 56)); + const x114: u64 = @intCast(u64, (x112 & @intCast(u128, 0xffffffffffffff))); + const x115: u128 = (x108 + @intCast(u128, x110)); + const x116: u128 = (@intCast(u128, x113) + x104); + const x117: u64 = @intCast(u64, (x115 >> 56)); + const x118: u64 = @intCast(u64, (x115 & @intCast(u128, 0xffffffffffffff))); + const x119: u128 = (@intCast(u128, x117) + x107); + const x120: u64 = @intCast(u64, (x116 >> 56)); + const x121: u64 = @intCast(u64, (x116 & @intCast(u128, 0xffffffffffffff))); + const x122: u128 = (@intCast(u128, x120) + x103); + const x123: u64 = @intCast(u64, (x119 >> 56)); + const x124: u64 = @intCast(u64, (x119 & @intCast(u128, 0xffffffffffffff))); + const x125: u128 = (@intCast(u128, x123) + x106); + const x126: u64 = @intCast(u64, (x122 >> 56)); + const x127: u64 = @intCast(u64, (x122 & @intCast(u128, 0xffffffffffffff))); + const x128: u64 = (x126 + x111); + const x129: u64 = @intCast(u64, (x125 >> 56)); + const x130: u64 = @intCast(u64, (x125 & @intCast(u128, 0xffffffffffffff))); + const x131: u64 = (x129 + x101); + const x132: u64 = (x128 >> 56); + const x133: u64 = (x128 & 0xffffffffffffff); + const x134: u64 = (x131 >> 56); + const x135: u64 = (x131 & 0xffffffffffffff); + const x136: u64 = (x114 + x132); + const x137: u64 = (x118 + x132); + const x138: u64 = (x134 + x136); + const x139: u1 = @intCast(u1, (x138 >> 56)); + const x140: u64 = (x138 & 0xffffffffffffff); + const x141: u64 = (@intCast(u64, x139) + x121); + const x142: u1 = @intCast(u1, (x137 >> 56)); + const x143: u64 = (x137 & 0xffffffffffffff); + const x144: u64 = (@intCast(u64, x142) + x124); + out1[0] = x143; + out1[1] = x144; + out1[2] = x130; + out1[3] = x135; + out1[4] = x140; + out1[5] = x141; + out1[6] = x127; + out1[7] = x133; +} + +/// The function fiatP448CarrySquare squares a field element and reduces the result. +/// Postconditions: +/// eval out1 mod m = (eval arg1 * eval arg1) mod m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0x300000000000000], [0x0 ~> 0x300000000000000], [0x0 ~> 0x300000000000000], [0x0 ~> 0x300000000000000], [0x0 ~> 0x300000000000000], [0x0 ~> 0x300000000000000], [0x0 ~> 0x300000000000000], [0x0 ~> 0x300000000000000]] +/// Output Bounds: +/// out1: [[0x0 ~> 0x100000000000000], [0x0 ~> 0x100000000000000], [0x0 ~> 0x100000000000000], [0x0 ~> 0x100000000000000], [0x0 ~> 0x100000000000000], [0x0 ~> 0x100000000000000], [0x0 ~> 0x100000000000000], [0x0 ~> 0x100000000000000]] +pub fn fiatP448CarrySquare(out1: *[8]u64, arg1: [8]u64) void { + const x1: u64 = (arg1[7]); + const x2: u64 = (arg1[7]); + const x3: u64 = (x1 * 0x2); + const x4: u64 = (x2 * 0x2); + const x5: u64 = ((arg1[7]) * 0x2); + const x6: u64 = (arg1[6]); + const x7: u64 = (arg1[6]); + const x8: u64 = (x6 * 0x2); + const x9: u64 = (x7 * 0x2); + const x10: u64 = ((arg1[6]) * 0x2); + const x11: u64 = (arg1[5]); + const x12: u64 = (arg1[5]); + const x13: u64 = (x11 * 0x2); + const x14: u64 = (x12 * 0x2); + const x15: u64 = ((arg1[5]) * 0x2); + const x16: u64 = (arg1[4]); + const x17: u64 = (arg1[4]); + const x18: u64 = ((arg1[4]) * 0x2); + const x19: u64 = ((arg1[3]) * 0x2); + const x20: u64 = ((arg1[2]) * 0x2); + const x21: u64 = ((arg1[1]) * 0x2); + const x22: u128 = (@intCast(u128, (arg1[7])) * @intCast(u128, x1)); + const x23: u128 = (@intCast(u128, (arg1[6])) * @intCast(u128, x3)); + const x24: u128 = (@intCast(u128, (arg1[6])) * @intCast(u128, x6)); + const x25: u128 = (@intCast(u128, (arg1[5])) * @intCast(u128, x3)); + const x26: u128 = (@intCast(u128, (arg1[7])) * @intCast(u128, x1)); + const x27: u128 = (@intCast(u128, (arg1[6])) * @intCast(u128, x3)); + const x28: u128 = (@intCast(u128, (arg1[6])) * @intCast(u128, x6)); + const x29: u128 = (@intCast(u128, (arg1[5])) * @intCast(u128, x3)); + const x30: u128 = (@intCast(u128, (arg1[7])) * @intCast(u128, x2)); + const x31: u128 = (@intCast(u128, (arg1[6])) * @intCast(u128, x4)); + const x32: u128 = (@intCast(u128, (arg1[6])) * @intCast(u128, x7)); + const x33: u128 = (@intCast(u128, (arg1[5])) * @intCast(u128, x4)); + const x34: u128 = (@intCast(u128, (arg1[5])) * @intCast(u128, x9)); + const x35: u128 = (@intCast(u128, (arg1[5])) * @intCast(u128, x8)); + const x36: u128 = (@intCast(u128, (arg1[5])) * @intCast(u128, x12)); + const x37: u128 = (@intCast(u128, (arg1[5])) * @intCast(u128, x11)); + const x38: u128 = (@intCast(u128, (arg1[4])) * @intCast(u128, x4)); + const x39: u128 = (@intCast(u128, (arg1[4])) * @intCast(u128, x3)); + const x40: u128 = (@intCast(u128, (arg1[4])) * @intCast(u128, x9)); + const x41: u128 = (@intCast(u128, (arg1[4])) * @intCast(u128, x8)); + const x42: u128 = (@intCast(u128, (arg1[4])) * @intCast(u128, x14)); + const x43: u128 = (@intCast(u128, (arg1[4])) * @intCast(u128, x13)); + const x44: u128 = (@intCast(u128, (arg1[4])) * @intCast(u128, x17)); + const x45: u128 = (@intCast(u128, (arg1[4])) * @intCast(u128, x16)); + const x46: u128 = (@intCast(u128, (arg1[3])) * @intCast(u128, x4)); + const x47: u128 = (@intCast(u128, (arg1[3])) * @intCast(u128, x3)); + const x48: u128 = (@intCast(u128, (arg1[3])) * @intCast(u128, x9)); + const x49: u128 = (@intCast(u128, (arg1[3])) * @intCast(u128, x8)); + const x50: u128 = (@intCast(u128, (arg1[3])) * @intCast(u128, x14)); + const x51: u128 = (@intCast(u128, (arg1[3])) * @intCast(u128, x13)); + const x52: u128 = (@intCast(u128, (arg1[3])) * @intCast(u128, x18)); + const x53: u128 = (@intCast(u128, (arg1[3])) * @intCast(u128, (arg1[3]))); + const x54: u128 = (@intCast(u128, (arg1[2])) * @intCast(u128, x4)); + const x55: u128 = (@intCast(u128, (arg1[2])) * @intCast(u128, x3)); + const x56: u128 = (@intCast(u128, (arg1[2])) * @intCast(u128, x9)); + const x57: u128 = (@intCast(u128, (arg1[2])) * @intCast(u128, x8)); + const x58: u128 = (@intCast(u128, (arg1[2])) * @intCast(u128, x15)); + const x59: u128 = (@intCast(u128, (arg1[2])) * @intCast(u128, x18)); + const x60: u128 = (@intCast(u128, (arg1[2])) * @intCast(u128, x19)); + const x61: u128 = (@intCast(u128, (arg1[2])) * @intCast(u128, (arg1[2]))); + const x62: u128 = (@intCast(u128, (arg1[1])) * @intCast(u128, x4)); + const x63: u128 = (@intCast(u128, (arg1[1])) * @intCast(u128, x3)); + const x64: u128 = (@intCast(u128, (arg1[1])) * @intCast(u128, x10)); + const x65: u128 = (@intCast(u128, (arg1[1])) * @intCast(u128, x15)); + const x66: u128 = (@intCast(u128, (arg1[1])) * @intCast(u128, x18)); + const x67: u128 = (@intCast(u128, (arg1[1])) * @intCast(u128, x19)); + const x68: u128 = (@intCast(u128, (arg1[1])) * @intCast(u128, x20)); + const x69: u128 = (@intCast(u128, (arg1[1])) * @intCast(u128, (arg1[1]))); + const x70: u128 = (@intCast(u128, (arg1[0])) * @intCast(u128, x5)); + const x71: u128 = (@intCast(u128, (arg1[0])) * @intCast(u128, x10)); + const x72: u128 = (@intCast(u128, (arg1[0])) * @intCast(u128, x15)); + const x73: u128 = (@intCast(u128, (arg1[0])) * @intCast(u128, x18)); + const x74: u128 = (@intCast(u128, (arg1[0])) * @intCast(u128, x19)); + const x75: u128 = (@intCast(u128, (arg1[0])) * @intCast(u128, x20)); + const x76: u128 = (@intCast(u128, (arg1[0])) * @intCast(u128, x21)); + const x77: u128 = (@intCast(u128, (arg1[0])) * @intCast(u128, (arg1[0]))); + const x78: u128 = (x74 + (x68 + (x38 + x34))); + const x79: u64 = @intCast(u64, (x78 >> 56)); + const x80: u64 = @intCast(u64, (x78 & @intCast(u128, 0xffffffffffffff))); + const x81: u128 = (x70 + (x64 + (x58 + (x52 + (x39 + x35))))); + const x82: u128 = (x71 + (x65 + (x59 + (x53 + (x47 + (x41 + (x37 + (x30 + x26)))))))); + const x83: u128 = (x72 + (x66 + (x60 + (x55 + (x49 + (x43 + (x31 + x27))))))); + const x84: u128 = (x73 + (x67 + (x63 + (x61 + (x57 + (x51 + (x45 + (x33 + (x32 + (x29 + x28)))))))))); + const x85: u128 = (x75 + (x69 + (x46 + (x40 + (x36 + x22))))); + const x86: u128 = (x76 + (x54 + (x48 + (x42 + x23)))); + const x87: u128 = (x77 + (x62 + (x56 + (x50 + (x44 + (x25 + x24)))))); + const x88: u128 = (@intCast(u128, x79) + x84); + const x89: u64 = @intCast(u64, (x81 >> 56)); + const x90: u64 = @intCast(u64, (x81 & @intCast(u128, 0xffffffffffffff))); + const x91: u128 = (x88 + @intCast(u128, x89)); + const x92: u64 = @intCast(u64, (x91 >> 56)); + const x93: u64 = @intCast(u64, (x91 & @intCast(u128, 0xffffffffffffff))); + const x94: u128 = (x87 + @intCast(u128, x89)); + const x95: u128 = (@intCast(u128, x92) + x83); + const x96: u64 = @intCast(u64, (x94 >> 56)); + const x97: u64 = @intCast(u64, (x94 & @intCast(u128, 0xffffffffffffff))); + const x98: u128 = (@intCast(u128, x96) + x86); + const x99: u64 = @intCast(u64, (x95 >> 56)); + const x100: u64 = @intCast(u64, (x95 & @intCast(u128, 0xffffffffffffff))); + const x101: u128 = (@intCast(u128, x99) + x82); + const x102: u64 = @intCast(u64, (x98 >> 56)); + const x103: u64 = @intCast(u64, (x98 & @intCast(u128, 0xffffffffffffff))); + const x104: u128 = (@intCast(u128, x102) + x85); + const x105: u64 = @intCast(u64, (x101 >> 56)); + const x106: u64 = @intCast(u64, (x101 & @intCast(u128, 0xffffffffffffff))); + const x107: u64 = (x105 + x90); + const x108: u64 = @intCast(u64, (x104 >> 56)); + const x109: u64 = @intCast(u64, (x104 & @intCast(u128, 0xffffffffffffff))); + const x110: u64 = (x108 + x80); + const x111: u64 = (x107 >> 56); + const x112: u64 = (x107 & 0xffffffffffffff); + const x113: u64 = (x110 >> 56); + const x114: u64 = (x110 & 0xffffffffffffff); + const x115: u64 = (x93 + x111); + const x116: u64 = (x97 + x111); + const x117: u64 = (x113 + x115); + const x118: u1 = @intCast(u1, (x117 >> 56)); + const x119: u64 = (x117 & 0xffffffffffffff); + const x120: u64 = (@intCast(u64, x118) + x100); + const x121: u1 = @intCast(u1, (x116 >> 56)); + const x122: u64 = (x116 & 0xffffffffffffff); + const x123: u64 = (@intCast(u64, x121) + x103); + out1[0] = x122; + out1[1] = x123; + out1[2] = x109; + out1[3] = x114; + out1[4] = x119; + out1[5] = x120; + out1[6] = x106; + out1[7] = x112; +} + +/// The function fiatP448Carry reduces a field element. +/// Postconditions: +/// eval out1 mod m = eval arg1 mod m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0x300000000000000], [0x0 ~> 0x300000000000000], [0x0 ~> 0x300000000000000], [0x0 ~> 0x300000000000000], [0x0 ~> 0x300000000000000], [0x0 ~> 0x300000000000000], [0x0 ~> 0x300000000000000], [0x0 ~> 0x300000000000000]] +/// Output Bounds: +/// out1: [[0x0 ~> 0x100000000000000], [0x0 ~> 0x100000000000000], [0x0 ~> 0x100000000000000], [0x0 ~> 0x100000000000000], [0x0 ~> 0x100000000000000], [0x0 ~> 0x100000000000000], [0x0 ~> 0x100000000000000], [0x0 ~> 0x100000000000000]] +pub fn fiatP448Carry(out1: *[8]u64, arg1: [8]u64) void { + const x1: u64 = (arg1[3]); + const x2: u64 = (arg1[7]); + const x3: u64 = (x2 >> 56); + const x4: u64 = (((x1 >> 56) + (arg1[4])) + x3); + const x5: u64 = ((arg1[0]) + x3); + const x6: u64 = ((x4 >> 56) + (arg1[5])); + const x7: u64 = ((x5 >> 56) + (arg1[1])); + const x8: u64 = ((x6 >> 56) + (arg1[6])); + const x9: u64 = ((x7 >> 56) + (arg1[2])); + const x10: u64 = ((x8 >> 56) + (x2 & 0xffffffffffffff)); + const x11: u64 = ((x9 >> 56) + (x1 & 0xffffffffffffff)); + const x12: u1 = @intCast(u1, (x10 >> 56)); + const x13: u64 = ((x5 & 0xffffffffffffff) + @intCast(u64, x12)); + const x14: u64 = (@intCast(u64, @intCast(u1, (x11 >> 56))) + ((x4 & 0xffffffffffffff) + @intCast(u64, x12))); + const x15: u64 = (x13 & 0xffffffffffffff); + const x16: u64 = (@intCast(u64, @intCast(u1, (x13 >> 56))) + (x7 & 0xffffffffffffff)); + const x17: u64 = (x9 & 0xffffffffffffff); + const x18: u64 = (x11 & 0xffffffffffffff); + const x19: u64 = (x14 & 0xffffffffffffff); + const x20: u64 = (@intCast(u64, @intCast(u1, (x14 >> 56))) + (x6 & 0xffffffffffffff)); + const x21: u64 = (x8 & 0xffffffffffffff); + const x22: u64 = (x10 & 0xffffffffffffff); + out1[0] = x15; + out1[1] = x16; + out1[2] = x17; + out1[3] = x18; + out1[4] = x19; + out1[5] = x20; + out1[6] = x21; + out1[7] = x22; +} + +/// The function fiatP448Add adds two field elements. +/// Postconditions: +/// eval out1 mod m = (eval arg1 + eval arg2) mod m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0x100000000000000], [0x0 ~> 0x100000000000000], [0x0 ~> 0x100000000000000], [0x0 ~> 0x100000000000000], [0x0 ~> 0x100000000000000], [0x0 ~> 0x100000000000000], [0x0 ~> 0x100000000000000], [0x0 ~> 0x100000000000000]] +/// arg2: [[0x0 ~> 0x100000000000000], [0x0 ~> 0x100000000000000], [0x0 ~> 0x100000000000000], [0x0 ~> 0x100000000000000], [0x0 ~> 0x100000000000000], [0x0 ~> 0x100000000000000], [0x0 ~> 0x100000000000000], [0x0 ~> 0x100000000000000]] +/// Output Bounds: +/// out1: [[0x0 ~> 0x300000000000000], [0x0 ~> 0x300000000000000], [0x0 ~> 0x300000000000000], [0x0 ~> 0x300000000000000], [0x0 ~> 0x300000000000000], [0x0 ~> 0x300000000000000], [0x0 ~> 0x300000000000000], [0x0 ~> 0x300000000000000]] +pub fn fiatP448Add(out1: *[8]u64, arg1: [8]u64, arg2: [8]u64) void { + const x1: u64 = ((arg1[0]) + (arg2[0])); + const x2: u64 = ((arg1[1]) + (arg2[1])); + const x3: u64 = ((arg1[2]) + (arg2[2])); + const x4: u64 = ((arg1[3]) + (arg2[3])); + const x5: u64 = ((arg1[4]) + (arg2[4])); + const x6: u64 = ((arg1[5]) + (arg2[5])); + const x7: u64 = ((arg1[6]) + (arg2[6])); + const x8: u64 = ((arg1[7]) + (arg2[7])); + out1[0] = x1; + out1[1] = x2; + out1[2] = x3; + out1[3] = x4; + out1[4] = x5; + out1[5] = x6; + out1[6] = x7; + out1[7] = x8; +} + +/// The function fiatP448Sub subtracts two field elements. +/// Postconditions: +/// eval out1 mod m = (eval arg1 - eval arg2) mod m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0x100000000000000], [0x0 ~> 0x100000000000000], [0x0 ~> 0x100000000000000], [0x0 ~> 0x100000000000000], [0x0 ~> 0x100000000000000], [0x0 ~> 0x100000000000000], [0x0 ~> 0x100000000000000], [0x0 ~> 0x100000000000000]] +/// arg2: [[0x0 ~> 0x100000000000000], [0x0 ~> 0x100000000000000], [0x0 ~> 0x100000000000000], [0x0 ~> 0x100000000000000], [0x0 ~> 0x100000000000000], [0x0 ~> 0x100000000000000], [0x0 ~> 0x100000000000000], [0x0 ~> 0x100000000000000]] +/// Output Bounds: +/// out1: [[0x0 ~> 0x300000000000000], [0x0 ~> 0x300000000000000], [0x0 ~> 0x300000000000000], [0x0 ~> 0x300000000000000], [0x0 ~> 0x300000000000000], [0x0 ~> 0x300000000000000], [0x0 ~> 0x300000000000000], [0x0 ~> 0x300000000000000]] +pub fn fiatP448Sub(out1: *[8]u64, arg1: [8]u64, arg2: [8]u64) void { + const x1: u64 = ((0x1fffffffffffffe + (arg1[0])) - (arg2[0])); + const x2: u64 = ((0x1fffffffffffffe + (arg1[1])) - (arg2[1])); + const x3: u64 = ((0x1fffffffffffffe + (arg1[2])) - (arg2[2])); + const x4: u64 = ((0x1fffffffffffffe + (arg1[3])) - (arg2[3])); + const x5: u64 = ((0x1fffffffffffffc + (arg1[4])) - (arg2[4])); + const x6: u64 = ((0x1fffffffffffffe + (arg1[5])) - (arg2[5])); + const x7: u64 = ((0x1fffffffffffffe + (arg1[6])) - (arg2[6])); + const x8: u64 = ((0x1fffffffffffffe + (arg1[7])) - (arg2[7])); + out1[0] = x1; + out1[1] = x2; + out1[2] = x3; + out1[3] = x4; + out1[4] = x5; + out1[5] = x6; + out1[6] = x7; + out1[7] = x8; +} + +/// The function fiatP448Opp negates a field element. +/// Postconditions: +/// eval out1 mod m = -eval arg1 mod m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0x100000000000000], [0x0 ~> 0x100000000000000], [0x0 ~> 0x100000000000000], [0x0 ~> 0x100000000000000], [0x0 ~> 0x100000000000000], [0x0 ~> 0x100000000000000], [0x0 ~> 0x100000000000000], [0x0 ~> 0x100000000000000]] +/// Output Bounds: +/// out1: [[0x0 ~> 0x300000000000000], [0x0 ~> 0x300000000000000], [0x0 ~> 0x300000000000000], [0x0 ~> 0x300000000000000], [0x0 ~> 0x300000000000000], [0x0 ~> 0x300000000000000], [0x0 ~> 0x300000000000000], [0x0 ~> 0x300000000000000]] +pub fn fiatP448Opp(out1: *[8]u64, arg1: [8]u64) void { + const x1: u64 = (0x1fffffffffffffe - (arg1[0])); + const x2: u64 = (0x1fffffffffffffe - (arg1[1])); + const x3: u64 = (0x1fffffffffffffe - (arg1[2])); + const x4: u64 = (0x1fffffffffffffe - (arg1[3])); + const x5: u64 = (0x1fffffffffffffc - (arg1[4])); + const x6: u64 = (0x1fffffffffffffe - (arg1[5])); + const x7: u64 = (0x1fffffffffffffe - (arg1[6])); + const x8: u64 = (0x1fffffffffffffe - (arg1[7])); + out1[0] = x1; + out1[1] = x2; + out1[2] = x3; + out1[3] = x4; + out1[4] = x5; + out1[5] = x6; + out1[6] = x7; + out1[7] = x8; +} + +/// The function fiatP448Selectznz is a multi-limb conditional select. +/// Postconditions: +/// eval out1 = (if arg1 = 0 then eval arg2 else eval arg3) +/// +/// Input Bounds: +/// arg1: [0x0 ~> 0x1] +/// arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// arg3: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +pub fn fiatP448Selectznz(out1: *[8]u64, arg1: u1, arg2: [8]u64, arg3: [8]u64) void { + var x1: u64 = undefined; + fiatP448CmovznzU64(&x1, arg1, (arg2[0]), (arg3[0])); + var x2: u64 = undefined; + fiatP448CmovznzU64(&x2, arg1, (arg2[1]), (arg3[1])); + var x3: u64 = undefined; + fiatP448CmovznzU64(&x3, arg1, (arg2[2]), (arg3[2])); + var x4: u64 = undefined; + fiatP448CmovznzU64(&x4, arg1, (arg2[3]), (arg3[3])); + var x5: u64 = undefined; + fiatP448CmovznzU64(&x5, arg1, (arg2[4]), (arg3[4])); + var x6: u64 = undefined; + fiatP448CmovznzU64(&x6, arg1, (arg2[5]), (arg3[5])); + var x7: u64 = undefined; + fiatP448CmovznzU64(&x7, arg1, (arg2[6]), (arg3[6])); + var x8: u64 = undefined; + fiatP448CmovznzU64(&x8, arg1, (arg2[7]), (arg3[7])); + out1[0] = x1; + out1[1] = x2; + out1[2] = x3; + out1[3] = x4; + out1[4] = x5; + out1[5] = x6; + out1[6] = x7; + out1[7] = x8; +} + +/// The function fiatP448ToBytes serializes a field element to bytes in little-endian order. +/// Postconditions: +/// out1 = map (λ x, ⌊((eval arg1 mod m) mod 2^(8 * (x + 1))) / 2^(8 * x)⌋) [0..55] +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0x100000000000000], [0x0 ~> 0x100000000000000], [0x0 ~> 0x100000000000000], [0x0 ~> 0x100000000000000], [0x0 ~> 0x100000000000000], [0x0 ~> 0x100000000000000], [0x0 ~> 0x100000000000000], [0x0 ~> 0x100000000000000]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff]] +pub fn fiatP448ToBytes(out1: *[56]u8, arg1: [8]u64) void { + var x1: u64 = undefined; + var x2: u1 = undefined; + fiatP448SubborrowxU56(&x1, &x2, 0x0, (arg1[0]), 0xffffffffffffff); + var x3: u64 = undefined; + var x4: u1 = undefined; + fiatP448SubborrowxU56(&x3, &x4, x2, (arg1[1]), 0xffffffffffffff); + var x5: u64 = undefined; + var x6: u1 = undefined; + fiatP448SubborrowxU56(&x5, &x6, x4, (arg1[2]), 0xffffffffffffff); + var x7: u64 = undefined; + var x8: u1 = undefined; + fiatP448SubborrowxU56(&x7, &x8, x6, (arg1[3]), 0xffffffffffffff); + var x9: u64 = undefined; + var x10: u1 = undefined; + fiatP448SubborrowxU56(&x9, &x10, x8, (arg1[4]), 0xfffffffffffffe); + var x11: u64 = undefined; + var x12: u1 = undefined; + fiatP448SubborrowxU56(&x11, &x12, x10, (arg1[5]), 0xffffffffffffff); + var x13: u64 = undefined; + var x14: u1 = undefined; + fiatP448SubborrowxU56(&x13, &x14, x12, (arg1[6]), 0xffffffffffffff); + var x15: u64 = undefined; + var x16: u1 = undefined; + fiatP448SubborrowxU56(&x15, &x16, x14, (arg1[7]), 0xffffffffffffff); + var x17: u64 = undefined; + fiatP448CmovznzU64(&x17, x16, @intCast(u64, 0x0), 0xffffffffffffffff); + var x18: u64 = undefined; + var x19: u1 = undefined; + fiatP448AddcarryxU56(&x18, &x19, 0x0, x1, (x17 & 0xffffffffffffff)); + var x20: u64 = undefined; + var x21: u1 = undefined; + fiatP448AddcarryxU56(&x20, &x21, x19, x3, (x17 & 0xffffffffffffff)); + var x22: u64 = undefined; + var x23: u1 = undefined; + fiatP448AddcarryxU56(&x22, &x23, x21, x5, (x17 & 0xffffffffffffff)); + var x24: u64 = undefined; + var x25: u1 = undefined; + fiatP448AddcarryxU56(&x24, &x25, x23, x7, (x17 & 0xffffffffffffff)); + var x26: u64 = undefined; + var x27: u1 = undefined; + fiatP448AddcarryxU56(&x26, &x27, x25, x9, (x17 & 0xfffffffffffffe)); + var x28: u64 = undefined; + var x29: u1 = undefined; + fiatP448AddcarryxU56(&x28, &x29, x27, x11, (x17 & 0xffffffffffffff)); + var x30: u64 = undefined; + var x31: u1 = undefined; + fiatP448AddcarryxU56(&x30, &x31, x29, x13, (x17 & 0xffffffffffffff)); + var x32: u64 = undefined; + var x33: u1 = undefined; + fiatP448AddcarryxU56(&x32, &x33, x31, x15, (x17 & 0xffffffffffffff)); + const x34: u8 = @intCast(u8, (x18 & @intCast(u64, 0xff))); + const x35: u64 = (x18 >> 8); + const x36: u8 = @intCast(u8, (x35 & @intCast(u64, 0xff))); + const x37: u64 = (x35 >> 8); + const x38: u8 = @intCast(u8, (x37 & @intCast(u64, 0xff))); + const x39: u64 = (x37 >> 8); + const x40: u8 = @intCast(u8, (x39 & @intCast(u64, 0xff))); + const x41: u64 = (x39 >> 8); + const x42: u8 = @intCast(u8, (x41 & @intCast(u64, 0xff))); + const x43: u64 = (x41 >> 8); + const x44: u8 = @intCast(u8, (x43 & @intCast(u64, 0xff))); + const x45: u8 = @intCast(u8, (x43 >> 8)); + const x46: u8 = @intCast(u8, (x20 & @intCast(u64, 0xff))); + const x47: u64 = (x20 >> 8); + const x48: u8 = @intCast(u8, (x47 & @intCast(u64, 0xff))); + const x49: u64 = (x47 >> 8); + const x50: u8 = @intCast(u8, (x49 & @intCast(u64, 0xff))); + const x51: u64 = (x49 >> 8); + const x52: u8 = @intCast(u8, (x51 & @intCast(u64, 0xff))); + const x53: u64 = (x51 >> 8); + const x54: u8 = @intCast(u8, (x53 & @intCast(u64, 0xff))); + const x55: u64 = (x53 >> 8); + const x56: u8 = @intCast(u8, (x55 & @intCast(u64, 0xff))); + const x57: u8 = @intCast(u8, (x55 >> 8)); + const x58: u8 = @intCast(u8, (x22 & @intCast(u64, 0xff))); + const x59: u64 = (x22 >> 8); + const x60: u8 = @intCast(u8, (x59 & @intCast(u64, 0xff))); + const x61: u64 = (x59 >> 8); + const x62: u8 = @intCast(u8, (x61 & @intCast(u64, 0xff))); + const x63: u64 = (x61 >> 8); + const x64: u8 = @intCast(u8, (x63 & @intCast(u64, 0xff))); + const x65: u64 = (x63 >> 8); + const x66: u8 = @intCast(u8, (x65 & @intCast(u64, 0xff))); + const x67: u64 = (x65 >> 8); + const x68: u8 = @intCast(u8, (x67 & @intCast(u64, 0xff))); + const x69: u8 = @intCast(u8, (x67 >> 8)); + const x70: u8 = @intCast(u8, (x24 & @intCast(u64, 0xff))); + const x71: u64 = (x24 >> 8); + const x72: u8 = @intCast(u8, (x71 & @intCast(u64, 0xff))); + const x73: u64 = (x71 >> 8); + const x74: u8 = @intCast(u8, (x73 & @intCast(u64, 0xff))); + const x75: u64 = (x73 >> 8); + const x76: u8 = @intCast(u8, (x75 & @intCast(u64, 0xff))); + const x77: u64 = (x75 >> 8); + const x78: u8 = @intCast(u8, (x77 & @intCast(u64, 0xff))); + const x79: u64 = (x77 >> 8); + const x80: u8 = @intCast(u8, (x79 & @intCast(u64, 0xff))); + const x81: u8 = @intCast(u8, (x79 >> 8)); + const x82: u8 = @intCast(u8, (x26 & @intCast(u64, 0xff))); + const x83: u64 = (x26 >> 8); + const x84: u8 = @intCast(u8, (x83 & @intCast(u64, 0xff))); + const x85: u64 = (x83 >> 8); + const x86: u8 = @intCast(u8, (x85 & @intCast(u64, 0xff))); + const x87: u64 = (x85 >> 8); + const x88: u8 = @intCast(u8, (x87 & @intCast(u64, 0xff))); + const x89: u64 = (x87 >> 8); + const x90: u8 = @intCast(u8, (x89 & @intCast(u64, 0xff))); + const x91: u64 = (x89 >> 8); + const x92: u8 = @intCast(u8, (x91 & @intCast(u64, 0xff))); + const x93: u8 = @intCast(u8, (x91 >> 8)); + const x94: u8 = @intCast(u8, (x28 & @intCast(u64, 0xff))); + const x95: u64 = (x28 >> 8); + const x96: u8 = @intCast(u8, (x95 & @intCast(u64, 0xff))); + const x97: u64 = (x95 >> 8); + const x98: u8 = @intCast(u8, (x97 & @intCast(u64, 0xff))); + const x99: u64 = (x97 >> 8); + const x100: u8 = @intCast(u8, (x99 & @intCast(u64, 0xff))); + const x101: u64 = (x99 >> 8); + const x102: u8 = @intCast(u8, (x101 & @intCast(u64, 0xff))); + const x103: u64 = (x101 >> 8); + const x104: u8 = @intCast(u8, (x103 & @intCast(u64, 0xff))); + const x105: u8 = @intCast(u8, (x103 >> 8)); + const x106: u8 = @intCast(u8, (x30 & @intCast(u64, 0xff))); + const x107: u64 = (x30 >> 8); + const x108: u8 = @intCast(u8, (x107 & @intCast(u64, 0xff))); + const x109: u64 = (x107 >> 8); + const x110: u8 = @intCast(u8, (x109 & @intCast(u64, 0xff))); + const x111: u64 = (x109 >> 8); + const x112: u8 = @intCast(u8, (x111 & @intCast(u64, 0xff))); + const x113: u64 = (x111 >> 8); + const x114: u8 = @intCast(u8, (x113 & @intCast(u64, 0xff))); + const x115: u64 = (x113 >> 8); + const x116: u8 = @intCast(u8, (x115 & @intCast(u64, 0xff))); + const x117: u8 = @intCast(u8, (x115 >> 8)); + const x118: u8 = @intCast(u8, (x32 & @intCast(u64, 0xff))); + const x119: u64 = (x32 >> 8); + const x120: u8 = @intCast(u8, (x119 & @intCast(u64, 0xff))); + const x121: u64 = (x119 >> 8); + const x122: u8 = @intCast(u8, (x121 & @intCast(u64, 0xff))); + const x123: u64 = (x121 >> 8); + const x124: u8 = @intCast(u8, (x123 & @intCast(u64, 0xff))); + const x125: u64 = (x123 >> 8); + const x126: u8 = @intCast(u8, (x125 & @intCast(u64, 0xff))); + const x127: u64 = (x125 >> 8); + const x128: u8 = @intCast(u8, (x127 & @intCast(u64, 0xff))); + const x129: u8 = @intCast(u8, (x127 >> 8)); + out1[0] = x34; + out1[1] = x36; + out1[2] = x38; + out1[3] = x40; + out1[4] = x42; + out1[5] = x44; + out1[6] = x45; + out1[7] = x46; + out1[8] = x48; + out1[9] = x50; + out1[10] = x52; + out1[11] = x54; + out1[12] = x56; + out1[13] = x57; + out1[14] = x58; + out1[15] = x60; + out1[16] = x62; + out1[17] = x64; + out1[18] = x66; + out1[19] = x68; + out1[20] = x69; + out1[21] = x70; + out1[22] = x72; + out1[23] = x74; + out1[24] = x76; + out1[25] = x78; + out1[26] = x80; + out1[27] = x81; + out1[28] = x82; + out1[29] = x84; + out1[30] = x86; + out1[31] = x88; + out1[32] = x90; + out1[33] = x92; + out1[34] = x93; + out1[35] = x94; + out1[36] = x96; + out1[37] = x98; + out1[38] = x100; + out1[39] = x102; + out1[40] = x104; + out1[41] = x105; + out1[42] = x106; + out1[43] = x108; + out1[44] = x110; + out1[45] = x112; + out1[46] = x114; + out1[47] = x116; + out1[48] = x117; + out1[49] = x118; + out1[50] = x120; + out1[51] = x122; + out1[52] = x124; + out1[53] = x126; + out1[54] = x128; + out1[55] = x129; +} + +/// The function fiatP448FromBytes deserializes a field element from bytes in little-endian order. +/// Postconditions: +/// eval out1 mod m = bytes_eval arg1 mod m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0x100000000000000], [0x0 ~> 0x100000000000000], [0x0 ~> 0x100000000000000], [0x0 ~> 0x100000000000000], [0x0 ~> 0x100000000000000], [0x0 ~> 0x100000000000000], [0x0 ~> 0x100000000000000], [0x0 ~> 0x100000000000000]] +pub fn fiatP448FromBytes(out1: *[8]u64, arg1: [56]u8) void { + const x1: u64 = (@intCast(u64, (arg1[55])) << 48); + const x2: u64 = (@intCast(u64, (arg1[54])) << 40); + const x3: u64 = (@intCast(u64, (arg1[53])) << 32); + const x4: u64 = (@intCast(u64, (arg1[52])) << 24); + const x5: u64 = (@intCast(u64, (arg1[51])) << 16); + const x6: u64 = (@intCast(u64, (arg1[50])) << 8); + const x7: u8 = (arg1[49]); + const x8: u64 = (@intCast(u64, (arg1[48])) << 48); + const x9: u64 = (@intCast(u64, (arg1[47])) << 40); + const x10: u64 = (@intCast(u64, (arg1[46])) << 32); + const x11: u64 = (@intCast(u64, (arg1[45])) << 24); + const x12: u64 = (@intCast(u64, (arg1[44])) << 16); + const x13: u64 = (@intCast(u64, (arg1[43])) << 8); + const x14: u8 = (arg1[42]); + const x15: u64 = (@intCast(u64, (arg1[41])) << 48); + const x16: u64 = (@intCast(u64, (arg1[40])) << 40); + const x17: u64 = (@intCast(u64, (arg1[39])) << 32); + const x18: u64 = (@intCast(u64, (arg1[38])) << 24); + const x19: u64 = (@intCast(u64, (arg1[37])) << 16); + const x20: u64 = (@intCast(u64, (arg1[36])) << 8); + const x21: u8 = (arg1[35]); + const x22: u64 = (@intCast(u64, (arg1[34])) << 48); + const x23: u64 = (@intCast(u64, (arg1[33])) << 40); + const x24: u64 = (@intCast(u64, (arg1[32])) << 32); + const x25: u64 = (@intCast(u64, (arg1[31])) << 24); + const x26: u64 = (@intCast(u64, (arg1[30])) << 16); + const x27: u64 = (@intCast(u64, (arg1[29])) << 8); + const x28: u8 = (arg1[28]); + const x29: u64 = (@intCast(u64, (arg1[27])) << 48); + const x30: u64 = (@intCast(u64, (arg1[26])) << 40); + const x31: u64 = (@intCast(u64, (arg1[25])) << 32); + const x32: u64 = (@intCast(u64, (arg1[24])) << 24); + const x33: u64 = (@intCast(u64, (arg1[23])) << 16); + const x34: u64 = (@intCast(u64, (arg1[22])) << 8); + const x35: u8 = (arg1[21]); + const x36: u64 = (@intCast(u64, (arg1[20])) << 48); + const x37: u64 = (@intCast(u64, (arg1[19])) << 40); + const x38: u64 = (@intCast(u64, (arg1[18])) << 32); + const x39: u64 = (@intCast(u64, (arg1[17])) << 24); + const x40: u64 = (@intCast(u64, (arg1[16])) << 16); + const x41: u64 = (@intCast(u64, (arg1[15])) << 8); + const x42: u8 = (arg1[14]); + const x43: u64 = (@intCast(u64, (arg1[13])) << 48); + const x44: u64 = (@intCast(u64, (arg1[12])) << 40); + const x45: u64 = (@intCast(u64, (arg1[11])) << 32); + const x46: u64 = (@intCast(u64, (arg1[10])) << 24); + const x47: u64 = (@intCast(u64, (arg1[9])) << 16); + const x48: u64 = (@intCast(u64, (arg1[8])) << 8); + const x49: u8 = (arg1[7]); + const x50: u64 = (@intCast(u64, (arg1[6])) << 48); + const x51: u64 = (@intCast(u64, (arg1[5])) << 40); + const x52: u64 = (@intCast(u64, (arg1[4])) << 32); + const x53: u64 = (@intCast(u64, (arg1[3])) << 24); + const x54: u64 = (@intCast(u64, (arg1[2])) << 16); + const x55: u64 = (@intCast(u64, (arg1[1])) << 8); + const x56: u8 = (arg1[0]); + const x57: u64 = (x55 + @intCast(u64, x56)); + const x58: u64 = (x54 + x57); + const x59: u64 = (x53 + x58); + const x60: u64 = (x52 + x59); + const x61: u64 = (x51 + x60); + const x62: u64 = (x50 + x61); + const x63: u64 = (x48 + @intCast(u64, x49)); + const x64: u64 = (x47 + x63); + const x65: u64 = (x46 + x64); + const x66: u64 = (x45 + x65); + const x67: u64 = (x44 + x66); + const x68: u64 = (x43 + x67); + const x69: u64 = (x41 + @intCast(u64, x42)); + const x70: u64 = (x40 + x69); + const x71: u64 = (x39 + x70); + const x72: u64 = (x38 + x71); + const x73: u64 = (x37 + x72); + const x74: u64 = (x36 + x73); + const x75: u64 = (x34 + @intCast(u64, x35)); + const x76: u64 = (x33 + x75); + const x77: u64 = (x32 + x76); + const x78: u64 = (x31 + x77); + const x79: u64 = (x30 + x78); + const x80: u64 = (x29 + x79); + const x81: u64 = (x27 + @intCast(u64, x28)); + const x82: u64 = (x26 + x81); + const x83: u64 = (x25 + x82); + const x84: u64 = (x24 + x83); + const x85: u64 = (x23 + x84); + const x86: u64 = (x22 + x85); + const x87: u64 = (x20 + @intCast(u64, x21)); + const x88: u64 = (x19 + x87); + const x89: u64 = (x18 + x88); + const x90: u64 = (x17 + x89); + const x91: u64 = (x16 + x90); + const x92: u64 = (x15 + x91); + const x93: u64 = (x13 + @intCast(u64, x14)); + const x94: u64 = (x12 + x93); + const x95: u64 = (x11 + x94); + const x96: u64 = (x10 + x95); + const x97: u64 = (x9 + x96); + const x98: u64 = (x8 + x97); + const x99: u64 = (x6 + @intCast(u64, x7)); + const x100: u64 = (x5 + x99); + const x101: u64 = (x4 + x100); + const x102: u64 = (x3 + x101); + const x103: u64 = (x2 + x102); + const x104: u64 = (x1 + x103); + out1[0] = x62; + out1[1] = x68; + out1[2] = x74; + out1[3] = x80; + out1[4] = x86; + out1[5] = x92; + out1[6] = x98; + out1[7] = x104; +} + diff --git a/fiat-zig/src/p521_64.zig b/fiat-zig/src/p521_64.zig new file mode 100644 index 0000000000..fe95491cfb --- /dev/null +++ b/fiat-zig/src/p521_64.zig @@ -0,0 +1,980 @@ +/// Autogenerated: 'src/ExtractionOCaml/unsaturated_solinas' --lang Zig --internal-static --public-function-case camelCase --private-function-case camelCase p521 64 9 '2^521 - 1' carry_mul carry_square carry add sub opp selectznz to_bytes from_bytes +/// curve description: p521 +/// machine_wordsize = 64 (from "64") +/// requested operations: carry_mul, carry_square, carry, add, sub, opp, selectznz, to_bytes, from_bytes +/// n = 9 (from "9") +/// s-c = 2^521 - [(1, 1)] (from "2^521 - 1") +/// tight_bounds_multiplier = 1 (from "") +/// +/// Computed values: +/// carry_chain = [0, 1, 2, 3, 4, 5, 6, 7, 8, 0, 1] +/// eval z = z[0] + (z[1] << 58) + (z[2] << 116) + (z[3] << 174) + (z[4] << 232) + (z[5] << 0x122) + (z[6] << 0x15c) + (z[7] << 0x196) + (z[8] << 0x1d0) +/// bytes_eval z = z[0] + (z[1] << 8) + (z[2] << 16) + (z[3] << 24) + (z[4] << 32) + (z[5] << 40) + (z[6] << 48) + (z[7] << 56) + (z[8] << 64) + (z[9] << 72) + (z[10] << 80) + (z[11] << 88) + (z[12] << 96) + (z[13] << 104) + (z[14] << 112) + (z[15] << 120) + (z[16] << 128) + (z[17] << 136) + (z[18] << 144) + (z[19] << 152) + (z[20] << 160) + (z[21] << 168) + (z[22] << 176) + (z[23] << 184) + (z[24] << 192) + (z[25] << 200) + (z[26] << 208) + (z[27] << 216) + (z[28] << 224) + (z[29] << 232) + (z[30] << 240) + (z[31] << 248) + (z[32] << 256) + (z[33] << 0x108) + (z[34] << 0x110) + (z[35] << 0x118) + (z[36] << 0x120) + (z[37] << 0x128) + (z[38] << 0x130) + (z[39] << 0x138) + (z[40] << 0x140) + (z[41] << 0x148) + (z[42] << 0x150) + (z[43] << 0x158) + (z[44] << 0x160) + (z[45] << 0x168) + (z[46] << 0x170) + (z[47] << 0x178) + (z[48] << 0x180) + (z[49] << 0x188) + (z[50] << 0x190) + (z[51] << 0x198) + (z[52] << 0x1a0) + (z[53] << 0x1a8) + (z[54] << 0x1b0) + (z[55] << 0x1b8) + (z[56] << 0x1c0) + (z[57] << 0x1c8) + (z[58] << 0x1d0) + (z[59] << 0x1d8) + (z[60] << 0x1e0) + (z[61] << 0x1e8) + (z[62] << 0x1f0) + (z[63] << 0x1f8) + (z[64] << 2^9) + (z[65] << 0x208) +/// balance = [0x7fffffffffffffe, 0x7fffffffffffffe, 0x7fffffffffffffe, 0x7fffffffffffffe, 0x7fffffffffffffe, 0x7fffffffffffffe, 0x7fffffffffffffe, 0x7fffffffffffffe, 0x3fffffffffffffe] + + +/// The function fiatP521AddcarryxU58 is an addition with carry. +/// Postconditions: +/// out1 = (arg1 + arg2 + arg3) mod 2^58 +/// out2 = ⌊(arg1 + arg2 + arg3) / 2^58⌋ +/// +/// Input Bounds: +/// arg1: [0x0 ~> 0x1] +/// arg2: [0x0 ~> 0x3ffffffffffffff] +/// arg3: [0x0 ~> 0x3ffffffffffffff] +/// Output Bounds: +/// out1: [0x0 ~> 0x3ffffffffffffff] +/// out2: [0x0 ~> 0x1] +fn fiatP521AddcarryxU58(out1: *u64, out2: *u1, arg1: u1, arg2: u64, arg3: u64) callconv(.Inline) void { + const x1: u64 = ((@intCast(u64, arg1) + arg2) + arg3); + const x2: u64 = (x1 & 0x3ffffffffffffff); + const x3: u1 = @intCast(u1, (x1 >> 58)); + out1.* = x2; + out2.* = x3; +} + +/// The function fiatP521SubborrowxU58 is a subtraction with borrow. +/// Postconditions: +/// out1 = (-arg1 + arg2 + -arg3) mod 2^58 +/// out2 = -⌊(-arg1 + arg2 + -arg3) / 2^58⌋ +/// +/// Input Bounds: +/// arg1: [0x0 ~> 0x1] +/// arg2: [0x0 ~> 0x3ffffffffffffff] +/// arg3: [0x0 ~> 0x3ffffffffffffff] +/// Output Bounds: +/// out1: [0x0 ~> 0x3ffffffffffffff] +/// out2: [0x0 ~> 0x1] +fn fiatP521SubborrowxU58(out1: *u64, out2: *u1, arg1: u1, arg2: u64, arg3: u64) callconv(.Inline) void { + const x1: i64 = @intCast(i64, (@intCast(i128, @intCast(i64, (@intCast(i128, arg2) - @intCast(i128, arg1)))) - @intCast(i128, arg3))); + const x2: i1 = @intCast(i1, (x1 >> 58)); + const x3: u64 = @intCast(u64, (@intCast(i128, x1) & @intCast(i128, 0x3ffffffffffffff))); + out1.* = x3; + out2.* = @intCast(u1, (@intCast(i2, 0x0) - @intCast(i2, x2))); +} + +/// The function fiatP521AddcarryxU57 is an addition with carry. +/// Postconditions: +/// out1 = (arg1 + arg2 + arg3) mod 2^57 +/// out2 = ⌊(arg1 + arg2 + arg3) / 2^57⌋ +/// +/// Input Bounds: +/// arg1: [0x0 ~> 0x1] +/// arg2: [0x0 ~> 0x1ffffffffffffff] +/// arg3: [0x0 ~> 0x1ffffffffffffff] +/// Output Bounds: +/// out1: [0x0 ~> 0x1ffffffffffffff] +/// out2: [0x0 ~> 0x1] +fn fiatP521AddcarryxU57(out1: *u64, out2: *u1, arg1: u1, arg2: u64, arg3: u64) callconv(.Inline) void { + const x1: u64 = ((@intCast(u64, arg1) + arg2) + arg3); + const x2: u64 = (x1 & 0x1ffffffffffffff); + const x3: u1 = @intCast(u1, (x1 >> 57)); + out1.* = x2; + out2.* = x3; +} + +/// The function fiatP521SubborrowxU57 is a subtraction with borrow. +/// Postconditions: +/// out1 = (-arg1 + arg2 + -arg3) mod 2^57 +/// out2 = -⌊(-arg1 + arg2 + -arg3) / 2^57⌋ +/// +/// Input Bounds: +/// arg1: [0x0 ~> 0x1] +/// arg2: [0x0 ~> 0x1ffffffffffffff] +/// arg3: [0x0 ~> 0x1ffffffffffffff] +/// Output Bounds: +/// out1: [0x0 ~> 0x1ffffffffffffff] +/// out2: [0x0 ~> 0x1] +fn fiatP521SubborrowxU57(out1: *u64, out2: *u1, arg1: u1, arg2: u64, arg3: u64) callconv(.Inline) void { + const x1: i64 = @intCast(i64, (@intCast(i128, @intCast(i64, (@intCast(i128, arg2) - @intCast(i128, arg1)))) - @intCast(i128, arg3))); + const x2: i1 = @intCast(i1, (x1 >> 57)); + const x3: u64 = @intCast(u64, (@intCast(i128, x1) & @intCast(i128, 0x1ffffffffffffff))); + out1.* = x3; + out2.* = @intCast(u1, (@intCast(i2, 0x0) - @intCast(i2, x2))); +} + +/// The function fiatP521CmovznzU64 is a single-word conditional move. +/// Postconditions: +/// out1 = (if arg1 = 0 then arg2 else arg3) +/// +/// Input Bounds: +/// arg1: [0x0 ~> 0x1] +/// arg2: [0x0 ~> 0xffffffffffffffff] +/// arg3: [0x0 ~> 0xffffffffffffffff] +/// Output Bounds: +/// out1: [0x0 ~> 0xffffffffffffffff] +fn fiatP521CmovznzU64(out1: *u64, arg1: u1, arg2: u64, arg3: u64) callconv(.Inline) void { + const x1: u1 = (~(~arg1)); + const x2: u64 = @intCast(u64, (@intCast(i128, @intCast(i1, (@intCast(i2, 0x0) - @intCast(i2, x1)))) & @intCast(i128, 0xffffffffffffffff))); + const x3: u64 = ((x2 & arg3) | ((~x2) & arg2)); + out1.* = x3; +} + +/// The function fiatP521CarryMul multiplies two field elements and reduces the result. +/// Postconditions: +/// eval out1 mod m = (eval arg1 * eval arg2) mod m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xc00000000000000], [0x0 ~> 0xc00000000000000], [0x0 ~> 0xc00000000000000], [0x0 ~> 0xc00000000000000], [0x0 ~> 0xc00000000000000], [0x0 ~> 0xc00000000000000], [0x0 ~> 0xc00000000000000], [0x0 ~> 0xc00000000000000], [0x0 ~> 0x600000000000000]] +/// arg2: [[0x0 ~> 0xc00000000000000], [0x0 ~> 0xc00000000000000], [0x0 ~> 0xc00000000000000], [0x0 ~> 0xc00000000000000], [0x0 ~> 0xc00000000000000], [0x0 ~> 0xc00000000000000], [0x0 ~> 0xc00000000000000], [0x0 ~> 0xc00000000000000], [0x0 ~> 0x600000000000000]] +/// Output Bounds: +/// out1: [[0x0 ~> 0x400000000000000], [0x0 ~> 0x400000000000000], [0x0 ~> 0x400000000000000], [0x0 ~> 0x400000000000000], [0x0 ~> 0x400000000000000], [0x0 ~> 0x400000000000000], [0x0 ~> 0x400000000000000], [0x0 ~> 0x400000000000000], [0x0 ~> 0x200000000000000]] +pub fn fiatP521CarryMul(out1: *[9]u64, arg1: [9]u64, arg2: [9]u64) void { + const x1: u128 = (@intCast(u128, (arg1[8])) * @intCast(u128, ((arg2[8]) * 0x2))); + const x2: u128 = (@intCast(u128, (arg1[8])) * @intCast(u128, ((arg2[7]) * 0x2))); + const x3: u128 = (@intCast(u128, (arg1[8])) * @intCast(u128, ((arg2[6]) * 0x2))); + const x4: u128 = (@intCast(u128, (arg1[8])) * @intCast(u128, ((arg2[5]) * 0x2))); + const x5: u128 = (@intCast(u128, (arg1[8])) * @intCast(u128, ((arg2[4]) * 0x2))); + const x6: u128 = (@intCast(u128, (arg1[8])) * @intCast(u128, ((arg2[3]) * 0x2))); + const x7: u128 = (@intCast(u128, (arg1[8])) * @intCast(u128, ((arg2[2]) * 0x2))); + const x8: u128 = (@intCast(u128, (arg1[8])) * @intCast(u128, ((arg2[1]) * 0x2))); + const x9: u128 = (@intCast(u128, (arg1[7])) * @intCast(u128, ((arg2[8]) * 0x2))); + const x10: u128 = (@intCast(u128, (arg1[7])) * @intCast(u128, ((arg2[7]) * 0x2))); + const x11: u128 = (@intCast(u128, (arg1[7])) * @intCast(u128, ((arg2[6]) * 0x2))); + const x12: u128 = (@intCast(u128, (arg1[7])) * @intCast(u128, ((arg2[5]) * 0x2))); + const x13: u128 = (@intCast(u128, (arg1[7])) * @intCast(u128, ((arg2[4]) * 0x2))); + const x14: u128 = (@intCast(u128, (arg1[7])) * @intCast(u128, ((arg2[3]) * 0x2))); + const x15: u128 = (@intCast(u128, (arg1[7])) * @intCast(u128, ((arg2[2]) * 0x2))); + const x16: u128 = (@intCast(u128, (arg1[6])) * @intCast(u128, ((arg2[8]) * 0x2))); + const x17: u128 = (@intCast(u128, (arg1[6])) * @intCast(u128, ((arg2[7]) * 0x2))); + const x18: u128 = (@intCast(u128, (arg1[6])) * @intCast(u128, ((arg2[6]) * 0x2))); + const x19: u128 = (@intCast(u128, (arg1[6])) * @intCast(u128, ((arg2[5]) * 0x2))); + const x20: u128 = (@intCast(u128, (arg1[6])) * @intCast(u128, ((arg2[4]) * 0x2))); + const x21: u128 = (@intCast(u128, (arg1[6])) * @intCast(u128, ((arg2[3]) * 0x2))); + const x22: u128 = (@intCast(u128, (arg1[5])) * @intCast(u128, ((arg2[8]) * 0x2))); + const x23: u128 = (@intCast(u128, (arg1[5])) * @intCast(u128, ((arg2[7]) * 0x2))); + const x24: u128 = (@intCast(u128, (arg1[5])) * @intCast(u128, ((arg2[6]) * 0x2))); + const x25: u128 = (@intCast(u128, (arg1[5])) * @intCast(u128, ((arg2[5]) * 0x2))); + const x26: u128 = (@intCast(u128, (arg1[5])) * @intCast(u128, ((arg2[4]) * 0x2))); + const x27: u128 = (@intCast(u128, (arg1[4])) * @intCast(u128, ((arg2[8]) * 0x2))); + const x28: u128 = (@intCast(u128, (arg1[4])) * @intCast(u128, ((arg2[7]) * 0x2))); + const x29: u128 = (@intCast(u128, (arg1[4])) * @intCast(u128, ((arg2[6]) * 0x2))); + const x30: u128 = (@intCast(u128, (arg1[4])) * @intCast(u128, ((arg2[5]) * 0x2))); + const x31: u128 = (@intCast(u128, (arg1[3])) * @intCast(u128, ((arg2[8]) * 0x2))); + const x32: u128 = (@intCast(u128, (arg1[3])) * @intCast(u128, ((arg2[7]) * 0x2))); + const x33: u128 = (@intCast(u128, (arg1[3])) * @intCast(u128, ((arg2[6]) * 0x2))); + const x34: u128 = (@intCast(u128, (arg1[2])) * @intCast(u128, ((arg2[8]) * 0x2))); + const x35: u128 = (@intCast(u128, (arg1[2])) * @intCast(u128, ((arg2[7]) * 0x2))); + const x36: u128 = (@intCast(u128, (arg1[1])) * @intCast(u128, ((arg2[8]) * 0x2))); + const x37: u128 = (@intCast(u128, (arg1[8])) * @intCast(u128, (arg2[0]))); + const x38: u128 = (@intCast(u128, (arg1[7])) * @intCast(u128, (arg2[1]))); + const x39: u128 = (@intCast(u128, (arg1[7])) * @intCast(u128, (arg2[0]))); + const x40: u128 = (@intCast(u128, (arg1[6])) * @intCast(u128, (arg2[2]))); + const x41: u128 = (@intCast(u128, (arg1[6])) * @intCast(u128, (arg2[1]))); + const x42: u128 = (@intCast(u128, (arg1[6])) * @intCast(u128, (arg2[0]))); + const x43: u128 = (@intCast(u128, (arg1[5])) * @intCast(u128, (arg2[3]))); + const x44: u128 = (@intCast(u128, (arg1[5])) * @intCast(u128, (arg2[2]))); + const x45: u128 = (@intCast(u128, (arg1[5])) * @intCast(u128, (arg2[1]))); + const x46: u128 = (@intCast(u128, (arg1[5])) * @intCast(u128, (arg2[0]))); + const x47: u128 = (@intCast(u128, (arg1[4])) * @intCast(u128, (arg2[4]))); + const x48: u128 = (@intCast(u128, (arg1[4])) * @intCast(u128, (arg2[3]))); + const x49: u128 = (@intCast(u128, (arg1[4])) * @intCast(u128, (arg2[2]))); + const x50: u128 = (@intCast(u128, (arg1[4])) * @intCast(u128, (arg2[1]))); + const x51: u128 = (@intCast(u128, (arg1[4])) * @intCast(u128, (arg2[0]))); + const x52: u128 = (@intCast(u128, (arg1[3])) * @intCast(u128, (arg2[5]))); + const x53: u128 = (@intCast(u128, (arg1[3])) * @intCast(u128, (arg2[4]))); + const x54: u128 = (@intCast(u128, (arg1[3])) * @intCast(u128, (arg2[3]))); + const x55: u128 = (@intCast(u128, (arg1[3])) * @intCast(u128, (arg2[2]))); + const x56: u128 = (@intCast(u128, (arg1[3])) * @intCast(u128, (arg2[1]))); + const x57: u128 = (@intCast(u128, (arg1[3])) * @intCast(u128, (arg2[0]))); + const x58: u128 = (@intCast(u128, (arg1[2])) * @intCast(u128, (arg2[6]))); + const x59: u128 = (@intCast(u128, (arg1[2])) * @intCast(u128, (arg2[5]))); + const x60: u128 = (@intCast(u128, (arg1[2])) * @intCast(u128, (arg2[4]))); + const x61: u128 = (@intCast(u128, (arg1[2])) * @intCast(u128, (arg2[3]))); + const x62: u128 = (@intCast(u128, (arg1[2])) * @intCast(u128, (arg2[2]))); + const x63: u128 = (@intCast(u128, (arg1[2])) * @intCast(u128, (arg2[1]))); + const x64: u128 = (@intCast(u128, (arg1[2])) * @intCast(u128, (arg2[0]))); + const x65: u128 = (@intCast(u128, (arg1[1])) * @intCast(u128, (arg2[7]))); + const x66: u128 = (@intCast(u128, (arg1[1])) * @intCast(u128, (arg2[6]))); + const x67: u128 = (@intCast(u128, (arg1[1])) * @intCast(u128, (arg2[5]))); + const x68: u128 = (@intCast(u128, (arg1[1])) * @intCast(u128, (arg2[4]))); + const x69: u128 = (@intCast(u128, (arg1[1])) * @intCast(u128, (arg2[3]))); + const x70: u128 = (@intCast(u128, (arg1[1])) * @intCast(u128, (arg2[2]))); + const x71: u128 = (@intCast(u128, (arg1[1])) * @intCast(u128, (arg2[1]))); + const x72: u128 = (@intCast(u128, (arg1[1])) * @intCast(u128, (arg2[0]))); + const x73: u128 = (@intCast(u128, (arg1[0])) * @intCast(u128, (arg2[8]))); + const x74: u128 = (@intCast(u128, (arg1[0])) * @intCast(u128, (arg2[7]))); + const x75: u128 = (@intCast(u128, (arg1[0])) * @intCast(u128, (arg2[6]))); + const x76: u128 = (@intCast(u128, (arg1[0])) * @intCast(u128, (arg2[5]))); + const x77: u128 = (@intCast(u128, (arg1[0])) * @intCast(u128, (arg2[4]))); + const x78: u128 = (@intCast(u128, (arg1[0])) * @intCast(u128, (arg2[3]))); + const x79: u128 = (@intCast(u128, (arg1[0])) * @intCast(u128, (arg2[2]))); + const x80: u128 = (@intCast(u128, (arg1[0])) * @intCast(u128, (arg2[1]))); + const x81: u128 = (@intCast(u128, (arg1[0])) * @intCast(u128, (arg2[0]))); + const x82: u128 = (x81 + (x36 + (x35 + (x33 + (x30 + (x26 + (x21 + (x15 + x8)))))))); + const x83: u128 = (x82 >> 58); + const x84: u64 = @intCast(u64, (x82 & @intCast(u128, 0x3ffffffffffffff))); + const x85: u128 = (x73 + (x65 + (x58 + (x52 + (x47 + (x43 + (x40 + (x38 + x37)))))))); + const x86: u128 = (x74 + (x66 + (x59 + (x53 + (x48 + (x44 + (x41 + (x39 + x1)))))))); + const x87: u128 = (x75 + (x67 + (x60 + (x54 + (x49 + (x45 + (x42 + (x9 + x2)))))))); + const x88: u128 = (x76 + (x68 + (x61 + (x55 + (x50 + (x46 + (x16 + (x10 + x3)))))))); + const x89: u128 = (x77 + (x69 + (x62 + (x56 + (x51 + (x22 + (x17 + (x11 + x4)))))))); + const x90: u128 = (x78 + (x70 + (x63 + (x57 + (x27 + (x23 + (x18 + (x12 + x5)))))))); + const x91: u128 = (x79 + (x71 + (x64 + (x31 + (x28 + (x24 + (x19 + (x13 + x6)))))))); + const x92: u128 = (x80 + (x72 + (x34 + (x32 + (x29 + (x25 + (x20 + (x14 + x7)))))))); + const x93: u128 = (x83 + x92); + const x94: u128 = (x93 >> 58); + const x95: u64 = @intCast(u64, (x93 & @intCast(u128, 0x3ffffffffffffff))); + const x96: u128 = (x94 + x91); + const x97: u128 = (x96 >> 58); + const x98: u64 = @intCast(u64, (x96 & @intCast(u128, 0x3ffffffffffffff))); + const x99: u128 = (x97 + x90); + const x100: u128 = (x99 >> 58); + const x101: u64 = @intCast(u64, (x99 & @intCast(u128, 0x3ffffffffffffff))); + const x102: u128 = (x100 + x89); + const x103: u128 = (x102 >> 58); + const x104: u64 = @intCast(u64, (x102 & @intCast(u128, 0x3ffffffffffffff))); + const x105: u128 = (x103 + x88); + const x106: u128 = (x105 >> 58); + const x107: u64 = @intCast(u64, (x105 & @intCast(u128, 0x3ffffffffffffff))); + const x108: u128 = (x106 + x87); + const x109: u128 = (x108 >> 58); + const x110: u64 = @intCast(u64, (x108 & @intCast(u128, 0x3ffffffffffffff))); + const x111: u128 = (x109 + x86); + const x112: u128 = (x111 >> 58); + const x113: u64 = @intCast(u64, (x111 & @intCast(u128, 0x3ffffffffffffff))); + const x114: u128 = (x112 + x85); + const x115: u128 = (x114 >> 57); + const x116: u64 = @intCast(u64, (x114 & @intCast(u128, 0x1ffffffffffffff))); + const x117: u128 = (@intCast(u128, x84) + x115); + const x118: u64 = @intCast(u64, (x117 >> 58)); + const x119: u64 = @intCast(u64, (x117 & @intCast(u128, 0x3ffffffffffffff))); + const x120: u64 = (x118 + x95); + const x121: u1 = @intCast(u1, (x120 >> 58)); + const x122: u64 = (x120 & 0x3ffffffffffffff); + const x123: u64 = (@intCast(u64, x121) + x98); + out1[0] = x119; + out1[1] = x122; + out1[2] = x123; + out1[3] = x101; + out1[4] = x104; + out1[5] = x107; + out1[6] = x110; + out1[7] = x113; + out1[8] = x116; +} + +/// The function fiatP521CarrySquare squares a field element and reduces the result. +/// Postconditions: +/// eval out1 mod m = (eval arg1 * eval arg1) mod m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xc00000000000000], [0x0 ~> 0xc00000000000000], [0x0 ~> 0xc00000000000000], [0x0 ~> 0xc00000000000000], [0x0 ~> 0xc00000000000000], [0x0 ~> 0xc00000000000000], [0x0 ~> 0xc00000000000000], [0x0 ~> 0xc00000000000000], [0x0 ~> 0x600000000000000]] +/// Output Bounds: +/// out1: [[0x0 ~> 0x400000000000000], [0x0 ~> 0x400000000000000], [0x0 ~> 0x400000000000000], [0x0 ~> 0x400000000000000], [0x0 ~> 0x400000000000000], [0x0 ~> 0x400000000000000], [0x0 ~> 0x400000000000000], [0x0 ~> 0x400000000000000], [0x0 ~> 0x200000000000000]] +pub fn fiatP521CarrySquare(out1: *[9]u64, arg1: [9]u64) void { + const x1: u64 = (arg1[8]); + const x2: u64 = (x1 * 0x2); + const x3: u64 = ((arg1[8]) * 0x2); + const x4: u64 = (arg1[7]); + const x5: u64 = (x4 * 0x2); + const x6: u64 = ((arg1[7]) * 0x2); + const x7: u64 = (arg1[6]); + const x8: u64 = (x7 * 0x2); + const x9: u64 = ((arg1[6]) * 0x2); + const x10: u64 = (arg1[5]); + const x11: u64 = (x10 * 0x2); + const x12: u64 = ((arg1[5]) * 0x2); + const x13: u64 = ((arg1[4]) * 0x2); + const x14: u64 = ((arg1[3]) * 0x2); + const x15: u64 = ((arg1[2]) * 0x2); + const x16: u64 = ((arg1[1]) * 0x2); + const x17: u128 = (@intCast(u128, (arg1[8])) * @intCast(u128, (x1 * 0x2))); + const x18: u128 = (@intCast(u128, (arg1[7])) * @intCast(u128, (x2 * 0x2))); + const x19: u128 = (@intCast(u128, (arg1[7])) * @intCast(u128, (x4 * 0x2))); + const x20: u128 = (@intCast(u128, (arg1[6])) * @intCast(u128, (x2 * 0x2))); + const x21: u128 = (@intCast(u128, (arg1[6])) * @intCast(u128, (x5 * 0x2))); + const x22: u128 = (@intCast(u128, (arg1[6])) * @intCast(u128, (x7 * 0x2))); + const x23: u128 = (@intCast(u128, (arg1[5])) * @intCast(u128, (x2 * 0x2))); + const x24: u128 = (@intCast(u128, (arg1[5])) * @intCast(u128, (x5 * 0x2))); + const x25: u128 = (@intCast(u128, (arg1[5])) * @intCast(u128, (x8 * 0x2))); + const x26: u128 = (@intCast(u128, (arg1[5])) * @intCast(u128, (x10 * 0x2))); + const x27: u128 = (@intCast(u128, (arg1[4])) * @intCast(u128, (x2 * 0x2))); + const x28: u128 = (@intCast(u128, (arg1[4])) * @intCast(u128, (x5 * 0x2))); + const x29: u128 = (@intCast(u128, (arg1[4])) * @intCast(u128, (x8 * 0x2))); + const x30: u128 = (@intCast(u128, (arg1[4])) * @intCast(u128, (x11 * 0x2))); + const x31: u128 = (@intCast(u128, (arg1[4])) * @intCast(u128, (arg1[4]))); + const x32: u128 = (@intCast(u128, (arg1[3])) * @intCast(u128, (x2 * 0x2))); + const x33: u128 = (@intCast(u128, (arg1[3])) * @intCast(u128, (x5 * 0x2))); + const x34: u128 = (@intCast(u128, (arg1[3])) * @intCast(u128, (x8 * 0x2))); + const x35: u128 = (@intCast(u128, (arg1[3])) * @intCast(u128, x12)); + const x36: u128 = (@intCast(u128, (arg1[3])) * @intCast(u128, x13)); + const x37: u128 = (@intCast(u128, (arg1[3])) * @intCast(u128, (arg1[3]))); + const x38: u128 = (@intCast(u128, (arg1[2])) * @intCast(u128, (x2 * 0x2))); + const x39: u128 = (@intCast(u128, (arg1[2])) * @intCast(u128, (x5 * 0x2))); + const x40: u128 = (@intCast(u128, (arg1[2])) * @intCast(u128, x9)); + const x41: u128 = (@intCast(u128, (arg1[2])) * @intCast(u128, x12)); + const x42: u128 = (@intCast(u128, (arg1[2])) * @intCast(u128, x13)); + const x43: u128 = (@intCast(u128, (arg1[2])) * @intCast(u128, x14)); + const x44: u128 = (@intCast(u128, (arg1[2])) * @intCast(u128, (arg1[2]))); + const x45: u128 = (@intCast(u128, (arg1[1])) * @intCast(u128, (x2 * 0x2))); + const x46: u128 = (@intCast(u128, (arg1[1])) * @intCast(u128, x6)); + const x47: u128 = (@intCast(u128, (arg1[1])) * @intCast(u128, x9)); + const x48: u128 = (@intCast(u128, (arg1[1])) * @intCast(u128, x12)); + const x49: u128 = (@intCast(u128, (arg1[1])) * @intCast(u128, x13)); + const x50: u128 = (@intCast(u128, (arg1[1])) * @intCast(u128, x14)); + const x51: u128 = (@intCast(u128, (arg1[1])) * @intCast(u128, x15)); + const x52: u128 = (@intCast(u128, (arg1[1])) * @intCast(u128, (arg1[1]))); + const x53: u128 = (@intCast(u128, (arg1[0])) * @intCast(u128, x3)); + const x54: u128 = (@intCast(u128, (arg1[0])) * @intCast(u128, x6)); + const x55: u128 = (@intCast(u128, (arg1[0])) * @intCast(u128, x9)); + const x56: u128 = (@intCast(u128, (arg1[0])) * @intCast(u128, x12)); + const x57: u128 = (@intCast(u128, (arg1[0])) * @intCast(u128, x13)); + const x58: u128 = (@intCast(u128, (arg1[0])) * @intCast(u128, x14)); + const x59: u128 = (@intCast(u128, (arg1[0])) * @intCast(u128, x15)); + const x60: u128 = (@intCast(u128, (arg1[0])) * @intCast(u128, x16)); + const x61: u128 = (@intCast(u128, (arg1[0])) * @intCast(u128, (arg1[0]))); + const x62: u128 = (x61 + (x45 + (x39 + (x34 + x30)))); + const x63: u128 = (x62 >> 58); + const x64: u64 = @intCast(u64, (x62 & @intCast(u128, 0x3ffffffffffffff))); + const x65: u128 = (x53 + (x46 + (x40 + (x35 + x31)))); + const x66: u128 = (x54 + (x47 + (x41 + (x36 + x17)))); + const x67: u128 = (x55 + (x48 + (x42 + (x37 + x18)))); + const x68: u128 = (x56 + (x49 + (x43 + (x20 + x19)))); + const x69: u128 = (x57 + (x50 + (x44 + (x23 + x21)))); + const x70: u128 = (x58 + (x51 + (x27 + (x24 + x22)))); + const x71: u128 = (x59 + (x52 + (x32 + (x28 + x25)))); + const x72: u128 = (x60 + (x38 + (x33 + (x29 + x26)))); + const x73: u128 = (x63 + x72); + const x74: u128 = (x73 >> 58); + const x75: u64 = @intCast(u64, (x73 & @intCast(u128, 0x3ffffffffffffff))); + const x76: u128 = (x74 + x71); + const x77: u128 = (x76 >> 58); + const x78: u64 = @intCast(u64, (x76 & @intCast(u128, 0x3ffffffffffffff))); + const x79: u128 = (x77 + x70); + const x80: u128 = (x79 >> 58); + const x81: u64 = @intCast(u64, (x79 & @intCast(u128, 0x3ffffffffffffff))); + const x82: u128 = (x80 + x69); + const x83: u128 = (x82 >> 58); + const x84: u64 = @intCast(u64, (x82 & @intCast(u128, 0x3ffffffffffffff))); + const x85: u128 = (x83 + x68); + const x86: u128 = (x85 >> 58); + const x87: u64 = @intCast(u64, (x85 & @intCast(u128, 0x3ffffffffffffff))); + const x88: u128 = (x86 + x67); + const x89: u128 = (x88 >> 58); + const x90: u64 = @intCast(u64, (x88 & @intCast(u128, 0x3ffffffffffffff))); + const x91: u128 = (x89 + x66); + const x92: u128 = (x91 >> 58); + const x93: u64 = @intCast(u64, (x91 & @intCast(u128, 0x3ffffffffffffff))); + const x94: u128 = (x92 + x65); + const x95: u128 = (x94 >> 57); + const x96: u64 = @intCast(u64, (x94 & @intCast(u128, 0x1ffffffffffffff))); + const x97: u128 = (@intCast(u128, x64) + x95); + const x98: u64 = @intCast(u64, (x97 >> 58)); + const x99: u64 = @intCast(u64, (x97 & @intCast(u128, 0x3ffffffffffffff))); + const x100: u64 = (x98 + x75); + const x101: u1 = @intCast(u1, (x100 >> 58)); + const x102: u64 = (x100 & 0x3ffffffffffffff); + const x103: u64 = (@intCast(u64, x101) + x78); + out1[0] = x99; + out1[1] = x102; + out1[2] = x103; + out1[3] = x81; + out1[4] = x84; + out1[5] = x87; + out1[6] = x90; + out1[7] = x93; + out1[8] = x96; +} + +/// The function fiatP521Carry reduces a field element. +/// Postconditions: +/// eval out1 mod m = eval arg1 mod m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xc00000000000000], [0x0 ~> 0xc00000000000000], [0x0 ~> 0xc00000000000000], [0x0 ~> 0xc00000000000000], [0x0 ~> 0xc00000000000000], [0x0 ~> 0xc00000000000000], [0x0 ~> 0xc00000000000000], [0x0 ~> 0xc00000000000000], [0x0 ~> 0x600000000000000]] +/// Output Bounds: +/// out1: [[0x0 ~> 0x400000000000000], [0x0 ~> 0x400000000000000], [0x0 ~> 0x400000000000000], [0x0 ~> 0x400000000000000], [0x0 ~> 0x400000000000000], [0x0 ~> 0x400000000000000], [0x0 ~> 0x400000000000000], [0x0 ~> 0x400000000000000], [0x0 ~> 0x200000000000000]] +pub fn fiatP521Carry(out1: *[9]u64, arg1: [9]u64) void { + const x1: u64 = (arg1[0]); + const x2: u64 = ((x1 >> 58) + (arg1[1])); + const x3: u64 = ((x2 >> 58) + (arg1[2])); + const x4: u64 = ((x3 >> 58) + (arg1[3])); + const x5: u64 = ((x4 >> 58) + (arg1[4])); + const x6: u64 = ((x5 >> 58) + (arg1[5])); + const x7: u64 = ((x6 >> 58) + (arg1[6])); + const x8: u64 = ((x7 >> 58) + (arg1[7])); + const x9: u64 = ((x8 >> 58) + (arg1[8])); + const x10: u64 = ((x1 & 0x3ffffffffffffff) + (x9 >> 57)); + const x11: u64 = (@intCast(u64, @intCast(u1, (x10 >> 58))) + (x2 & 0x3ffffffffffffff)); + const x12: u64 = (x10 & 0x3ffffffffffffff); + const x13: u64 = (x11 & 0x3ffffffffffffff); + const x14: u64 = (@intCast(u64, @intCast(u1, (x11 >> 58))) + (x3 & 0x3ffffffffffffff)); + const x15: u64 = (x4 & 0x3ffffffffffffff); + const x16: u64 = (x5 & 0x3ffffffffffffff); + const x17: u64 = (x6 & 0x3ffffffffffffff); + const x18: u64 = (x7 & 0x3ffffffffffffff); + const x19: u64 = (x8 & 0x3ffffffffffffff); + const x20: u64 = (x9 & 0x1ffffffffffffff); + out1[0] = x12; + out1[1] = x13; + out1[2] = x14; + out1[3] = x15; + out1[4] = x16; + out1[5] = x17; + out1[6] = x18; + out1[7] = x19; + out1[8] = x20; +} + +/// The function fiatP521Add adds two field elements. +/// Postconditions: +/// eval out1 mod m = (eval arg1 + eval arg2) mod m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0x400000000000000], [0x0 ~> 0x400000000000000], [0x0 ~> 0x400000000000000], [0x0 ~> 0x400000000000000], [0x0 ~> 0x400000000000000], [0x0 ~> 0x400000000000000], [0x0 ~> 0x400000000000000], [0x0 ~> 0x400000000000000], [0x0 ~> 0x200000000000000]] +/// arg2: [[0x0 ~> 0x400000000000000], [0x0 ~> 0x400000000000000], [0x0 ~> 0x400000000000000], [0x0 ~> 0x400000000000000], [0x0 ~> 0x400000000000000], [0x0 ~> 0x400000000000000], [0x0 ~> 0x400000000000000], [0x0 ~> 0x400000000000000], [0x0 ~> 0x200000000000000]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xc00000000000000], [0x0 ~> 0xc00000000000000], [0x0 ~> 0xc00000000000000], [0x0 ~> 0xc00000000000000], [0x0 ~> 0xc00000000000000], [0x0 ~> 0xc00000000000000], [0x0 ~> 0xc00000000000000], [0x0 ~> 0xc00000000000000], [0x0 ~> 0x600000000000000]] +pub fn fiatP521Add(out1: *[9]u64, arg1: [9]u64, arg2: [9]u64) void { + const x1: u64 = ((arg1[0]) + (arg2[0])); + const x2: u64 = ((arg1[1]) + (arg2[1])); + const x3: u64 = ((arg1[2]) + (arg2[2])); + const x4: u64 = ((arg1[3]) + (arg2[3])); + const x5: u64 = ((arg1[4]) + (arg2[4])); + const x6: u64 = ((arg1[5]) + (arg2[5])); + const x7: u64 = ((arg1[6]) + (arg2[6])); + const x8: u64 = ((arg1[7]) + (arg2[7])); + const x9: u64 = ((arg1[8]) + (arg2[8])); + out1[0] = x1; + out1[1] = x2; + out1[2] = x3; + out1[3] = x4; + out1[4] = x5; + out1[5] = x6; + out1[6] = x7; + out1[7] = x8; + out1[8] = x9; +} + +/// The function fiatP521Sub subtracts two field elements. +/// Postconditions: +/// eval out1 mod m = (eval arg1 - eval arg2) mod m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0x400000000000000], [0x0 ~> 0x400000000000000], [0x0 ~> 0x400000000000000], [0x0 ~> 0x400000000000000], [0x0 ~> 0x400000000000000], [0x0 ~> 0x400000000000000], [0x0 ~> 0x400000000000000], [0x0 ~> 0x400000000000000], [0x0 ~> 0x200000000000000]] +/// arg2: [[0x0 ~> 0x400000000000000], [0x0 ~> 0x400000000000000], [0x0 ~> 0x400000000000000], [0x0 ~> 0x400000000000000], [0x0 ~> 0x400000000000000], [0x0 ~> 0x400000000000000], [0x0 ~> 0x400000000000000], [0x0 ~> 0x400000000000000], [0x0 ~> 0x200000000000000]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xc00000000000000], [0x0 ~> 0xc00000000000000], [0x0 ~> 0xc00000000000000], [0x0 ~> 0xc00000000000000], [0x0 ~> 0xc00000000000000], [0x0 ~> 0xc00000000000000], [0x0 ~> 0xc00000000000000], [0x0 ~> 0xc00000000000000], [0x0 ~> 0x600000000000000]] +pub fn fiatP521Sub(out1: *[9]u64, arg1: [9]u64, arg2: [9]u64) void { + const x1: u64 = ((0x7fffffffffffffe + (arg1[0])) - (arg2[0])); + const x2: u64 = ((0x7fffffffffffffe + (arg1[1])) - (arg2[1])); + const x3: u64 = ((0x7fffffffffffffe + (arg1[2])) - (arg2[2])); + const x4: u64 = ((0x7fffffffffffffe + (arg1[3])) - (arg2[3])); + const x5: u64 = ((0x7fffffffffffffe + (arg1[4])) - (arg2[4])); + const x6: u64 = ((0x7fffffffffffffe + (arg1[5])) - (arg2[5])); + const x7: u64 = ((0x7fffffffffffffe + (arg1[6])) - (arg2[6])); + const x8: u64 = ((0x7fffffffffffffe + (arg1[7])) - (arg2[7])); + const x9: u64 = ((0x3fffffffffffffe + (arg1[8])) - (arg2[8])); + out1[0] = x1; + out1[1] = x2; + out1[2] = x3; + out1[3] = x4; + out1[4] = x5; + out1[5] = x6; + out1[6] = x7; + out1[7] = x8; + out1[8] = x9; +} + +/// The function fiatP521Opp negates a field element. +/// Postconditions: +/// eval out1 mod m = -eval arg1 mod m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0x400000000000000], [0x0 ~> 0x400000000000000], [0x0 ~> 0x400000000000000], [0x0 ~> 0x400000000000000], [0x0 ~> 0x400000000000000], [0x0 ~> 0x400000000000000], [0x0 ~> 0x400000000000000], [0x0 ~> 0x400000000000000], [0x0 ~> 0x200000000000000]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xc00000000000000], [0x0 ~> 0xc00000000000000], [0x0 ~> 0xc00000000000000], [0x0 ~> 0xc00000000000000], [0x0 ~> 0xc00000000000000], [0x0 ~> 0xc00000000000000], [0x0 ~> 0xc00000000000000], [0x0 ~> 0xc00000000000000], [0x0 ~> 0x600000000000000]] +pub fn fiatP521Opp(out1: *[9]u64, arg1: [9]u64) void { + const x1: u64 = (0x7fffffffffffffe - (arg1[0])); + const x2: u64 = (0x7fffffffffffffe - (arg1[1])); + const x3: u64 = (0x7fffffffffffffe - (arg1[2])); + const x4: u64 = (0x7fffffffffffffe - (arg1[3])); + const x5: u64 = (0x7fffffffffffffe - (arg1[4])); + const x6: u64 = (0x7fffffffffffffe - (arg1[5])); + const x7: u64 = (0x7fffffffffffffe - (arg1[6])); + const x8: u64 = (0x7fffffffffffffe - (arg1[7])); + const x9: u64 = (0x3fffffffffffffe - (arg1[8])); + out1[0] = x1; + out1[1] = x2; + out1[2] = x3; + out1[3] = x4; + out1[4] = x5; + out1[5] = x6; + out1[6] = x7; + out1[7] = x8; + out1[8] = x9; +} + +/// The function fiatP521Selectznz is a multi-limb conditional select. +/// Postconditions: +/// eval out1 = (if arg1 = 0 then eval arg2 else eval arg3) +/// +/// Input Bounds: +/// arg1: [0x0 ~> 0x1] +/// arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// arg3: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +pub fn fiatP521Selectznz(out1: *[9]u64, arg1: u1, arg2: [9]u64, arg3: [9]u64) void { + var x1: u64 = undefined; + fiatP521CmovznzU64(&x1, arg1, (arg2[0]), (arg3[0])); + var x2: u64 = undefined; + fiatP521CmovznzU64(&x2, arg1, (arg2[1]), (arg3[1])); + var x3: u64 = undefined; + fiatP521CmovznzU64(&x3, arg1, (arg2[2]), (arg3[2])); + var x4: u64 = undefined; + fiatP521CmovznzU64(&x4, arg1, (arg2[3]), (arg3[3])); + var x5: u64 = undefined; + fiatP521CmovznzU64(&x5, arg1, (arg2[4]), (arg3[4])); + var x6: u64 = undefined; + fiatP521CmovznzU64(&x6, arg1, (arg2[5]), (arg3[5])); + var x7: u64 = undefined; + fiatP521CmovznzU64(&x7, arg1, (arg2[6]), (arg3[6])); + var x8: u64 = undefined; + fiatP521CmovznzU64(&x8, arg1, (arg2[7]), (arg3[7])); + var x9: u64 = undefined; + fiatP521CmovznzU64(&x9, arg1, (arg2[8]), (arg3[8])); + out1[0] = x1; + out1[1] = x2; + out1[2] = x3; + out1[3] = x4; + out1[4] = x5; + out1[5] = x6; + out1[6] = x7; + out1[7] = x8; + out1[8] = x9; +} + +/// The function fiatP521ToBytes serializes a field element to bytes in little-endian order. +/// Postconditions: +/// out1 = map (λ x, ⌊((eval arg1 mod m) mod 2^(8 * (x + 1))) / 2^(8 * x)⌋) [0..65] +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0x400000000000000], [0x0 ~> 0x400000000000000], [0x0 ~> 0x400000000000000], [0x0 ~> 0x400000000000000], [0x0 ~> 0x400000000000000], [0x0 ~> 0x400000000000000], [0x0 ~> 0x400000000000000], [0x0 ~> 0x400000000000000], [0x0 ~> 0x200000000000000]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0x1]] +pub fn fiatP521ToBytes(out1: *[66]u8, arg1: [9]u64) void { + var x1: u64 = undefined; + var x2: u1 = undefined; + fiatP521SubborrowxU58(&x1, &x2, 0x0, (arg1[0]), 0x3ffffffffffffff); + var x3: u64 = undefined; + var x4: u1 = undefined; + fiatP521SubborrowxU58(&x3, &x4, x2, (arg1[1]), 0x3ffffffffffffff); + var x5: u64 = undefined; + var x6: u1 = undefined; + fiatP521SubborrowxU58(&x5, &x6, x4, (arg1[2]), 0x3ffffffffffffff); + var x7: u64 = undefined; + var x8: u1 = undefined; + fiatP521SubborrowxU58(&x7, &x8, x6, (arg1[3]), 0x3ffffffffffffff); + var x9: u64 = undefined; + var x10: u1 = undefined; + fiatP521SubborrowxU58(&x9, &x10, x8, (arg1[4]), 0x3ffffffffffffff); + var x11: u64 = undefined; + var x12: u1 = undefined; + fiatP521SubborrowxU58(&x11, &x12, x10, (arg1[5]), 0x3ffffffffffffff); + var x13: u64 = undefined; + var x14: u1 = undefined; + fiatP521SubborrowxU58(&x13, &x14, x12, (arg1[6]), 0x3ffffffffffffff); + var x15: u64 = undefined; + var x16: u1 = undefined; + fiatP521SubborrowxU58(&x15, &x16, x14, (arg1[7]), 0x3ffffffffffffff); + var x17: u64 = undefined; + var x18: u1 = undefined; + fiatP521SubborrowxU57(&x17, &x18, x16, (arg1[8]), 0x1ffffffffffffff); + var x19: u64 = undefined; + fiatP521CmovznzU64(&x19, x18, @intCast(u64, 0x0), 0xffffffffffffffff); + var x20: u64 = undefined; + var x21: u1 = undefined; + fiatP521AddcarryxU58(&x20, &x21, 0x0, x1, (x19 & 0x3ffffffffffffff)); + var x22: u64 = undefined; + var x23: u1 = undefined; + fiatP521AddcarryxU58(&x22, &x23, x21, x3, (x19 & 0x3ffffffffffffff)); + var x24: u64 = undefined; + var x25: u1 = undefined; + fiatP521AddcarryxU58(&x24, &x25, x23, x5, (x19 & 0x3ffffffffffffff)); + var x26: u64 = undefined; + var x27: u1 = undefined; + fiatP521AddcarryxU58(&x26, &x27, x25, x7, (x19 & 0x3ffffffffffffff)); + var x28: u64 = undefined; + var x29: u1 = undefined; + fiatP521AddcarryxU58(&x28, &x29, x27, x9, (x19 & 0x3ffffffffffffff)); + var x30: u64 = undefined; + var x31: u1 = undefined; + fiatP521AddcarryxU58(&x30, &x31, x29, x11, (x19 & 0x3ffffffffffffff)); + var x32: u64 = undefined; + var x33: u1 = undefined; + fiatP521AddcarryxU58(&x32, &x33, x31, x13, (x19 & 0x3ffffffffffffff)); + var x34: u64 = undefined; + var x35: u1 = undefined; + fiatP521AddcarryxU58(&x34, &x35, x33, x15, (x19 & 0x3ffffffffffffff)); + var x36: u64 = undefined; + var x37: u1 = undefined; + fiatP521AddcarryxU57(&x36, &x37, x35, x17, (x19 & 0x1ffffffffffffff)); + const x38: u64 = (x34 << 6); + const x39: u64 = (x32 << 4); + const x40: u64 = (x30 << 2); + const x41: u64 = (x26 << 6); + const x42: u64 = (x24 << 4); + const x43: u64 = (x22 << 2); + const x44: u8 = @intCast(u8, (x20 & @intCast(u64, 0xff))); + const x45: u64 = (x20 >> 8); + const x46: u8 = @intCast(u8, (x45 & @intCast(u64, 0xff))); + const x47: u64 = (x45 >> 8); + const x48: u8 = @intCast(u8, (x47 & @intCast(u64, 0xff))); + const x49: u64 = (x47 >> 8); + const x50: u8 = @intCast(u8, (x49 & @intCast(u64, 0xff))); + const x51: u64 = (x49 >> 8); + const x52: u8 = @intCast(u8, (x51 & @intCast(u64, 0xff))); + const x53: u64 = (x51 >> 8); + const x54: u8 = @intCast(u8, (x53 & @intCast(u64, 0xff))); + const x55: u64 = (x53 >> 8); + const x56: u8 = @intCast(u8, (x55 & @intCast(u64, 0xff))); + const x57: u8 = @intCast(u8, (x55 >> 8)); + const x58: u64 = (x43 + @intCast(u64, x57)); + const x59: u8 = @intCast(u8, (x58 & @intCast(u64, 0xff))); + const x60: u64 = (x58 >> 8); + const x61: u8 = @intCast(u8, (x60 & @intCast(u64, 0xff))); + const x62: u64 = (x60 >> 8); + const x63: u8 = @intCast(u8, (x62 & @intCast(u64, 0xff))); + const x64: u64 = (x62 >> 8); + const x65: u8 = @intCast(u8, (x64 & @intCast(u64, 0xff))); + const x66: u64 = (x64 >> 8); + const x67: u8 = @intCast(u8, (x66 & @intCast(u64, 0xff))); + const x68: u64 = (x66 >> 8); + const x69: u8 = @intCast(u8, (x68 & @intCast(u64, 0xff))); + const x70: u64 = (x68 >> 8); + const x71: u8 = @intCast(u8, (x70 & @intCast(u64, 0xff))); + const x72: u8 = @intCast(u8, (x70 >> 8)); + const x73: u64 = (x42 + @intCast(u64, x72)); + const x74: u8 = @intCast(u8, (x73 & @intCast(u64, 0xff))); + const x75: u64 = (x73 >> 8); + const x76: u8 = @intCast(u8, (x75 & @intCast(u64, 0xff))); + const x77: u64 = (x75 >> 8); + const x78: u8 = @intCast(u8, (x77 & @intCast(u64, 0xff))); + const x79: u64 = (x77 >> 8); + const x80: u8 = @intCast(u8, (x79 & @intCast(u64, 0xff))); + const x81: u64 = (x79 >> 8); + const x82: u8 = @intCast(u8, (x81 & @intCast(u64, 0xff))); + const x83: u64 = (x81 >> 8); + const x84: u8 = @intCast(u8, (x83 & @intCast(u64, 0xff))); + const x85: u64 = (x83 >> 8); + const x86: u8 = @intCast(u8, (x85 & @intCast(u64, 0xff))); + const x87: u8 = @intCast(u8, (x85 >> 8)); + const x88: u64 = (x41 + @intCast(u64, x87)); + const x89: u8 = @intCast(u8, (x88 & @intCast(u64, 0xff))); + const x90: u64 = (x88 >> 8); + const x91: u8 = @intCast(u8, (x90 & @intCast(u64, 0xff))); + const x92: u64 = (x90 >> 8); + const x93: u8 = @intCast(u8, (x92 & @intCast(u64, 0xff))); + const x94: u64 = (x92 >> 8); + const x95: u8 = @intCast(u8, (x94 & @intCast(u64, 0xff))); + const x96: u64 = (x94 >> 8); + const x97: u8 = @intCast(u8, (x96 & @intCast(u64, 0xff))); + const x98: u64 = (x96 >> 8); + const x99: u8 = @intCast(u8, (x98 & @intCast(u64, 0xff))); + const x100: u64 = (x98 >> 8); + const x101: u8 = @intCast(u8, (x100 & @intCast(u64, 0xff))); + const x102: u8 = @intCast(u8, (x100 >> 8)); + const x103: u8 = @intCast(u8, (x28 & @intCast(u64, 0xff))); + const x104: u64 = (x28 >> 8); + const x105: u8 = @intCast(u8, (x104 & @intCast(u64, 0xff))); + const x106: u64 = (x104 >> 8); + const x107: u8 = @intCast(u8, (x106 & @intCast(u64, 0xff))); + const x108: u64 = (x106 >> 8); + const x109: u8 = @intCast(u8, (x108 & @intCast(u64, 0xff))); + const x110: u64 = (x108 >> 8); + const x111: u8 = @intCast(u8, (x110 & @intCast(u64, 0xff))); + const x112: u64 = (x110 >> 8); + const x113: u8 = @intCast(u8, (x112 & @intCast(u64, 0xff))); + const x114: u64 = (x112 >> 8); + const x115: u8 = @intCast(u8, (x114 & @intCast(u64, 0xff))); + const x116: u8 = @intCast(u8, (x114 >> 8)); + const x117: u64 = (x40 + @intCast(u64, x116)); + const x118: u8 = @intCast(u8, (x117 & @intCast(u64, 0xff))); + const x119: u64 = (x117 >> 8); + const x120: u8 = @intCast(u8, (x119 & @intCast(u64, 0xff))); + const x121: u64 = (x119 >> 8); + const x122: u8 = @intCast(u8, (x121 & @intCast(u64, 0xff))); + const x123: u64 = (x121 >> 8); + const x124: u8 = @intCast(u8, (x123 & @intCast(u64, 0xff))); + const x125: u64 = (x123 >> 8); + const x126: u8 = @intCast(u8, (x125 & @intCast(u64, 0xff))); + const x127: u64 = (x125 >> 8); + const x128: u8 = @intCast(u8, (x127 & @intCast(u64, 0xff))); + const x129: u64 = (x127 >> 8); + const x130: u8 = @intCast(u8, (x129 & @intCast(u64, 0xff))); + const x131: u8 = @intCast(u8, (x129 >> 8)); + const x132: u64 = (x39 + @intCast(u64, x131)); + const x133: u8 = @intCast(u8, (x132 & @intCast(u64, 0xff))); + const x134: u64 = (x132 >> 8); + const x135: u8 = @intCast(u8, (x134 & @intCast(u64, 0xff))); + const x136: u64 = (x134 >> 8); + const x137: u8 = @intCast(u8, (x136 & @intCast(u64, 0xff))); + const x138: u64 = (x136 >> 8); + const x139: u8 = @intCast(u8, (x138 & @intCast(u64, 0xff))); + const x140: u64 = (x138 >> 8); + const x141: u8 = @intCast(u8, (x140 & @intCast(u64, 0xff))); + const x142: u64 = (x140 >> 8); + const x143: u8 = @intCast(u8, (x142 & @intCast(u64, 0xff))); + const x144: u64 = (x142 >> 8); + const x145: u8 = @intCast(u8, (x144 & @intCast(u64, 0xff))); + const x146: u8 = @intCast(u8, (x144 >> 8)); + const x147: u64 = (x38 + @intCast(u64, x146)); + const x148: u8 = @intCast(u8, (x147 & @intCast(u64, 0xff))); + const x149: u64 = (x147 >> 8); + const x150: u8 = @intCast(u8, (x149 & @intCast(u64, 0xff))); + const x151: u64 = (x149 >> 8); + const x152: u8 = @intCast(u8, (x151 & @intCast(u64, 0xff))); + const x153: u64 = (x151 >> 8); + const x154: u8 = @intCast(u8, (x153 & @intCast(u64, 0xff))); + const x155: u64 = (x153 >> 8); + const x156: u8 = @intCast(u8, (x155 & @intCast(u64, 0xff))); + const x157: u64 = (x155 >> 8); + const x158: u8 = @intCast(u8, (x157 & @intCast(u64, 0xff))); + const x159: u64 = (x157 >> 8); + const x160: u8 = @intCast(u8, (x159 & @intCast(u64, 0xff))); + const x161: u8 = @intCast(u8, (x159 >> 8)); + const x162: u8 = @intCast(u8, (x36 & @intCast(u64, 0xff))); + const x163: u64 = (x36 >> 8); + const x164: u8 = @intCast(u8, (x163 & @intCast(u64, 0xff))); + const x165: u64 = (x163 >> 8); + const x166: u8 = @intCast(u8, (x165 & @intCast(u64, 0xff))); + const x167: u64 = (x165 >> 8); + const x168: u8 = @intCast(u8, (x167 & @intCast(u64, 0xff))); + const x169: u64 = (x167 >> 8); + const x170: u8 = @intCast(u8, (x169 & @intCast(u64, 0xff))); + const x171: u64 = (x169 >> 8); + const x172: u8 = @intCast(u8, (x171 & @intCast(u64, 0xff))); + const x173: u64 = (x171 >> 8); + const x174: u8 = @intCast(u8, (x173 & @intCast(u64, 0xff))); + const x175: u1 = @intCast(u1, (x173 >> 8)); + out1[0] = x44; + out1[1] = x46; + out1[2] = x48; + out1[3] = x50; + out1[4] = x52; + out1[5] = x54; + out1[6] = x56; + out1[7] = x59; + out1[8] = x61; + out1[9] = x63; + out1[10] = x65; + out1[11] = x67; + out1[12] = x69; + out1[13] = x71; + out1[14] = x74; + out1[15] = x76; + out1[16] = x78; + out1[17] = x80; + out1[18] = x82; + out1[19] = x84; + out1[20] = x86; + out1[21] = x89; + out1[22] = x91; + out1[23] = x93; + out1[24] = x95; + out1[25] = x97; + out1[26] = x99; + out1[27] = x101; + out1[28] = x102; + out1[29] = x103; + out1[30] = x105; + out1[31] = x107; + out1[32] = x109; + out1[33] = x111; + out1[34] = x113; + out1[35] = x115; + out1[36] = x118; + out1[37] = x120; + out1[38] = x122; + out1[39] = x124; + out1[40] = x126; + out1[41] = x128; + out1[42] = x130; + out1[43] = x133; + out1[44] = x135; + out1[45] = x137; + out1[46] = x139; + out1[47] = x141; + out1[48] = x143; + out1[49] = x145; + out1[50] = x148; + out1[51] = x150; + out1[52] = x152; + out1[53] = x154; + out1[54] = x156; + out1[55] = x158; + out1[56] = x160; + out1[57] = x161; + out1[58] = x162; + out1[59] = x164; + out1[60] = x166; + out1[61] = x168; + out1[62] = x170; + out1[63] = x172; + out1[64] = x174; + out1[65] = @intCast(u8, x175); +} + +/// The function fiatP521FromBytes deserializes a field element from bytes in little-endian order. +/// Postconditions: +/// eval out1 mod m = bytes_eval arg1 mod m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0x1]] +/// Output Bounds: +/// out1: [[0x0 ~> 0x400000000000000], [0x0 ~> 0x400000000000000], [0x0 ~> 0x400000000000000], [0x0 ~> 0x400000000000000], [0x0 ~> 0x400000000000000], [0x0 ~> 0x400000000000000], [0x0 ~> 0x400000000000000], [0x0 ~> 0x400000000000000], [0x0 ~> 0x200000000000000]] +pub fn fiatP521FromBytes(out1: *[9]u64, arg1: [66]u8) void { + const x1: u64 = (@intCast(u64, @intCast(u1, (arg1[65]))) << 56); + const x2: u64 = (@intCast(u64, (arg1[64])) << 48); + const x3: u64 = (@intCast(u64, (arg1[63])) << 40); + const x4: u64 = (@intCast(u64, (arg1[62])) << 32); + const x5: u64 = (@intCast(u64, (arg1[61])) << 24); + const x6: u64 = (@intCast(u64, (arg1[60])) << 16); + const x7: u64 = (@intCast(u64, (arg1[59])) << 8); + const x8: u8 = (arg1[58]); + const x9: u64 = (@intCast(u64, (arg1[57])) << 50); + const x10: u64 = (@intCast(u64, (arg1[56])) << 42); + const x11: u64 = (@intCast(u64, (arg1[55])) << 34); + const x12: u64 = (@intCast(u64, (arg1[54])) << 26); + const x13: u64 = (@intCast(u64, (arg1[53])) << 18); + const x14: u64 = (@intCast(u64, (arg1[52])) << 10); + const x15: u64 = (@intCast(u64, (arg1[51])) << 2); + const x16: u64 = (@intCast(u64, (arg1[50])) << 52); + const x17: u64 = (@intCast(u64, (arg1[49])) << 44); + const x18: u64 = (@intCast(u64, (arg1[48])) << 36); + const x19: u64 = (@intCast(u64, (arg1[47])) << 28); + const x20: u64 = (@intCast(u64, (arg1[46])) << 20); + const x21: u64 = (@intCast(u64, (arg1[45])) << 12); + const x22: u64 = (@intCast(u64, (arg1[44])) << 4); + const x23: u64 = (@intCast(u64, (arg1[43])) << 54); + const x24: u64 = (@intCast(u64, (arg1[42])) << 46); + const x25: u64 = (@intCast(u64, (arg1[41])) << 38); + const x26: u64 = (@intCast(u64, (arg1[40])) << 30); + const x27: u64 = (@intCast(u64, (arg1[39])) << 22); + const x28: u64 = (@intCast(u64, (arg1[38])) << 14); + const x29: u64 = (@intCast(u64, (arg1[37])) << 6); + const x30: u64 = (@intCast(u64, (arg1[36])) << 56); + const x31: u64 = (@intCast(u64, (arg1[35])) << 48); + const x32: u64 = (@intCast(u64, (arg1[34])) << 40); + const x33: u64 = (@intCast(u64, (arg1[33])) << 32); + const x34: u64 = (@intCast(u64, (arg1[32])) << 24); + const x35: u64 = (@intCast(u64, (arg1[31])) << 16); + const x36: u64 = (@intCast(u64, (arg1[30])) << 8); + const x37: u8 = (arg1[29]); + const x38: u64 = (@intCast(u64, (arg1[28])) << 50); + const x39: u64 = (@intCast(u64, (arg1[27])) << 42); + const x40: u64 = (@intCast(u64, (arg1[26])) << 34); + const x41: u64 = (@intCast(u64, (arg1[25])) << 26); + const x42: u64 = (@intCast(u64, (arg1[24])) << 18); + const x43: u64 = (@intCast(u64, (arg1[23])) << 10); + const x44: u64 = (@intCast(u64, (arg1[22])) << 2); + const x45: u64 = (@intCast(u64, (arg1[21])) << 52); + const x46: u64 = (@intCast(u64, (arg1[20])) << 44); + const x47: u64 = (@intCast(u64, (arg1[19])) << 36); + const x48: u64 = (@intCast(u64, (arg1[18])) << 28); + const x49: u64 = (@intCast(u64, (arg1[17])) << 20); + const x50: u64 = (@intCast(u64, (arg1[16])) << 12); + const x51: u64 = (@intCast(u64, (arg1[15])) << 4); + const x52: u64 = (@intCast(u64, (arg1[14])) << 54); + const x53: u64 = (@intCast(u64, (arg1[13])) << 46); + const x54: u64 = (@intCast(u64, (arg1[12])) << 38); + const x55: u64 = (@intCast(u64, (arg1[11])) << 30); + const x56: u64 = (@intCast(u64, (arg1[10])) << 22); + const x57: u64 = (@intCast(u64, (arg1[9])) << 14); + const x58: u64 = (@intCast(u64, (arg1[8])) << 6); + const x59: u64 = (@intCast(u64, (arg1[7])) << 56); + const x60: u64 = (@intCast(u64, (arg1[6])) << 48); + const x61: u64 = (@intCast(u64, (arg1[5])) << 40); + const x62: u64 = (@intCast(u64, (arg1[4])) << 32); + const x63: u64 = (@intCast(u64, (arg1[3])) << 24); + const x64: u64 = (@intCast(u64, (arg1[2])) << 16); + const x65: u64 = (@intCast(u64, (arg1[1])) << 8); + const x66: u8 = (arg1[0]); + const x67: u64 = (x65 + @intCast(u64, x66)); + const x68: u64 = (x64 + x67); + const x69: u64 = (x63 + x68); + const x70: u64 = (x62 + x69); + const x71: u64 = (x61 + x70); + const x72: u64 = (x60 + x71); + const x73: u64 = (x59 + x72); + const x74: u64 = (x73 & 0x3ffffffffffffff); + const x75: u8 = @intCast(u8, (x73 >> 58)); + const x76: u64 = (x58 + @intCast(u64, x75)); + const x77: u64 = (x57 + x76); + const x78: u64 = (x56 + x77); + const x79: u64 = (x55 + x78); + const x80: u64 = (x54 + x79); + const x81: u64 = (x53 + x80); + const x82: u64 = (x52 + x81); + const x83: u64 = (x82 & 0x3ffffffffffffff); + const x84: u8 = @intCast(u8, (x82 >> 58)); + const x85: u64 = (x51 + @intCast(u64, x84)); + const x86: u64 = (x50 + x85); + const x87: u64 = (x49 + x86); + const x88: u64 = (x48 + x87); + const x89: u64 = (x47 + x88); + const x90: u64 = (x46 + x89); + const x91: u64 = (x45 + x90); + const x92: u64 = (x91 & 0x3ffffffffffffff); + const x93: u8 = @intCast(u8, (x91 >> 58)); + const x94: u64 = (x44 + @intCast(u64, x93)); + const x95: u64 = (x43 + x94); + const x96: u64 = (x42 + x95); + const x97: u64 = (x41 + x96); + const x98: u64 = (x40 + x97); + const x99: u64 = (x39 + x98); + const x100: u64 = (x38 + x99); + const x101: u64 = (x36 + @intCast(u64, x37)); + const x102: u64 = (x35 + x101); + const x103: u64 = (x34 + x102); + const x104: u64 = (x33 + x103); + const x105: u64 = (x32 + x104); + const x106: u64 = (x31 + x105); + const x107: u64 = (x30 + x106); + const x108: u64 = (x107 & 0x3ffffffffffffff); + const x109: u8 = @intCast(u8, (x107 >> 58)); + const x110: u64 = (x29 + @intCast(u64, x109)); + const x111: u64 = (x28 + x110); + const x112: u64 = (x27 + x111); + const x113: u64 = (x26 + x112); + const x114: u64 = (x25 + x113); + const x115: u64 = (x24 + x114); + const x116: u64 = (x23 + x115); + const x117: u64 = (x116 & 0x3ffffffffffffff); + const x118: u8 = @intCast(u8, (x116 >> 58)); + const x119: u64 = (x22 + @intCast(u64, x118)); + const x120: u64 = (x21 + x119); + const x121: u64 = (x20 + x120); + const x122: u64 = (x19 + x121); + const x123: u64 = (x18 + x122); + const x124: u64 = (x17 + x123); + const x125: u64 = (x16 + x124); + const x126: u64 = (x125 & 0x3ffffffffffffff); + const x127: u8 = @intCast(u8, (x125 >> 58)); + const x128: u64 = (x15 + @intCast(u64, x127)); + const x129: u64 = (x14 + x128); + const x130: u64 = (x13 + x129); + const x131: u64 = (x12 + x130); + const x132: u64 = (x11 + x131); + const x133: u64 = (x10 + x132); + const x134: u64 = (x9 + x133); + const x135: u64 = (x7 + @intCast(u64, x8)); + const x136: u64 = (x6 + x135); + const x137: u64 = (x5 + x136); + const x138: u64 = (x4 + x137); + const x139: u64 = (x3 + x138); + const x140: u64 = (x2 + x139); + const x141: u64 = (x1 + x140); + out1[0] = x74; + out1[1] = x83; + out1[2] = x92; + out1[3] = x100; + out1[4] = x108; + out1[5] = x117; + out1[6] = x126; + out1[7] = x134; + out1[8] = x141; +} + diff --git a/fiat-zig/src/poly1305_32.zig b/fiat-zig/src/poly1305_32.zig new file mode 100644 index 0000000000..9b13fd69a9 --- /dev/null +++ b/fiat-zig/src/poly1305_32.zig @@ -0,0 +1,478 @@ +/// Autogenerated: 'src/ExtractionOCaml/unsaturated_solinas' --lang Zig --internal-static --public-function-case camelCase --private-function-case camelCase poly1305 32 '(auto)' '2^130 - 5' carry_mul carry_square carry add sub opp selectznz to_bytes from_bytes +/// curve description: poly1305 +/// machine_wordsize = 32 (from "32") +/// requested operations: carry_mul, carry_square, carry, add, sub, opp, selectznz, to_bytes, from_bytes +/// n = 5 (from "(auto)") +/// s-c = 2^130 - [(1, 5)] (from "2^130 - 5") +/// tight_bounds_multiplier = 1 (from "") +/// +/// Computed values: +/// carry_chain = [0, 1, 2, 3, 4, 0, 1] +/// eval z = z[0] + (z[1] << 26) + (z[2] << 52) + (z[3] << 78) + (z[4] << 104) +/// bytes_eval z = z[0] + (z[1] << 8) + (z[2] << 16) + (z[3] << 24) + (z[4] << 32) + (z[5] << 40) + (z[6] << 48) + (z[7] << 56) + (z[8] << 64) + (z[9] << 72) + (z[10] << 80) + (z[11] << 88) + (z[12] << 96) + (z[13] << 104) + (z[14] << 112) + (z[15] << 120) + (z[16] << 128) +/// balance = [0x7fffff6, 0x7fffffe, 0x7fffffe, 0x7fffffe, 0x7fffffe] + + +/// The function fiatPoly1305AddcarryxU26 is an addition with carry. +/// Postconditions: +/// out1 = (arg1 + arg2 + arg3) mod 2^26 +/// out2 = ⌊(arg1 + arg2 + arg3) / 2^26⌋ +/// +/// Input Bounds: +/// arg1: [0x0 ~> 0x1] +/// arg2: [0x0 ~> 0x3ffffff] +/// arg3: [0x0 ~> 0x3ffffff] +/// Output Bounds: +/// out1: [0x0 ~> 0x3ffffff] +/// out2: [0x0 ~> 0x1] +fn fiatPoly1305AddcarryxU26(out1: *u32, out2: *u1, arg1: u1, arg2: u32, arg3: u32) callconv(.Inline) void { + const x1: u32 = ((@intCast(u32, arg1) + arg2) + arg3); + const x2: u32 = (x1 & 0x3ffffff); + const x3: u1 = @intCast(u1, (x1 >> 26)); + out1.* = x2; + out2.* = x3; +} + +/// The function fiatPoly1305SubborrowxU26 is a subtraction with borrow. +/// Postconditions: +/// out1 = (-arg1 + arg2 + -arg3) mod 2^26 +/// out2 = -⌊(-arg1 + arg2 + -arg3) / 2^26⌋ +/// +/// Input Bounds: +/// arg1: [0x0 ~> 0x1] +/// arg2: [0x0 ~> 0x3ffffff] +/// arg3: [0x0 ~> 0x3ffffff] +/// Output Bounds: +/// out1: [0x0 ~> 0x3ffffff] +/// out2: [0x0 ~> 0x1] +fn fiatPoly1305SubborrowxU26(out1: *u32, out2: *u1, arg1: u1, arg2: u32, arg3: u32) callconv(.Inline) void { + const x1: i32 = @intCast(i32, (@intCast(i64, @intCast(i32, (@intCast(i64, arg2) - @intCast(i64, arg1)))) - @intCast(i64, arg3))); + const x2: i1 = @intCast(i1, (x1 >> 26)); + const x3: u32 = @intCast(u32, (@intCast(i64, x1) & @intCast(i64, 0x3ffffff))); + out1.* = x3; + out2.* = @intCast(u1, (@intCast(i2, 0x0) - @intCast(i2, x2))); +} + +/// The function fiatPoly1305CmovznzU32 is a single-word conditional move. +/// Postconditions: +/// out1 = (if arg1 = 0 then arg2 else arg3) +/// +/// Input Bounds: +/// arg1: [0x0 ~> 0x1] +/// arg2: [0x0 ~> 0xffffffff] +/// arg3: [0x0 ~> 0xffffffff] +/// Output Bounds: +/// out1: [0x0 ~> 0xffffffff] +fn fiatPoly1305CmovznzU32(out1: *u32, arg1: u1, arg2: u32, arg3: u32) callconv(.Inline) void { + const x1: u1 = (~(~arg1)); + const x2: u32 = @intCast(u32, (@intCast(i64, @intCast(i1, (@intCast(i2, 0x0) - @intCast(i2, x1)))) & @intCast(i64, 0xffffffff))); + const x3: u32 = ((x2 & arg3) | ((~x2) & arg2)); + out1.* = x3; +} + +/// The function fiatPoly1305CarryMul multiplies two field elements and reduces the result. +/// Postconditions: +/// eval out1 mod m = (eval arg1 * eval arg2) mod m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xc000000], [0x0 ~> 0xc000000], [0x0 ~> 0xc000000], [0x0 ~> 0xc000000], [0x0 ~> 0xc000000]] +/// arg2: [[0x0 ~> 0xc000000], [0x0 ~> 0xc000000], [0x0 ~> 0xc000000], [0x0 ~> 0xc000000], [0x0 ~> 0xc000000]] +/// Output Bounds: +/// out1: [[0x0 ~> 0x4000000], [0x0 ~> 0x4000000], [0x0 ~> 0x4000000], [0x0 ~> 0x4000000], [0x0 ~> 0x4000000]] +pub fn fiatPoly1305CarryMul(out1: *[5]u32, arg1: [5]u32, arg2: [5]u32) void { + const x1: u64 = (@intCast(u64, (arg1[4])) * @intCast(u64, ((arg2[4]) * 0x5))); + const x2: u64 = (@intCast(u64, (arg1[4])) * @intCast(u64, ((arg2[3]) * 0x5))); + const x3: u64 = (@intCast(u64, (arg1[4])) * @intCast(u64, ((arg2[2]) * 0x5))); + const x4: u64 = (@intCast(u64, (arg1[4])) * @intCast(u64, ((arg2[1]) * 0x5))); + const x5: u64 = (@intCast(u64, (arg1[3])) * @intCast(u64, ((arg2[4]) * 0x5))); + const x6: u64 = (@intCast(u64, (arg1[3])) * @intCast(u64, ((arg2[3]) * 0x5))); + const x7: u64 = (@intCast(u64, (arg1[3])) * @intCast(u64, ((arg2[2]) * 0x5))); + const x8: u64 = (@intCast(u64, (arg1[2])) * @intCast(u64, ((arg2[4]) * 0x5))); + const x9: u64 = (@intCast(u64, (arg1[2])) * @intCast(u64, ((arg2[3]) * 0x5))); + const x10: u64 = (@intCast(u64, (arg1[1])) * @intCast(u64, ((arg2[4]) * 0x5))); + const x11: u64 = (@intCast(u64, (arg1[4])) * @intCast(u64, (arg2[0]))); + const x12: u64 = (@intCast(u64, (arg1[3])) * @intCast(u64, (arg2[1]))); + const x13: u64 = (@intCast(u64, (arg1[3])) * @intCast(u64, (arg2[0]))); + const x14: u64 = (@intCast(u64, (arg1[2])) * @intCast(u64, (arg2[2]))); + const x15: u64 = (@intCast(u64, (arg1[2])) * @intCast(u64, (arg2[1]))); + const x16: u64 = (@intCast(u64, (arg1[2])) * @intCast(u64, (arg2[0]))); + const x17: u64 = (@intCast(u64, (arg1[1])) * @intCast(u64, (arg2[3]))); + const x18: u64 = (@intCast(u64, (arg1[1])) * @intCast(u64, (arg2[2]))); + const x19: u64 = (@intCast(u64, (arg1[1])) * @intCast(u64, (arg2[1]))); + const x20: u64 = (@intCast(u64, (arg1[1])) * @intCast(u64, (arg2[0]))); + const x21: u64 = (@intCast(u64, (arg1[0])) * @intCast(u64, (arg2[4]))); + const x22: u64 = (@intCast(u64, (arg1[0])) * @intCast(u64, (arg2[3]))); + const x23: u64 = (@intCast(u64, (arg1[0])) * @intCast(u64, (arg2[2]))); + const x24: u64 = (@intCast(u64, (arg1[0])) * @intCast(u64, (arg2[1]))); + const x25: u64 = (@intCast(u64, (arg1[0])) * @intCast(u64, (arg2[0]))); + const x26: u64 = (x25 + (x10 + (x9 + (x7 + x4)))); + const x27: u64 = (x26 >> 26); + const x28: u32 = @intCast(u32, (x26 & @intCast(u64, 0x3ffffff))); + const x29: u64 = (x21 + (x17 + (x14 + (x12 + x11)))); + const x30: u64 = (x22 + (x18 + (x15 + (x13 + x1)))); + const x31: u64 = (x23 + (x19 + (x16 + (x5 + x2)))); + const x32: u64 = (x24 + (x20 + (x8 + (x6 + x3)))); + const x33: u64 = (x27 + x32); + const x34: u64 = (x33 >> 26); + const x35: u32 = @intCast(u32, (x33 & @intCast(u64, 0x3ffffff))); + const x36: u64 = (x34 + x31); + const x37: u64 = (x36 >> 26); + const x38: u32 = @intCast(u32, (x36 & @intCast(u64, 0x3ffffff))); + const x39: u64 = (x37 + x30); + const x40: u64 = (x39 >> 26); + const x41: u32 = @intCast(u32, (x39 & @intCast(u64, 0x3ffffff))); + const x42: u64 = (x40 + x29); + const x43: u32 = @intCast(u32, (x42 >> 26)); + const x44: u32 = @intCast(u32, (x42 & @intCast(u64, 0x3ffffff))); + const x45: u64 = (@intCast(u64, x43) * @intCast(u64, 0x5)); + const x46: u64 = (@intCast(u64, x28) + x45); + const x47: u32 = @intCast(u32, (x46 >> 26)); + const x48: u32 = @intCast(u32, (x46 & @intCast(u64, 0x3ffffff))); + const x49: u32 = (x47 + x35); + const x50: u1 = @intCast(u1, (x49 >> 26)); + const x51: u32 = (x49 & 0x3ffffff); + const x52: u32 = (@intCast(u32, x50) + x38); + out1[0] = x48; + out1[1] = x51; + out1[2] = x52; + out1[3] = x41; + out1[4] = x44; +} + +/// The function fiatPoly1305CarrySquare squares a field element and reduces the result. +/// Postconditions: +/// eval out1 mod m = (eval arg1 * eval arg1) mod m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xc000000], [0x0 ~> 0xc000000], [0x0 ~> 0xc000000], [0x0 ~> 0xc000000], [0x0 ~> 0xc000000]] +/// Output Bounds: +/// out1: [[0x0 ~> 0x4000000], [0x0 ~> 0x4000000], [0x0 ~> 0x4000000], [0x0 ~> 0x4000000], [0x0 ~> 0x4000000]] +pub fn fiatPoly1305CarrySquare(out1: *[5]u32, arg1: [5]u32) void { + const x1: u32 = ((arg1[4]) * 0x5); + const x2: u32 = (x1 * 0x2); + const x3: u32 = ((arg1[4]) * 0x2); + const x4: u32 = ((arg1[3]) * 0x5); + const x5: u32 = (x4 * 0x2); + const x6: u32 = ((arg1[3]) * 0x2); + const x7: u32 = ((arg1[2]) * 0x2); + const x8: u32 = ((arg1[1]) * 0x2); + const x9: u64 = (@intCast(u64, (arg1[4])) * @intCast(u64, x1)); + const x10: u64 = (@intCast(u64, (arg1[3])) * @intCast(u64, x2)); + const x11: u64 = (@intCast(u64, (arg1[3])) * @intCast(u64, x4)); + const x12: u64 = (@intCast(u64, (arg1[2])) * @intCast(u64, x2)); + const x13: u64 = (@intCast(u64, (arg1[2])) * @intCast(u64, x5)); + const x14: u64 = (@intCast(u64, (arg1[2])) * @intCast(u64, (arg1[2]))); + const x15: u64 = (@intCast(u64, (arg1[1])) * @intCast(u64, x2)); + const x16: u64 = (@intCast(u64, (arg1[1])) * @intCast(u64, x6)); + const x17: u64 = (@intCast(u64, (arg1[1])) * @intCast(u64, x7)); + const x18: u64 = (@intCast(u64, (arg1[1])) * @intCast(u64, (arg1[1]))); + const x19: u64 = (@intCast(u64, (arg1[0])) * @intCast(u64, x3)); + const x20: u64 = (@intCast(u64, (arg1[0])) * @intCast(u64, x6)); + const x21: u64 = (@intCast(u64, (arg1[0])) * @intCast(u64, x7)); + const x22: u64 = (@intCast(u64, (arg1[0])) * @intCast(u64, x8)); + const x23: u64 = (@intCast(u64, (arg1[0])) * @intCast(u64, (arg1[0]))); + const x24: u64 = (x23 + (x15 + x13)); + const x25: u64 = (x24 >> 26); + const x26: u32 = @intCast(u32, (x24 & @intCast(u64, 0x3ffffff))); + const x27: u64 = (x19 + (x16 + x14)); + const x28: u64 = (x20 + (x17 + x9)); + const x29: u64 = (x21 + (x18 + x10)); + const x30: u64 = (x22 + (x12 + x11)); + const x31: u64 = (x25 + x30); + const x32: u64 = (x31 >> 26); + const x33: u32 = @intCast(u32, (x31 & @intCast(u64, 0x3ffffff))); + const x34: u64 = (x32 + x29); + const x35: u64 = (x34 >> 26); + const x36: u32 = @intCast(u32, (x34 & @intCast(u64, 0x3ffffff))); + const x37: u64 = (x35 + x28); + const x38: u64 = (x37 >> 26); + const x39: u32 = @intCast(u32, (x37 & @intCast(u64, 0x3ffffff))); + const x40: u64 = (x38 + x27); + const x41: u32 = @intCast(u32, (x40 >> 26)); + const x42: u32 = @intCast(u32, (x40 & @intCast(u64, 0x3ffffff))); + const x43: u64 = (@intCast(u64, x41) * @intCast(u64, 0x5)); + const x44: u64 = (@intCast(u64, x26) + x43); + const x45: u32 = @intCast(u32, (x44 >> 26)); + const x46: u32 = @intCast(u32, (x44 & @intCast(u64, 0x3ffffff))); + const x47: u32 = (x45 + x33); + const x48: u1 = @intCast(u1, (x47 >> 26)); + const x49: u32 = (x47 & 0x3ffffff); + const x50: u32 = (@intCast(u32, x48) + x36); + out1[0] = x46; + out1[1] = x49; + out1[2] = x50; + out1[3] = x39; + out1[4] = x42; +} + +/// The function fiatPoly1305Carry reduces a field element. +/// Postconditions: +/// eval out1 mod m = eval arg1 mod m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xc000000], [0x0 ~> 0xc000000], [0x0 ~> 0xc000000], [0x0 ~> 0xc000000], [0x0 ~> 0xc000000]] +/// Output Bounds: +/// out1: [[0x0 ~> 0x4000000], [0x0 ~> 0x4000000], [0x0 ~> 0x4000000], [0x0 ~> 0x4000000], [0x0 ~> 0x4000000]] +pub fn fiatPoly1305Carry(out1: *[5]u32, arg1: [5]u32) void { + const x1: u32 = (arg1[0]); + const x2: u32 = ((x1 >> 26) + (arg1[1])); + const x3: u32 = ((x2 >> 26) + (arg1[2])); + const x4: u32 = ((x3 >> 26) + (arg1[3])); + const x5: u32 = ((x4 >> 26) + (arg1[4])); + const x6: u32 = ((x1 & 0x3ffffff) + ((x5 >> 26) * 0x5)); + const x7: u32 = (@intCast(u32, @intCast(u1, (x6 >> 26))) + (x2 & 0x3ffffff)); + const x8: u32 = (x6 & 0x3ffffff); + const x9: u32 = (x7 & 0x3ffffff); + const x10: u32 = (@intCast(u32, @intCast(u1, (x7 >> 26))) + (x3 & 0x3ffffff)); + const x11: u32 = (x4 & 0x3ffffff); + const x12: u32 = (x5 & 0x3ffffff); + out1[0] = x8; + out1[1] = x9; + out1[2] = x10; + out1[3] = x11; + out1[4] = x12; +} + +/// The function fiatPoly1305Add adds two field elements. +/// Postconditions: +/// eval out1 mod m = (eval arg1 + eval arg2) mod m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0x4000000], [0x0 ~> 0x4000000], [0x0 ~> 0x4000000], [0x0 ~> 0x4000000], [0x0 ~> 0x4000000]] +/// arg2: [[0x0 ~> 0x4000000], [0x0 ~> 0x4000000], [0x0 ~> 0x4000000], [0x0 ~> 0x4000000], [0x0 ~> 0x4000000]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xc000000], [0x0 ~> 0xc000000], [0x0 ~> 0xc000000], [0x0 ~> 0xc000000], [0x0 ~> 0xc000000]] +pub fn fiatPoly1305Add(out1: *[5]u32, arg1: [5]u32, arg2: [5]u32) void { + const x1: u32 = ((arg1[0]) + (arg2[0])); + const x2: u32 = ((arg1[1]) + (arg2[1])); + const x3: u32 = ((arg1[2]) + (arg2[2])); + const x4: u32 = ((arg1[3]) + (arg2[3])); + const x5: u32 = ((arg1[4]) + (arg2[4])); + out1[0] = x1; + out1[1] = x2; + out1[2] = x3; + out1[3] = x4; + out1[4] = x5; +} + +/// The function fiatPoly1305Sub subtracts two field elements. +/// Postconditions: +/// eval out1 mod m = (eval arg1 - eval arg2) mod m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0x4000000], [0x0 ~> 0x4000000], [0x0 ~> 0x4000000], [0x0 ~> 0x4000000], [0x0 ~> 0x4000000]] +/// arg2: [[0x0 ~> 0x4000000], [0x0 ~> 0x4000000], [0x0 ~> 0x4000000], [0x0 ~> 0x4000000], [0x0 ~> 0x4000000]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xc000000], [0x0 ~> 0xc000000], [0x0 ~> 0xc000000], [0x0 ~> 0xc000000], [0x0 ~> 0xc000000]] +pub fn fiatPoly1305Sub(out1: *[5]u32, arg1: [5]u32, arg2: [5]u32) void { + const x1: u32 = ((0x7fffff6 + (arg1[0])) - (arg2[0])); + const x2: u32 = ((0x7fffffe + (arg1[1])) - (arg2[1])); + const x3: u32 = ((0x7fffffe + (arg1[2])) - (arg2[2])); + const x4: u32 = ((0x7fffffe + (arg1[3])) - (arg2[3])); + const x5: u32 = ((0x7fffffe + (arg1[4])) - (arg2[4])); + out1[0] = x1; + out1[1] = x2; + out1[2] = x3; + out1[3] = x4; + out1[4] = x5; +} + +/// The function fiatPoly1305Opp negates a field element. +/// Postconditions: +/// eval out1 mod m = -eval arg1 mod m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0x4000000], [0x0 ~> 0x4000000], [0x0 ~> 0x4000000], [0x0 ~> 0x4000000], [0x0 ~> 0x4000000]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xc000000], [0x0 ~> 0xc000000], [0x0 ~> 0xc000000], [0x0 ~> 0xc000000], [0x0 ~> 0xc000000]] +pub fn fiatPoly1305Opp(out1: *[5]u32, arg1: [5]u32) void { + const x1: u32 = (0x7fffff6 - (arg1[0])); + const x2: u32 = (0x7fffffe - (arg1[1])); + const x3: u32 = (0x7fffffe - (arg1[2])); + const x4: u32 = (0x7fffffe - (arg1[3])); + const x5: u32 = (0x7fffffe - (arg1[4])); + out1[0] = x1; + out1[1] = x2; + out1[2] = x3; + out1[3] = x4; + out1[4] = x5; +} + +/// The function fiatPoly1305Selectznz is a multi-limb conditional select. +/// Postconditions: +/// eval out1 = (if arg1 = 0 then eval arg2 else eval arg3) +/// +/// Input Bounds: +/// arg1: [0x0 ~> 0x1] +/// arg2: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +/// arg3: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +pub fn fiatPoly1305Selectznz(out1: *[5]u32, arg1: u1, arg2: [5]u32, arg3: [5]u32) void { + var x1: u32 = undefined; + fiatPoly1305CmovznzU32(&x1, arg1, (arg2[0]), (arg3[0])); + var x2: u32 = undefined; + fiatPoly1305CmovznzU32(&x2, arg1, (arg2[1]), (arg3[1])); + var x3: u32 = undefined; + fiatPoly1305CmovznzU32(&x3, arg1, (arg2[2]), (arg3[2])); + var x4: u32 = undefined; + fiatPoly1305CmovznzU32(&x4, arg1, (arg2[3]), (arg3[3])); + var x5: u32 = undefined; + fiatPoly1305CmovznzU32(&x5, arg1, (arg2[4]), (arg3[4])); + out1[0] = x1; + out1[1] = x2; + out1[2] = x3; + out1[3] = x4; + out1[4] = x5; +} + +/// The function fiatPoly1305ToBytes serializes a field element to bytes in little-endian order. +/// Postconditions: +/// out1 = map (λ x, ⌊((eval arg1 mod m) mod 2^(8 * (x + 1))) / 2^(8 * x)⌋) [0..16] +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0x4000000], [0x0 ~> 0x4000000], [0x0 ~> 0x4000000], [0x0 ~> 0x4000000], [0x0 ~> 0x4000000]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0x3]] +pub fn fiatPoly1305ToBytes(out1: *[17]u8, arg1: [5]u32) void { + var x1: u32 = undefined; + var x2: u1 = undefined; + fiatPoly1305SubborrowxU26(&x1, &x2, 0x0, (arg1[0]), 0x3fffffb); + var x3: u32 = undefined; + var x4: u1 = undefined; + fiatPoly1305SubborrowxU26(&x3, &x4, x2, (arg1[1]), 0x3ffffff); + var x5: u32 = undefined; + var x6: u1 = undefined; + fiatPoly1305SubborrowxU26(&x5, &x6, x4, (arg1[2]), 0x3ffffff); + var x7: u32 = undefined; + var x8: u1 = undefined; + fiatPoly1305SubborrowxU26(&x7, &x8, x6, (arg1[3]), 0x3ffffff); + var x9: u32 = undefined; + var x10: u1 = undefined; + fiatPoly1305SubborrowxU26(&x9, &x10, x8, (arg1[4]), 0x3ffffff); + var x11: u32 = undefined; + fiatPoly1305CmovznzU32(&x11, x10, @intCast(u32, 0x0), 0xffffffff); + var x12: u32 = undefined; + var x13: u1 = undefined; + fiatPoly1305AddcarryxU26(&x12, &x13, 0x0, x1, (x11 & 0x3fffffb)); + var x14: u32 = undefined; + var x15: u1 = undefined; + fiatPoly1305AddcarryxU26(&x14, &x15, x13, x3, (x11 & 0x3ffffff)); + var x16: u32 = undefined; + var x17: u1 = undefined; + fiatPoly1305AddcarryxU26(&x16, &x17, x15, x5, (x11 & 0x3ffffff)); + var x18: u32 = undefined; + var x19: u1 = undefined; + fiatPoly1305AddcarryxU26(&x18, &x19, x17, x7, (x11 & 0x3ffffff)); + var x20: u32 = undefined; + var x21: u1 = undefined; + fiatPoly1305AddcarryxU26(&x20, &x21, x19, x9, (x11 & 0x3ffffff)); + const x22: u32 = (x18 << 6); + const x23: u32 = (x16 << 4); + const x24: u32 = (x14 << 2); + const x25: u8 = @intCast(u8, (x12 & @intCast(u32, 0xff))); + const x26: u32 = (x12 >> 8); + const x27: u8 = @intCast(u8, (x26 & @intCast(u32, 0xff))); + const x28: u32 = (x26 >> 8); + const x29: u8 = @intCast(u8, (x28 & @intCast(u32, 0xff))); + const x30: u8 = @intCast(u8, (x28 >> 8)); + const x31: u32 = (x24 + @intCast(u32, x30)); + const x32: u8 = @intCast(u8, (x31 & @intCast(u32, 0xff))); + const x33: u32 = (x31 >> 8); + const x34: u8 = @intCast(u8, (x33 & @intCast(u32, 0xff))); + const x35: u32 = (x33 >> 8); + const x36: u8 = @intCast(u8, (x35 & @intCast(u32, 0xff))); + const x37: u8 = @intCast(u8, (x35 >> 8)); + const x38: u32 = (x23 + @intCast(u32, x37)); + const x39: u8 = @intCast(u8, (x38 & @intCast(u32, 0xff))); + const x40: u32 = (x38 >> 8); + const x41: u8 = @intCast(u8, (x40 & @intCast(u32, 0xff))); + const x42: u32 = (x40 >> 8); + const x43: u8 = @intCast(u8, (x42 & @intCast(u32, 0xff))); + const x44: u8 = @intCast(u8, (x42 >> 8)); + const x45: u32 = (x22 + @intCast(u32, x44)); + const x46: u8 = @intCast(u8, (x45 & @intCast(u32, 0xff))); + const x47: u32 = (x45 >> 8); + const x48: u8 = @intCast(u8, (x47 & @intCast(u32, 0xff))); + const x49: u32 = (x47 >> 8); + const x50: u8 = @intCast(u8, (x49 & @intCast(u32, 0xff))); + const x51: u8 = @intCast(u8, (x49 >> 8)); + const x52: u8 = @intCast(u8, (x20 & @intCast(u32, 0xff))); + const x53: u32 = (x20 >> 8); + const x54: u8 = @intCast(u8, (x53 & @intCast(u32, 0xff))); + const x55: u32 = (x53 >> 8); + const x56: u8 = @intCast(u8, (x55 & @intCast(u32, 0xff))); + const x57: u8 = @intCast(u8, (x55 >> 8)); + out1[0] = x25; + out1[1] = x27; + out1[2] = x29; + out1[3] = x32; + out1[4] = x34; + out1[5] = x36; + out1[6] = x39; + out1[7] = x41; + out1[8] = x43; + out1[9] = x46; + out1[10] = x48; + out1[11] = x50; + out1[12] = x51; + out1[13] = x52; + out1[14] = x54; + out1[15] = x56; + out1[16] = x57; +} + +/// The function fiatPoly1305FromBytes deserializes a field element from bytes in little-endian order. +/// Postconditions: +/// eval out1 mod m = bytes_eval arg1 mod m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0x3]] +/// Output Bounds: +/// out1: [[0x0 ~> 0x4000000], [0x0 ~> 0x4000000], [0x0 ~> 0x4000000], [0x0 ~> 0x4000000], [0x0 ~> 0x4000000]] +pub fn fiatPoly1305FromBytes(out1: *[5]u32, arg1: [17]u8) void { + const x1: u32 = (@intCast(u32, (arg1[16])) << 24); + const x2: u32 = (@intCast(u32, (arg1[15])) << 16); + const x3: u32 = (@intCast(u32, (arg1[14])) << 8); + const x4: u8 = (arg1[13]); + const x5: u32 = (@intCast(u32, (arg1[12])) << 18); + const x6: u32 = (@intCast(u32, (arg1[11])) << 10); + const x7: u32 = (@intCast(u32, (arg1[10])) << 2); + const x8: u32 = (@intCast(u32, (arg1[9])) << 20); + const x9: u32 = (@intCast(u32, (arg1[8])) << 12); + const x10: u32 = (@intCast(u32, (arg1[7])) << 4); + const x11: u32 = (@intCast(u32, (arg1[6])) << 22); + const x12: u32 = (@intCast(u32, (arg1[5])) << 14); + const x13: u32 = (@intCast(u32, (arg1[4])) << 6); + const x14: u32 = (@intCast(u32, (arg1[3])) << 24); + const x15: u32 = (@intCast(u32, (arg1[2])) << 16); + const x16: u32 = (@intCast(u32, (arg1[1])) << 8); + const x17: u8 = (arg1[0]); + const x18: u32 = (x16 + @intCast(u32, x17)); + const x19: u32 = (x15 + x18); + const x20: u32 = (x14 + x19); + const x21: u32 = (x20 & 0x3ffffff); + const x22: u8 = @intCast(u8, (x20 >> 26)); + const x23: u32 = (x13 + @intCast(u32, x22)); + const x24: u32 = (x12 + x23); + const x25: u32 = (x11 + x24); + const x26: u32 = (x25 & 0x3ffffff); + const x27: u8 = @intCast(u8, (x25 >> 26)); + const x28: u32 = (x10 + @intCast(u32, x27)); + const x29: u32 = (x9 + x28); + const x30: u32 = (x8 + x29); + const x31: u32 = (x30 & 0x3ffffff); + const x32: u8 = @intCast(u8, (x30 >> 26)); + const x33: u32 = (x7 + @intCast(u32, x32)); + const x34: u32 = (x6 + x33); + const x35: u32 = (x5 + x34); + const x36: u32 = (x3 + @intCast(u32, x4)); + const x37: u32 = (x2 + x36); + const x38: u32 = (x1 + x37); + out1[0] = x21; + out1[1] = x26; + out1[2] = x31; + out1[3] = x35; + out1[4] = x38; +} + diff --git a/fiat-zig/src/poly1305_64.zig b/fiat-zig/src/poly1305_64.zig new file mode 100644 index 0000000000..7f87774b26 --- /dev/null +++ b/fiat-zig/src/poly1305_64.zig @@ -0,0 +1,430 @@ +/// Autogenerated: 'src/ExtractionOCaml/unsaturated_solinas' --lang Zig --internal-static --public-function-case camelCase --private-function-case camelCase poly1305 64 3 '2^130 - 5' carry_mul carry_square carry add sub opp selectznz to_bytes from_bytes +/// curve description: poly1305 +/// machine_wordsize = 64 (from "64") +/// requested operations: carry_mul, carry_square, carry, add, sub, opp, selectznz, to_bytes, from_bytes +/// n = 3 (from "3") +/// s-c = 2^130 - [(1, 5)] (from "2^130 - 5") +/// tight_bounds_multiplier = 1 (from "") +/// +/// Computed values: +/// carry_chain = [0, 1, 2, 0, 1] +/// eval z = z[0] + (z[1] << 44) + (z[2] << 87) +/// bytes_eval z = z[0] + (z[1] << 8) + (z[2] << 16) + (z[3] << 24) + (z[4] << 32) + (z[5] << 40) + (z[6] << 48) + (z[7] << 56) + (z[8] << 64) + (z[9] << 72) + (z[10] << 80) + (z[11] << 88) + (z[12] << 96) + (z[13] << 104) + (z[14] << 112) + (z[15] << 120) + (z[16] << 128) +/// balance = [0x1ffffffffff6, 0xffffffffffe, 0xffffffffffe] + + +/// The function fiatPoly1305AddcarryxU44 is an addition with carry. +/// Postconditions: +/// out1 = (arg1 + arg2 + arg3) mod 2^44 +/// out2 = ⌊(arg1 + arg2 + arg3) / 2^44⌋ +/// +/// Input Bounds: +/// arg1: [0x0 ~> 0x1] +/// arg2: [0x0 ~> 0xfffffffffff] +/// arg3: [0x0 ~> 0xfffffffffff] +/// Output Bounds: +/// out1: [0x0 ~> 0xfffffffffff] +/// out2: [0x0 ~> 0x1] +fn fiatPoly1305AddcarryxU44(out1: *u64, out2: *u1, arg1: u1, arg2: u64, arg3: u64) callconv(.Inline) void { + const x1: u64 = ((@intCast(u64, arg1) + arg2) + arg3); + const x2: u64 = (x1 & 0xfffffffffff); + const x3: u1 = @intCast(u1, (x1 >> 44)); + out1.* = x2; + out2.* = x3; +} + +/// The function fiatPoly1305SubborrowxU44 is a subtraction with borrow. +/// Postconditions: +/// out1 = (-arg1 + arg2 + -arg3) mod 2^44 +/// out2 = -⌊(-arg1 + arg2 + -arg3) / 2^44⌋ +/// +/// Input Bounds: +/// arg1: [0x0 ~> 0x1] +/// arg2: [0x0 ~> 0xfffffffffff] +/// arg3: [0x0 ~> 0xfffffffffff] +/// Output Bounds: +/// out1: [0x0 ~> 0xfffffffffff] +/// out2: [0x0 ~> 0x1] +fn fiatPoly1305SubborrowxU44(out1: *u64, out2: *u1, arg1: u1, arg2: u64, arg3: u64) callconv(.Inline) void { + const x1: i64 = @intCast(i64, (@intCast(i128, @intCast(i64, (@intCast(i128, arg2) - @intCast(i128, arg1)))) - @intCast(i128, arg3))); + const x2: i1 = @intCast(i1, (x1 >> 44)); + const x3: u64 = @intCast(u64, (@intCast(i128, x1) & @intCast(i128, 0xfffffffffff))); + out1.* = x3; + out2.* = @intCast(u1, (@intCast(i2, 0x0) - @intCast(i2, x2))); +} + +/// The function fiatPoly1305AddcarryxU43 is an addition with carry. +/// Postconditions: +/// out1 = (arg1 + arg2 + arg3) mod 2^43 +/// out2 = ⌊(arg1 + arg2 + arg3) / 2^43⌋ +/// +/// Input Bounds: +/// arg1: [0x0 ~> 0x1] +/// arg2: [0x0 ~> 0x7ffffffffff] +/// arg3: [0x0 ~> 0x7ffffffffff] +/// Output Bounds: +/// out1: [0x0 ~> 0x7ffffffffff] +/// out2: [0x0 ~> 0x1] +fn fiatPoly1305AddcarryxU43(out1: *u64, out2: *u1, arg1: u1, arg2: u64, arg3: u64) callconv(.Inline) void { + const x1: u64 = ((@intCast(u64, arg1) + arg2) + arg3); + const x2: u64 = (x1 & 0x7ffffffffff); + const x3: u1 = @intCast(u1, (x1 >> 43)); + out1.* = x2; + out2.* = x3; +} + +/// The function fiatPoly1305SubborrowxU43 is a subtraction with borrow. +/// Postconditions: +/// out1 = (-arg1 + arg2 + -arg3) mod 2^43 +/// out2 = -⌊(-arg1 + arg2 + -arg3) / 2^43⌋ +/// +/// Input Bounds: +/// arg1: [0x0 ~> 0x1] +/// arg2: [0x0 ~> 0x7ffffffffff] +/// arg3: [0x0 ~> 0x7ffffffffff] +/// Output Bounds: +/// out1: [0x0 ~> 0x7ffffffffff] +/// out2: [0x0 ~> 0x1] +fn fiatPoly1305SubborrowxU43(out1: *u64, out2: *u1, arg1: u1, arg2: u64, arg3: u64) callconv(.Inline) void { + const x1: i64 = @intCast(i64, (@intCast(i128, @intCast(i64, (@intCast(i128, arg2) - @intCast(i128, arg1)))) - @intCast(i128, arg3))); + const x2: i1 = @intCast(i1, (x1 >> 43)); + const x3: u64 = @intCast(u64, (@intCast(i128, x1) & @intCast(i128, 0x7ffffffffff))); + out1.* = x3; + out2.* = @intCast(u1, (@intCast(i2, 0x0) - @intCast(i2, x2))); +} + +/// The function fiatPoly1305CmovznzU64 is a single-word conditional move. +/// Postconditions: +/// out1 = (if arg1 = 0 then arg2 else arg3) +/// +/// Input Bounds: +/// arg1: [0x0 ~> 0x1] +/// arg2: [0x0 ~> 0xffffffffffffffff] +/// arg3: [0x0 ~> 0xffffffffffffffff] +/// Output Bounds: +/// out1: [0x0 ~> 0xffffffffffffffff] +fn fiatPoly1305CmovznzU64(out1: *u64, arg1: u1, arg2: u64, arg3: u64) callconv(.Inline) void { + const x1: u1 = (~(~arg1)); + const x2: u64 = @intCast(u64, (@intCast(i128, @intCast(i1, (@intCast(i2, 0x0) - @intCast(i2, x1)))) & @intCast(i128, 0xffffffffffffffff))); + const x3: u64 = ((x2 & arg3) | ((~x2) & arg2)); + out1.* = x3; +} + +/// The function fiatPoly1305CarryMul multiplies two field elements and reduces the result. +/// Postconditions: +/// eval out1 mod m = (eval arg1 * eval arg2) mod m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0x300000000000], [0x0 ~> 0x180000000000], [0x0 ~> 0x180000000000]] +/// arg2: [[0x0 ~> 0x300000000000], [0x0 ~> 0x180000000000], [0x0 ~> 0x180000000000]] +/// Output Bounds: +/// out1: [[0x0 ~> 0x100000000000], [0x0 ~> 0x80000000000], [0x0 ~> 0x80000000000]] +pub fn fiatPoly1305CarryMul(out1: *[3]u64, arg1: [3]u64, arg2: [3]u64) void { + const x1: u128 = (@intCast(u128, (arg1[2])) * @intCast(u128, ((arg2[2]) * 0x5))); + const x2: u128 = (@intCast(u128, (arg1[2])) * @intCast(u128, ((arg2[1]) * 0xa))); + const x3: u128 = (@intCast(u128, (arg1[1])) * @intCast(u128, ((arg2[2]) * 0xa))); + const x4: u128 = (@intCast(u128, (arg1[2])) * @intCast(u128, (arg2[0]))); + const x5: u128 = (@intCast(u128, (arg1[1])) * @intCast(u128, ((arg2[1]) * 0x2))); + const x6: u128 = (@intCast(u128, (arg1[1])) * @intCast(u128, (arg2[0]))); + const x7: u128 = (@intCast(u128, (arg1[0])) * @intCast(u128, (arg2[2]))); + const x8: u128 = (@intCast(u128, (arg1[0])) * @intCast(u128, (arg2[1]))); + const x9: u128 = (@intCast(u128, (arg1[0])) * @intCast(u128, (arg2[0]))); + const x10: u128 = (x9 + (x3 + x2)); + const x11: u64 = @intCast(u64, (x10 >> 44)); + const x12: u64 = @intCast(u64, (x10 & @intCast(u128, 0xfffffffffff))); + const x13: u128 = (x7 + (x5 + x4)); + const x14: u128 = (x8 + (x6 + x1)); + const x15: u128 = (@intCast(u128, x11) + x14); + const x16: u64 = @intCast(u64, (x15 >> 43)); + const x17: u64 = @intCast(u64, (x15 & @intCast(u128, 0x7ffffffffff))); + const x18: u128 = (@intCast(u128, x16) + x13); + const x19: u64 = @intCast(u64, (x18 >> 43)); + const x20: u64 = @intCast(u64, (x18 & @intCast(u128, 0x7ffffffffff))); + const x21: u64 = (x19 * 0x5); + const x22: u64 = (x12 + x21); + const x23: u64 = (x22 >> 44); + const x24: u64 = (x22 & 0xfffffffffff); + const x25: u64 = (x23 + x17); + const x26: u1 = @intCast(u1, (x25 >> 43)); + const x27: u64 = (x25 & 0x7ffffffffff); + const x28: u64 = (@intCast(u64, x26) + x20); + out1[0] = x24; + out1[1] = x27; + out1[2] = x28; +} + +/// The function fiatPoly1305CarrySquare squares a field element and reduces the result. +/// Postconditions: +/// eval out1 mod m = (eval arg1 * eval arg1) mod m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0x300000000000], [0x0 ~> 0x180000000000], [0x0 ~> 0x180000000000]] +/// Output Bounds: +/// out1: [[0x0 ~> 0x100000000000], [0x0 ~> 0x80000000000], [0x0 ~> 0x80000000000]] +pub fn fiatPoly1305CarrySquare(out1: *[3]u64, arg1: [3]u64) void { + const x1: u64 = ((arg1[2]) * 0x5); + const x2: u64 = (x1 * 0x2); + const x3: u64 = ((arg1[2]) * 0x2); + const x4: u64 = ((arg1[1]) * 0x2); + const x5: u128 = (@intCast(u128, (arg1[2])) * @intCast(u128, x1)); + const x6: u128 = (@intCast(u128, (arg1[1])) * @intCast(u128, (x2 * 0x2))); + const x7: u128 = (@intCast(u128, (arg1[1])) * @intCast(u128, ((arg1[1]) * 0x2))); + const x8: u128 = (@intCast(u128, (arg1[0])) * @intCast(u128, x3)); + const x9: u128 = (@intCast(u128, (arg1[0])) * @intCast(u128, x4)); + const x10: u128 = (@intCast(u128, (arg1[0])) * @intCast(u128, (arg1[0]))); + const x11: u128 = (x10 + x6); + const x12: u64 = @intCast(u64, (x11 >> 44)); + const x13: u64 = @intCast(u64, (x11 & @intCast(u128, 0xfffffffffff))); + const x14: u128 = (x8 + x7); + const x15: u128 = (x9 + x5); + const x16: u128 = (@intCast(u128, x12) + x15); + const x17: u64 = @intCast(u64, (x16 >> 43)); + const x18: u64 = @intCast(u64, (x16 & @intCast(u128, 0x7ffffffffff))); + const x19: u128 = (@intCast(u128, x17) + x14); + const x20: u64 = @intCast(u64, (x19 >> 43)); + const x21: u64 = @intCast(u64, (x19 & @intCast(u128, 0x7ffffffffff))); + const x22: u64 = (x20 * 0x5); + const x23: u64 = (x13 + x22); + const x24: u64 = (x23 >> 44); + const x25: u64 = (x23 & 0xfffffffffff); + const x26: u64 = (x24 + x18); + const x27: u1 = @intCast(u1, (x26 >> 43)); + const x28: u64 = (x26 & 0x7ffffffffff); + const x29: u64 = (@intCast(u64, x27) + x21); + out1[0] = x25; + out1[1] = x28; + out1[2] = x29; +} + +/// The function fiatPoly1305Carry reduces a field element. +/// Postconditions: +/// eval out1 mod m = eval arg1 mod m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0x300000000000], [0x0 ~> 0x180000000000], [0x0 ~> 0x180000000000]] +/// Output Bounds: +/// out1: [[0x0 ~> 0x100000000000], [0x0 ~> 0x80000000000], [0x0 ~> 0x80000000000]] +pub fn fiatPoly1305Carry(out1: *[3]u64, arg1: [3]u64) void { + const x1: u64 = (arg1[0]); + const x2: u64 = ((x1 >> 44) + (arg1[1])); + const x3: u64 = ((x2 >> 43) + (arg1[2])); + const x4: u64 = ((x1 & 0xfffffffffff) + ((x3 >> 43) * 0x5)); + const x5: u64 = (@intCast(u64, @intCast(u1, (x4 >> 44))) + (x2 & 0x7ffffffffff)); + const x6: u64 = (x4 & 0xfffffffffff); + const x7: u64 = (x5 & 0x7ffffffffff); + const x8: u64 = (@intCast(u64, @intCast(u1, (x5 >> 43))) + (x3 & 0x7ffffffffff)); + out1[0] = x6; + out1[1] = x7; + out1[2] = x8; +} + +/// The function fiatPoly1305Add adds two field elements. +/// Postconditions: +/// eval out1 mod m = (eval arg1 + eval arg2) mod m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0x100000000000], [0x0 ~> 0x80000000000], [0x0 ~> 0x80000000000]] +/// arg2: [[0x0 ~> 0x100000000000], [0x0 ~> 0x80000000000], [0x0 ~> 0x80000000000]] +/// Output Bounds: +/// out1: [[0x0 ~> 0x300000000000], [0x0 ~> 0x180000000000], [0x0 ~> 0x180000000000]] +pub fn fiatPoly1305Add(out1: *[3]u64, arg1: [3]u64, arg2: [3]u64) void { + const x1: u64 = ((arg1[0]) + (arg2[0])); + const x2: u64 = ((arg1[1]) + (arg2[1])); + const x3: u64 = ((arg1[2]) + (arg2[2])); + out1[0] = x1; + out1[1] = x2; + out1[2] = x3; +} + +/// The function fiatPoly1305Sub subtracts two field elements. +/// Postconditions: +/// eval out1 mod m = (eval arg1 - eval arg2) mod m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0x100000000000], [0x0 ~> 0x80000000000], [0x0 ~> 0x80000000000]] +/// arg2: [[0x0 ~> 0x100000000000], [0x0 ~> 0x80000000000], [0x0 ~> 0x80000000000]] +/// Output Bounds: +/// out1: [[0x0 ~> 0x300000000000], [0x0 ~> 0x180000000000], [0x0 ~> 0x180000000000]] +pub fn fiatPoly1305Sub(out1: *[3]u64, arg1: [3]u64, arg2: [3]u64) void { + const x1: u64 = ((0x1ffffffffff6 + (arg1[0])) - (arg2[0])); + const x2: u64 = ((0xffffffffffe + (arg1[1])) - (arg2[1])); + const x3: u64 = ((0xffffffffffe + (arg1[2])) - (arg2[2])); + out1[0] = x1; + out1[1] = x2; + out1[2] = x3; +} + +/// The function fiatPoly1305Opp negates a field element. +/// Postconditions: +/// eval out1 mod m = -eval arg1 mod m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0x100000000000], [0x0 ~> 0x80000000000], [0x0 ~> 0x80000000000]] +/// Output Bounds: +/// out1: [[0x0 ~> 0x300000000000], [0x0 ~> 0x180000000000], [0x0 ~> 0x180000000000]] +pub fn fiatPoly1305Opp(out1: *[3]u64, arg1: [3]u64) void { + const x1: u64 = (0x1ffffffffff6 - (arg1[0])); + const x2: u64 = (0xffffffffffe - (arg1[1])); + const x3: u64 = (0xffffffffffe - (arg1[2])); + out1[0] = x1; + out1[1] = x2; + out1[2] = x3; +} + +/// The function fiatPoly1305Selectznz is a multi-limb conditional select. +/// Postconditions: +/// eval out1 = (if arg1 = 0 then eval arg2 else eval arg3) +/// +/// Input Bounds: +/// arg1: [0x0 ~> 0x1] +/// arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// arg3: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +pub fn fiatPoly1305Selectznz(out1: *[3]u64, arg1: u1, arg2: [3]u64, arg3: [3]u64) void { + var x1: u64 = undefined; + fiatPoly1305CmovznzU64(&x1, arg1, (arg2[0]), (arg3[0])); + var x2: u64 = undefined; + fiatPoly1305CmovznzU64(&x2, arg1, (arg2[1]), (arg3[1])); + var x3: u64 = undefined; + fiatPoly1305CmovznzU64(&x3, arg1, (arg2[2]), (arg3[2])); + out1[0] = x1; + out1[1] = x2; + out1[2] = x3; +} + +/// The function fiatPoly1305ToBytes serializes a field element to bytes in little-endian order. +/// Postconditions: +/// out1 = map (λ x, ⌊((eval arg1 mod m) mod 2^(8 * (x + 1))) / 2^(8 * x)⌋) [0..16] +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0x100000000000], [0x0 ~> 0x80000000000], [0x0 ~> 0x80000000000]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0x3]] +pub fn fiatPoly1305ToBytes(out1: *[17]u8, arg1: [3]u64) void { + var x1: u64 = undefined; + var x2: u1 = undefined; + fiatPoly1305SubborrowxU44(&x1, &x2, 0x0, (arg1[0]), 0xffffffffffb); + var x3: u64 = undefined; + var x4: u1 = undefined; + fiatPoly1305SubborrowxU43(&x3, &x4, x2, (arg1[1]), 0x7ffffffffff); + var x5: u64 = undefined; + var x6: u1 = undefined; + fiatPoly1305SubborrowxU43(&x5, &x6, x4, (arg1[2]), 0x7ffffffffff); + var x7: u64 = undefined; + fiatPoly1305CmovznzU64(&x7, x6, @intCast(u64, 0x0), 0xffffffffffffffff); + var x8: u64 = undefined; + var x9: u1 = undefined; + fiatPoly1305AddcarryxU44(&x8, &x9, 0x0, x1, (x7 & 0xffffffffffb)); + var x10: u64 = undefined; + var x11: u1 = undefined; + fiatPoly1305AddcarryxU43(&x10, &x11, x9, x3, (x7 & 0x7ffffffffff)); + var x12: u64 = undefined; + var x13: u1 = undefined; + fiatPoly1305AddcarryxU43(&x12, &x13, x11, x5, (x7 & 0x7ffffffffff)); + const x14: u64 = (x12 << 7); + const x15: u64 = (x10 << 4); + const x16: u8 = @intCast(u8, (x8 & @intCast(u64, 0xff))); + const x17: u64 = (x8 >> 8); + const x18: u8 = @intCast(u8, (x17 & @intCast(u64, 0xff))); + const x19: u64 = (x17 >> 8); + const x20: u8 = @intCast(u8, (x19 & @intCast(u64, 0xff))); + const x21: u64 = (x19 >> 8); + const x22: u8 = @intCast(u8, (x21 & @intCast(u64, 0xff))); + const x23: u64 = (x21 >> 8); + const x24: u8 = @intCast(u8, (x23 & @intCast(u64, 0xff))); + const x25: u8 = @intCast(u8, (x23 >> 8)); + const x26: u64 = (x15 + @intCast(u64, x25)); + const x27: u8 = @intCast(u8, (x26 & @intCast(u64, 0xff))); + const x28: u64 = (x26 >> 8); + const x29: u8 = @intCast(u8, (x28 & @intCast(u64, 0xff))); + const x30: u64 = (x28 >> 8); + const x31: u8 = @intCast(u8, (x30 & @intCast(u64, 0xff))); + const x32: u64 = (x30 >> 8); + const x33: u8 = @intCast(u8, (x32 & @intCast(u64, 0xff))); + const x34: u64 = (x32 >> 8); + const x35: u8 = @intCast(u8, (x34 & @intCast(u64, 0xff))); + const x36: u8 = @intCast(u8, (x34 >> 8)); + const x37: u64 = (x14 + @intCast(u64, x36)); + const x38: u8 = @intCast(u8, (x37 & @intCast(u64, 0xff))); + const x39: u64 = (x37 >> 8); + const x40: u8 = @intCast(u8, (x39 & @intCast(u64, 0xff))); + const x41: u64 = (x39 >> 8); + const x42: u8 = @intCast(u8, (x41 & @intCast(u64, 0xff))); + const x43: u64 = (x41 >> 8); + const x44: u8 = @intCast(u8, (x43 & @intCast(u64, 0xff))); + const x45: u64 = (x43 >> 8); + const x46: u8 = @intCast(u8, (x45 & @intCast(u64, 0xff))); + const x47: u64 = (x45 >> 8); + const x48: u8 = @intCast(u8, (x47 & @intCast(u64, 0xff))); + const x49: u8 = @intCast(u8, (x47 >> 8)); + out1[0] = x16; + out1[1] = x18; + out1[2] = x20; + out1[3] = x22; + out1[4] = x24; + out1[5] = x27; + out1[6] = x29; + out1[7] = x31; + out1[8] = x33; + out1[9] = x35; + out1[10] = x38; + out1[11] = x40; + out1[12] = x42; + out1[13] = x44; + out1[14] = x46; + out1[15] = x48; + out1[16] = x49; +} + +/// The function fiatPoly1305FromBytes deserializes a field element from bytes in little-endian order. +/// Postconditions: +/// eval out1 mod m = bytes_eval arg1 mod m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0x3]] +/// Output Bounds: +/// out1: [[0x0 ~> 0x100000000000], [0x0 ~> 0x80000000000], [0x0 ~> 0x80000000000]] +pub fn fiatPoly1305FromBytes(out1: *[3]u64, arg1: [17]u8) void { + const x1: u64 = (@intCast(u64, (arg1[16])) << 41); + const x2: u64 = (@intCast(u64, (arg1[15])) << 33); + const x3: u64 = (@intCast(u64, (arg1[14])) << 25); + const x4: u64 = (@intCast(u64, (arg1[13])) << 17); + const x5: u64 = (@intCast(u64, (arg1[12])) << 9); + const x6: u64 = (@intCast(u64, (arg1[11])) * @intCast(u64, 0x2)); + const x7: u64 = (@intCast(u64, (arg1[10])) << 36); + const x8: u64 = (@intCast(u64, (arg1[9])) << 28); + const x9: u64 = (@intCast(u64, (arg1[8])) << 20); + const x10: u64 = (@intCast(u64, (arg1[7])) << 12); + const x11: u64 = (@intCast(u64, (arg1[6])) << 4); + const x12: u64 = (@intCast(u64, (arg1[5])) << 40); + const x13: u64 = (@intCast(u64, (arg1[4])) << 32); + const x14: u64 = (@intCast(u64, (arg1[3])) << 24); + const x15: u64 = (@intCast(u64, (arg1[2])) << 16); + const x16: u64 = (@intCast(u64, (arg1[1])) << 8); + const x17: u8 = (arg1[0]); + const x18: u64 = (x16 + @intCast(u64, x17)); + const x19: u64 = (x15 + x18); + const x20: u64 = (x14 + x19); + const x21: u64 = (x13 + x20); + const x22: u64 = (x12 + x21); + const x23: u64 = (x22 & 0xfffffffffff); + const x24: u8 = @intCast(u8, (x22 >> 44)); + const x25: u64 = (x11 + @intCast(u64, x24)); + const x26: u64 = (x10 + x25); + const x27: u64 = (x9 + x26); + const x28: u64 = (x8 + x27); + const x29: u64 = (x7 + x28); + const x30: u64 = (x29 & 0x7ffffffffff); + const x31: u1 = @intCast(u1, (x29 >> 43)); + const x32: u64 = (x6 + @intCast(u64, x31)); + const x33: u64 = (x5 + x32); + const x34: u64 = (x4 + x33); + const x35: u64 = (x3 + x34); + const x36: u64 = (x2 + x35); + const x37: u64 = (x1 + x36); + out1[0] = x23; + out1[1] = x30; + out1[2] = x37; +} + diff --git a/fiat-zig/src/secp256k1_32.zig b/fiat-zig/src/secp256k1_32.zig new file mode 100644 index 0000000000..004165b2da --- /dev/null +++ b/fiat-zig/src/secp256k1_32.zig @@ -0,0 +1,5318 @@ +/// Autogenerated: 'src/ExtractionOCaml/word_by_word_montgomery' --lang Zig --internal-static --public-function-case camelCase --private-function-case camelCase secp256k1 32 '2^256 - 2^32 - 977' mul square add sub opp from_montgomery to_montgomery nonzero selectznz to_bytes from_bytes one msat divstep divstep_precomp +/// curve description: secp256k1 +/// machine_wordsize = 32 (from "32") +/// requested operations: mul, square, add, sub, opp, from_montgomery, to_montgomery, nonzero, selectznz, to_bytes, from_bytes, one, msat, divstep, divstep_precomp +/// m = 0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f (from "2^256 - 2^32 - 977") +/// +/// NOTE: In addition to the bounds specified above each function, all +/// functions synthesized for this Montgomery arithmetic require the +/// input to be strictly less than the prime modulus (m), and also +/// require the input to be in the unique saturated representation. +/// All functions also ensure that these two properties are true of +/// return values. +/// +/// Computed values: +/// eval z = z[0] + (z[1] << 32) + (z[2] << 64) + (z[3] << 96) + (z[4] << 128) + (z[5] << 160) + (z[6] << 192) + (z[7] << 224) +/// bytes_eval z = z[0] + (z[1] << 8) + (z[2] << 16) + (z[3] << 24) + (z[4] << 32) + (z[5] << 40) + (z[6] << 48) + (z[7] << 56) + (z[8] << 64) + (z[9] << 72) + (z[10] << 80) + (z[11] << 88) + (z[12] << 96) + (z[13] << 104) + (z[14] << 112) + (z[15] << 120) + (z[16] << 128) + (z[17] << 136) + (z[18] << 144) + (z[19] << 152) + (z[20] << 160) + (z[21] << 168) + (z[22] << 176) + (z[23] << 184) + (z[24] << 192) + (z[25] << 200) + (z[26] << 208) + (z[27] << 216) + (z[28] << 224) + (z[29] << 232) + (z[30] << 240) + (z[31] << 248) + + +/// The function fiatSecp256k1AddcarryxU32 is an addition with carry. +/// Postconditions: +/// out1 = (arg1 + arg2 + arg3) mod 2^32 +/// out2 = ⌊(arg1 + arg2 + arg3) / 2^32⌋ +/// +/// Input Bounds: +/// arg1: [0x0 ~> 0x1] +/// arg2: [0x0 ~> 0xffffffff] +/// arg3: [0x0 ~> 0xffffffff] +/// Output Bounds: +/// out1: [0x0 ~> 0xffffffff] +/// out2: [0x0 ~> 0x1] +fn fiatSecp256k1AddcarryxU32(out1: *u32, out2: *u1, arg1: u1, arg2: u32, arg3: u32) callconv(.Inline) void { + const x1: u64 = ((@intCast(u64, arg1) + @intCast(u64, arg2)) + @intCast(u64, arg3)); + const x2: u32 = @intCast(u32, (x1 & @intCast(u64, 0xffffffff))); + const x3: u1 = @intCast(u1, (x1 >> 32)); + out1.* = x2; + out2.* = x3; +} + +/// The function fiatSecp256k1SubborrowxU32 is a subtraction with borrow. +/// Postconditions: +/// out1 = (-arg1 + arg2 + -arg3) mod 2^32 +/// out2 = -⌊(-arg1 + arg2 + -arg3) / 2^32⌋ +/// +/// Input Bounds: +/// arg1: [0x0 ~> 0x1] +/// arg2: [0x0 ~> 0xffffffff] +/// arg3: [0x0 ~> 0xffffffff] +/// Output Bounds: +/// out1: [0x0 ~> 0xffffffff] +/// out2: [0x0 ~> 0x1] +fn fiatSecp256k1SubborrowxU32(out1: *u32, out2: *u1, arg1: u1, arg2: u32, arg3: u32) callconv(.Inline) void { + const x1: i64 = ((@intCast(i64, arg2) - @intCast(i64, arg1)) - @intCast(i64, arg3)); + const x2: i1 = @intCast(i1, (x1 >> 32)); + const x3: u32 = @intCast(u32, (x1 & @intCast(i64, 0xffffffff))); + out1.* = x3; + out2.* = @intCast(u1, (@intCast(i2, 0x0) - @intCast(i2, x2))); +} + +/// The function fiatSecp256k1MulxU32 is a multiplication, returning the full double-width result. +/// Postconditions: +/// out1 = (arg1 * arg2) mod 2^32 +/// out2 = ⌊arg1 * arg2 / 2^32⌋ +/// +/// Input Bounds: +/// arg1: [0x0 ~> 0xffffffff] +/// arg2: [0x0 ~> 0xffffffff] +/// Output Bounds: +/// out1: [0x0 ~> 0xffffffff] +/// out2: [0x0 ~> 0xffffffff] +fn fiatSecp256k1MulxU32(out1: *u32, out2: *u32, arg1: u32, arg2: u32) callconv(.Inline) void { + const x1: u64 = (@intCast(u64, arg1) * @intCast(u64, arg2)); + const x2: u32 = @intCast(u32, (x1 & @intCast(u64, 0xffffffff))); + const x3: u32 = @intCast(u32, (x1 >> 32)); + out1.* = x2; + out2.* = x3; +} + +/// The function fiatSecp256k1CmovznzU32 is a single-word conditional move. +/// Postconditions: +/// out1 = (if arg1 = 0 then arg2 else arg3) +/// +/// Input Bounds: +/// arg1: [0x0 ~> 0x1] +/// arg2: [0x0 ~> 0xffffffff] +/// arg3: [0x0 ~> 0xffffffff] +/// Output Bounds: +/// out1: [0x0 ~> 0xffffffff] +fn fiatSecp256k1CmovznzU32(out1: *u32, arg1: u1, arg2: u32, arg3: u32) callconv(.Inline) void { + const x1: u1 = (~(~arg1)); + const x2: u32 = @intCast(u32, (@intCast(i64, @intCast(i1, (@intCast(i2, 0x0) - @intCast(i2, x1)))) & @intCast(i64, 0xffffffff))); + const x3: u32 = ((x2 & arg3) | ((~x2) & arg2)); + out1.* = x3; +} + +/// The function fiatSecp256k1Mul multiplies two field elements in the Montgomery domain. +/// Preconditions: +/// 0 ≤ eval arg1 < m +/// 0 ≤ eval arg2 < m +/// Postconditions: +/// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg2)) mod m +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +/// arg2: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +pub fn fiatSecp256k1Mul(out1: *[8]u32, arg1: [8]u32, arg2: [8]u32) void { + const x1: u32 = (arg1[1]); + const x2: u32 = (arg1[2]); + const x3: u32 = (arg1[3]); + const x4: u32 = (arg1[4]); + const x5: u32 = (arg1[5]); + const x6: u32 = (arg1[6]); + const x7: u32 = (arg1[7]); + const x8: u32 = (arg1[0]); + var x9: u32 = undefined; + var x10: u32 = undefined; + fiatSecp256k1MulxU32(&x9, &x10, x8, (arg2[7])); + var x11: u32 = undefined; + var x12: u32 = undefined; + fiatSecp256k1MulxU32(&x11, &x12, x8, (arg2[6])); + var x13: u32 = undefined; + var x14: u32 = undefined; + fiatSecp256k1MulxU32(&x13, &x14, x8, (arg2[5])); + var x15: u32 = undefined; + var x16: u32 = undefined; + fiatSecp256k1MulxU32(&x15, &x16, x8, (arg2[4])); + var x17: u32 = undefined; + var x18: u32 = undefined; + fiatSecp256k1MulxU32(&x17, &x18, x8, (arg2[3])); + var x19: u32 = undefined; + var x20: u32 = undefined; + fiatSecp256k1MulxU32(&x19, &x20, x8, (arg2[2])); + var x21: u32 = undefined; + var x22: u32 = undefined; + fiatSecp256k1MulxU32(&x21, &x22, x8, (arg2[1])); + var x23: u32 = undefined; + var x24: u32 = undefined; + fiatSecp256k1MulxU32(&x23, &x24, x8, (arg2[0])); + var x25: u32 = undefined; + var x26: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x25, &x26, 0x0, x24, x21); + var x27: u32 = undefined; + var x28: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x27, &x28, x26, x22, x19); + var x29: u32 = undefined; + var x30: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x29, &x30, x28, x20, x17); + var x31: u32 = undefined; + var x32: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x31, &x32, x30, x18, x15); + var x33: u32 = undefined; + var x34: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x33, &x34, x32, x16, x13); + var x35: u32 = undefined; + var x36: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x35, &x36, x34, x14, x11); + var x37: u32 = undefined; + var x38: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x37, &x38, x36, x12, x9); + const x39: u32 = (@intCast(u32, x38) + x10); + var x40: u32 = undefined; + var x41: u32 = undefined; + fiatSecp256k1MulxU32(&x40, &x41, x23, 0xd2253531); + var x42: u32 = undefined; + var x43: u32 = undefined; + fiatSecp256k1MulxU32(&x42, &x43, x40, 0xffffffff); + var x44: u32 = undefined; + var x45: u32 = undefined; + fiatSecp256k1MulxU32(&x44, &x45, x40, 0xffffffff); + var x46: u32 = undefined; + var x47: u32 = undefined; + fiatSecp256k1MulxU32(&x46, &x47, x40, 0xffffffff); + var x48: u32 = undefined; + var x49: u32 = undefined; + fiatSecp256k1MulxU32(&x48, &x49, x40, 0xffffffff); + var x50: u32 = undefined; + var x51: u32 = undefined; + fiatSecp256k1MulxU32(&x50, &x51, x40, 0xffffffff); + var x52: u32 = undefined; + var x53: u32 = undefined; + fiatSecp256k1MulxU32(&x52, &x53, x40, 0xffffffff); + var x54: u32 = undefined; + var x55: u32 = undefined; + fiatSecp256k1MulxU32(&x54, &x55, x40, 0xfffffffe); + var x56: u32 = undefined; + var x57: u32 = undefined; + fiatSecp256k1MulxU32(&x56, &x57, x40, 0xfffffc2f); + var x58: u32 = undefined; + var x59: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x58, &x59, 0x0, x57, x54); + var x60: u32 = undefined; + var x61: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x60, &x61, x59, x55, x52); + var x62: u32 = undefined; + var x63: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x62, &x63, x61, x53, x50); + var x64: u32 = undefined; + var x65: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x64, &x65, x63, x51, x48); + var x66: u32 = undefined; + var x67: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x66, &x67, x65, x49, x46); + var x68: u32 = undefined; + var x69: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x68, &x69, x67, x47, x44); + var x70: u32 = undefined; + var x71: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x70, &x71, x69, x45, x42); + const x72: u32 = (@intCast(u32, x71) + x43); + var x73: u32 = undefined; + var x74: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x73, &x74, 0x0, x23, x56); + var x75: u32 = undefined; + var x76: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x75, &x76, x74, x25, x58); + var x77: u32 = undefined; + var x78: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x77, &x78, x76, x27, x60); + var x79: u32 = undefined; + var x80: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x79, &x80, x78, x29, x62); + var x81: u32 = undefined; + var x82: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x81, &x82, x80, x31, x64); + var x83: u32 = undefined; + var x84: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x83, &x84, x82, x33, x66); + var x85: u32 = undefined; + var x86: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x85, &x86, x84, x35, x68); + var x87: u32 = undefined; + var x88: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x87, &x88, x86, x37, x70); + var x89: u32 = undefined; + var x90: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x89, &x90, x88, x39, x72); + var x91: u32 = undefined; + var x92: u32 = undefined; + fiatSecp256k1MulxU32(&x91, &x92, x1, (arg2[7])); + var x93: u32 = undefined; + var x94: u32 = undefined; + fiatSecp256k1MulxU32(&x93, &x94, x1, (arg2[6])); + var x95: u32 = undefined; + var x96: u32 = undefined; + fiatSecp256k1MulxU32(&x95, &x96, x1, (arg2[5])); + var x97: u32 = undefined; + var x98: u32 = undefined; + fiatSecp256k1MulxU32(&x97, &x98, x1, (arg2[4])); + var x99: u32 = undefined; + var x100: u32 = undefined; + fiatSecp256k1MulxU32(&x99, &x100, x1, (arg2[3])); + var x101: u32 = undefined; + var x102: u32 = undefined; + fiatSecp256k1MulxU32(&x101, &x102, x1, (arg2[2])); + var x103: u32 = undefined; + var x104: u32 = undefined; + fiatSecp256k1MulxU32(&x103, &x104, x1, (arg2[1])); + var x105: u32 = undefined; + var x106: u32 = undefined; + fiatSecp256k1MulxU32(&x105, &x106, x1, (arg2[0])); + var x107: u32 = undefined; + var x108: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x107, &x108, 0x0, x106, x103); + var x109: u32 = undefined; + var x110: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x109, &x110, x108, x104, x101); + var x111: u32 = undefined; + var x112: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x111, &x112, x110, x102, x99); + var x113: u32 = undefined; + var x114: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x113, &x114, x112, x100, x97); + var x115: u32 = undefined; + var x116: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x115, &x116, x114, x98, x95); + var x117: u32 = undefined; + var x118: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x117, &x118, x116, x96, x93); + var x119: u32 = undefined; + var x120: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x119, &x120, x118, x94, x91); + const x121: u32 = (@intCast(u32, x120) + x92); + var x122: u32 = undefined; + var x123: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x122, &x123, 0x0, x75, x105); + var x124: u32 = undefined; + var x125: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x124, &x125, x123, x77, x107); + var x126: u32 = undefined; + var x127: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x126, &x127, x125, x79, x109); + var x128: u32 = undefined; + var x129: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x128, &x129, x127, x81, x111); + var x130: u32 = undefined; + var x131: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x130, &x131, x129, x83, x113); + var x132: u32 = undefined; + var x133: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x132, &x133, x131, x85, x115); + var x134: u32 = undefined; + var x135: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x134, &x135, x133, x87, x117); + var x136: u32 = undefined; + var x137: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x136, &x137, x135, x89, x119); + var x138: u32 = undefined; + var x139: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x138, &x139, x137, @intCast(u32, x90), x121); + var x140: u32 = undefined; + var x141: u32 = undefined; + fiatSecp256k1MulxU32(&x140, &x141, x122, 0xd2253531); + var x142: u32 = undefined; + var x143: u32 = undefined; + fiatSecp256k1MulxU32(&x142, &x143, x140, 0xffffffff); + var x144: u32 = undefined; + var x145: u32 = undefined; + fiatSecp256k1MulxU32(&x144, &x145, x140, 0xffffffff); + var x146: u32 = undefined; + var x147: u32 = undefined; + fiatSecp256k1MulxU32(&x146, &x147, x140, 0xffffffff); + var x148: u32 = undefined; + var x149: u32 = undefined; + fiatSecp256k1MulxU32(&x148, &x149, x140, 0xffffffff); + var x150: u32 = undefined; + var x151: u32 = undefined; + fiatSecp256k1MulxU32(&x150, &x151, x140, 0xffffffff); + var x152: u32 = undefined; + var x153: u32 = undefined; + fiatSecp256k1MulxU32(&x152, &x153, x140, 0xffffffff); + var x154: u32 = undefined; + var x155: u32 = undefined; + fiatSecp256k1MulxU32(&x154, &x155, x140, 0xfffffffe); + var x156: u32 = undefined; + var x157: u32 = undefined; + fiatSecp256k1MulxU32(&x156, &x157, x140, 0xfffffc2f); + var x158: u32 = undefined; + var x159: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x158, &x159, 0x0, x157, x154); + var x160: u32 = undefined; + var x161: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x160, &x161, x159, x155, x152); + var x162: u32 = undefined; + var x163: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x162, &x163, x161, x153, x150); + var x164: u32 = undefined; + var x165: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x164, &x165, x163, x151, x148); + var x166: u32 = undefined; + var x167: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x166, &x167, x165, x149, x146); + var x168: u32 = undefined; + var x169: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x168, &x169, x167, x147, x144); + var x170: u32 = undefined; + var x171: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x170, &x171, x169, x145, x142); + const x172: u32 = (@intCast(u32, x171) + x143); + var x173: u32 = undefined; + var x174: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x173, &x174, 0x0, x122, x156); + var x175: u32 = undefined; + var x176: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x175, &x176, x174, x124, x158); + var x177: u32 = undefined; + var x178: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x177, &x178, x176, x126, x160); + var x179: u32 = undefined; + var x180: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x179, &x180, x178, x128, x162); + var x181: u32 = undefined; + var x182: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x181, &x182, x180, x130, x164); + var x183: u32 = undefined; + var x184: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x183, &x184, x182, x132, x166); + var x185: u32 = undefined; + var x186: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x185, &x186, x184, x134, x168); + var x187: u32 = undefined; + var x188: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x187, &x188, x186, x136, x170); + var x189: u32 = undefined; + var x190: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x189, &x190, x188, x138, x172); + const x191: u32 = (@intCast(u32, x190) + @intCast(u32, x139)); + var x192: u32 = undefined; + var x193: u32 = undefined; + fiatSecp256k1MulxU32(&x192, &x193, x2, (arg2[7])); + var x194: u32 = undefined; + var x195: u32 = undefined; + fiatSecp256k1MulxU32(&x194, &x195, x2, (arg2[6])); + var x196: u32 = undefined; + var x197: u32 = undefined; + fiatSecp256k1MulxU32(&x196, &x197, x2, (arg2[5])); + var x198: u32 = undefined; + var x199: u32 = undefined; + fiatSecp256k1MulxU32(&x198, &x199, x2, (arg2[4])); + var x200: u32 = undefined; + var x201: u32 = undefined; + fiatSecp256k1MulxU32(&x200, &x201, x2, (arg2[3])); + var x202: u32 = undefined; + var x203: u32 = undefined; + fiatSecp256k1MulxU32(&x202, &x203, x2, (arg2[2])); + var x204: u32 = undefined; + var x205: u32 = undefined; + fiatSecp256k1MulxU32(&x204, &x205, x2, (arg2[1])); + var x206: u32 = undefined; + var x207: u32 = undefined; + fiatSecp256k1MulxU32(&x206, &x207, x2, (arg2[0])); + var x208: u32 = undefined; + var x209: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x208, &x209, 0x0, x207, x204); + var x210: u32 = undefined; + var x211: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x210, &x211, x209, x205, x202); + var x212: u32 = undefined; + var x213: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x212, &x213, x211, x203, x200); + var x214: u32 = undefined; + var x215: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x214, &x215, x213, x201, x198); + var x216: u32 = undefined; + var x217: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x216, &x217, x215, x199, x196); + var x218: u32 = undefined; + var x219: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x218, &x219, x217, x197, x194); + var x220: u32 = undefined; + var x221: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x220, &x221, x219, x195, x192); + const x222: u32 = (@intCast(u32, x221) + x193); + var x223: u32 = undefined; + var x224: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x223, &x224, 0x0, x175, x206); + var x225: u32 = undefined; + var x226: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x225, &x226, x224, x177, x208); + var x227: u32 = undefined; + var x228: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x227, &x228, x226, x179, x210); + var x229: u32 = undefined; + var x230: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x229, &x230, x228, x181, x212); + var x231: u32 = undefined; + var x232: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x231, &x232, x230, x183, x214); + var x233: u32 = undefined; + var x234: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x233, &x234, x232, x185, x216); + var x235: u32 = undefined; + var x236: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x235, &x236, x234, x187, x218); + var x237: u32 = undefined; + var x238: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x237, &x238, x236, x189, x220); + var x239: u32 = undefined; + var x240: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x239, &x240, x238, x191, x222); + var x241: u32 = undefined; + var x242: u32 = undefined; + fiatSecp256k1MulxU32(&x241, &x242, x223, 0xd2253531); + var x243: u32 = undefined; + var x244: u32 = undefined; + fiatSecp256k1MulxU32(&x243, &x244, x241, 0xffffffff); + var x245: u32 = undefined; + var x246: u32 = undefined; + fiatSecp256k1MulxU32(&x245, &x246, x241, 0xffffffff); + var x247: u32 = undefined; + var x248: u32 = undefined; + fiatSecp256k1MulxU32(&x247, &x248, x241, 0xffffffff); + var x249: u32 = undefined; + var x250: u32 = undefined; + fiatSecp256k1MulxU32(&x249, &x250, x241, 0xffffffff); + var x251: u32 = undefined; + var x252: u32 = undefined; + fiatSecp256k1MulxU32(&x251, &x252, x241, 0xffffffff); + var x253: u32 = undefined; + var x254: u32 = undefined; + fiatSecp256k1MulxU32(&x253, &x254, x241, 0xffffffff); + var x255: u32 = undefined; + var x256: u32 = undefined; + fiatSecp256k1MulxU32(&x255, &x256, x241, 0xfffffffe); + var x257: u32 = undefined; + var x258: u32 = undefined; + fiatSecp256k1MulxU32(&x257, &x258, x241, 0xfffffc2f); + var x259: u32 = undefined; + var x260: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x259, &x260, 0x0, x258, x255); + var x261: u32 = undefined; + var x262: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x261, &x262, x260, x256, x253); + var x263: u32 = undefined; + var x264: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x263, &x264, x262, x254, x251); + var x265: u32 = undefined; + var x266: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x265, &x266, x264, x252, x249); + var x267: u32 = undefined; + var x268: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x267, &x268, x266, x250, x247); + var x269: u32 = undefined; + var x270: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x269, &x270, x268, x248, x245); + var x271: u32 = undefined; + var x272: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x271, &x272, x270, x246, x243); + const x273: u32 = (@intCast(u32, x272) + x244); + var x274: u32 = undefined; + var x275: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x274, &x275, 0x0, x223, x257); + var x276: u32 = undefined; + var x277: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x276, &x277, x275, x225, x259); + var x278: u32 = undefined; + var x279: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x278, &x279, x277, x227, x261); + var x280: u32 = undefined; + var x281: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x280, &x281, x279, x229, x263); + var x282: u32 = undefined; + var x283: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x282, &x283, x281, x231, x265); + var x284: u32 = undefined; + var x285: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x284, &x285, x283, x233, x267); + var x286: u32 = undefined; + var x287: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x286, &x287, x285, x235, x269); + var x288: u32 = undefined; + var x289: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x288, &x289, x287, x237, x271); + var x290: u32 = undefined; + var x291: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x290, &x291, x289, x239, x273); + const x292: u32 = (@intCast(u32, x291) + @intCast(u32, x240)); + var x293: u32 = undefined; + var x294: u32 = undefined; + fiatSecp256k1MulxU32(&x293, &x294, x3, (arg2[7])); + var x295: u32 = undefined; + var x296: u32 = undefined; + fiatSecp256k1MulxU32(&x295, &x296, x3, (arg2[6])); + var x297: u32 = undefined; + var x298: u32 = undefined; + fiatSecp256k1MulxU32(&x297, &x298, x3, (arg2[5])); + var x299: u32 = undefined; + var x300: u32 = undefined; + fiatSecp256k1MulxU32(&x299, &x300, x3, (arg2[4])); + var x301: u32 = undefined; + var x302: u32 = undefined; + fiatSecp256k1MulxU32(&x301, &x302, x3, (arg2[3])); + var x303: u32 = undefined; + var x304: u32 = undefined; + fiatSecp256k1MulxU32(&x303, &x304, x3, (arg2[2])); + var x305: u32 = undefined; + var x306: u32 = undefined; + fiatSecp256k1MulxU32(&x305, &x306, x3, (arg2[1])); + var x307: u32 = undefined; + var x308: u32 = undefined; + fiatSecp256k1MulxU32(&x307, &x308, x3, (arg2[0])); + var x309: u32 = undefined; + var x310: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x309, &x310, 0x0, x308, x305); + var x311: u32 = undefined; + var x312: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x311, &x312, x310, x306, x303); + var x313: u32 = undefined; + var x314: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x313, &x314, x312, x304, x301); + var x315: u32 = undefined; + var x316: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x315, &x316, x314, x302, x299); + var x317: u32 = undefined; + var x318: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x317, &x318, x316, x300, x297); + var x319: u32 = undefined; + var x320: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x319, &x320, x318, x298, x295); + var x321: u32 = undefined; + var x322: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x321, &x322, x320, x296, x293); + const x323: u32 = (@intCast(u32, x322) + x294); + var x324: u32 = undefined; + var x325: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x324, &x325, 0x0, x276, x307); + var x326: u32 = undefined; + var x327: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x326, &x327, x325, x278, x309); + var x328: u32 = undefined; + var x329: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x328, &x329, x327, x280, x311); + var x330: u32 = undefined; + var x331: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x330, &x331, x329, x282, x313); + var x332: u32 = undefined; + var x333: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x332, &x333, x331, x284, x315); + var x334: u32 = undefined; + var x335: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x334, &x335, x333, x286, x317); + var x336: u32 = undefined; + var x337: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x336, &x337, x335, x288, x319); + var x338: u32 = undefined; + var x339: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x338, &x339, x337, x290, x321); + var x340: u32 = undefined; + var x341: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x340, &x341, x339, x292, x323); + var x342: u32 = undefined; + var x343: u32 = undefined; + fiatSecp256k1MulxU32(&x342, &x343, x324, 0xd2253531); + var x344: u32 = undefined; + var x345: u32 = undefined; + fiatSecp256k1MulxU32(&x344, &x345, x342, 0xffffffff); + var x346: u32 = undefined; + var x347: u32 = undefined; + fiatSecp256k1MulxU32(&x346, &x347, x342, 0xffffffff); + var x348: u32 = undefined; + var x349: u32 = undefined; + fiatSecp256k1MulxU32(&x348, &x349, x342, 0xffffffff); + var x350: u32 = undefined; + var x351: u32 = undefined; + fiatSecp256k1MulxU32(&x350, &x351, x342, 0xffffffff); + var x352: u32 = undefined; + var x353: u32 = undefined; + fiatSecp256k1MulxU32(&x352, &x353, x342, 0xffffffff); + var x354: u32 = undefined; + var x355: u32 = undefined; + fiatSecp256k1MulxU32(&x354, &x355, x342, 0xffffffff); + var x356: u32 = undefined; + var x357: u32 = undefined; + fiatSecp256k1MulxU32(&x356, &x357, x342, 0xfffffffe); + var x358: u32 = undefined; + var x359: u32 = undefined; + fiatSecp256k1MulxU32(&x358, &x359, x342, 0xfffffc2f); + var x360: u32 = undefined; + var x361: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x360, &x361, 0x0, x359, x356); + var x362: u32 = undefined; + var x363: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x362, &x363, x361, x357, x354); + var x364: u32 = undefined; + var x365: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x364, &x365, x363, x355, x352); + var x366: u32 = undefined; + var x367: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x366, &x367, x365, x353, x350); + var x368: u32 = undefined; + var x369: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x368, &x369, x367, x351, x348); + var x370: u32 = undefined; + var x371: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x370, &x371, x369, x349, x346); + var x372: u32 = undefined; + var x373: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x372, &x373, x371, x347, x344); + const x374: u32 = (@intCast(u32, x373) + x345); + var x375: u32 = undefined; + var x376: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x375, &x376, 0x0, x324, x358); + var x377: u32 = undefined; + var x378: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x377, &x378, x376, x326, x360); + var x379: u32 = undefined; + var x380: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x379, &x380, x378, x328, x362); + var x381: u32 = undefined; + var x382: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x381, &x382, x380, x330, x364); + var x383: u32 = undefined; + var x384: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x383, &x384, x382, x332, x366); + var x385: u32 = undefined; + var x386: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x385, &x386, x384, x334, x368); + var x387: u32 = undefined; + var x388: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x387, &x388, x386, x336, x370); + var x389: u32 = undefined; + var x390: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x389, &x390, x388, x338, x372); + var x391: u32 = undefined; + var x392: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x391, &x392, x390, x340, x374); + const x393: u32 = (@intCast(u32, x392) + @intCast(u32, x341)); + var x394: u32 = undefined; + var x395: u32 = undefined; + fiatSecp256k1MulxU32(&x394, &x395, x4, (arg2[7])); + var x396: u32 = undefined; + var x397: u32 = undefined; + fiatSecp256k1MulxU32(&x396, &x397, x4, (arg2[6])); + var x398: u32 = undefined; + var x399: u32 = undefined; + fiatSecp256k1MulxU32(&x398, &x399, x4, (arg2[5])); + var x400: u32 = undefined; + var x401: u32 = undefined; + fiatSecp256k1MulxU32(&x400, &x401, x4, (arg2[4])); + var x402: u32 = undefined; + var x403: u32 = undefined; + fiatSecp256k1MulxU32(&x402, &x403, x4, (arg2[3])); + var x404: u32 = undefined; + var x405: u32 = undefined; + fiatSecp256k1MulxU32(&x404, &x405, x4, (arg2[2])); + var x406: u32 = undefined; + var x407: u32 = undefined; + fiatSecp256k1MulxU32(&x406, &x407, x4, (arg2[1])); + var x408: u32 = undefined; + var x409: u32 = undefined; + fiatSecp256k1MulxU32(&x408, &x409, x4, (arg2[0])); + var x410: u32 = undefined; + var x411: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x410, &x411, 0x0, x409, x406); + var x412: u32 = undefined; + var x413: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x412, &x413, x411, x407, x404); + var x414: u32 = undefined; + var x415: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x414, &x415, x413, x405, x402); + var x416: u32 = undefined; + var x417: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x416, &x417, x415, x403, x400); + var x418: u32 = undefined; + var x419: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x418, &x419, x417, x401, x398); + var x420: u32 = undefined; + var x421: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x420, &x421, x419, x399, x396); + var x422: u32 = undefined; + var x423: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x422, &x423, x421, x397, x394); + const x424: u32 = (@intCast(u32, x423) + x395); + var x425: u32 = undefined; + var x426: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x425, &x426, 0x0, x377, x408); + var x427: u32 = undefined; + var x428: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x427, &x428, x426, x379, x410); + var x429: u32 = undefined; + var x430: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x429, &x430, x428, x381, x412); + var x431: u32 = undefined; + var x432: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x431, &x432, x430, x383, x414); + var x433: u32 = undefined; + var x434: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x433, &x434, x432, x385, x416); + var x435: u32 = undefined; + var x436: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x435, &x436, x434, x387, x418); + var x437: u32 = undefined; + var x438: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x437, &x438, x436, x389, x420); + var x439: u32 = undefined; + var x440: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x439, &x440, x438, x391, x422); + var x441: u32 = undefined; + var x442: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x441, &x442, x440, x393, x424); + var x443: u32 = undefined; + var x444: u32 = undefined; + fiatSecp256k1MulxU32(&x443, &x444, x425, 0xd2253531); + var x445: u32 = undefined; + var x446: u32 = undefined; + fiatSecp256k1MulxU32(&x445, &x446, x443, 0xffffffff); + var x447: u32 = undefined; + var x448: u32 = undefined; + fiatSecp256k1MulxU32(&x447, &x448, x443, 0xffffffff); + var x449: u32 = undefined; + var x450: u32 = undefined; + fiatSecp256k1MulxU32(&x449, &x450, x443, 0xffffffff); + var x451: u32 = undefined; + var x452: u32 = undefined; + fiatSecp256k1MulxU32(&x451, &x452, x443, 0xffffffff); + var x453: u32 = undefined; + var x454: u32 = undefined; + fiatSecp256k1MulxU32(&x453, &x454, x443, 0xffffffff); + var x455: u32 = undefined; + var x456: u32 = undefined; + fiatSecp256k1MulxU32(&x455, &x456, x443, 0xffffffff); + var x457: u32 = undefined; + var x458: u32 = undefined; + fiatSecp256k1MulxU32(&x457, &x458, x443, 0xfffffffe); + var x459: u32 = undefined; + var x460: u32 = undefined; + fiatSecp256k1MulxU32(&x459, &x460, x443, 0xfffffc2f); + var x461: u32 = undefined; + var x462: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x461, &x462, 0x0, x460, x457); + var x463: u32 = undefined; + var x464: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x463, &x464, x462, x458, x455); + var x465: u32 = undefined; + var x466: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x465, &x466, x464, x456, x453); + var x467: u32 = undefined; + var x468: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x467, &x468, x466, x454, x451); + var x469: u32 = undefined; + var x470: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x469, &x470, x468, x452, x449); + var x471: u32 = undefined; + var x472: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x471, &x472, x470, x450, x447); + var x473: u32 = undefined; + var x474: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x473, &x474, x472, x448, x445); + const x475: u32 = (@intCast(u32, x474) + x446); + var x476: u32 = undefined; + var x477: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x476, &x477, 0x0, x425, x459); + var x478: u32 = undefined; + var x479: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x478, &x479, x477, x427, x461); + var x480: u32 = undefined; + var x481: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x480, &x481, x479, x429, x463); + var x482: u32 = undefined; + var x483: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x482, &x483, x481, x431, x465); + var x484: u32 = undefined; + var x485: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x484, &x485, x483, x433, x467); + var x486: u32 = undefined; + var x487: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x486, &x487, x485, x435, x469); + var x488: u32 = undefined; + var x489: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x488, &x489, x487, x437, x471); + var x490: u32 = undefined; + var x491: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x490, &x491, x489, x439, x473); + var x492: u32 = undefined; + var x493: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x492, &x493, x491, x441, x475); + const x494: u32 = (@intCast(u32, x493) + @intCast(u32, x442)); + var x495: u32 = undefined; + var x496: u32 = undefined; + fiatSecp256k1MulxU32(&x495, &x496, x5, (arg2[7])); + var x497: u32 = undefined; + var x498: u32 = undefined; + fiatSecp256k1MulxU32(&x497, &x498, x5, (arg2[6])); + var x499: u32 = undefined; + var x500: u32 = undefined; + fiatSecp256k1MulxU32(&x499, &x500, x5, (arg2[5])); + var x501: u32 = undefined; + var x502: u32 = undefined; + fiatSecp256k1MulxU32(&x501, &x502, x5, (arg2[4])); + var x503: u32 = undefined; + var x504: u32 = undefined; + fiatSecp256k1MulxU32(&x503, &x504, x5, (arg2[3])); + var x505: u32 = undefined; + var x506: u32 = undefined; + fiatSecp256k1MulxU32(&x505, &x506, x5, (arg2[2])); + var x507: u32 = undefined; + var x508: u32 = undefined; + fiatSecp256k1MulxU32(&x507, &x508, x5, (arg2[1])); + var x509: u32 = undefined; + var x510: u32 = undefined; + fiatSecp256k1MulxU32(&x509, &x510, x5, (arg2[0])); + var x511: u32 = undefined; + var x512: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x511, &x512, 0x0, x510, x507); + var x513: u32 = undefined; + var x514: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x513, &x514, x512, x508, x505); + var x515: u32 = undefined; + var x516: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x515, &x516, x514, x506, x503); + var x517: u32 = undefined; + var x518: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x517, &x518, x516, x504, x501); + var x519: u32 = undefined; + var x520: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x519, &x520, x518, x502, x499); + var x521: u32 = undefined; + var x522: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x521, &x522, x520, x500, x497); + var x523: u32 = undefined; + var x524: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x523, &x524, x522, x498, x495); + const x525: u32 = (@intCast(u32, x524) + x496); + var x526: u32 = undefined; + var x527: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x526, &x527, 0x0, x478, x509); + var x528: u32 = undefined; + var x529: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x528, &x529, x527, x480, x511); + var x530: u32 = undefined; + var x531: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x530, &x531, x529, x482, x513); + var x532: u32 = undefined; + var x533: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x532, &x533, x531, x484, x515); + var x534: u32 = undefined; + var x535: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x534, &x535, x533, x486, x517); + var x536: u32 = undefined; + var x537: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x536, &x537, x535, x488, x519); + var x538: u32 = undefined; + var x539: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x538, &x539, x537, x490, x521); + var x540: u32 = undefined; + var x541: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x540, &x541, x539, x492, x523); + var x542: u32 = undefined; + var x543: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x542, &x543, x541, x494, x525); + var x544: u32 = undefined; + var x545: u32 = undefined; + fiatSecp256k1MulxU32(&x544, &x545, x526, 0xd2253531); + var x546: u32 = undefined; + var x547: u32 = undefined; + fiatSecp256k1MulxU32(&x546, &x547, x544, 0xffffffff); + var x548: u32 = undefined; + var x549: u32 = undefined; + fiatSecp256k1MulxU32(&x548, &x549, x544, 0xffffffff); + var x550: u32 = undefined; + var x551: u32 = undefined; + fiatSecp256k1MulxU32(&x550, &x551, x544, 0xffffffff); + var x552: u32 = undefined; + var x553: u32 = undefined; + fiatSecp256k1MulxU32(&x552, &x553, x544, 0xffffffff); + var x554: u32 = undefined; + var x555: u32 = undefined; + fiatSecp256k1MulxU32(&x554, &x555, x544, 0xffffffff); + var x556: u32 = undefined; + var x557: u32 = undefined; + fiatSecp256k1MulxU32(&x556, &x557, x544, 0xffffffff); + var x558: u32 = undefined; + var x559: u32 = undefined; + fiatSecp256k1MulxU32(&x558, &x559, x544, 0xfffffffe); + var x560: u32 = undefined; + var x561: u32 = undefined; + fiatSecp256k1MulxU32(&x560, &x561, x544, 0xfffffc2f); + var x562: u32 = undefined; + var x563: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x562, &x563, 0x0, x561, x558); + var x564: u32 = undefined; + var x565: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x564, &x565, x563, x559, x556); + var x566: u32 = undefined; + var x567: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x566, &x567, x565, x557, x554); + var x568: u32 = undefined; + var x569: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x568, &x569, x567, x555, x552); + var x570: u32 = undefined; + var x571: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x570, &x571, x569, x553, x550); + var x572: u32 = undefined; + var x573: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x572, &x573, x571, x551, x548); + var x574: u32 = undefined; + var x575: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x574, &x575, x573, x549, x546); + const x576: u32 = (@intCast(u32, x575) + x547); + var x577: u32 = undefined; + var x578: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x577, &x578, 0x0, x526, x560); + var x579: u32 = undefined; + var x580: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x579, &x580, x578, x528, x562); + var x581: u32 = undefined; + var x582: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x581, &x582, x580, x530, x564); + var x583: u32 = undefined; + var x584: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x583, &x584, x582, x532, x566); + var x585: u32 = undefined; + var x586: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x585, &x586, x584, x534, x568); + var x587: u32 = undefined; + var x588: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x587, &x588, x586, x536, x570); + var x589: u32 = undefined; + var x590: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x589, &x590, x588, x538, x572); + var x591: u32 = undefined; + var x592: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x591, &x592, x590, x540, x574); + var x593: u32 = undefined; + var x594: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x593, &x594, x592, x542, x576); + const x595: u32 = (@intCast(u32, x594) + @intCast(u32, x543)); + var x596: u32 = undefined; + var x597: u32 = undefined; + fiatSecp256k1MulxU32(&x596, &x597, x6, (arg2[7])); + var x598: u32 = undefined; + var x599: u32 = undefined; + fiatSecp256k1MulxU32(&x598, &x599, x6, (arg2[6])); + var x600: u32 = undefined; + var x601: u32 = undefined; + fiatSecp256k1MulxU32(&x600, &x601, x6, (arg2[5])); + var x602: u32 = undefined; + var x603: u32 = undefined; + fiatSecp256k1MulxU32(&x602, &x603, x6, (arg2[4])); + var x604: u32 = undefined; + var x605: u32 = undefined; + fiatSecp256k1MulxU32(&x604, &x605, x6, (arg2[3])); + var x606: u32 = undefined; + var x607: u32 = undefined; + fiatSecp256k1MulxU32(&x606, &x607, x6, (arg2[2])); + var x608: u32 = undefined; + var x609: u32 = undefined; + fiatSecp256k1MulxU32(&x608, &x609, x6, (arg2[1])); + var x610: u32 = undefined; + var x611: u32 = undefined; + fiatSecp256k1MulxU32(&x610, &x611, x6, (arg2[0])); + var x612: u32 = undefined; + var x613: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x612, &x613, 0x0, x611, x608); + var x614: u32 = undefined; + var x615: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x614, &x615, x613, x609, x606); + var x616: u32 = undefined; + var x617: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x616, &x617, x615, x607, x604); + var x618: u32 = undefined; + var x619: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x618, &x619, x617, x605, x602); + var x620: u32 = undefined; + var x621: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x620, &x621, x619, x603, x600); + var x622: u32 = undefined; + var x623: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x622, &x623, x621, x601, x598); + var x624: u32 = undefined; + var x625: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x624, &x625, x623, x599, x596); + const x626: u32 = (@intCast(u32, x625) + x597); + var x627: u32 = undefined; + var x628: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x627, &x628, 0x0, x579, x610); + var x629: u32 = undefined; + var x630: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x629, &x630, x628, x581, x612); + var x631: u32 = undefined; + var x632: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x631, &x632, x630, x583, x614); + var x633: u32 = undefined; + var x634: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x633, &x634, x632, x585, x616); + var x635: u32 = undefined; + var x636: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x635, &x636, x634, x587, x618); + var x637: u32 = undefined; + var x638: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x637, &x638, x636, x589, x620); + var x639: u32 = undefined; + var x640: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x639, &x640, x638, x591, x622); + var x641: u32 = undefined; + var x642: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x641, &x642, x640, x593, x624); + var x643: u32 = undefined; + var x644: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x643, &x644, x642, x595, x626); + var x645: u32 = undefined; + var x646: u32 = undefined; + fiatSecp256k1MulxU32(&x645, &x646, x627, 0xd2253531); + var x647: u32 = undefined; + var x648: u32 = undefined; + fiatSecp256k1MulxU32(&x647, &x648, x645, 0xffffffff); + var x649: u32 = undefined; + var x650: u32 = undefined; + fiatSecp256k1MulxU32(&x649, &x650, x645, 0xffffffff); + var x651: u32 = undefined; + var x652: u32 = undefined; + fiatSecp256k1MulxU32(&x651, &x652, x645, 0xffffffff); + var x653: u32 = undefined; + var x654: u32 = undefined; + fiatSecp256k1MulxU32(&x653, &x654, x645, 0xffffffff); + var x655: u32 = undefined; + var x656: u32 = undefined; + fiatSecp256k1MulxU32(&x655, &x656, x645, 0xffffffff); + var x657: u32 = undefined; + var x658: u32 = undefined; + fiatSecp256k1MulxU32(&x657, &x658, x645, 0xffffffff); + var x659: u32 = undefined; + var x660: u32 = undefined; + fiatSecp256k1MulxU32(&x659, &x660, x645, 0xfffffffe); + var x661: u32 = undefined; + var x662: u32 = undefined; + fiatSecp256k1MulxU32(&x661, &x662, x645, 0xfffffc2f); + var x663: u32 = undefined; + var x664: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x663, &x664, 0x0, x662, x659); + var x665: u32 = undefined; + var x666: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x665, &x666, x664, x660, x657); + var x667: u32 = undefined; + var x668: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x667, &x668, x666, x658, x655); + var x669: u32 = undefined; + var x670: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x669, &x670, x668, x656, x653); + var x671: u32 = undefined; + var x672: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x671, &x672, x670, x654, x651); + var x673: u32 = undefined; + var x674: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x673, &x674, x672, x652, x649); + var x675: u32 = undefined; + var x676: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x675, &x676, x674, x650, x647); + const x677: u32 = (@intCast(u32, x676) + x648); + var x678: u32 = undefined; + var x679: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x678, &x679, 0x0, x627, x661); + var x680: u32 = undefined; + var x681: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x680, &x681, x679, x629, x663); + var x682: u32 = undefined; + var x683: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x682, &x683, x681, x631, x665); + var x684: u32 = undefined; + var x685: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x684, &x685, x683, x633, x667); + var x686: u32 = undefined; + var x687: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x686, &x687, x685, x635, x669); + var x688: u32 = undefined; + var x689: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x688, &x689, x687, x637, x671); + var x690: u32 = undefined; + var x691: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x690, &x691, x689, x639, x673); + var x692: u32 = undefined; + var x693: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x692, &x693, x691, x641, x675); + var x694: u32 = undefined; + var x695: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x694, &x695, x693, x643, x677); + const x696: u32 = (@intCast(u32, x695) + @intCast(u32, x644)); + var x697: u32 = undefined; + var x698: u32 = undefined; + fiatSecp256k1MulxU32(&x697, &x698, x7, (arg2[7])); + var x699: u32 = undefined; + var x700: u32 = undefined; + fiatSecp256k1MulxU32(&x699, &x700, x7, (arg2[6])); + var x701: u32 = undefined; + var x702: u32 = undefined; + fiatSecp256k1MulxU32(&x701, &x702, x7, (arg2[5])); + var x703: u32 = undefined; + var x704: u32 = undefined; + fiatSecp256k1MulxU32(&x703, &x704, x7, (arg2[4])); + var x705: u32 = undefined; + var x706: u32 = undefined; + fiatSecp256k1MulxU32(&x705, &x706, x7, (arg2[3])); + var x707: u32 = undefined; + var x708: u32 = undefined; + fiatSecp256k1MulxU32(&x707, &x708, x7, (arg2[2])); + var x709: u32 = undefined; + var x710: u32 = undefined; + fiatSecp256k1MulxU32(&x709, &x710, x7, (arg2[1])); + var x711: u32 = undefined; + var x712: u32 = undefined; + fiatSecp256k1MulxU32(&x711, &x712, x7, (arg2[0])); + var x713: u32 = undefined; + var x714: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x713, &x714, 0x0, x712, x709); + var x715: u32 = undefined; + var x716: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x715, &x716, x714, x710, x707); + var x717: u32 = undefined; + var x718: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x717, &x718, x716, x708, x705); + var x719: u32 = undefined; + var x720: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x719, &x720, x718, x706, x703); + var x721: u32 = undefined; + var x722: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x721, &x722, x720, x704, x701); + var x723: u32 = undefined; + var x724: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x723, &x724, x722, x702, x699); + var x725: u32 = undefined; + var x726: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x725, &x726, x724, x700, x697); + const x727: u32 = (@intCast(u32, x726) + x698); + var x728: u32 = undefined; + var x729: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x728, &x729, 0x0, x680, x711); + var x730: u32 = undefined; + var x731: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x730, &x731, x729, x682, x713); + var x732: u32 = undefined; + var x733: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x732, &x733, x731, x684, x715); + var x734: u32 = undefined; + var x735: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x734, &x735, x733, x686, x717); + var x736: u32 = undefined; + var x737: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x736, &x737, x735, x688, x719); + var x738: u32 = undefined; + var x739: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x738, &x739, x737, x690, x721); + var x740: u32 = undefined; + var x741: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x740, &x741, x739, x692, x723); + var x742: u32 = undefined; + var x743: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x742, &x743, x741, x694, x725); + var x744: u32 = undefined; + var x745: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x744, &x745, x743, x696, x727); + var x746: u32 = undefined; + var x747: u32 = undefined; + fiatSecp256k1MulxU32(&x746, &x747, x728, 0xd2253531); + var x748: u32 = undefined; + var x749: u32 = undefined; + fiatSecp256k1MulxU32(&x748, &x749, x746, 0xffffffff); + var x750: u32 = undefined; + var x751: u32 = undefined; + fiatSecp256k1MulxU32(&x750, &x751, x746, 0xffffffff); + var x752: u32 = undefined; + var x753: u32 = undefined; + fiatSecp256k1MulxU32(&x752, &x753, x746, 0xffffffff); + var x754: u32 = undefined; + var x755: u32 = undefined; + fiatSecp256k1MulxU32(&x754, &x755, x746, 0xffffffff); + var x756: u32 = undefined; + var x757: u32 = undefined; + fiatSecp256k1MulxU32(&x756, &x757, x746, 0xffffffff); + var x758: u32 = undefined; + var x759: u32 = undefined; + fiatSecp256k1MulxU32(&x758, &x759, x746, 0xffffffff); + var x760: u32 = undefined; + var x761: u32 = undefined; + fiatSecp256k1MulxU32(&x760, &x761, x746, 0xfffffffe); + var x762: u32 = undefined; + var x763: u32 = undefined; + fiatSecp256k1MulxU32(&x762, &x763, x746, 0xfffffc2f); + var x764: u32 = undefined; + var x765: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x764, &x765, 0x0, x763, x760); + var x766: u32 = undefined; + var x767: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x766, &x767, x765, x761, x758); + var x768: u32 = undefined; + var x769: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x768, &x769, x767, x759, x756); + var x770: u32 = undefined; + var x771: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x770, &x771, x769, x757, x754); + var x772: u32 = undefined; + var x773: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x772, &x773, x771, x755, x752); + var x774: u32 = undefined; + var x775: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x774, &x775, x773, x753, x750); + var x776: u32 = undefined; + var x777: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x776, &x777, x775, x751, x748); + const x778: u32 = (@intCast(u32, x777) + x749); + var x779: u32 = undefined; + var x780: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x779, &x780, 0x0, x728, x762); + var x781: u32 = undefined; + var x782: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x781, &x782, x780, x730, x764); + var x783: u32 = undefined; + var x784: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x783, &x784, x782, x732, x766); + var x785: u32 = undefined; + var x786: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x785, &x786, x784, x734, x768); + var x787: u32 = undefined; + var x788: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x787, &x788, x786, x736, x770); + var x789: u32 = undefined; + var x790: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x789, &x790, x788, x738, x772); + var x791: u32 = undefined; + var x792: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x791, &x792, x790, x740, x774); + var x793: u32 = undefined; + var x794: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x793, &x794, x792, x742, x776); + var x795: u32 = undefined; + var x796: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x795, &x796, x794, x744, x778); + const x797: u32 = (@intCast(u32, x796) + @intCast(u32, x745)); + var x798: u32 = undefined; + var x799: u1 = undefined; + fiatSecp256k1SubborrowxU32(&x798, &x799, 0x0, x781, 0xfffffc2f); + var x800: u32 = undefined; + var x801: u1 = undefined; + fiatSecp256k1SubborrowxU32(&x800, &x801, x799, x783, 0xfffffffe); + var x802: u32 = undefined; + var x803: u1 = undefined; + fiatSecp256k1SubborrowxU32(&x802, &x803, x801, x785, 0xffffffff); + var x804: u32 = undefined; + var x805: u1 = undefined; + fiatSecp256k1SubborrowxU32(&x804, &x805, x803, x787, 0xffffffff); + var x806: u32 = undefined; + var x807: u1 = undefined; + fiatSecp256k1SubborrowxU32(&x806, &x807, x805, x789, 0xffffffff); + var x808: u32 = undefined; + var x809: u1 = undefined; + fiatSecp256k1SubborrowxU32(&x808, &x809, x807, x791, 0xffffffff); + var x810: u32 = undefined; + var x811: u1 = undefined; + fiatSecp256k1SubborrowxU32(&x810, &x811, x809, x793, 0xffffffff); + var x812: u32 = undefined; + var x813: u1 = undefined; + fiatSecp256k1SubborrowxU32(&x812, &x813, x811, x795, 0xffffffff); + var x814: u32 = undefined; + var x815: u1 = undefined; + fiatSecp256k1SubborrowxU32(&x814, &x815, x813, x797, @intCast(u32, 0x0)); + var x816: u32 = undefined; + fiatSecp256k1CmovznzU32(&x816, x815, x798, x781); + var x817: u32 = undefined; + fiatSecp256k1CmovznzU32(&x817, x815, x800, x783); + var x818: u32 = undefined; + fiatSecp256k1CmovznzU32(&x818, x815, x802, x785); + var x819: u32 = undefined; + fiatSecp256k1CmovznzU32(&x819, x815, x804, x787); + var x820: u32 = undefined; + fiatSecp256k1CmovznzU32(&x820, x815, x806, x789); + var x821: u32 = undefined; + fiatSecp256k1CmovznzU32(&x821, x815, x808, x791); + var x822: u32 = undefined; + fiatSecp256k1CmovznzU32(&x822, x815, x810, x793); + var x823: u32 = undefined; + fiatSecp256k1CmovznzU32(&x823, x815, x812, x795); + out1[0] = x816; + out1[1] = x817; + out1[2] = x818; + out1[3] = x819; + out1[4] = x820; + out1[5] = x821; + out1[6] = x822; + out1[7] = x823; +} + +/// The function fiatSecp256k1Square squares a field element in the Montgomery domain. +/// Preconditions: +/// 0 ≤ eval arg1 < m +/// Postconditions: +/// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg1)) mod m +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +pub fn fiatSecp256k1Square(out1: *[8]u32, arg1: [8]u32) void { + const x1: u32 = (arg1[1]); + const x2: u32 = (arg1[2]); + const x3: u32 = (arg1[3]); + const x4: u32 = (arg1[4]); + const x5: u32 = (arg1[5]); + const x6: u32 = (arg1[6]); + const x7: u32 = (arg1[7]); + const x8: u32 = (arg1[0]); + var x9: u32 = undefined; + var x10: u32 = undefined; + fiatSecp256k1MulxU32(&x9, &x10, x8, (arg1[7])); + var x11: u32 = undefined; + var x12: u32 = undefined; + fiatSecp256k1MulxU32(&x11, &x12, x8, (arg1[6])); + var x13: u32 = undefined; + var x14: u32 = undefined; + fiatSecp256k1MulxU32(&x13, &x14, x8, (arg1[5])); + var x15: u32 = undefined; + var x16: u32 = undefined; + fiatSecp256k1MulxU32(&x15, &x16, x8, (arg1[4])); + var x17: u32 = undefined; + var x18: u32 = undefined; + fiatSecp256k1MulxU32(&x17, &x18, x8, (arg1[3])); + var x19: u32 = undefined; + var x20: u32 = undefined; + fiatSecp256k1MulxU32(&x19, &x20, x8, (arg1[2])); + var x21: u32 = undefined; + var x22: u32 = undefined; + fiatSecp256k1MulxU32(&x21, &x22, x8, (arg1[1])); + var x23: u32 = undefined; + var x24: u32 = undefined; + fiatSecp256k1MulxU32(&x23, &x24, x8, (arg1[0])); + var x25: u32 = undefined; + var x26: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x25, &x26, 0x0, x24, x21); + var x27: u32 = undefined; + var x28: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x27, &x28, x26, x22, x19); + var x29: u32 = undefined; + var x30: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x29, &x30, x28, x20, x17); + var x31: u32 = undefined; + var x32: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x31, &x32, x30, x18, x15); + var x33: u32 = undefined; + var x34: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x33, &x34, x32, x16, x13); + var x35: u32 = undefined; + var x36: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x35, &x36, x34, x14, x11); + var x37: u32 = undefined; + var x38: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x37, &x38, x36, x12, x9); + const x39: u32 = (@intCast(u32, x38) + x10); + var x40: u32 = undefined; + var x41: u32 = undefined; + fiatSecp256k1MulxU32(&x40, &x41, x23, 0xd2253531); + var x42: u32 = undefined; + var x43: u32 = undefined; + fiatSecp256k1MulxU32(&x42, &x43, x40, 0xffffffff); + var x44: u32 = undefined; + var x45: u32 = undefined; + fiatSecp256k1MulxU32(&x44, &x45, x40, 0xffffffff); + var x46: u32 = undefined; + var x47: u32 = undefined; + fiatSecp256k1MulxU32(&x46, &x47, x40, 0xffffffff); + var x48: u32 = undefined; + var x49: u32 = undefined; + fiatSecp256k1MulxU32(&x48, &x49, x40, 0xffffffff); + var x50: u32 = undefined; + var x51: u32 = undefined; + fiatSecp256k1MulxU32(&x50, &x51, x40, 0xffffffff); + var x52: u32 = undefined; + var x53: u32 = undefined; + fiatSecp256k1MulxU32(&x52, &x53, x40, 0xffffffff); + var x54: u32 = undefined; + var x55: u32 = undefined; + fiatSecp256k1MulxU32(&x54, &x55, x40, 0xfffffffe); + var x56: u32 = undefined; + var x57: u32 = undefined; + fiatSecp256k1MulxU32(&x56, &x57, x40, 0xfffffc2f); + var x58: u32 = undefined; + var x59: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x58, &x59, 0x0, x57, x54); + var x60: u32 = undefined; + var x61: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x60, &x61, x59, x55, x52); + var x62: u32 = undefined; + var x63: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x62, &x63, x61, x53, x50); + var x64: u32 = undefined; + var x65: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x64, &x65, x63, x51, x48); + var x66: u32 = undefined; + var x67: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x66, &x67, x65, x49, x46); + var x68: u32 = undefined; + var x69: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x68, &x69, x67, x47, x44); + var x70: u32 = undefined; + var x71: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x70, &x71, x69, x45, x42); + const x72: u32 = (@intCast(u32, x71) + x43); + var x73: u32 = undefined; + var x74: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x73, &x74, 0x0, x23, x56); + var x75: u32 = undefined; + var x76: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x75, &x76, x74, x25, x58); + var x77: u32 = undefined; + var x78: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x77, &x78, x76, x27, x60); + var x79: u32 = undefined; + var x80: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x79, &x80, x78, x29, x62); + var x81: u32 = undefined; + var x82: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x81, &x82, x80, x31, x64); + var x83: u32 = undefined; + var x84: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x83, &x84, x82, x33, x66); + var x85: u32 = undefined; + var x86: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x85, &x86, x84, x35, x68); + var x87: u32 = undefined; + var x88: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x87, &x88, x86, x37, x70); + var x89: u32 = undefined; + var x90: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x89, &x90, x88, x39, x72); + var x91: u32 = undefined; + var x92: u32 = undefined; + fiatSecp256k1MulxU32(&x91, &x92, x1, (arg1[7])); + var x93: u32 = undefined; + var x94: u32 = undefined; + fiatSecp256k1MulxU32(&x93, &x94, x1, (arg1[6])); + var x95: u32 = undefined; + var x96: u32 = undefined; + fiatSecp256k1MulxU32(&x95, &x96, x1, (arg1[5])); + var x97: u32 = undefined; + var x98: u32 = undefined; + fiatSecp256k1MulxU32(&x97, &x98, x1, (arg1[4])); + var x99: u32 = undefined; + var x100: u32 = undefined; + fiatSecp256k1MulxU32(&x99, &x100, x1, (arg1[3])); + var x101: u32 = undefined; + var x102: u32 = undefined; + fiatSecp256k1MulxU32(&x101, &x102, x1, (arg1[2])); + var x103: u32 = undefined; + var x104: u32 = undefined; + fiatSecp256k1MulxU32(&x103, &x104, x1, (arg1[1])); + var x105: u32 = undefined; + var x106: u32 = undefined; + fiatSecp256k1MulxU32(&x105, &x106, x1, (arg1[0])); + var x107: u32 = undefined; + var x108: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x107, &x108, 0x0, x106, x103); + var x109: u32 = undefined; + var x110: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x109, &x110, x108, x104, x101); + var x111: u32 = undefined; + var x112: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x111, &x112, x110, x102, x99); + var x113: u32 = undefined; + var x114: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x113, &x114, x112, x100, x97); + var x115: u32 = undefined; + var x116: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x115, &x116, x114, x98, x95); + var x117: u32 = undefined; + var x118: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x117, &x118, x116, x96, x93); + var x119: u32 = undefined; + var x120: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x119, &x120, x118, x94, x91); + const x121: u32 = (@intCast(u32, x120) + x92); + var x122: u32 = undefined; + var x123: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x122, &x123, 0x0, x75, x105); + var x124: u32 = undefined; + var x125: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x124, &x125, x123, x77, x107); + var x126: u32 = undefined; + var x127: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x126, &x127, x125, x79, x109); + var x128: u32 = undefined; + var x129: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x128, &x129, x127, x81, x111); + var x130: u32 = undefined; + var x131: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x130, &x131, x129, x83, x113); + var x132: u32 = undefined; + var x133: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x132, &x133, x131, x85, x115); + var x134: u32 = undefined; + var x135: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x134, &x135, x133, x87, x117); + var x136: u32 = undefined; + var x137: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x136, &x137, x135, x89, x119); + var x138: u32 = undefined; + var x139: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x138, &x139, x137, @intCast(u32, x90), x121); + var x140: u32 = undefined; + var x141: u32 = undefined; + fiatSecp256k1MulxU32(&x140, &x141, x122, 0xd2253531); + var x142: u32 = undefined; + var x143: u32 = undefined; + fiatSecp256k1MulxU32(&x142, &x143, x140, 0xffffffff); + var x144: u32 = undefined; + var x145: u32 = undefined; + fiatSecp256k1MulxU32(&x144, &x145, x140, 0xffffffff); + var x146: u32 = undefined; + var x147: u32 = undefined; + fiatSecp256k1MulxU32(&x146, &x147, x140, 0xffffffff); + var x148: u32 = undefined; + var x149: u32 = undefined; + fiatSecp256k1MulxU32(&x148, &x149, x140, 0xffffffff); + var x150: u32 = undefined; + var x151: u32 = undefined; + fiatSecp256k1MulxU32(&x150, &x151, x140, 0xffffffff); + var x152: u32 = undefined; + var x153: u32 = undefined; + fiatSecp256k1MulxU32(&x152, &x153, x140, 0xffffffff); + var x154: u32 = undefined; + var x155: u32 = undefined; + fiatSecp256k1MulxU32(&x154, &x155, x140, 0xfffffffe); + var x156: u32 = undefined; + var x157: u32 = undefined; + fiatSecp256k1MulxU32(&x156, &x157, x140, 0xfffffc2f); + var x158: u32 = undefined; + var x159: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x158, &x159, 0x0, x157, x154); + var x160: u32 = undefined; + var x161: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x160, &x161, x159, x155, x152); + var x162: u32 = undefined; + var x163: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x162, &x163, x161, x153, x150); + var x164: u32 = undefined; + var x165: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x164, &x165, x163, x151, x148); + var x166: u32 = undefined; + var x167: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x166, &x167, x165, x149, x146); + var x168: u32 = undefined; + var x169: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x168, &x169, x167, x147, x144); + var x170: u32 = undefined; + var x171: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x170, &x171, x169, x145, x142); + const x172: u32 = (@intCast(u32, x171) + x143); + var x173: u32 = undefined; + var x174: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x173, &x174, 0x0, x122, x156); + var x175: u32 = undefined; + var x176: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x175, &x176, x174, x124, x158); + var x177: u32 = undefined; + var x178: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x177, &x178, x176, x126, x160); + var x179: u32 = undefined; + var x180: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x179, &x180, x178, x128, x162); + var x181: u32 = undefined; + var x182: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x181, &x182, x180, x130, x164); + var x183: u32 = undefined; + var x184: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x183, &x184, x182, x132, x166); + var x185: u32 = undefined; + var x186: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x185, &x186, x184, x134, x168); + var x187: u32 = undefined; + var x188: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x187, &x188, x186, x136, x170); + var x189: u32 = undefined; + var x190: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x189, &x190, x188, x138, x172); + const x191: u32 = (@intCast(u32, x190) + @intCast(u32, x139)); + var x192: u32 = undefined; + var x193: u32 = undefined; + fiatSecp256k1MulxU32(&x192, &x193, x2, (arg1[7])); + var x194: u32 = undefined; + var x195: u32 = undefined; + fiatSecp256k1MulxU32(&x194, &x195, x2, (arg1[6])); + var x196: u32 = undefined; + var x197: u32 = undefined; + fiatSecp256k1MulxU32(&x196, &x197, x2, (arg1[5])); + var x198: u32 = undefined; + var x199: u32 = undefined; + fiatSecp256k1MulxU32(&x198, &x199, x2, (arg1[4])); + var x200: u32 = undefined; + var x201: u32 = undefined; + fiatSecp256k1MulxU32(&x200, &x201, x2, (arg1[3])); + var x202: u32 = undefined; + var x203: u32 = undefined; + fiatSecp256k1MulxU32(&x202, &x203, x2, (arg1[2])); + var x204: u32 = undefined; + var x205: u32 = undefined; + fiatSecp256k1MulxU32(&x204, &x205, x2, (arg1[1])); + var x206: u32 = undefined; + var x207: u32 = undefined; + fiatSecp256k1MulxU32(&x206, &x207, x2, (arg1[0])); + var x208: u32 = undefined; + var x209: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x208, &x209, 0x0, x207, x204); + var x210: u32 = undefined; + var x211: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x210, &x211, x209, x205, x202); + var x212: u32 = undefined; + var x213: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x212, &x213, x211, x203, x200); + var x214: u32 = undefined; + var x215: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x214, &x215, x213, x201, x198); + var x216: u32 = undefined; + var x217: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x216, &x217, x215, x199, x196); + var x218: u32 = undefined; + var x219: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x218, &x219, x217, x197, x194); + var x220: u32 = undefined; + var x221: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x220, &x221, x219, x195, x192); + const x222: u32 = (@intCast(u32, x221) + x193); + var x223: u32 = undefined; + var x224: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x223, &x224, 0x0, x175, x206); + var x225: u32 = undefined; + var x226: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x225, &x226, x224, x177, x208); + var x227: u32 = undefined; + var x228: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x227, &x228, x226, x179, x210); + var x229: u32 = undefined; + var x230: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x229, &x230, x228, x181, x212); + var x231: u32 = undefined; + var x232: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x231, &x232, x230, x183, x214); + var x233: u32 = undefined; + var x234: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x233, &x234, x232, x185, x216); + var x235: u32 = undefined; + var x236: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x235, &x236, x234, x187, x218); + var x237: u32 = undefined; + var x238: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x237, &x238, x236, x189, x220); + var x239: u32 = undefined; + var x240: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x239, &x240, x238, x191, x222); + var x241: u32 = undefined; + var x242: u32 = undefined; + fiatSecp256k1MulxU32(&x241, &x242, x223, 0xd2253531); + var x243: u32 = undefined; + var x244: u32 = undefined; + fiatSecp256k1MulxU32(&x243, &x244, x241, 0xffffffff); + var x245: u32 = undefined; + var x246: u32 = undefined; + fiatSecp256k1MulxU32(&x245, &x246, x241, 0xffffffff); + var x247: u32 = undefined; + var x248: u32 = undefined; + fiatSecp256k1MulxU32(&x247, &x248, x241, 0xffffffff); + var x249: u32 = undefined; + var x250: u32 = undefined; + fiatSecp256k1MulxU32(&x249, &x250, x241, 0xffffffff); + var x251: u32 = undefined; + var x252: u32 = undefined; + fiatSecp256k1MulxU32(&x251, &x252, x241, 0xffffffff); + var x253: u32 = undefined; + var x254: u32 = undefined; + fiatSecp256k1MulxU32(&x253, &x254, x241, 0xffffffff); + var x255: u32 = undefined; + var x256: u32 = undefined; + fiatSecp256k1MulxU32(&x255, &x256, x241, 0xfffffffe); + var x257: u32 = undefined; + var x258: u32 = undefined; + fiatSecp256k1MulxU32(&x257, &x258, x241, 0xfffffc2f); + var x259: u32 = undefined; + var x260: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x259, &x260, 0x0, x258, x255); + var x261: u32 = undefined; + var x262: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x261, &x262, x260, x256, x253); + var x263: u32 = undefined; + var x264: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x263, &x264, x262, x254, x251); + var x265: u32 = undefined; + var x266: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x265, &x266, x264, x252, x249); + var x267: u32 = undefined; + var x268: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x267, &x268, x266, x250, x247); + var x269: u32 = undefined; + var x270: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x269, &x270, x268, x248, x245); + var x271: u32 = undefined; + var x272: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x271, &x272, x270, x246, x243); + const x273: u32 = (@intCast(u32, x272) + x244); + var x274: u32 = undefined; + var x275: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x274, &x275, 0x0, x223, x257); + var x276: u32 = undefined; + var x277: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x276, &x277, x275, x225, x259); + var x278: u32 = undefined; + var x279: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x278, &x279, x277, x227, x261); + var x280: u32 = undefined; + var x281: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x280, &x281, x279, x229, x263); + var x282: u32 = undefined; + var x283: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x282, &x283, x281, x231, x265); + var x284: u32 = undefined; + var x285: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x284, &x285, x283, x233, x267); + var x286: u32 = undefined; + var x287: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x286, &x287, x285, x235, x269); + var x288: u32 = undefined; + var x289: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x288, &x289, x287, x237, x271); + var x290: u32 = undefined; + var x291: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x290, &x291, x289, x239, x273); + const x292: u32 = (@intCast(u32, x291) + @intCast(u32, x240)); + var x293: u32 = undefined; + var x294: u32 = undefined; + fiatSecp256k1MulxU32(&x293, &x294, x3, (arg1[7])); + var x295: u32 = undefined; + var x296: u32 = undefined; + fiatSecp256k1MulxU32(&x295, &x296, x3, (arg1[6])); + var x297: u32 = undefined; + var x298: u32 = undefined; + fiatSecp256k1MulxU32(&x297, &x298, x3, (arg1[5])); + var x299: u32 = undefined; + var x300: u32 = undefined; + fiatSecp256k1MulxU32(&x299, &x300, x3, (arg1[4])); + var x301: u32 = undefined; + var x302: u32 = undefined; + fiatSecp256k1MulxU32(&x301, &x302, x3, (arg1[3])); + var x303: u32 = undefined; + var x304: u32 = undefined; + fiatSecp256k1MulxU32(&x303, &x304, x3, (arg1[2])); + var x305: u32 = undefined; + var x306: u32 = undefined; + fiatSecp256k1MulxU32(&x305, &x306, x3, (arg1[1])); + var x307: u32 = undefined; + var x308: u32 = undefined; + fiatSecp256k1MulxU32(&x307, &x308, x3, (arg1[0])); + var x309: u32 = undefined; + var x310: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x309, &x310, 0x0, x308, x305); + var x311: u32 = undefined; + var x312: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x311, &x312, x310, x306, x303); + var x313: u32 = undefined; + var x314: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x313, &x314, x312, x304, x301); + var x315: u32 = undefined; + var x316: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x315, &x316, x314, x302, x299); + var x317: u32 = undefined; + var x318: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x317, &x318, x316, x300, x297); + var x319: u32 = undefined; + var x320: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x319, &x320, x318, x298, x295); + var x321: u32 = undefined; + var x322: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x321, &x322, x320, x296, x293); + const x323: u32 = (@intCast(u32, x322) + x294); + var x324: u32 = undefined; + var x325: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x324, &x325, 0x0, x276, x307); + var x326: u32 = undefined; + var x327: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x326, &x327, x325, x278, x309); + var x328: u32 = undefined; + var x329: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x328, &x329, x327, x280, x311); + var x330: u32 = undefined; + var x331: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x330, &x331, x329, x282, x313); + var x332: u32 = undefined; + var x333: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x332, &x333, x331, x284, x315); + var x334: u32 = undefined; + var x335: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x334, &x335, x333, x286, x317); + var x336: u32 = undefined; + var x337: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x336, &x337, x335, x288, x319); + var x338: u32 = undefined; + var x339: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x338, &x339, x337, x290, x321); + var x340: u32 = undefined; + var x341: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x340, &x341, x339, x292, x323); + var x342: u32 = undefined; + var x343: u32 = undefined; + fiatSecp256k1MulxU32(&x342, &x343, x324, 0xd2253531); + var x344: u32 = undefined; + var x345: u32 = undefined; + fiatSecp256k1MulxU32(&x344, &x345, x342, 0xffffffff); + var x346: u32 = undefined; + var x347: u32 = undefined; + fiatSecp256k1MulxU32(&x346, &x347, x342, 0xffffffff); + var x348: u32 = undefined; + var x349: u32 = undefined; + fiatSecp256k1MulxU32(&x348, &x349, x342, 0xffffffff); + var x350: u32 = undefined; + var x351: u32 = undefined; + fiatSecp256k1MulxU32(&x350, &x351, x342, 0xffffffff); + var x352: u32 = undefined; + var x353: u32 = undefined; + fiatSecp256k1MulxU32(&x352, &x353, x342, 0xffffffff); + var x354: u32 = undefined; + var x355: u32 = undefined; + fiatSecp256k1MulxU32(&x354, &x355, x342, 0xffffffff); + var x356: u32 = undefined; + var x357: u32 = undefined; + fiatSecp256k1MulxU32(&x356, &x357, x342, 0xfffffffe); + var x358: u32 = undefined; + var x359: u32 = undefined; + fiatSecp256k1MulxU32(&x358, &x359, x342, 0xfffffc2f); + var x360: u32 = undefined; + var x361: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x360, &x361, 0x0, x359, x356); + var x362: u32 = undefined; + var x363: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x362, &x363, x361, x357, x354); + var x364: u32 = undefined; + var x365: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x364, &x365, x363, x355, x352); + var x366: u32 = undefined; + var x367: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x366, &x367, x365, x353, x350); + var x368: u32 = undefined; + var x369: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x368, &x369, x367, x351, x348); + var x370: u32 = undefined; + var x371: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x370, &x371, x369, x349, x346); + var x372: u32 = undefined; + var x373: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x372, &x373, x371, x347, x344); + const x374: u32 = (@intCast(u32, x373) + x345); + var x375: u32 = undefined; + var x376: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x375, &x376, 0x0, x324, x358); + var x377: u32 = undefined; + var x378: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x377, &x378, x376, x326, x360); + var x379: u32 = undefined; + var x380: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x379, &x380, x378, x328, x362); + var x381: u32 = undefined; + var x382: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x381, &x382, x380, x330, x364); + var x383: u32 = undefined; + var x384: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x383, &x384, x382, x332, x366); + var x385: u32 = undefined; + var x386: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x385, &x386, x384, x334, x368); + var x387: u32 = undefined; + var x388: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x387, &x388, x386, x336, x370); + var x389: u32 = undefined; + var x390: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x389, &x390, x388, x338, x372); + var x391: u32 = undefined; + var x392: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x391, &x392, x390, x340, x374); + const x393: u32 = (@intCast(u32, x392) + @intCast(u32, x341)); + var x394: u32 = undefined; + var x395: u32 = undefined; + fiatSecp256k1MulxU32(&x394, &x395, x4, (arg1[7])); + var x396: u32 = undefined; + var x397: u32 = undefined; + fiatSecp256k1MulxU32(&x396, &x397, x4, (arg1[6])); + var x398: u32 = undefined; + var x399: u32 = undefined; + fiatSecp256k1MulxU32(&x398, &x399, x4, (arg1[5])); + var x400: u32 = undefined; + var x401: u32 = undefined; + fiatSecp256k1MulxU32(&x400, &x401, x4, (arg1[4])); + var x402: u32 = undefined; + var x403: u32 = undefined; + fiatSecp256k1MulxU32(&x402, &x403, x4, (arg1[3])); + var x404: u32 = undefined; + var x405: u32 = undefined; + fiatSecp256k1MulxU32(&x404, &x405, x4, (arg1[2])); + var x406: u32 = undefined; + var x407: u32 = undefined; + fiatSecp256k1MulxU32(&x406, &x407, x4, (arg1[1])); + var x408: u32 = undefined; + var x409: u32 = undefined; + fiatSecp256k1MulxU32(&x408, &x409, x4, (arg1[0])); + var x410: u32 = undefined; + var x411: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x410, &x411, 0x0, x409, x406); + var x412: u32 = undefined; + var x413: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x412, &x413, x411, x407, x404); + var x414: u32 = undefined; + var x415: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x414, &x415, x413, x405, x402); + var x416: u32 = undefined; + var x417: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x416, &x417, x415, x403, x400); + var x418: u32 = undefined; + var x419: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x418, &x419, x417, x401, x398); + var x420: u32 = undefined; + var x421: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x420, &x421, x419, x399, x396); + var x422: u32 = undefined; + var x423: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x422, &x423, x421, x397, x394); + const x424: u32 = (@intCast(u32, x423) + x395); + var x425: u32 = undefined; + var x426: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x425, &x426, 0x0, x377, x408); + var x427: u32 = undefined; + var x428: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x427, &x428, x426, x379, x410); + var x429: u32 = undefined; + var x430: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x429, &x430, x428, x381, x412); + var x431: u32 = undefined; + var x432: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x431, &x432, x430, x383, x414); + var x433: u32 = undefined; + var x434: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x433, &x434, x432, x385, x416); + var x435: u32 = undefined; + var x436: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x435, &x436, x434, x387, x418); + var x437: u32 = undefined; + var x438: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x437, &x438, x436, x389, x420); + var x439: u32 = undefined; + var x440: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x439, &x440, x438, x391, x422); + var x441: u32 = undefined; + var x442: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x441, &x442, x440, x393, x424); + var x443: u32 = undefined; + var x444: u32 = undefined; + fiatSecp256k1MulxU32(&x443, &x444, x425, 0xd2253531); + var x445: u32 = undefined; + var x446: u32 = undefined; + fiatSecp256k1MulxU32(&x445, &x446, x443, 0xffffffff); + var x447: u32 = undefined; + var x448: u32 = undefined; + fiatSecp256k1MulxU32(&x447, &x448, x443, 0xffffffff); + var x449: u32 = undefined; + var x450: u32 = undefined; + fiatSecp256k1MulxU32(&x449, &x450, x443, 0xffffffff); + var x451: u32 = undefined; + var x452: u32 = undefined; + fiatSecp256k1MulxU32(&x451, &x452, x443, 0xffffffff); + var x453: u32 = undefined; + var x454: u32 = undefined; + fiatSecp256k1MulxU32(&x453, &x454, x443, 0xffffffff); + var x455: u32 = undefined; + var x456: u32 = undefined; + fiatSecp256k1MulxU32(&x455, &x456, x443, 0xffffffff); + var x457: u32 = undefined; + var x458: u32 = undefined; + fiatSecp256k1MulxU32(&x457, &x458, x443, 0xfffffffe); + var x459: u32 = undefined; + var x460: u32 = undefined; + fiatSecp256k1MulxU32(&x459, &x460, x443, 0xfffffc2f); + var x461: u32 = undefined; + var x462: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x461, &x462, 0x0, x460, x457); + var x463: u32 = undefined; + var x464: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x463, &x464, x462, x458, x455); + var x465: u32 = undefined; + var x466: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x465, &x466, x464, x456, x453); + var x467: u32 = undefined; + var x468: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x467, &x468, x466, x454, x451); + var x469: u32 = undefined; + var x470: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x469, &x470, x468, x452, x449); + var x471: u32 = undefined; + var x472: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x471, &x472, x470, x450, x447); + var x473: u32 = undefined; + var x474: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x473, &x474, x472, x448, x445); + const x475: u32 = (@intCast(u32, x474) + x446); + var x476: u32 = undefined; + var x477: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x476, &x477, 0x0, x425, x459); + var x478: u32 = undefined; + var x479: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x478, &x479, x477, x427, x461); + var x480: u32 = undefined; + var x481: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x480, &x481, x479, x429, x463); + var x482: u32 = undefined; + var x483: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x482, &x483, x481, x431, x465); + var x484: u32 = undefined; + var x485: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x484, &x485, x483, x433, x467); + var x486: u32 = undefined; + var x487: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x486, &x487, x485, x435, x469); + var x488: u32 = undefined; + var x489: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x488, &x489, x487, x437, x471); + var x490: u32 = undefined; + var x491: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x490, &x491, x489, x439, x473); + var x492: u32 = undefined; + var x493: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x492, &x493, x491, x441, x475); + const x494: u32 = (@intCast(u32, x493) + @intCast(u32, x442)); + var x495: u32 = undefined; + var x496: u32 = undefined; + fiatSecp256k1MulxU32(&x495, &x496, x5, (arg1[7])); + var x497: u32 = undefined; + var x498: u32 = undefined; + fiatSecp256k1MulxU32(&x497, &x498, x5, (arg1[6])); + var x499: u32 = undefined; + var x500: u32 = undefined; + fiatSecp256k1MulxU32(&x499, &x500, x5, (arg1[5])); + var x501: u32 = undefined; + var x502: u32 = undefined; + fiatSecp256k1MulxU32(&x501, &x502, x5, (arg1[4])); + var x503: u32 = undefined; + var x504: u32 = undefined; + fiatSecp256k1MulxU32(&x503, &x504, x5, (arg1[3])); + var x505: u32 = undefined; + var x506: u32 = undefined; + fiatSecp256k1MulxU32(&x505, &x506, x5, (arg1[2])); + var x507: u32 = undefined; + var x508: u32 = undefined; + fiatSecp256k1MulxU32(&x507, &x508, x5, (arg1[1])); + var x509: u32 = undefined; + var x510: u32 = undefined; + fiatSecp256k1MulxU32(&x509, &x510, x5, (arg1[0])); + var x511: u32 = undefined; + var x512: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x511, &x512, 0x0, x510, x507); + var x513: u32 = undefined; + var x514: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x513, &x514, x512, x508, x505); + var x515: u32 = undefined; + var x516: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x515, &x516, x514, x506, x503); + var x517: u32 = undefined; + var x518: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x517, &x518, x516, x504, x501); + var x519: u32 = undefined; + var x520: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x519, &x520, x518, x502, x499); + var x521: u32 = undefined; + var x522: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x521, &x522, x520, x500, x497); + var x523: u32 = undefined; + var x524: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x523, &x524, x522, x498, x495); + const x525: u32 = (@intCast(u32, x524) + x496); + var x526: u32 = undefined; + var x527: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x526, &x527, 0x0, x478, x509); + var x528: u32 = undefined; + var x529: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x528, &x529, x527, x480, x511); + var x530: u32 = undefined; + var x531: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x530, &x531, x529, x482, x513); + var x532: u32 = undefined; + var x533: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x532, &x533, x531, x484, x515); + var x534: u32 = undefined; + var x535: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x534, &x535, x533, x486, x517); + var x536: u32 = undefined; + var x537: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x536, &x537, x535, x488, x519); + var x538: u32 = undefined; + var x539: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x538, &x539, x537, x490, x521); + var x540: u32 = undefined; + var x541: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x540, &x541, x539, x492, x523); + var x542: u32 = undefined; + var x543: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x542, &x543, x541, x494, x525); + var x544: u32 = undefined; + var x545: u32 = undefined; + fiatSecp256k1MulxU32(&x544, &x545, x526, 0xd2253531); + var x546: u32 = undefined; + var x547: u32 = undefined; + fiatSecp256k1MulxU32(&x546, &x547, x544, 0xffffffff); + var x548: u32 = undefined; + var x549: u32 = undefined; + fiatSecp256k1MulxU32(&x548, &x549, x544, 0xffffffff); + var x550: u32 = undefined; + var x551: u32 = undefined; + fiatSecp256k1MulxU32(&x550, &x551, x544, 0xffffffff); + var x552: u32 = undefined; + var x553: u32 = undefined; + fiatSecp256k1MulxU32(&x552, &x553, x544, 0xffffffff); + var x554: u32 = undefined; + var x555: u32 = undefined; + fiatSecp256k1MulxU32(&x554, &x555, x544, 0xffffffff); + var x556: u32 = undefined; + var x557: u32 = undefined; + fiatSecp256k1MulxU32(&x556, &x557, x544, 0xffffffff); + var x558: u32 = undefined; + var x559: u32 = undefined; + fiatSecp256k1MulxU32(&x558, &x559, x544, 0xfffffffe); + var x560: u32 = undefined; + var x561: u32 = undefined; + fiatSecp256k1MulxU32(&x560, &x561, x544, 0xfffffc2f); + var x562: u32 = undefined; + var x563: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x562, &x563, 0x0, x561, x558); + var x564: u32 = undefined; + var x565: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x564, &x565, x563, x559, x556); + var x566: u32 = undefined; + var x567: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x566, &x567, x565, x557, x554); + var x568: u32 = undefined; + var x569: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x568, &x569, x567, x555, x552); + var x570: u32 = undefined; + var x571: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x570, &x571, x569, x553, x550); + var x572: u32 = undefined; + var x573: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x572, &x573, x571, x551, x548); + var x574: u32 = undefined; + var x575: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x574, &x575, x573, x549, x546); + const x576: u32 = (@intCast(u32, x575) + x547); + var x577: u32 = undefined; + var x578: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x577, &x578, 0x0, x526, x560); + var x579: u32 = undefined; + var x580: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x579, &x580, x578, x528, x562); + var x581: u32 = undefined; + var x582: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x581, &x582, x580, x530, x564); + var x583: u32 = undefined; + var x584: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x583, &x584, x582, x532, x566); + var x585: u32 = undefined; + var x586: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x585, &x586, x584, x534, x568); + var x587: u32 = undefined; + var x588: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x587, &x588, x586, x536, x570); + var x589: u32 = undefined; + var x590: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x589, &x590, x588, x538, x572); + var x591: u32 = undefined; + var x592: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x591, &x592, x590, x540, x574); + var x593: u32 = undefined; + var x594: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x593, &x594, x592, x542, x576); + const x595: u32 = (@intCast(u32, x594) + @intCast(u32, x543)); + var x596: u32 = undefined; + var x597: u32 = undefined; + fiatSecp256k1MulxU32(&x596, &x597, x6, (arg1[7])); + var x598: u32 = undefined; + var x599: u32 = undefined; + fiatSecp256k1MulxU32(&x598, &x599, x6, (arg1[6])); + var x600: u32 = undefined; + var x601: u32 = undefined; + fiatSecp256k1MulxU32(&x600, &x601, x6, (arg1[5])); + var x602: u32 = undefined; + var x603: u32 = undefined; + fiatSecp256k1MulxU32(&x602, &x603, x6, (arg1[4])); + var x604: u32 = undefined; + var x605: u32 = undefined; + fiatSecp256k1MulxU32(&x604, &x605, x6, (arg1[3])); + var x606: u32 = undefined; + var x607: u32 = undefined; + fiatSecp256k1MulxU32(&x606, &x607, x6, (arg1[2])); + var x608: u32 = undefined; + var x609: u32 = undefined; + fiatSecp256k1MulxU32(&x608, &x609, x6, (arg1[1])); + var x610: u32 = undefined; + var x611: u32 = undefined; + fiatSecp256k1MulxU32(&x610, &x611, x6, (arg1[0])); + var x612: u32 = undefined; + var x613: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x612, &x613, 0x0, x611, x608); + var x614: u32 = undefined; + var x615: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x614, &x615, x613, x609, x606); + var x616: u32 = undefined; + var x617: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x616, &x617, x615, x607, x604); + var x618: u32 = undefined; + var x619: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x618, &x619, x617, x605, x602); + var x620: u32 = undefined; + var x621: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x620, &x621, x619, x603, x600); + var x622: u32 = undefined; + var x623: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x622, &x623, x621, x601, x598); + var x624: u32 = undefined; + var x625: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x624, &x625, x623, x599, x596); + const x626: u32 = (@intCast(u32, x625) + x597); + var x627: u32 = undefined; + var x628: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x627, &x628, 0x0, x579, x610); + var x629: u32 = undefined; + var x630: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x629, &x630, x628, x581, x612); + var x631: u32 = undefined; + var x632: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x631, &x632, x630, x583, x614); + var x633: u32 = undefined; + var x634: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x633, &x634, x632, x585, x616); + var x635: u32 = undefined; + var x636: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x635, &x636, x634, x587, x618); + var x637: u32 = undefined; + var x638: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x637, &x638, x636, x589, x620); + var x639: u32 = undefined; + var x640: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x639, &x640, x638, x591, x622); + var x641: u32 = undefined; + var x642: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x641, &x642, x640, x593, x624); + var x643: u32 = undefined; + var x644: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x643, &x644, x642, x595, x626); + var x645: u32 = undefined; + var x646: u32 = undefined; + fiatSecp256k1MulxU32(&x645, &x646, x627, 0xd2253531); + var x647: u32 = undefined; + var x648: u32 = undefined; + fiatSecp256k1MulxU32(&x647, &x648, x645, 0xffffffff); + var x649: u32 = undefined; + var x650: u32 = undefined; + fiatSecp256k1MulxU32(&x649, &x650, x645, 0xffffffff); + var x651: u32 = undefined; + var x652: u32 = undefined; + fiatSecp256k1MulxU32(&x651, &x652, x645, 0xffffffff); + var x653: u32 = undefined; + var x654: u32 = undefined; + fiatSecp256k1MulxU32(&x653, &x654, x645, 0xffffffff); + var x655: u32 = undefined; + var x656: u32 = undefined; + fiatSecp256k1MulxU32(&x655, &x656, x645, 0xffffffff); + var x657: u32 = undefined; + var x658: u32 = undefined; + fiatSecp256k1MulxU32(&x657, &x658, x645, 0xffffffff); + var x659: u32 = undefined; + var x660: u32 = undefined; + fiatSecp256k1MulxU32(&x659, &x660, x645, 0xfffffffe); + var x661: u32 = undefined; + var x662: u32 = undefined; + fiatSecp256k1MulxU32(&x661, &x662, x645, 0xfffffc2f); + var x663: u32 = undefined; + var x664: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x663, &x664, 0x0, x662, x659); + var x665: u32 = undefined; + var x666: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x665, &x666, x664, x660, x657); + var x667: u32 = undefined; + var x668: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x667, &x668, x666, x658, x655); + var x669: u32 = undefined; + var x670: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x669, &x670, x668, x656, x653); + var x671: u32 = undefined; + var x672: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x671, &x672, x670, x654, x651); + var x673: u32 = undefined; + var x674: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x673, &x674, x672, x652, x649); + var x675: u32 = undefined; + var x676: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x675, &x676, x674, x650, x647); + const x677: u32 = (@intCast(u32, x676) + x648); + var x678: u32 = undefined; + var x679: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x678, &x679, 0x0, x627, x661); + var x680: u32 = undefined; + var x681: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x680, &x681, x679, x629, x663); + var x682: u32 = undefined; + var x683: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x682, &x683, x681, x631, x665); + var x684: u32 = undefined; + var x685: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x684, &x685, x683, x633, x667); + var x686: u32 = undefined; + var x687: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x686, &x687, x685, x635, x669); + var x688: u32 = undefined; + var x689: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x688, &x689, x687, x637, x671); + var x690: u32 = undefined; + var x691: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x690, &x691, x689, x639, x673); + var x692: u32 = undefined; + var x693: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x692, &x693, x691, x641, x675); + var x694: u32 = undefined; + var x695: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x694, &x695, x693, x643, x677); + const x696: u32 = (@intCast(u32, x695) + @intCast(u32, x644)); + var x697: u32 = undefined; + var x698: u32 = undefined; + fiatSecp256k1MulxU32(&x697, &x698, x7, (arg1[7])); + var x699: u32 = undefined; + var x700: u32 = undefined; + fiatSecp256k1MulxU32(&x699, &x700, x7, (arg1[6])); + var x701: u32 = undefined; + var x702: u32 = undefined; + fiatSecp256k1MulxU32(&x701, &x702, x7, (arg1[5])); + var x703: u32 = undefined; + var x704: u32 = undefined; + fiatSecp256k1MulxU32(&x703, &x704, x7, (arg1[4])); + var x705: u32 = undefined; + var x706: u32 = undefined; + fiatSecp256k1MulxU32(&x705, &x706, x7, (arg1[3])); + var x707: u32 = undefined; + var x708: u32 = undefined; + fiatSecp256k1MulxU32(&x707, &x708, x7, (arg1[2])); + var x709: u32 = undefined; + var x710: u32 = undefined; + fiatSecp256k1MulxU32(&x709, &x710, x7, (arg1[1])); + var x711: u32 = undefined; + var x712: u32 = undefined; + fiatSecp256k1MulxU32(&x711, &x712, x7, (arg1[0])); + var x713: u32 = undefined; + var x714: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x713, &x714, 0x0, x712, x709); + var x715: u32 = undefined; + var x716: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x715, &x716, x714, x710, x707); + var x717: u32 = undefined; + var x718: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x717, &x718, x716, x708, x705); + var x719: u32 = undefined; + var x720: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x719, &x720, x718, x706, x703); + var x721: u32 = undefined; + var x722: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x721, &x722, x720, x704, x701); + var x723: u32 = undefined; + var x724: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x723, &x724, x722, x702, x699); + var x725: u32 = undefined; + var x726: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x725, &x726, x724, x700, x697); + const x727: u32 = (@intCast(u32, x726) + x698); + var x728: u32 = undefined; + var x729: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x728, &x729, 0x0, x680, x711); + var x730: u32 = undefined; + var x731: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x730, &x731, x729, x682, x713); + var x732: u32 = undefined; + var x733: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x732, &x733, x731, x684, x715); + var x734: u32 = undefined; + var x735: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x734, &x735, x733, x686, x717); + var x736: u32 = undefined; + var x737: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x736, &x737, x735, x688, x719); + var x738: u32 = undefined; + var x739: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x738, &x739, x737, x690, x721); + var x740: u32 = undefined; + var x741: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x740, &x741, x739, x692, x723); + var x742: u32 = undefined; + var x743: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x742, &x743, x741, x694, x725); + var x744: u32 = undefined; + var x745: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x744, &x745, x743, x696, x727); + var x746: u32 = undefined; + var x747: u32 = undefined; + fiatSecp256k1MulxU32(&x746, &x747, x728, 0xd2253531); + var x748: u32 = undefined; + var x749: u32 = undefined; + fiatSecp256k1MulxU32(&x748, &x749, x746, 0xffffffff); + var x750: u32 = undefined; + var x751: u32 = undefined; + fiatSecp256k1MulxU32(&x750, &x751, x746, 0xffffffff); + var x752: u32 = undefined; + var x753: u32 = undefined; + fiatSecp256k1MulxU32(&x752, &x753, x746, 0xffffffff); + var x754: u32 = undefined; + var x755: u32 = undefined; + fiatSecp256k1MulxU32(&x754, &x755, x746, 0xffffffff); + var x756: u32 = undefined; + var x757: u32 = undefined; + fiatSecp256k1MulxU32(&x756, &x757, x746, 0xffffffff); + var x758: u32 = undefined; + var x759: u32 = undefined; + fiatSecp256k1MulxU32(&x758, &x759, x746, 0xffffffff); + var x760: u32 = undefined; + var x761: u32 = undefined; + fiatSecp256k1MulxU32(&x760, &x761, x746, 0xfffffffe); + var x762: u32 = undefined; + var x763: u32 = undefined; + fiatSecp256k1MulxU32(&x762, &x763, x746, 0xfffffc2f); + var x764: u32 = undefined; + var x765: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x764, &x765, 0x0, x763, x760); + var x766: u32 = undefined; + var x767: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x766, &x767, x765, x761, x758); + var x768: u32 = undefined; + var x769: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x768, &x769, x767, x759, x756); + var x770: u32 = undefined; + var x771: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x770, &x771, x769, x757, x754); + var x772: u32 = undefined; + var x773: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x772, &x773, x771, x755, x752); + var x774: u32 = undefined; + var x775: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x774, &x775, x773, x753, x750); + var x776: u32 = undefined; + var x777: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x776, &x777, x775, x751, x748); + const x778: u32 = (@intCast(u32, x777) + x749); + var x779: u32 = undefined; + var x780: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x779, &x780, 0x0, x728, x762); + var x781: u32 = undefined; + var x782: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x781, &x782, x780, x730, x764); + var x783: u32 = undefined; + var x784: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x783, &x784, x782, x732, x766); + var x785: u32 = undefined; + var x786: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x785, &x786, x784, x734, x768); + var x787: u32 = undefined; + var x788: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x787, &x788, x786, x736, x770); + var x789: u32 = undefined; + var x790: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x789, &x790, x788, x738, x772); + var x791: u32 = undefined; + var x792: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x791, &x792, x790, x740, x774); + var x793: u32 = undefined; + var x794: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x793, &x794, x792, x742, x776); + var x795: u32 = undefined; + var x796: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x795, &x796, x794, x744, x778); + const x797: u32 = (@intCast(u32, x796) + @intCast(u32, x745)); + var x798: u32 = undefined; + var x799: u1 = undefined; + fiatSecp256k1SubborrowxU32(&x798, &x799, 0x0, x781, 0xfffffc2f); + var x800: u32 = undefined; + var x801: u1 = undefined; + fiatSecp256k1SubborrowxU32(&x800, &x801, x799, x783, 0xfffffffe); + var x802: u32 = undefined; + var x803: u1 = undefined; + fiatSecp256k1SubborrowxU32(&x802, &x803, x801, x785, 0xffffffff); + var x804: u32 = undefined; + var x805: u1 = undefined; + fiatSecp256k1SubborrowxU32(&x804, &x805, x803, x787, 0xffffffff); + var x806: u32 = undefined; + var x807: u1 = undefined; + fiatSecp256k1SubborrowxU32(&x806, &x807, x805, x789, 0xffffffff); + var x808: u32 = undefined; + var x809: u1 = undefined; + fiatSecp256k1SubborrowxU32(&x808, &x809, x807, x791, 0xffffffff); + var x810: u32 = undefined; + var x811: u1 = undefined; + fiatSecp256k1SubborrowxU32(&x810, &x811, x809, x793, 0xffffffff); + var x812: u32 = undefined; + var x813: u1 = undefined; + fiatSecp256k1SubborrowxU32(&x812, &x813, x811, x795, 0xffffffff); + var x814: u32 = undefined; + var x815: u1 = undefined; + fiatSecp256k1SubborrowxU32(&x814, &x815, x813, x797, @intCast(u32, 0x0)); + var x816: u32 = undefined; + fiatSecp256k1CmovznzU32(&x816, x815, x798, x781); + var x817: u32 = undefined; + fiatSecp256k1CmovznzU32(&x817, x815, x800, x783); + var x818: u32 = undefined; + fiatSecp256k1CmovznzU32(&x818, x815, x802, x785); + var x819: u32 = undefined; + fiatSecp256k1CmovznzU32(&x819, x815, x804, x787); + var x820: u32 = undefined; + fiatSecp256k1CmovznzU32(&x820, x815, x806, x789); + var x821: u32 = undefined; + fiatSecp256k1CmovznzU32(&x821, x815, x808, x791); + var x822: u32 = undefined; + fiatSecp256k1CmovznzU32(&x822, x815, x810, x793); + var x823: u32 = undefined; + fiatSecp256k1CmovznzU32(&x823, x815, x812, x795); + out1[0] = x816; + out1[1] = x817; + out1[2] = x818; + out1[3] = x819; + out1[4] = x820; + out1[5] = x821; + out1[6] = x822; + out1[7] = x823; +} + +/// The function fiatSecp256k1Add adds two field elements in the Montgomery domain. +/// Preconditions: +/// 0 ≤ eval arg1 < m +/// 0 ≤ eval arg2 < m +/// Postconditions: +/// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) + eval (from_montgomery arg2)) mod m +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +/// arg2: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +pub fn fiatSecp256k1Add(out1: *[8]u32, arg1: [8]u32, arg2: [8]u32) void { + var x1: u32 = undefined; + var x2: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x1, &x2, 0x0, (arg1[0]), (arg2[0])); + var x3: u32 = undefined; + var x4: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x3, &x4, x2, (arg1[1]), (arg2[1])); + var x5: u32 = undefined; + var x6: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x5, &x6, x4, (arg1[2]), (arg2[2])); + var x7: u32 = undefined; + var x8: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x7, &x8, x6, (arg1[3]), (arg2[3])); + var x9: u32 = undefined; + var x10: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x9, &x10, x8, (arg1[4]), (arg2[4])); + var x11: u32 = undefined; + var x12: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x11, &x12, x10, (arg1[5]), (arg2[5])); + var x13: u32 = undefined; + var x14: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x13, &x14, x12, (arg1[6]), (arg2[6])); + var x15: u32 = undefined; + var x16: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x15, &x16, x14, (arg1[7]), (arg2[7])); + var x17: u32 = undefined; + var x18: u1 = undefined; + fiatSecp256k1SubborrowxU32(&x17, &x18, 0x0, x1, 0xfffffc2f); + var x19: u32 = undefined; + var x20: u1 = undefined; + fiatSecp256k1SubborrowxU32(&x19, &x20, x18, x3, 0xfffffffe); + var x21: u32 = undefined; + var x22: u1 = undefined; + fiatSecp256k1SubborrowxU32(&x21, &x22, x20, x5, 0xffffffff); + var x23: u32 = undefined; + var x24: u1 = undefined; + fiatSecp256k1SubborrowxU32(&x23, &x24, x22, x7, 0xffffffff); + var x25: u32 = undefined; + var x26: u1 = undefined; + fiatSecp256k1SubborrowxU32(&x25, &x26, x24, x9, 0xffffffff); + var x27: u32 = undefined; + var x28: u1 = undefined; + fiatSecp256k1SubborrowxU32(&x27, &x28, x26, x11, 0xffffffff); + var x29: u32 = undefined; + var x30: u1 = undefined; + fiatSecp256k1SubborrowxU32(&x29, &x30, x28, x13, 0xffffffff); + var x31: u32 = undefined; + var x32: u1 = undefined; + fiatSecp256k1SubborrowxU32(&x31, &x32, x30, x15, 0xffffffff); + var x33: u32 = undefined; + var x34: u1 = undefined; + fiatSecp256k1SubborrowxU32(&x33, &x34, x32, @intCast(u32, x16), @intCast(u32, 0x0)); + var x35: u32 = undefined; + fiatSecp256k1CmovznzU32(&x35, x34, x17, x1); + var x36: u32 = undefined; + fiatSecp256k1CmovznzU32(&x36, x34, x19, x3); + var x37: u32 = undefined; + fiatSecp256k1CmovznzU32(&x37, x34, x21, x5); + var x38: u32 = undefined; + fiatSecp256k1CmovznzU32(&x38, x34, x23, x7); + var x39: u32 = undefined; + fiatSecp256k1CmovznzU32(&x39, x34, x25, x9); + var x40: u32 = undefined; + fiatSecp256k1CmovznzU32(&x40, x34, x27, x11); + var x41: u32 = undefined; + fiatSecp256k1CmovznzU32(&x41, x34, x29, x13); + var x42: u32 = undefined; + fiatSecp256k1CmovznzU32(&x42, x34, x31, x15); + out1[0] = x35; + out1[1] = x36; + out1[2] = x37; + out1[3] = x38; + out1[4] = x39; + out1[5] = x40; + out1[6] = x41; + out1[7] = x42; +} + +/// The function fiatSecp256k1Sub subtracts two field elements in the Montgomery domain. +/// Preconditions: +/// 0 ≤ eval arg1 < m +/// 0 ≤ eval arg2 < m +/// Postconditions: +/// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) - eval (from_montgomery arg2)) mod m +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +/// arg2: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +pub fn fiatSecp256k1Sub(out1: *[8]u32, arg1: [8]u32, arg2: [8]u32) void { + var x1: u32 = undefined; + var x2: u1 = undefined; + fiatSecp256k1SubborrowxU32(&x1, &x2, 0x0, (arg1[0]), (arg2[0])); + var x3: u32 = undefined; + var x4: u1 = undefined; + fiatSecp256k1SubborrowxU32(&x3, &x4, x2, (arg1[1]), (arg2[1])); + var x5: u32 = undefined; + var x6: u1 = undefined; + fiatSecp256k1SubborrowxU32(&x5, &x6, x4, (arg1[2]), (arg2[2])); + var x7: u32 = undefined; + var x8: u1 = undefined; + fiatSecp256k1SubborrowxU32(&x7, &x8, x6, (arg1[3]), (arg2[3])); + var x9: u32 = undefined; + var x10: u1 = undefined; + fiatSecp256k1SubborrowxU32(&x9, &x10, x8, (arg1[4]), (arg2[4])); + var x11: u32 = undefined; + var x12: u1 = undefined; + fiatSecp256k1SubborrowxU32(&x11, &x12, x10, (arg1[5]), (arg2[5])); + var x13: u32 = undefined; + var x14: u1 = undefined; + fiatSecp256k1SubborrowxU32(&x13, &x14, x12, (arg1[6]), (arg2[6])); + var x15: u32 = undefined; + var x16: u1 = undefined; + fiatSecp256k1SubborrowxU32(&x15, &x16, x14, (arg1[7]), (arg2[7])); + var x17: u32 = undefined; + fiatSecp256k1CmovznzU32(&x17, x16, @intCast(u32, 0x0), 0xffffffff); + var x18: u32 = undefined; + var x19: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x18, &x19, 0x0, x1, (x17 & 0xfffffc2f)); + var x20: u32 = undefined; + var x21: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x20, &x21, x19, x3, (x17 & 0xfffffffe)); + var x22: u32 = undefined; + var x23: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x22, &x23, x21, x5, x17); + var x24: u32 = undefined; + var x25: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x24, &x25, x23, x7, x17); + var x26: u32 = undefined; + var x27: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x26, &x27, x25, x9, x17); + var x28: u32 = undefined; + var x29: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x28, &x29, x27, x11, x17); + var x30: u32 = undefined; + var x31: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x30, &x31, x29, x13, x17); + var x32: u32 = undefined; + var x33: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x32, &x33, x31, x15, x17); + out1[0] = x18; + out1[1] = x20; + out1[2] = x22; + out1[3] = x24; + out1[4] = x26; + out1[5] = x28; + out1[6] = x30; + out1[7] = x32; +} + +/// The function fiatSecp256k1Opp negates a field element in the Montgomery domain. +/// Preconditions: +/// 0 ≤ eval arg1 < m +/// Postconditions: +/// eval (from_montgomery out1) mod m = -eval (from_montgomery arg1) mod m +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +pub fn fiatSecp256k1Opp(out1: *[8]u32, arg1: [8]u32) void { + var x1: u32 = undefined; + var x2: u1 = undefined; + fiatSecp256k1SubborrowxU32(&x1, &x2, 0x0, @intCast(u32, 0x0), (arg1[0])); + var x3: u32 = undefined; + var x4: u1 = undefined; + fiatSecp256k1SubborrowxU32(&x3, &x4, x2, @intCast(u32, 0x0), (arg1[1])); + var x5: u32 = undefined; + var x6: u1 = undefined; + fiatSecp256k1SubborrowxU32(&x5, &x6, x4, @intCast(u32, 0x0), (arg1[2])); + var x7: u32 = undefined; + var x8: u1 = undefined; + fiatSecp256k1SubborrowxU32(&x7, &x8, x6, @intCast(u32, 0x0), (arg1[3])); + var x9: u32 = undefined; + var x10: u1 = undefined; + fiatSecp256k1SubborrowxU32(&x9, &x10, x8, @intCast(u32, 0x0), (arg1[4])); + var x11: u32 = undefined; + var x12: u1 = undefined; + fiatSecp256k1SubborrowxU32(&x11, &x12, x10, @intCast(u32, 0x0), (arg1[5])); + var x13: u32 = undefined; + var x14: u1 = undefined; + fiatSecp256k1SubborrowxU32(&x13, &x14, x12, @intCast(u32, 0x0), (arg1[6])); + var x15: u32 = undefined; + var x16: u1 = undefined; + fiatSecp256k1SubborrowxU32(&x15, &x16, x14, @intCast(u32, 0x0), (arg1[7])); + var x17: u32 = undefined; + fiatSecp256k1CmovznzU32(&x17, x16, @intCast(u32, 0x0), 0xffffffff); + var x18: u32 = undefined; + var x19: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x18, &x19, 0x0, x1, (x17 & 0xfffffc2f)); + var x20: u32 = undefined; + var x21: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x20, &x21, x19, x3, (x17 & 0xfffffffe)); + var x22: u32 = undefined; + var x23: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x22, &x23, x21, x5, x17); + var x24: u32 = undefined; + var x25: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x24, &x25, x23, x7, x17); + var x26: u32 = undefined; + var x27: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x26, &x27, x25, x9, x17); + var x28: u32 = undefined; + var x29: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x28, &x29, x27, x11, x17); + var x30: u32 = undefined; + var x31: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x30, &x31, x29, x13, x17); + var x32: u32 = undefined; + var x33: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x32, &x33, x31, x15, x17); + out1[0] = x18; + out1[1] = x20; + out1[2] = x22; + out1[3] = x24; + out1[4] = x26; + out1[5] = x28; + out1[6] = x30; + out1[7] = x32; +} + +/// The function fiatSecp256k1FromMontgomery translates a field element out of the Montgomery domain. +/// Preconditions: +/// 0 ≤ eval arg1 < m +/// Postconditions: +/// eval out1 mod m = (eval arg1 * ((2^32)⁻¹ mod m)^8) mod m +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +pub fn fiatSecp256k1FromMontgomery(out1: *[8]u32, arg1: [8]u32) void { + const x1: u32 = (arg1[0]); + var x2: u32 = undefined; + var x3: u32 = undefined; + fiatSecp256k1MulxU32(&x2, &x3, x1, 0xd2253531); + var x4: u32 = undefined; + var x5: u32 = undefined; + fiatSecp256k1MulxU32(&x4, &x5, x2, 0xffffffff); + var x6: u32 = undefined; + var x7: u32 = undefined; + fiatSecp256k1MulxU32(&x6, &x7, x2, 0xffffffff); + var x8: u32 = undefined; + var x9: u32 = undefined; + fiatSecp256k1MulxU32(&x8, &x9, x2, 0xffffffff); + var x10: u32 = undefined; + var x11: u32 = undefined; + fiatSecp256k1MulxU32(&x10, &x11, x2, 0xffffffff); + var x12: u32 = undefined; + var x13: u32 = undefined; + fiatSecp256k1MulxU32(&x12, &x13, x2, 0xffffffff); + var x14: u32 = undefined; + var x15: u32 = undefined; + fiatSecp256k1MulxU32(&x14, &x15, x2, 0xffffffff); + var x16: u32 = undefined; + var x17: u32 = undefined; + fiatSecp256k1MulxU32(&x16, &x17, x2, 0xfffffffe); + var x18: u32 = undefined; + var x19: u32 = undefined; + fiatSecp256k1MulxU32(&x18, &x19, x2, 0xfffffc2f); + var x20: u32 = undefined; + var x21: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x20, &x21, 0x0, x19, x16); + var x22: u32 = undefined; + var x23: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x22, &x23, x21, x17, x14); + var x24: u32 = undefined; + var x25: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x24, &x25, x23, x15, x12); + var x26: u32 = undefined; + var x27: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x26, &x27, x25, x13, x10); + var x28: u32 = undefined; + var x29: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x28, &x29, x27, x11, x8); + var x30: u32 = undefined; + var x31: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x30, &x31, x29, x9, x6); + var x32: u32 = undefined; + var x33: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x32, &x33, x31, x7, x4); + var x34: u32 = undefined; + var x35: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x34, &x35, 0x0, x1, x18); + var x36: u32 = undefined; + var x37: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x36, &x37, x35, @intCast(u32, 0x0), x20); + var x38: u32 = undefined; + var x39: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x38, &x39, x37, @intCast(u32, 0x0), x22); + var x40: u32 = undefined; + var x41: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x40, &x41, x39, @intCast(u32, 0x0), x24); + var x42: u32 = undefined; + var x43: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x42, &x43, x41, @intCast(u32, 0x0), x26); + var x44: u32 = undefined; + var x45: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x44, &x45, x43, @intCast(u32, 0x0), x28); + var x46: u32 = undefined; + var x47: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x46, &x47, x45, @intCast(u32, 0x0), x30); + var x48: u32 = undefined; + var x49: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x48, &x49, x47, @intCast(u32, 0x0), x32); + var x50: u32 = undefined; + var x51: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x50, &x51, x49, @intCast(u32, 0x0), (@intCast(u32, x33) + x5)); + var x52: u32 = undefined; + var x53: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x52, &x53, 0x0, x36, (arg1[1])); + var x54: u32 = undefined; + var x55: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x54, &x55, x53, x38, @intCast(u32, 0x0)); + var x56: u32 = undefined; + var x57: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x56, &x57, x55, x40, @intCast(u32, 0x0)); + var x58: u32 = undefined; + var x59: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x58, &x59, x57, x42, @intCast(u32, 0x0)); + var x60: u32 = undefined; + var x61: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x60, &x61, x59, x44, @intCast(u32, 0x0)); + var x62: u32 = undefined; + var x63: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x62, &x63, x61, x46, @intCast(u32, 0x0)); + var x64: u32 = undefined; + var x65: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x64, &x65, x63, x48, @intCast(u32, 0x0)); + var x66: u32 = undefined; + var x67: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x66, &x67, x65, x50, @intCast(u32, 0x0)); + var x68: u32 = undefined; + var x69: u32 = undefined; + fiatSecp256k1MulxU32(&x68, &x69, x52, 0xd2253531); + var x70: u32 = undefined; + var x71: u32 = undefined; + fiatSecp256k1MulxU32(&x70, &x71, x68, 0xffffffff); + var x72: u32 = undefined; + var x73: u32 = undefined; + fiatSecp256k1MulxU32(&x72, &x73, x68, 0xffffffff); + var x74: u32 = undefined; + var x75: u32 = undefined; + fiatSecp256k1MulxU32(&x74, &x75, x68, 0xffffffff); + var x76: u32 = undefined; + var x77: u32 = undefined; + fiatSecp256k1MulxU32(&x76, &x77, x68, 0xffffffff); + var x78: u32 = undefined; + var x79: u32 = undefined; + fiatSecp256k1MulxU32(&x78, &x79, x68, 0xffffffff); + var x80: u32 = undefined; + var x81: u32 = undefined; + fiatSecp256k1MulxU32(&x80, &x81, x68, 0xffffffff); + var x82: u32 = undefined; + var x83: u32 = undefined; + fiatSecp256k1MulxU32(&x82, &x83, x68, 0xfffffffe); + var x84: u32 = undefined; + var x85: u32 = undefined; + fiatSecp256k1MulxU32(&x84, &x85, x68, 0xfffffc2f); + var x86: u32 = undefined; + var x87: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x86, &x87, 0x0, x85, x82); + var x88: u32 = undefined; + var x89: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x88, &x89, x87, x83, x80); + var x90: u32 = undefined; + var x91: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x90, &x91, x89, x81, x78); + var x92: u32 = undefined; + var x93: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x92, &x93, x91, x79, x76); + var x94: u32 = undefined; + var x95: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x94, &x95, x93, x77, x74); + var x96: u32 = undefined; + var x97: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x96, &x97, x95, x75, x72); + var x98: u32 = undefined; + var x99: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x98, &x99, x97, x73, x70); + var x100: u32 = undefined; + var x101: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x100, &x101, 0x0, x52, x84); + var x102: u32 = undefined; + var x103: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x102, &x103, x101, x54, x86); + var x104: u32 = undefined; + var x105: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x104, &x105, x103, x56, x88); + var x106: u32 = undefined; + var x107: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x106, &x107, x105, x58, x90); + var x108: u32 = undefined; + var x109: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x108, &x109, x107, x60, x92); + var x110: u32 = undefined; + var x111: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x110, &x111, x109, x62, x94); + var x112: u32 = undefined; + var x113: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x112, &x113, x111, x64, x96); + var x114: u32 = undefined; + var x115: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x114, &x115, x113, x66, x98); + var x116: u32 = undefined; + var x117: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x116, &x117, x115, (@intCast(u32, x67) + @intCast(u32, x51)), (@intCast(u32, x99) + x71)); + var x118: u32 = undefined; + var x119: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x118, &x119, 0x0, x102, (arg1[2])); + var x120: u32 = undefined; + var x121: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x120, &x121, x119, x104, @intCast(u32, 0x0)); + var x122: u32 = undefined; + var x123: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x122, &x123, x121, x106, @intCast(u32, 0x0)); + var x124: u32 = undefined; + var x125: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x124, &x125, x123, x108, @intCast(u32, 0x0)); + var x126: u32 = undefined; + var x127: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x126, &x127, x125, x110, @intCast(u32, 0x0)); + var x128: u32 = undefined; + var x129: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x128, &x129, x127, x112, @intCast(u32, 0x0)); + var x130: u32 = undefined; + var x131: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x130, &x131, x129, x114, @intCast(u32, 0x0)); + var x132: u32 = undefined; + var x133: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x132, &x133, x131, x116, @intCast(u32, 0x0)); + var x134: u32 = undefined; + var x135: u32 = undefined; + fiatSecp256k1MulxU32(&x134, &x135, x118, 0xd2253531); + var x136: u32 = undefined; + var x137: u32 = undefined; + fiatSecp256k1MulxU32(&x136, &x137, x134, 0xffffffff); + var x138: u32 = undefined; + var x139: u32 = undefined; + fiatSecp256k1MulxU32(&x138, &x139, x134, 0xffffffff); + var x140: u32 = undefined; + var x141: u32 = undefined; + fiatSecp256k1MulxU32(&x140, &x141, x134, 0xffffffff); + var x142: u32 = undefined; + var x143: u32 = undefined; + fiatSecp256k1MulxU32(&x142, &x143, x134, 0xffffffff); + var x144: u32 = undefined; + var x145: u32 = undefined; + fiatSecp256k1MulxU32(&x144, &x145, x134, 0xffffffff); + var x146: u32 = undefined; + var x147: u32 = undefined; + fiatSecp256k1MulxU32(&x146, &x147, x134, 0xffffffff); + var x148: u32 = undefined; + var x149: u32 = undefined; + fiatSecp256k1MulxU32(&x148, &x149, x134, 0xfffffffe); + var x150: u32 = undefined; + var x151: u32 = undefined; + fiatSecp256k1MulxU32(&x150, &x151, x134, 0xfffffc2f); + var x152: u32 = undefined; + var x153: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x152, &x153, 0x0, x151, x148); + var x154: u32 = undefined; + var x155: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x154, &x155, x153, x149, x146); + var x156: u32 = undefined; + var x157: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x156, &x157, x155, x147, x144); + var x158: u32 = undefined; + var x159: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x158, &x159, x157, x145, x142); + var x160: u32 = undefined; + var x161: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x160, &x161, x159, x143, x140); + var x162: u32 = undefined; + var x163: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x162, &x163, x161, x141, x138); + var x164: u32 = undefined; + var x165: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x164, &x165, x163, x139, x136); + var x166: u32 = undefined; + var x167: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x166, &x167, 0x0, x118, x150); + var x168: u32 = undefined; + var x169: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x168, &x169, x167, x120, x152); + var x170: u32 = undefined; + var x171: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x170, &x171, x169, x122, x154); + var x172: u32 = undefined; + var x173: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x172, &x173, x171, x124, x156); + var x174: u32 = undefined; + var x175: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x174, &x175, x173, x126, x158); + var x176: u32 = undefined; + var x177: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x176, &x177, x175, x128, x160); + var x178: u32 = undefined; + var x179: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x178, &x179, x177, x130, x162); + var x180: u32 = undefined; + var x181: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x180, &x181, x179, x132, x164); + var x182: u32 = undefined; + var x183: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x182, &x183, x181, (@intCast(u32, x133) + @intCast(u32, x117)), (@intCast(u32, x165) + x137)); + var x184: u32 = undefined; + var x185: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x184, &x185, 0x0, x168, (arg1[3])); + var x186: u32 = undefined; + var x187: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x186, &x187, x185, x170, @intCast(u32, 0x0)); + var x188: u32 = undefined; + var x189: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x188, &x189, x187, x172, @intCast(u32, 0x0)); + var x190: u32 = undefined; + var x191: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x190, &x191, x189, x174, @intCast(u32, 0x0)); + var x192: u32 = undefined; + var x193: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x192, &x193, x191, x176, @intCast(u32, 0x0)); + var x194: u32 = undefined; + var x195: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x194, &x195, x193, x178, @intCast(u32, 0x0)); + var x196: u32 = undefined; + var x197: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x196, &x197, x195, x180, @intCast(u32, 0x0)); + var x198: u32 = undefined; + var x199: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x198, &x199, x197, x182, @intCast(u32, 0x0)); + var x200: u32 = undefined; + var x201: u32 = undefined; + fiatSecp256k1MulxU32(&x200, &x201, x184, 0xd2253531); + var x202: u32 = undefined; + var x203: u32 = undefined; + fiatSecp256k1MulxU32(&x202, &x203, x200, 0xffffffff); + var x204: u32 = undefined; + var x205: u32 = undefined; + fiatSecp256k1MulxU32(&x204, &x205, x200, 0xffffffff); + var x206: u32 = undefined; + var x207: u32 = undefined; + fiatSecp256k1MulxU32(&x206, &x207, x200, 0xffffffff); + var x208: u32 = undefined; + var x209: u32 = undefined; + fiatSecp256k1MulxU32(&x208, &x209, x200, 0xffffffff); + var x210: u32 = undefined; + var x211: u32 = undefined; + fiatSecp256k1MulxU32(&x210, &x211, x200, 0xffffffff); + var x212: u32 = undefined; + var x213: u32 = undefined; + fiatSecp256k1MulxU32(&x212, &x213, x200, 0xffffffff); + var x214: u32 = undefined; + var x215: u32 = undefined; + fiatSecp256k1MulxU32(&x214, &x215, x200, 0xfffffffe); + var x216: u32 = undefined; + var x217: u32 = undefined; + fiatSecp256k1MulxU32(&x216, &x217, x200, 0xfffffc2f); + var x218: u32 = undefined; + var x219: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x218, &x219, 0x0, x217, x214); + var x220: u32 = undefined; + var x221: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x220, &x221, x219, x215, x212); + var x222: u32 = undefined; + var x223: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x222, &x223, x221, x213, x210); + var x224: u32 = undefined; + var x225: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x224, &x225, x223, x211, x208); + var x226: u32 = undefined; + var x227: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x226, &x227, x225, x209, x206); + var x228: u32 = undefined; + var x229: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x228, &x229, x227, x207, x204); + var x230: u32 = undefined; + var x231: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x230, &x231, x229, x205, x202); + var x232: u32 = undefined; + var x233: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x232, &x233, 0x0, x184, x216); + var x234: u32 = undefined; + var x235: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x234, &x235, x233, x186, x218); + var x236: u32 = undefined; + var x237: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x236, &x237, x235, x188, x220); + var x238: u32 = undefined; + var x239: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x238, &x239, x237, x190, x222); + var x240: u32 = undefined; + var x241: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x240, &x241, x239, x192, x224); + var x242: u32 = undefined; + var x243: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x242, &x243, x241, x194, x226); + var x244: u32 = undefined; + var x245: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x244, &x245, x243, x196, x228); + var x246: u32 = undefined; + var x247: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x246, &x247, x245, x198, x230); + var x248: u32 = undefined; + var x249: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x248, &x249, x247, (@intCast(u32, x199) + @intCast(u32, x183)), (@intCast(u32, x231) + x203)); + var x250: u32 = undefined; + var x251: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x250, &x251, 0x0, x234, (arg1[4])); + var x252: u32 = undefined; + var x253: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x252, &x253, x251, x236, @intCast(u32, 0x0)); + var x254: u32 = undefined; + var x255: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x254, &x255, x253, x238, @intCast(u32, 0x0)); + var x256: u32 = undefined; + var x257: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x256, &x257, x255, x240, @intCast(u32, 0x0)); + var x258: u32 = undefined; + var x259: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x258, &x259, x257, x242, @intCast(u32, 0x0)); + var x260: u32 = undefined; + var x261: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x260, &x261, x259, x244, @intCast(u32, 0x0)); + var x262: u32 = undefined; + var x263: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x262, &x263, x261, x246, @intCast(u32, 0x0)); + var x264: u32 = undefined; + var x265: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x264, &x265, x263, x248, @intCast(u32, 0x0)); + var x266: u32 = undefined; + var x267: u32 = undefined; + fiatSecp256k1MulxU32(&x266, &x267, x250, 0xd2253531); + var x268: u32 = undefined; + var x269: u32 = undefined; + fiatSecp256k1MulxU32(&x268, &x269, x266, 0xffffffff); + var x270: u32 = undefined; + var x271: u32 = undefined; + fiatSecp256k1MulxU32(&x270, &x271, x266, 0xffffffff); + var x272: u32 = undefined; + var x273: u32 = undefined; + fiatSecp256k1MulxU32(&x272, &x273, x266, 0xffffffff); + var x274: u32 = undefined; + var x275: u32 = undefined; + fiatSecp256k1MulxU32(&x274, &x275, x266, 0xffffffff); + var x276: u32 = undefined; + var x277: u32 = undefined; + fiatSecp256k1MulxU32(&x276, &x277, x266, 0xffffffff); + var x278: u32 = undefined; + var x279: u32 = undefined; + fiatSecp256k1MulxU32(&x278, &x279, x266, 0xffffffff); + var x280: u32 = undefined; + var x281: u32 = undefined; + fiatSecp256k1MulxU32(&x280, &x281, x266, 0xfffffffe); + var x282: u32 = undefined; + var x283: u32 = undefined; + fiatSecp256k1MulxU32(&x282, &x283, x266, 0xfffffc2f); + var x284: u32 = undefined; + var x285: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x284, &x285, 0x0, x283, x280); + var x286: u32 = undefined; + var x287: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x286, &x287, x285, x281, x278); + var x288: u32 = undefined; + var x289: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x288, &x289, x287, x279, x276); + var x290: u32 = undefined; + var x291: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x290, &x291, x289, x277, x274); + var x292: u32 = undefined; + var x293: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x292, &x293, x291, x275, x272); + var x294: u32 = undefined; + var x295: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x294, &x295, x293, x273, x270); + var x296: u32 = undefined; + var x297: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x296, &x297, x295, x271, x268); + var x298: u32 = undefined; + var x299: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x298, &x299, 0x0, x250, x282); + var x300: u32 = undefined; + var x301: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x300, &x301, x299, x252, x284); + var x302: u32 = undefined; + var x303: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x302, &x303, x301, x254, x286); + var x304: u32 = undefined; + var x305: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x304, &x305, x303, x256, x288); + var x306: u32 = undefined; + var x307: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x306, &x307, x305, x258, x290); + var x308: u32 = undefined; + var x309: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x308, &x309, x307, x260, x292); + var x310: u32 = undefined; + var x311: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x310, &x311, x309, x262, x294); + var x312: u32 = undefined; + var x313: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x312, &x313, x311, x264, x296); + var x314: u32 = undefined; + var x315: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x314, &x315, x313, (@intCast(u32, x265) + @intCast(u32, x249)), (@intCast(u32, x297) + x269)); + var x316: u32 = undefined; + var x317: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x316, &x317, 0x0, x300, (arg1[5])); + var x318: u32 = undefined; + var x319: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x318, &x319, x317, x302, @intCast(u32, 0x0)); + var x320: u32 = undefined; + var x321: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x320, &x321, x319, x304, @intCast(u32, 0x0)); + var x322: u32 = undefined; + var x323: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x322, &x323, x321, x306, @intCast(u32, 0x0)); + var x324: u32 = undefined; + var x325: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x324, &x325, x323, x308, @intCast(u32, 0x0)); + var x326: u32 = undefined; + var x327: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x326, &x327, x325, x310, @intCast(u32, 0x0)); + var x328: u32 = undefined; + var x329: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x328, &x329, x327, x312, @intCast(u32, 0x0)); + var x330: u32 = undefined; + var x331: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x330, &x331, x329, x314, @intCast(u32, 0x0)); + var x332: u32 = undefined; + var x333: u32 = undefined; + fiatSecp256k1MulxU32(&x332, &x333, x316, 0xd2253531); + var x334: u32 = undefined; + var x335: u32 = undefined; + fiatSecp256k1MulxU32(&x334, &x335, x332, 0xffffffff); + var x336: u32 = undefined; + var x337: u32 = undefined; + fiatSecp256k1MulxU32(&x336, &x337, x332, 0xffffffff); + var x338: u32 = undefined; + var x339: u32 = undefined; + fiatSecp256k1MulxU32(&x338, &x339, x332, 0xffffffff); + var x340: u32 = undefined; + var x341: u32 = undefined; + fiatSecp256k1MulxU32(&x340, &x341, x332, 0xffffffff); + var x342: u32 = undefined; + var x343: u32 = undefined; + fiatSecp256k1MulxU32(&x342, &x343, x332, 0xffffffff); + var x344: u32 = undefined; + var x345: u32 = undefined; + fiatSecp256k1MulxU32(&x344, &x345, x332, 0xffffffff); + var x346: u32 = undefined; + var x347: u32 = undefined; + fiatSecp256k1MulxU32(&x346, &x347, x332, 0xfffffffe); + var x348: u32 = undefined; + var x349: u32 = undefined; + fiatSecp256k1MulxU32(&x348, &x349, x332, 0xfffffc2f); + var x350: u32 = undefined; + var x351: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x350, &x351, 0x0, x349, x346); + var x352: u32 = undefined; + var x353: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x352, &x353, x351, x347, x344); + var x354: u32 = undefined; + var x355: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x354, &x355, x353, x345, x342); + var x356: u32 = undefined; + var x357: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x356, &x357, x355, x343, x340); + var x358: u32 = undefined; + var x359: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x358, &x359, x357, x341, x338); + var x360: u32 = undefined; + var x361: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x360, &x361, x359, x339, x336); + var x362: u32 = undefined; + var x363: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x362, &x363, x361, x337, x334); + var x364: u32 = undefined; + var x365: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x364, &x365, 0x0, x316, x348); + var x366: u32 = undefined; + var x367: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x366, &x367, x365, x318, x350); + var x368: u32 = undefined; + var x369: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x368, &x369, x367, x320, x352); + var x370: u32 = undefined; + var x371: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x370, &x371, x369, x322, x354); + var x372: u32 = undefined; + var x373: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x372, &x373, x371, x324, x356); + var x374: u32 = undefined; + var x375: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x374, &x375, x373, x326, x358); + var x376: u32 = undefined; + var x377: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x376, &x377, x375, x328, x360); + var x378: u32 = undefined; + var x379: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x378, &x379, x377, x330, x362); + var x380: u32 = undefined; + var x381: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x380, &x381, x379, (@intCast(u32, x331) + @intCast(u32, x315)), (@intCast(u32, x363) + x335)); + var x382: u32 = undefined; + var x383: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x382, &x383, 0x0, x366, (arg1[6])); + var x384: u32 = undefined; + var x385: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x384, &x385, x383, x368, @intCast(u32, 0x0)); + var x386: u32 = undefined; + var x387: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x386, &x387, x385, x370, @intCast(u32, 0x0)); + var x388: u32 = undefined; + var x389: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x388, &x389, x387, x372, @intCast(u32, 0x0)); + var x390: u32 = undefined; + var x391: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x390, &x391, x389, x374, @intCast(u32, 0x0)); + var x392: u32 = undefined; + var x393: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x392, &x393, x391, x376, @intCast(u32, 0x0)); + var x394: u32 = undefined; + var x395: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x394, &x395, x393, x378, @intCast(u32, 0x0)); + var x396: u32 = undefined; + var x397: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x396, &x397, x395, x380, @intCast(u32, 0x0)); + var x398: u32 = undefined; + var x399: u32 = undefined; + fiatSecp256k1MulxU32(&x398, &x399, x382, 0xd2253531); + var x400: u32 = undefined; + var x401: u32 = undefined; + fiatSecp256k1MulxU32(&x400, &x401, x398, 0xffffffff); + var x402: u32 = undefined; + var x403: u32 = undefined; + fiatSecp256k1MulxU32(&x402, &x403, x398, 0xffffffff); + var x404: u32 = undefined; + var x405: u32 = undefined; + fiatSecp256k1MulxU32(&x404, &x405, x398, 0xffffffff); + var x406: u32 = undefined; + var x407: u32 = undefined; + fiatSecp256k1MulxU32(&x406, &x407, x398, 0xffffffff); + var x408: u32 = undefined; + var x409: u32 = undefined; + fiatSecp256k1MulxU32(&x408, &x409, x398, 0xffffffff); + var x410: u32 = undefined; + var x411: u32 = undefined; + fiatSecp256k1MulxU32(&x410, &x411, x398, 0xffffffff); + var x412: u32 = undefined; + var x413: u32 = undefined; + fiatSecp256k1MulxU32(&x412, &x413, x398, 0xfffffffe); + var x414: u32 = undefined; + var x415: u32 = undefined; + fiatSecp256k1MulxU32(&x414, &x415, x398, 0xfffffc2f); + var x416: u32 = undefined; + var x417: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x416, &x417, 0x0, x415, x412); + var x418: u32 = undefined; + var x419: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x418, &x419, x417, x413, x410); + var x420: u32 = undefined; + var x421: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x420, &x421, x419, x411, x408); + var x422: u32 = undefined; + var x423: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x422, &x423, x421, x409, x406); + var x424: u32 = undefined; + var x425: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x424, &x425, x423, x407, x404); + var x426: u32 = undefined; + var x427: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x426, &x427, x425, x405, x402); + var x428: u32 = undefined; + var x429: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x428, &x429, x427, x403, x400); + var x430: u32 = undefined; + var x431: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x430, &x431, 0x0, x382, x414); + var x432: u32 = undefined; + var x433: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x432, &x433, x431, x384, x416); + var x434: u32 = undefined; + var x435: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x434, &x435, x433, x386, x418); + var x436: u32 = undefined; + var x437: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x436, &x437, x435, x388, x420); + var x438: u32 = undefined; + var x439: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x438, &x439, x437, x390, x422); + var x440: u32 = undefined; + var x441: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x440, &x441, x439, x392, x424); + var x442: u32 = undefined; + var x443: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x442, &x443, x441, x394, x426); + var x444: u32 = undefined; + var x445: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x444, &x445, x443, x396, x428); + var x446: u32 = undefined; + var x447: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x446, &x447, x445, (@intCast(u32, x397) + @intCast(u32, x381)), (@intCast(u32, x429) + x401)); + var x448: u32 = undefined; + var x449: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x448, &x449, 0x0, x432, (arg1[7])); + var x450: u32 = undefined; + var x451: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x450, &x451, x449, x434, @intCast(u32, 0x0)); + var x452: u32 = undefined; + var x453: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x452, &x453, x451, x436, @intCast(u32, 0x0)); + var x454: u32 = undefined; + var x455: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x454, &x455, x453, x438, @intCast(u32, 0x0)); + var x456: u32 = undefined; + var x457: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x456, &x457, x455, x440, @intCast(u32, 0x0)); + var x458: u32 = undefined; + var x459: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x458, &x459, x457, x442, @intCast(u32, 0x0)); + var x460: u32 = undefined; + var x461: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x460, &x461, x459, x444, @intCast(u32, 0x0)); + var x462: u32 = undefined; + var x463: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x462, &x463, x461, x446, @intCast(u32, 0x0)); + var x464: u32 = undefined; + var x465: u32 = undefined; + fiatSecp256k1MulxU32(&x464, &x465, x448, 0xd2253531); + var x466: u32 = undefined; + var x467: u32 = undefined; + fiatSecp256k1MulxU32(&x466, &x467, x464, 0xffffffff); + var x468: u32 = undefined; + var x469: u32 = undefined; + fiatSecp256k1MulxU32(&x468, &x469, x464, 0xffffffff); + var x470: u32 = undefined; + var x471: u32 = undefined; + fiatSecp256k1MulxU32(&x470, &x471, x464, 0xffffffff); + var x472: u32 = undefined; + var x473: u32 = undefined; + fiatSecp256k1MulxU32(&x472, &x473, x464, 0xffffffff); + var x474: u32 = undefined; + var x475: u32 = undefined; + fiatSecp256k1MulxU32(&x474, &x475, x464, 0xffffffff); + var x476: u32 = undefined; + var x477: u32 = undefined; + fiatSecp256k1MulxU32(&x476, &x477, x464, 0xffffffff); + var x478: u32 = undefined; + var x479: u32 = undefined; + fiatSecp256k1MulxU32(&x478, &x479, x464, 0xfffffffe); + var x480: u32 = undefined; + var x481: u32 = undefined; + fiatSecp256k1MulxU32(&x480, &x481, x464, 0xfffffc2f); + var x482: u32 = undefined; + var x483: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x482, &x483, 0x0, x481, x478); + var x484: u32 = undefined; + var x485: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x484, &x485, x483, x479, x476); + var x486: u32 = undefined; + var x487: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x486, &x487, x485, x477, x474); + var x488: u32 = undefined; + var x489: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x488, &x489, x487, x475, x472); + var x490: u32 = undefined; + var x491: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x490, &x491, x489, x473, x470); + var x492: u32 = undefined; + var x493: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x492, &x493, x491, x471, x468); + var x494: u32 = undefined; + var x495: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x494, &x495, x493, x469, x466); + var x496: u32 = undefined; + var x497: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x496, &x497, 0x0, x448, x480); + var x498: u32 = undefined; + var x499: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x498, &x499, x497, x450, x482); + var x500: u32 = undefined; + var x501: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x500, &x501, x499, x452, x484); + var x502: u32 = undefined; + var x503: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x502, &x503, x501, x454, x486); + var x504: u32 = undefined; + var x505: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x504, &x505, x503, x456, x488); + var x506: u32 = undefined; + var x507: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x506, &x507, x505, x458, x490); + var x508: u32 = undefined; + var x509: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x508, &x509, x507, x460, x492); + var x510: u32 = undefined; + var x511: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x510, &x511, x509, x462, x494); + var x512: u32 = undefined; + var x513: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x512, &x513, x511, (@intCast(u32, x463) + @intCast(u32, x447)), (@intCast(u32, x495) + x467)); + var x514: u32 = undefined; + var x515: u1 = undefined; + fiatSecp256k1SubborrowxU32(&x514, &x515, 0x0, x498, 0xfffffc2f); + var x516: u32 = undefined; + var x517: u1 = undefined; + fiatSecp256k1SubborrowxU32(&x516, &x517, x515, x500, 0xfffffffe); + var x518: u32 = undefined; + var x519: u1 = undefined; + fiatSecp256k1SubborrowxU32(&x518, &x519, x517, x502, 0xffffffff); + var x520: u32 = undefined; + var x521: u1 = undefined; + fiatSecp256k1SubborrowxU32(&x520, &x521, x519, x504, 0xffffffff); + var x522: u32 = undefined; + var x523: u1 = undefined; + fiatSecp256k1SubborrowxU32(&x522, &x523, x521, x506, 0xffffffff); + var x524: u32 = undefined; + var x525: u1 = undefined; + fiatSecp256k1SubborrowxU32(&x524, &x525, x523, x508, 0xffffffff); + var x526: u32 = undefined; + var x527: u1 = undefined; + fiatSecp256k1SubborrowxU32(&x526, &x527, x525, x510, 0xffffffff); + var x528: u32 = undefined; + var x529: u1 = undefined; + fiatSecp256k1SubborrowxU32(&x528, &x529, x527, x512, 0xffffffff); + var x530: u32 = undefined; + var x531: u1 = undefined; + fiatSecp256k1SubborrowxU32(&x530, &x531, x529, @intCast(u32, x513), @intCast(u32, 0x0)); + var x532: u32 = undefined; + fiatSecp256k1CmovznzU32(&x532, x531, x514, x498); + var x533: u32 = undefined; + fiatSecp256k1CmovznzU32(&x533, x531, x516, x500); + var x534: u32 = undefined; + fiatSecp256k1CmovznzU32(&x534, x531, x518, x502); + var x535: u32 = undefined; + fiatSecp256k1CmovznzU32(&x535, x531, x520, x504); + var x536: u32 = undefined; + fiatSecp256k1CmovznzU32(&x536, x531, x522, x506); + var x537: u32 = undefined; + fiatSecp256k1CmovznzU32(&x537, x531, x524, x508); + var x538: u32 = undefined; + fiatSecp256k1CmovznzU32(&x538, x531, x526, x510); + var x539: u32 = undefined; + fiatSecp256k1CmovznzU32(&x539, x531, x528, x512); + out1[0] = x532; + out1[1] = x533; + out1[2] = x534; + out1[3] = x535; + out1[4] = x536; + out1[5] = x537; + out1[6] = x538; + out1[7] = x539; +} + +/// The function fiatSecp256k1ToMontgomery translates a field element into the Montgomery domain. +/// Preconditions: +/// 0 ≤ eval arg1 < m +/// Postconditions: +/// eval (from_montgomery out1) mod m = eval arg1 mod m +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +pub fn fiatSecp256k1ToMontgomery(out1: *[8]u32, arg1: [8]u32) void { + const x1: u32 = (arg1[1]); + const x2: u32 = (arg1[2]); + const x3: u32 = (arg1[3]); + const x4: u32 = (arg1[4]); + const x5: u32 = (arg1[5]); + const x6: u32 = (arg1[6]); + const x7: u32 = (arg1[7]); + const x8: u32 = (arg1[0]); + var x9: u32 = undefined; + var x10: u32 = undefined; + fiatSecp256k1MulxU32(&x9, &x10, x8, 0x7a2); + var x11: u32 = undefined; + var x12: u32 = undefined; + fiatSecp256k1MulxU32(&x11, &x12, x8, 0xe90a1); + var x13: u32 = undefined; + var x14: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x13, &x14, 0x0, x12, x9); + var x15: u32 = undefined; + var x16: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x15, &x16, x14, x10, x8); + var x17: u32 = undefined; + var x18: u32 = undefined; + fiatSecp256k1MulxU32(&x17, &x18, x11, 0xd2253531); + var x19: u32 = undefined; + var x20: u32 = undefined; + fiatSecp256k1MulxU32(&x19, &x20, x17, 0xffffffff); + var x21: u32 = undefined; + var x22: u32 = undefined; + fiatSecp256k1MulxU32(&x21, &x22, x17, 0xffffffff); + var x23: u32 = undefined; + var x24: u32 = undefined; + fiatSecp256k1MulxU32(&x23, &x24, x17, 0xffffffff); + var x25: u32 = undefined; + var x26: u32 = undefined; + fiatSecp256k1MulxU32(&x25, &x26, x17, 0xffffffff); + var x27: u32 = undefined; + var x28: u32 = undefined; + fiatSecp256k1MulxU32(&x27, &x28, x17, 0xffffffff); + var x29: u32 = undefined; + var x30: u32 = undefined; + fiatSecp256k1MulxU32(&x29, &x30, x17, 0xffffffff); + var x31: u32 = undefined; + var x32: u32 = undefined; + fiatSecp256k1MulxU32(&x31, &x32, x17, 0xfffffffe); + var x33: u32 = undefined; + var x34: u32 = undefined; + fiatSecp256k1MulxU32(&x33, &x34, x17, 0xfffffc2f); + var x35: u32 = undefined; + var x36: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x35, &x36, 0x0, x34, x31); + var x37: u32 = undefined; + var x38: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x37, &x38, x36, x32, x29); + var x39: u32 = undefined; + var x40: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x39, &x40, x38, x30, x27); + var x41: u32 = undefined; + var x42: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x41, &x42, x40, x28, x25); + var x43: u32 = undefined; + var x44: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x43, &x44, x42, x26, x23); + var x45: u32 = undefined; + var x46: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x45, &x46, x44, x24, x21); + var x47: u32 = undefined; + var x48: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x47, &x48, x46, x22, x19); + var x49: u32 = undefined; + var x50: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x49, &x50, 0x0, x11, x33); + var x51: u32 = undefined; + var x52: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x51, &x52, x50, x13, x35); + var x53: u32 = undefined; + var x54: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x53, &x54, x52, x15, x37); + var x55: u32 = undefined; + var x56: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x55, &x56, x54, @intCast(u32, x16), x39); + var x57: u32 = undefined; + var x58: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x57, &x58, x56, @intCast(u32, 0x0), x41); + var x59: u32 = undefined; + var x60: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x59, &x60, x58, @intCast(u32, 0x0), x43); + var x61: u32 = undefined; + var x62: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x61, &x62, x60, @intCast(u32, 0x0), x45); + var x63: u32 = undefined; + var x64: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x63, &x64, x62, @intCast(u32, 0x0), x47); + var x65: u32 = undefined; + var x66: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x65, &x66, x64, @intCast(u32, 0x0), (@intCast(u32, x48) + x20)); + var x67: u32 = undefined; + var x68: u32 = undefined; + fiatSecp256k1MulxU32(&x67, &x68, x1, 0x7a2); + var x69: u32 = undefined; + var x70: u32 = undefined; + fiatSecp256k1MulxU32(&x69, &x70, x1, 0xe90a1); + var x71: u32 = undefined; + var x72: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x71, &x72, 0x0, x70, x67); + var x73: u32 = undefined; + var x74: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x73, &x74, x72, x68, x1); + var x75: u32 = undefined; + var x76: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x75, &x76, 0x0, x51, x69); + var x77: u32 = undefined; + var x78: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x77, &x78, x76, x53, x71); + var x79: u32 = undefined; + var x80: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x79, &x80, x78, x55, x73); + var x81: u32 = undefined; + var x82: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x81, &x82, x80, x57, @intCast(u32, x74)); + var x83: u32 = undefined; + var x84: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x83, &x84, x82, x59, @intCast(u32, 0x0)); + var x85: u32 = undefined; + var x86: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x85, &x86, x84, x61, @intCast(u32, 0x0)); + var x87: u32 = undefined; + var x88: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x87, &x88, x86, x63, @intCast(u32, 0x0)); + var x89: u32 = undefined; + var x90: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x89, &x90, x88, x65, @intCast(u32, 0x0)); + var x91: u32 = undefined; + var x92: u32 = undefined; + fiatSecp256k1MulxU32(&x91, &x92, x75, 0xd2253531); + var x93: u32 = undefined; + var x94: u32 = undefined; + fiatSecp256k1MulxU32(&x93, &x94, x91, 0xffffffff); + var x95: u32 = undefined; + var x96: u32 = undefined; + fiatSecp256k1MulxU32(&x95, &x96, x91, 0xffffffff); + var x97: u32 = undefined; + var x98: u32 = undefined; + fiatSecp256k1MulxU32(&x97, &x98, x91, 0xffffffff); + var x99: u32 = undefined; + var x100: u32 = undefined; + fiatSecp256k1MulxU32(&x99, &x100, x91, 0xffffffff); + var x101: u32 = undefined; + var x102: u32 = undefined; + fiatSecp256k1MulxU32(&x101, &x102, x91, 0xffffffff); + var x103: u32 = undefined; + var x104: u32 = undefined; + fiatSecp256k1MulxU32(&x103, &x104, x91, 0xffffffff); + var x105: u32 = undefined; + var x106: u32 = undefined; + fiatSecp256k1MulxU32(&x105, &x106, x91, 0xfffffffe); + var x107: u32 = undefined; + var x108: u32 = undefined; + fiatSecp256k1MulxU32(&x107, &x108, x91, 0xfffffc2f); + var x109: u32 = undefined; + var x110: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x109, &x110, 0x0, x108, x105); + var x111: u32 = undefined; + var x112: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x111, &x112, x110, x106, x103); + var x113: u32 = undefined; + var x114: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x113, &x114, x112, x104, x101); + var x115: u32 = undefined; + var x116: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x115, &x116, x114, x102, x99); + var x117: u32 = undefined; + var x118: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x117, &x118, x116, x100, x97); + var x119: u32 = undefined; + var x120: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x119, &x120, x118, x98, x95); + var x121: u32 = undefined; + var x122: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x121, &x122, x120, x96, x93); + var x123: u32 = undefined; + var x124: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x123, &x124, 0x0, x75, x107); + var x125: u32 = undefined; + var x126: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x125, &x126, x124, x77, x109); + var x127: u32 = undefined; + var x128: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x127, &x128, x126, x79, x111); + var x129: u32 = undefined; + var x130: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x129, &x130, x128, x81, x113); + var x131: u32 = undefined; + var x132: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x131, &x132, x130, x83, x115); + var x133: u32 = undefined; + var x134: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x133, &x134, x132, x85, x117); + var x135: u32 = undefined; + var x136: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x135, &x136, x134, x87, x119); + var x137: u32 = undefined; + var x138: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x137, &x138, x136, x89, x121); + var x139: u32 = undefined; + var x140: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x139, &x140, x138, (@intCast(u32, x90) + @intCast(u32, x66)), (@intCast(u32, x122) + x94)); + var x141: u32 = undefined; + var x142: u32 = undefined; + fiatSecp256k1MulxU32(&x141, &x142, x2, 0x7a2); + var x143: u32 = undefined; + var x144: u32 = undefined; + fiatSecp256k1MulxU32(&x143, &x144, x2, 0xe90a1); + var x145: u32 = undefined; + var x146: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x145, &x146, 0x0, x144, x141); + var x147: u32 = undefined; + var x148: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x147, &x148, x146, x142, x2); + var x149: u32 = undefined; + var x150: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x149, &x150, 0x0, x125, x143); + var x151: u32 = undefined; + var x152: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x151, &x152, x150, x127, x145); + var x153: u32 = undefined; + var x154: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x153, &x154, x152, x129, x147); + var x155: u32 = undefined; + var x156: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x155, &x156, x154, x131, @intCast(u32, x148)); + var x157: u32 = undefined; + var x158: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x157, &x158, x156, x133, @intCast(u32, 0x0)); + var x159: u32 = undefined; + var x160: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x159, &x160, x158, x135, @intCast(u32, 0x0)); + var x161: u32 = undefined; + var x162: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x161, &x162, x160, x137, @intCast(u32, 0x0)); + var x163: u32 = undefined; + var x164: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x163, &x164, x162, x139, @intCast(u32, 0x0)); + var x165: u32 = undefined; + var x166: u32 = undefined; + fiatSecp256k1MulxU32(&x165, &x166, x149, 0xd2253531); + var x167: u32 = undefined; + var x168: u32 = undefined; + fiatSecp256k1MulxU32(&x167, &x168, x165, 0xffffffff); + var x169: u32 = undefined; + var x170: u32 = undefined; + fiatSecp256k1MulxU32(&x169, &x170, x165, 0xffffffff); + var x171: u32 = undefined; + var x172: u32 = undefined; + fiatSecp256k1MulxU32(&x171, &x172, x165, 0xffffffff); + var x173: u32 = undefined; + var x174: u32 = undefined; + fiatSecp256k1MulxU32(&x173, &x174, x165, 0xffffffff); + var x175: u32 = undefined; + var x176: u32 = undefined; + fiatSecp256k1MulxU32(&x175, &x176, x165, 0xffffffff); + var x177: u32 = undefined; + var x178: u32 = undefined; + fiatSecp256k1MulxU32(&x177, &x178, x165, 0xffffffff); + var x179: u32 = undefined; + var x180: u32 = undefined; + fiatSecp256k1MulxU32(&x179, &x180, x165, 0xfffffffe); + var x181: u32 = undefined; + var x182: u32 = undefined; + fiatSecp256k1MulxU32(&x181, &x182, x165, 0xfffffc2f); + var x183: u32 = undefined; + var x184: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x183, &x184, 0x0, x182, x179); + var x185: u32 = undefined; + var x186: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x185, &x186, x184, x180, x177); + var x187: u32 = undefined; + var x188: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x187, &x188, x186, x178, x175); + var x189: u32 = undefined; + var x190: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x189, &x190, x188, x176, x173); + var x191: u32 = undefined; + var x192: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x191, &x192, x190, x174, x171); + var x193: u32 = undefined; + var x194: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x193, &x194, x192, x172, x169); + var x195: u32 = undefined; + var x196: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x195, &x196, x194, x170, x167); + var x197: u32 = undefined; + var x198: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x197, &x198, 0x0, x149, x181); + var x199: u32 = undefined; + var x200: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x199, &x200, x198, x151, x183); + var x201: u32 = undefined; + var x202: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x201, &x202, x200, x153, x185); + var x203: u32 = undefined; + var x204: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x203, &x204, x202, x155, x187); + var x205: u32 = undefined; + var x206: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x205, &x206, x204, x157, x189); + var x207: u32 = undefined; + var x208: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x207, &x208, x206, x159, x191); + var x209: u32 = undefined; + var x210: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x209, &x210, x208, x161, x193); + var x211: u32 = undefined; + var x212: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x211, &x212, x210, x163, x195); + var x213: u32 = undefined; + var x214: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x213, &x214, x212, (@intCast(u32, x164) + @intCast(u32, x140)), (@intCast(u32, x196) + x168)); + var x215: u32 = undefined; + var x216: u32 = undefined; + fiatSecp256k1MulxU32(&x215, &x216, x3, 0x7a2); + var x217: u32 = undefined; + var x218: u32 = undefined; + fiatSecp256k1MulxU32(&x217, &x218, x3, 0xe90a1); + var x219: u32 = undefined; + var x220: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x219, &x220, 0x0, x218, x215); + var x221: u32 = undefined; + var x222: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x221, &x222, x220, x216, x3); + var x223: u32 = undefined; + var x224: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x223, &x224, 0x0, x199, x217); + var x225: u32 = undefined; + var x226: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x225, &x226, x224, x201, x219); + var x227: u32 = undefined; + var x228: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x227, &x228, x226, x203, x221); + var x229: u32 = undefined; + var x230: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x229, &x230, x228, x205, @intCast(u32, x222)); + var x231: u32 = undefined; + var x232: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x231, &x232, x230, x207, @intCast(u32, 0x0)); + var x233: u32 = undefined; + var x234: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x233, &x234, x232, x209, @intCast(u32, 0x0)); + var x235: u32 = undefined; + var x236: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x235, &x236, x234, x211, @intCast(u32, 0x0)); + var x237: u32 = undefined; + var x238: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x237, &x238, x236, x213, @intCast(u32, 0x0)); + var x239: u32 = undefined; + var x240: u32 = undefined; + fiatSecp256k1MulxU32(&x239, &x240, x223, 0xd2253531); + var x241: u32 = undefined; + var x242: u32 = undefined; + fiatSecp256k1MulxU32(&x241, &x242, x239, 0xffffffff); + var x243: u32 = undefined; + var x244: u32 = undefined; + fiatSecp256k1MulxU32(&x243, &x244, x239, 0xffffffff); + var x245: u32 = undefined; + var x246: u32 = undefined; + fiatSecp256k1MulxU32(&x245, &x246, x239, 0xffffffff); + var x247: u32 = undefined; + var x248: u32 = undefined; + fiatSecp256k1MulxU32(&x247, &x248, x239, 0xffffffff); + var x249: u32 = undefined; + var x250: u32 = undefined; + fiatSecp256k1MulxU32(&x249, &x250, x239, 0xffffffff); + var x251: u32 = undefined; + var x252: u32 = undefined; + fiatSecp256k1MulxU32(&x251, &x252, x239, 0xffffffff); + var x253: u32 = undefined; + var x254: u32 = undefined; + fiatSecp256k1MulxU32(&x253, &x254, x239, 0xfffffffe); + var x255: u32 = undefined; + var x256: u32 = undefined; + fiatSecp256k1MulxU32(&x255, &x256, x239, 0xfffffc2f); + var x257: u32 = undefined; + var x258: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x257, &x258, 0x0, x256, x253); + var x259: u32 = undefined; + var x260: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x259, &x260, x258, x254, x251); + var x261: u32 = undefined; + var x262: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x261, &x262, x260, x252, x249); + var x263: u32 = undefined; + var x264: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x263, &x264, x262, x250, x247); + var x265: u32 = undefined; + var x266: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x265, &x266, x264, x248, x245); + var x267: u32 = undefined; + var x268: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x267, &x268, x266, x246, x243); + var x269: u32 = undefined; + var x270: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x269, &x270, x268, x244, x241); + var x271: u32 = undefined; + var x272: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x271, &x272, 0x0, x223, x255); + var x273: u32 = undefined; + var x274: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x273, &x274, x272, x225, x257); + var x275: u32 = undefined; + var x276: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x275, &x276, x274, x227, x259); + var x277: u32 = undefined; + var x278: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x277, &x278, x276, x229, x261); + var x279: u32 = undefined; + var x280: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x279, &x280, x278, x231, x263); + var x281: u32 = undefined; + var x282: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x281, &x282, x280, x233, x265); + var x283: u32 = undefined; + var x284: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x283, &x284, x282, x235, x267); + var x285: u32 = undefined; + var x286: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x285, &x286, x284, x237, x269); + var x287: u32 = undefined; + var x288: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x287, &x288, x286, (@intCast(u32, x238) + @intCast(u32, x214)), (@intCast(u32, x270) + x242)); + var x289: u32 = undefined; + var x290: u32 = undefined; + fiatSecp256k1MulxU32(&x289, &x290, x4, 0x7a2); + var x291: u32 = undefined; + var x292: u32 = undefined; + fiatSecp256k1MulxU32(&x291, &x292, x4, 0xe90a1); + var x293: u32 = undefined; + var x294: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x293, &x294, 0x0, x292, x289); + var x295: u32 = undefined; + var x296: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x295, &x296, x294, x290, x4); + var x297: u32 = undefined; + var x298: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x297, &x298, 0x0, x273, x291); + var x299: u32 = undefined; + var x300: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x299, &x300, x298, x275, x293); + var x301: u32 = undefined; + var x302: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x301, &x302, x300, x277, x295); + var x303: u32 = undefined; + var x304: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x303, &x304, x302, x279, @intCast(u32, x296)); + var x305: u32 = undefined; + var x306: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x305, &x306, x304, x281, @intCast(u32, 0x0)); + var x307: u32 = undefined; + var x308: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x307, &x308, x306, x283, @intCast(u32, 0x0)); + var x309: u32 = undefined; + var x310: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x309, &x310, x308, x285, @intCast(u32, 0x0)); + var x311: u32 = undefined; + var x312: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x311, &x312, x310, x287, @intCast(u32, 0x0)); + var x313: u32 = undefined; + var x314: u32 = undefined; + fiatSecp256k1MulxU32(&x313, &x314, x297, 0xd2253531); + var x315: u32 = undefined; + var x316: u32 = undefined; + fiatSecp256k1MulxU32(&x315, &x316, x313, 0xffffffff); + var x317: u32 = undefined; + var x318: u32 = undefined; + fiatSecp256k1MulxU32(&x317, &x318, x313, 0xffffffff); + var x319: u32 = undefined; + var x320: u32 = undefined; + fiatSecp256k1MulxU32(&x319, &x320, x313, 0xffffffff); + var x321: u32 = undefined; + var x322: u32 = undefined; + fiatSecp256k1MulxU32(&x321, &x322, x313, 0xffffffff); + var x323: u32 = undefined; + var x324: u32 = undefined; + fiatSecp256k1MulxU32(&x323, &x324, x313, 0xffffffff); + var x325: u32 = undefined; + var x326: u32 = undefined; + fiatSecp256k1MulxU32(&x325, &x326, x313, 0xffffffff); + var x327: u32 = undefined; + var x328: u32 = undefined; + fiatSecp256k1MulxU32(&x327, &x328, x313, 0xfffffffe); + var x329: u32 = undefined; + var x330: u32 = undefined; + fiatSecp256k1MulxU32(&x329, &x330, x313, 0xfffffc2f); + var x331: u32 = undefined; + var x332: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x331, &x332, 0x0, x330, x327); + var x333: u32 = undefined; + var x334: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x333, &x334, x332, x328, x325); + var x335: u32 = undefined; + var x336: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x335, &x336, x334, x326, x323); + var x337: u32 = undefined; + var x338: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x337, &x338, x336, x324, x321); + var x339: u32 = undefined; + var x340: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x339, &x340, x338, x322, x319); + var x341: u32 = undefined; + var x342: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x341, &x342, x340, x320, x317); + var x343: u32 = undefined; + var x344: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x343, &x344, x342, x318, x315); + var x345: u32 = undefined; + var x346: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x345, &x346, 0x0, x297, x329); + var x347: u32 = undefined; + var x348: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x347, &x348, x346, x299, x331); + var x349: u32 = undefined; + var x350: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x349, &x350, x348, x301, x333); + var x351: u32 = undefined; + var x352: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x351, &x352, x350, x303, x335); + var x353: u32 = undefined; + var x354: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x353, &x354, x352, x305, x337); + var x355: u32 = undefined; + var x356: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x355, &x356, x354, x307, x339); + var x357: u32 = undefined; + var x358: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x357, &x358, x356, x309, x341); + var x359: u32 = undefined; + var x360: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x359, &x360, x358, x311, x343); + var x361: u32 = undefined; + var x362: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x361, &x362, x360, (@intCast(u32, x312) + @intCast(u32, x288)), (@intCast(u32, x344) + x316)); + var x363: u32 = undefined; + var x364: u32 = undefined; + fiatSecp256k1MulxU32(&x363, &x364, x5, 0x7a2); + var x365: u32 = undefined; + var x366: u32 = undefined; + fiatSecp256k1MulxU32(&x365, &x366, x5, 0xe90a1); + var x367: u32 = undefined; + var x368: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x367, &x368, 0x0, x366, x363); + var x369: u32 = undefined; + var x370: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x369, &x370, x368, x364, x5); + var x371: u32 = undefined; + var x372: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x371, &x372, 0x0, x347, x365); + var x373: u32 = undefined; + var x374: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x373, &x374, x372, x349, x367); + var x375: u32 = undefined; + var x376: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x375, &x376, x374, x351, x369); + var x377: u32 = undefined; + var x378: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x377, &x378, x376, x353, @intCast(u32, x370)); + var x379: u32 = undefined; + var x380: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x379, &x380, x378, x355, @intCast(u32, 0x0)); + var x381: u32 = undefined; + var x382: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x381, &x382, x380, x357, @intCast(u32, 0x0)); + var x383: u32 = undefined; + var x384: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x383, &x384, x382, x359, @intCast(u32, 0x0)); + var x385: u32 = undefined; + var x386: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x385, &x386, x384, x361, @intCast(u32, 0x0)); + var x387: u32 = undefined; + var x388: u32 = undefined; + fiatSecp256k1MulxU32(&x387, &x388, x371, 0xd2253531); + var x389: u32 = undefined; + var x390: u32 = undefined; + fiatSecp256k1MulxU32(&x389, &x390, x387, 0xffffffff); + var x391: u32 = undefined; + var x392: u32 = undefined; + fiatSecp256k1MulxU32(&x391, &x392, x387, 0xffffffff); + var x393: u32 = undefined; + var x394: u32 = undefined; + fiatSecp256k1MulxU32(&x393, &x394, x387, 0xffffffff); + var x395: u32 = undefined; + var x396: u32 = undefined; + fiatSecp256k1MulxU32(&x395, &x396, x387, 0xffffffff); + var x397: u32 = undefined; + var x398: u32 = undefined; + fiatSecp256k1MulxU32(&x397, &x398, x387, 0xffffffff); + var x399: u32 = undefined; + var x400: u32 = undefined; + fiatSecp256k1MulxU32(&x399, &x400, x387, 0xffffffff); + var x401: u32 = undefined; + var x402: u32 = undefined; + fiatSecp256k1MulxU32(&x401, &x402, x387, 0xfffffffe); + var x403: u32 = undefined; + var x404: u32 = undefined; + fiatSecp256k1MulxU32(&x403, &x404, x387, 0xfffffc2f); + var x405: u32 = undefined; + var x406: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x405, &x406, 0x0, x404, x401); + var x407: u32 = undefined; + var x408: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x407, &x408, x406, x402, x399); + var x409: u32 = undefined; + var x410: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x409, &x410, x408, x400, x397); + var x411: u32 = undefined; + var x412: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x411, &x412, x410, x398, x395); + var x413: u32 = undefined; + var x414: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x413, &x414, x412, x396, x393); + var x415: u32 = undefined; + var x416: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x415, &x416, x414, x394, x391); + var x417: u32 = undefined; + var x418: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x417, &x418, x416, x392, x389); + var x419: u32 = undefined; + var x420: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x419, &x420, 0x0, x371, x403); + var x421: u32 = undefined; + var x422: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x421, &x422, x420, x373, x405); + var x423: u32 = undefined; + var x424: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x423, &x424, x422, x375, x407); + var x425: u32 = undefined; + var x426: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x425, &x426, x424, x377, x409); + var x427: u32 = undefined; + var x428: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x427, &x428, x426, x379, x411); + var x429: u32 = undefined; + var x430: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x429, &x430, x428, x381, x413); + var x431: u32 = undefined; + var x432: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x431, &x432, x430, x383, x415); + var x433: u32 = undefined; + var x434: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x433, &x434, x432, x385, x417); + var x435: u32 = undefined; + var x436: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x435, &x436, x434, (@intCast(u32, x386) + @intCast(u32, x362)), (@intCast(u32, x418) + x390)); + var x437: u32 = undefined; + var x438: u32 = undefined; + fiatSecp256k1MulxU32(&x437, &x438, x6, 0x7a2); + var x439: u32 = undefined; + var x440: u32 = undefined; + fiatSecp256k1MulxU32(&x439, &x440, x6, 0xe90a1); + var x441: u32 = undefined; + var x442: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x441, &x442, 0x0, x440, x437); + var x443: u32 = undefined; + var x444: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x443, &x444, x442, x438, x6); + var x445: u32 = undefined; + var x446: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x445, &x446, 0x0, x421, x439); + var x447: u32 = undefined; + var x448: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x447, &x448, x446, x423, x441); + var x449: u32 = undefined; + var x450: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x449, &x450, x448, x425, x443); + var x451: u32 = undefined; + var x452: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x451, &x452, x450, x427, @intCast(u32, x444)); + var x453: u32 = undefined; + var x454: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x453, &x454, x452, x429, @intCast(u32, 0x0)); + var x455: u32 = undefined; + var x456: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x455, &x456, x454, x431, @intCast(u32, 0x0)); + var x457: u32 = undefined; + var x458: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x457, &x458, x456, x433, @intCast(u32, 0x0)); + var x459: u32 = undefined; + var x460: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x459, &x460, x458, x435, @intCast(u32, 0x0)); + var x461: u32 = undefined; + var x462: u32 = undefined; + fiatSecp256k1MulxU32(&x461, &x462, x445, 0xd2253531); + var x463: u32 = undefined; + var x464: u32 = undefined; + fiatSecp256k1MulxU32(&x463, &x464, x461, 0xffffffff); + var x465: u32 = undefined; + var x466: u32 = undefined; + fiatSecp256k1MulxU32(&x465, &x466, x461, 0xffffffff); + var x467: u32 = undefined; + var x468: u32 = undefined; + fiatSecp256k1MulxU32(&x467, &x468, x461, 0xffffffff); + var x469: u32 = undefined; + var x470: u32 = undefined; + fiatSecp256k1MulxU32(&x469, &x470, x461, 0xffffffff); + var x471: u32 = undefined; + var x472: u32 = undefined; + fiatSecp256k1MulxU32(&x471, &x472, x461, 0xffffffff); + var x473: u32 = undefined; + var x474: u32 = undefined; + fiatSecp256k1MulxU32(&x473, &x474, x461, 0xffffffff); + var x475: u32 = undefined; + var x476: u32 = undefined; + fiatSecp256k1MulxU32(&x475, &x476, x461, 0xfffffffe); + var x477: u32 = undefined; + var x478: u32 = undefined; + fiatSecp256k1MulxU32(&x477, &x478, x461, 0xfffffc2f); + var x479: u32 = undefined; + var x480: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x479, &x480, 0x0, x478, x475); + var x481: u32 = undefined; + var x482: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x481, &x482, x480, x476, x473); + var x483: u32 = undefined; + var x484: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x483, &x484, x482, x474, x471); + var x485: u32 = undefined; + var x486: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x485, &x486, x484, x472, x469); + var x487: u32 = undefined; + var x488: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x487, &x488, x486, x470, x467); + var x489: u32 = undefined; + var x490: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x489, &x490, x488, x468, x465); + var x491: u32 = undefined; + var x492: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x491, &x492, x490, x466, x463); + var x493: u32 = undefined; + var x494: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x493, &x494, 0x0, x445, x477); + var x495: u32 = undefined; + var x496: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x495, &x496, x494, x447, x479); + var x497: u32 = undefined; + var x498: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x497, &x498, x496, x449, x481); + var x499: u32 = undefined; + var x500: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x499, &x500, x498, x451, x483); + var x501: u32 = undefined; + var x502: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x501, &x502, x500, x453, x485); + var x503: u32 = undefined; + var x504: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x503, &x504, x502, x455, x487); + var x505: u32 = undefined; + var x506: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x505, &x506, x504, x457, x489); + var x507: u32 = undefined; + var x508: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x507, &x508, x506, x459, x491); + var x509: u32 = undefined; + var x510: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x509, &x510, x508, (@intCast(u32, x460) + @intCast(u32, x436)), (@intCast(u32, x492) + x464)); + var x511: u32 = undefined; + var x512: u32 = undefined; + fiatSecp256k1MulxU32(&x511, &x512, x7, 0x7a2); + var x513: u32 = undefined; + var x514: u32 = undefined; + fiatSecp256k1MulxU32(&x513, &x514, x7, 0xe90a1); + var x515: u32 = undefined; + var x516: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x515, &x516, 0x0, x514, x511); + var x517: u32 = undefined; + var x518: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x517, &x518, x516, x512, x7); + var x519: u32 = undefined; + var x520: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x519, &x520, 0x0, x495, x513); + var x521: u32 = undefined; + var x522: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x521, &x522, x520, x497, x515); + var x523: u32 = undefined; + var x524: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x523, &x524, x522, x499, x517); + var x525: u32 = undefined; + var x526: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x525, &x526, x524, x501, @intCast(u32, x518)); + var x527: u32 = undefined; + var x528: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x527, &x528, x526, x503, @intCast(u32, 0x0)); + var x529: u32 = undefined; + var x530: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x529, &x530, x528, x505, @intCast(u32, 0x0)); + var x531: u32 = undefined; + var x532: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x531, &x532, x530, x507, @intCast(u32, 0x0)); + var x533: u32 = undefined; + var x534: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x533, &x534, x532, x509, @intCast(u32, 0x0)); + var x535: u32 = undefined; + var x536: u32 = undefined; + fiatSecp256k1MulxU32(&x535, &x536, x519, 0xd2253531); + var x537: u32 = undefined; + var x538: u32 = undefined; + fiatSecp256k1MulxU32(&x537, &x538, x535, 0xffffffff); + var x539: u32 = undefined; + var x540: u32 = undefined; + fiatSecp256k1MulxU32(&x539, &x540, x535, 0xffffffff); + var x541: u32 = undefined; + var x542: u32 = undefined; + fiatSecp256k1MulxU32(&x541, &x542, x535, 0xffffffff); + var x543: u32 = undefined; + var x544: u32 = undefined; + fiatSecp256k1MulxU32(&x543, &x544, x535, 0xffffffff); + var x545: u32 = undefined; + var x546: u32 = undefined; + fiatSecp256k1MulxU32(&x545, &x546, x535, 0xffffffff); + var x547: u32 = undefined; + var x548: u32 = undefined; + fiatSecp256k1MulxU32(&x547, &x548, x535, 0xffffffff); + var x549: u32 = undefined; + var x550: u32 = undefined; + fiatSecp256k1MulxU32(&x549, &x550, x535, 0xfffffffe); + var x551: u32 = undefined; + var x552: u32 = undefined; + fiatSecp256k1MulxU32(&x551, &x552, x535, 0xfffffc2f); + var x553: u32 = undefined; + var x554: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x553, &x554, 0x0, x552, x549); + var x555: u32 = undefined; + var x556: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x555, &x556, x554, x550, x547); + var x557: u32 = undefined; + var x558: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x557, &x558, x556, x548, x545); + var x559: u32 = undefined; + var x560: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x559, &x560, x558, x546, x543); + var x561: u32 = undefined; + var x562: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x561, &x562, x560, x544, x541); + var x563: u32 = undefined; + var x564: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x563, &x564, x562, x542, x539); + var x565: u32 = undefined; + var x566: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x565, &x566, x564, x540, x537); + var x567: u32 = undefined; + var x568: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x567, &x568, 0x0, x519, x551); + var x569: u32 = undefined; + var x570: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x569, &x570, x568, x521, x553); + var x571: u32 = undefined; + var x572: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x571, &x572, x570, x523, x555); + var x573: u32 = undefined; + var x574: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x573, &x574, x572, x525, x557); + var x575: u32 = undefined; + var x576: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x575, &x576, x574, x527, x559); + var x577: u32 = undefined; + var x578: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x577, &x578, x576, x529, x561); + var x579: u32 = undefined; + var x580: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x579, &x580, x578, x531, x563); + var x581: u32 = undefined; + var x582: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x581, &x582, x580, x533, x565); + var x583: u32 = undefined; + var x584: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x583, &x584, x582, (@intCast(u32, x534) + @intCast(u32, x510)), (@intCast(u32, x566) + x538)); + var x585: u32 = undefined; + var x586: u1 = undefined; + fiatSecp256k1SubborrowxU32(&x585, &x586, 0x0, x569, 0xfffffc2f); + var x587: u32 = undefined; + var x588: u1 = undefined; + fiatSecp256k1SubborrowxU32(&x587, &x588, x586, x571, 0xfffffffe); + var x589: u32 = undefined; + var x590: u1 = undefined; + fiatSecp256k1SubborrowxU32(&x589, &x590, x588, x573, 0xffffffff); + var x591: u32 = undefined; + var x592: u1 = undefined; + fiatSecp256k1SubborrowxU32(&x591, &x592, x590, x575, 0xffffffff); + var x593: u32 = undefined; + var x594: u1 = undefined; + fiatSecp256k1SubborrowxU32(&x593, &x594, x592, x577, 0xffffffff); + var x595: u32 = undefined; + var x596: u1 = undefined; + fiatSecp256k1SubborrowxU32(&x595, &x596, x594, x579, 0xffffffff); + var x597: u32 = undefined; + var x598: u1 = undefined; + fiatSecp256k1SubborrowxU32(&x597, &x598, x596, x581, 0xffffffff); + var x599: u32 = undefined; + var x600: u1 = undefined; + fiatSecp256k1SubborrowxU32(&x599, &x600, x598, x583, 0xffffffff); + var x601: u32 = undefined; + var x602: u1 = undefined; + fiatSecp256k1SubborrowxU32(&x601, &x602, x600, @intCast(u32, x584), @intCast(u32, 0x0)); + var x603: u32 = undefined; + fiatSecp256k1CmovznzU32(&x603, x602, x585, x569); + var x604: u32 = undefined; + fiatSecp256k1CmovznzU32(&x604, x602, x587, x571); + var x605: u32 = undefined; + fiatSecp256k1CmovznzU32(&x605, x602, x589, x573); + var x606: u32 = undefined; + fiatSecp256k1CmovznzU32(&x606, x602, x591, x575); + var x607: u32 = undefined; + fiatSecp256k1CmovznzU32(&x607, x602, x593, x577); + var x608: u32 = undefined; + fiatSecp256k1CmovznzU32(&x608, x602, x595, x579); + var x609: u32 = undefined; + fiatSecp256k1CmovznzU32(&x609, x602, x597, x581); + var x610: u32 = undefined; + fiatSecp256k1CmovznzU32(&x610, x602, x599, x583); + out1[0] = x603; + out1[1] = x604; + out1[2] = x605; + out1[3] = x606; + out1[4] = x607; + out1[5] = x608; + out1[6] = x609; + out1[7] = x610; +} + +/// The function fiatSecp256k1Nonzero outputs a single non-zero word if the input is non-zero and zero otherwise. +/// Preconditions: +/// 0 ≤ eval arg1 < m +/// Postconditions: +/// out1 = 0 ↔ eval (from_montgomery arg1) mod m = 0 +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +/// Output Bounds: +/// out1: [0x0 ~> 0xffffffff] +pub fn fiatSecp256k1Nonzero(out1: *u32, arg1: [8]u32) void { + const x1: u32 = ((arg1[0]) | ((arg1[1]) | ((arg1[2]) | ((arg1[3]) | ((arg1[4]) | ((arg1[5]) | ((arg1[6]) | (arg1[7])))))))); + out1.* = x1; +} + +/// The function fiatSecp256k1Selectznz is a multi-limb conditional select. +/// Postconditions: +/// eval out1 = (if arg1 = 0 then eval arg2 else eval arg3) +/// +/// Input Bounds: +/// arg1: [0x0 ~> 0x1] +/// arg2: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +/// arg3: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +pub fn fiatSecp256k1Selectznz(out1: *[8]u32, arg1: u1, arg2: [8]u32, arg3: [8]u32) void { + var x1: u32 = undefined; + fiatSecp256k1CmovznzU32(&x1, arg1, (arg2[0]), (arg3[0])); + var x2: u32 = undefined; + fiatSecp256k1CmovznzU32(&x2, arg1, (arg2[1]), (arg3[1])); + var x3: u32 = undefined; + fiatSecp256k1CmovznzU32(&x3, arg1, (arg2[2]), (arg3[2])); + var x4: u32 = undefined; + fiatSecp256k1CmovznzU32(&x4, arg1, (arg2[3]), (arg3[3])); + var x5: u32 = undefined; + fiatSecp256k1CmovznzU32(&x5, arg1, (arg2[4]), (arg3[4])); + var x6: u32 = undefined; + fiatSecp256k1CmovznzU32(&x6, arg1, (arg2[5]), (arg3[5])); + var x7: u32 = undefined; + fiatSecp256k1CmovznzU32(&x7, arg1, (arg2[6]), (arg3[6])); + var x8: u32 = undefined; + fiatSecp256k1CmovznzU32(&x8, arg1, (arg2[7]), (arg3[7])); + out1[0] = x1; + out1[1] = x2; + out1[2] = x3; + out1[3] = x4; + out1[4] = x5; + out1[5] = x6; + out1[6] = x7; + out1[7] = x8; +} + +/// The function fiatSecp256k1ToBytes serializes a field element NOT in the Montgomery domain to bytes in little-endian order. +/// Preconditions: +/// 0 ≤ eval arg1 < m +/// Postconditions: +/// out1 = map (λ x, ⌊((eval arg1 mod m) mod 2^(8 * (x + 1))) / 2^(8 * x)⌋) [0..31] +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff]] +pub fn fiatSecp256k1ToBytes(out1: *[32]u8, arg1: [8]u32) void { + const x1: u32 = (arg1[7]); + const x2: u32 = (arg1[6]); + const x3: u32 = (arg1[5]); + const x4: u32 = (arg1[4]); + const x5: u32 = (arg1[3]); + const x6: u32 = (arg1[2]); + const x7: u32 = (arg1[1]); + const x8: u32 = (arg1[0]); + const x9: u8 = @intCast(u8, (x8 & @intCast(u32, 0xff))); + const x10: u32 = (x8 >> 8); + const x11: u8 = @intCast(u8, (x10 & @intCast(u32, 0xff))); + const x12: u32 = (x10 >> 8); + const x13: u8 = @intCast(u8, (x12 & @intCast(u32, 0xff))); + const x14: u8 = @intCast(u8, (x12 >> 8)); + const x15: u8 = @intCast(u8, (x7 & @intCast(u32, 0xff))); + const x16: u32 = (x7 >> 8); + const x17: u8 = @intCast(u8, (x16 & @intCast(u32, 0xff))); + const x18: u32 = (x16 >> 8); + const x19: u8 = @intCast(u8, (x18 & @intCast(u32, 0xff))); + const x20: u8 = @intCast(u8, (x18 >> 8)); + const x21: u8 = @intCast(u8, (x6 & @intCast(u32, 0xff))); + const x22: u32 = (x6 >> 8); + const x23: u8 = @intCast(u8, (x22 & @intCast(u32, 0xff))); + const x24: u32 = (x22 >> 8); + const x25: u8 = @intCast(u8, (x24 & @intCast(u32, 0xff))); + const x26: u8 = @intCast(u8, (x24 >> 8)); + const x27: u8 = @intCast(u8, (x5 & @intCast(u32, 0xff))); + const x28: u32 = (x5 >> 8); + const x29: u8 = @intCast(u8, (x28 & @intCast(u32, 0xff))); + const x30: u32 = (x28 >> 8); + const x31: u8 = @intCast(u8, (x30 & @intCast(u32, 0xff))); + const x32: u8 = @intCast(u8, (x30 >> 8)); + const x33: u8 = @intCast(u8, (x4 & @intCast(u32, 0xff))); + const x34: u32 = (x4 >> 8); + const x35: u8 = @intCast(u8, (x34 & @intCast(u32, 0xff))); + const x36: u32 = (x34 >> 8); + const x37: u8 = @intCast(u8, (x36 & @intCast(u32, 0xff))); + const x38: u8 = @intCast(u8, (x36 >> 8)); + const x39: u8 = @intCast(u8, (x3 & @intCast(u32, 0xff))); + const x40: u32 = (x3 >> 8); + const x41: u8 = @intCast(u8, (x40 & @intCast(u32, 0xff))); + const x42: u32 = (x40 >> 8); + const x43: u8 = @intCast(u8, (x42 & @intCast(u32, 0xff))); + const x44: u8 = @intCast(u8, (x42 >> 8)); + const x45: u8 = @intCast(u8, (x2 & @intCast(u32, 0xff))); + const x46: u32 = (x2 >> 8); + const x47: u8 = @intCast(u8, (x46 & @intCast(u32, 0xff))); + const x48: u32 = (x46 >> 8); + const x49: u8 = @intCast(u8, (x48 & @intCast(u32, 0xff))); + const x50: u8 = @intCast(u8, (x48 >> 8)); + const x51: u8 = @intCast(u8, (x1 & @intCast(u32, 0xff))); + const x52: u32 = (x1 >> 8); + const x53: u8 = @intCast(u8, (x52 & @intCast(u32, 0xff))); + const x54: u32 = (x52 >> 8); + const x55: u8 = @intCast(u8, (x54 & @intCast(u32, 0xff))); + const x56: u8 = @intCast(u8, (x54 >> 8)); + out1[0] = x9; + out1[1] = x11; + out1[2] = x13; + out1[3] = x14; + out1[4] = x15; + out1[5] = x17; + out1[6] = x19; + out1[7] = x20; + out1[8] = x21; + out1[9] = x23; + out1[10] = x25; + out1[11] = x26; + out1[12] = x27; + out1[13] = x29; + out1[14] = x31; + out1[15] = x32; + out1[16] = x33; + out1[17] = x35; + out1[18] = x37; + out1[19] = x38; + out1[20] = x39; + out1[21] = x41; + out1[22] = x43; + out1[23] = x44; + out1[24] = x45; + out1[25] = x47; + out1[26] = x49; + out1[27] = x50; + out1[28] = x51; + out1[29] = x53; + out1[30] = x55; + out1[31] = x56; +} + +/// The function fiatSecp256k1FromBytes deserializes a field element NOT in the Montgomery domain from bytes in little-endian order. +/// Preconditions: +/// 0 ≤ bytes_eval arg1 < m +/// Postconditions: +/// eval out1 mod m = bytes_eval arg1 mod m +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +pub fn fiatSecp256k1FromBytes(out1: *[8]u32, arg1: [32]u8) void { + const x1: u32 = (@intCast(u32, (arg1[31])) << 24); + const x2: u32 = (@intCast(u32, (arg1[30])) << 16); + const x3: u32 = (@intCast(u32, (arg1[29])) << 8); + const x4: u8 = (arg1[28]); + const x5: u32 = (@intCast(u32, (arg1[27])) << 24); + const x6: u32 = (@intCast(u32, (arg1[26])) << 16); + const x7: u32 = (@intCast(u32, (arg1[25])) << 8); + const x8: u8 = (arg1[24]); + const x9: u32 = (@intCast(u32, (arg1[23])) << 24); + const x10: u32 = (@intCast(u32, (arg1[22])) << 16); + const x11: u32 = (@intCast(u32, (arg1[21])) << 8); + const x12: u8 = (arg1[20]); + const x13: u32 = (@intCast(u32, (arg1[19])) << 24); + const x14: u32 = (@intCast(u32, (arg1[18])) << 16); + const x15: u32 = (@intCast(u32, (arg1[17])) << 8); + const x16: u8 = (arg1[16]); + const x17: u32 = (@intCast(u32, (arg1[15])) << 24); + const x18: u32 = (@intCast(u32, (arg1[14])) << 16); + const x19: u32 = (@intCast(u32, (arg1[13])) << 8); + const x20: u8 = (arg1[12]); + const x21: u32 = (@intCast(u32, (arg1[11])) << 24); + const x22: u32 = (@intCast(u32, (arg1[10])) << 16); + const x23: u32 = (@intCast(u32, (arg1[9])) << 8); + const x24: u8 = (arg1[8]); + const x25: u32 = (@intCast(u32, (arg1[7])) << 24); + const x26: u32 = (@intCast(u32, (arg1[6])) << 16); + const x27: u32 = (@intCast(u32, (arg1[5])) << 8); + const x28: u8 = (arg1[4]); + const x29: u32 = (@intCast(u32, (arg1[3])) << 24); + const x30: u32 = (@intCast(u32, (arg1[2])) << 16); + const x31: u32 = (@intCast(u32, (arg1[1])) << 8); + const x32: u8 = (arg1[0]); + const x33: u32 = (x31 + @intCast(u32, x32)); + const x34: u32 = (x30 + x33); + const x35: u32 = (x29 + x34); + const x36: u32 = (x27 + @intCast(u32, x28)); + const x37: u32 = (x26 + x36); + const x38: u32 = (x25 + x37); + const x39: u32 = (x23 + @intCast(u32, x24)); + const x40: u32 = (x22 + x39); + const x41: u32 = (x21 + x40); + const x42: u32 = (x19 + @intCast(u32, x20)); + const x43: u32 = (x18 + x42); + const x44: u32 = (x17 + x43); + const x45: u32 = (x15 + @intCast(u32, x16)); + const x46: u32 = (x14 + x45); + const x47: u32 = (x13 + x46); + const x48: u32 = (x11 + @intCast(u32, x12)); + const x49: u32 = (x10 + x48); + const x50: u32 = (x9 + x49); + const x51: u32 = (x7 + @intCast(u32, x8)); + const x52: u32 = (x6 + x51); + const x53: u32 = (x5 + x52); + const x54: u32 = (x3 + @intCast(u32, x4)); + const x55: u32 = (x2 + x54); + const x56: u32 = (x1 + x55); + out1[0] = x35; + out1[1] = x38; + out1[2] = x41; + out1[3] = x44; + out1[4] = x47; + out1[5] = x50; + out1[6] = x53; + out1[7] = x56; +} + +/// The function fiatSecp256k1SetOne returns the field element one in the Montgomery domain. +/// Postconditions: +/// eval (from_montgomery out1) mod m = 1 mod m +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +pub fn fiatSecp256k1SetOne(out1: *[8]u32) void { + out1[0] = 0x3d1; + out1[1] = @intCast(u32, 0x1); + out1[2] = @intCast(u32, 0x0); + out1[3] = @intCast(u32, 0x0); + out1[4] = @intCast(u32, 0x0); + out1[5] = @intCast(u32, 0x0); + out1[6] = @intCast(u32, 0x0); + out1[7] = @intCast(u32, 0x0); +} + +/// The function fiatSecp256k1Msat returns the saturated representation of the prime modulus. +/// Postconditions: +/// twos_complement_eval out1 = m +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +pub fn fiatSecp256k1Msat(out1: *[9]u32) void { + out1[0] = 0xfffffc2f; + out1[1] = 0xfffffffe; + out1[2] = 0xffffffff; + out1[3] = 0xffffffff; + out1[4] = 0xffffffff; + out1[5] = 0xffffffff; + out1[6] = 0xffffffff; + out1[7] = 0xffffffff; + out1[8] = @intCast(u32, 0x0); +} + +/// The function fiatSecp256k1Divstep computes a divstep. +/// Preconditions: +/// 0 ≤ eval arg4 < m +/// 0 ≤ eval arg5 < m +/// Postconditions: +/// out1 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then 1 - arg1 else 1 + arg1) +/// twos_complement_eval out2 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then twos_complement_eval arg3 else twos_complement_eval arg2) +/// twos_complement_eval out3 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then ⌊(twos_complement_eval arg3 - twos_complement_eval arg2) / 2⌋ else ⌊(twos_complement_eval arg3 + (twos_complement_eval arg3 mod 2) * twos_complement_eval arg2) / 2⌋) +/// eval (from_montgomery out4) mod m = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then (2 * eval (from_montgomery arg5)) mod m else (2 * eval (from_montgomery arg4)) mod m) +/// eval (from_montgomery out5) mod m = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then (eval (from_montgomery arg4) - eval (from_montgomery arg4)) mod m else (eval (from_montgomery arg5) + (twos_complement_eval arg3 mod 2) * eval (from_montgomery arg4)) mod m) +/// 0 ≤ eval out5 < m +/// 0 ≤ eval out5 < m +/// 0 ≤ eval out2 < m +/// 0 ≤ eval out3 < m +/// +/// Input Bounds: +/// arg1: [0x0 ~> 0xffffffff] +/// arg2: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +/// arg3: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +/// arg4: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +/// arg5: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +/// Output Bounds: +/// out1: [0x0 ~> 0xffffffff] +/// out2: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +/// out3: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +/// out4: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +/// out5: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +pub fn fiatSecp256k1Divstep(out1: *u32, out2: *[9]u32, out3: *[9]u32, out4: *[8]u32, out5: *[8]u32, arg1: u32, arg2: [9]u32, arg3: [9]u32, arg4: [8]u32, arg5: [8]u32) void { + var x1: u32 = undefined; + var x2: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x1, &x2, 0x0, (~arg1), @intCast(u32, 0x1)); + const x3: u1 = (@intCast(u1, (x1 >> 31)) & @intCast(u1, ((arg3[0]) & @intCast(u32, 0x1)))); + var x4: u32 = undefined; + var x5: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x4, &x5, 0x0, (~arg1), @intCast(u32, 0x1)); + var x6: u32 = undefined; + fiatSecp256k1CmovznzU32(&x6, x3, arg1, x4); + var x7: u32 = undefined; + fiatSecp256k1CmovznzU32(&x7, x3, (arg2[0]), (arg3[0])); + var x8: u32 = undefined; + fiatSecp256k1CmovznzU32(&x8, x3, (arg2[1]), (arg3[1])); + var x9: u32 = undefined; + fiatSecp256k1CmovznzU32(&x9, x3, (arg2[2]), (arg3[2])); + var x10: u32 = undefined; + fiatSecp256k1CmovznzU32(&x10, x3, (arg2[3]), (arg3[3])); + var x11: u32 = undefined; + fiatSecp256k1CmovznzU32(&x11, x3, (arg2[4]), (arg3[4])); + var x12: u32 = undefined; + fiatSecp256k1CmovznzU32(&x12, x3, (arg2[5]), (arg3[5])); + var x13: u32 = undefined; + fiatSecp256k1CmovznzU32(&x13, x3, (arg2[6]), (arg3[6])); + var x14: u32 = undefined; + fiatSecp256k1CmovznzU32(&x14, x3, (arg2[7]), (arg3[7])); + var x15: u32 = undefined; + fiatSecp256k1CmovznzU32(&x15, x3, (arg2[8]), (arg3[8])); + var x16: u32 = undefined; + var x17: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x16, &x17, 0x0, @intCast(u32, 0x1), (~(arg2[0]))); + var x18: u32 = undefined; + var x19: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x18, &x19, x17, @intCast(u32, 0x0), (~(arg2[1]))); + var x20: u32 = undefined; + var x21: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x20, &x21, x19, @intCast(u32, 0x0), (~(arg2[2]))); + var x22: u32 = undefined; + var x23: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x22, &x23, x21, @intCast(u32, 0x0), (~(arg2[3]))); + var x24: u32 = undefined; + var x25: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x24, &x25, x23, @intCast(u32, 0x0), (~(arg2[4]))); + var x26: u32 = undefined; + var x27: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x26, &x27, x25, @intCast(u32, 0x0), (~(arg2[5]))); + var x28: u32 = undefined; + var x29: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x28, &x29, x27, @intCast(u32, 0x0), (~(arg2[6]))); + var x30: u32 = undefined; + var x31: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x30, &x31, x29, @intCast(u32, 0x0), (~(arg2[7]))); + var x32: u32 = undefined; + var x33: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x32, &x33, x31, @intCast(u32, 0x0), (~(arg2[8]))); + var x34: u32 = undefined; + fiatSecp256k1CmovznzU32(&x34, x3, (arg3[0]), x16); + var x35: u32 = undefined; + fiatSecp256k1CmovznzU32(&x35, x3, (arg3[1]), x18); + var x36: u32 = undefined; + fiatSecp256k1CmovznzU32(&x36, x3, (arg3[2]), x20); + var x37: u32 = undefined; + fiatSecp256k1CmovznzU32(&x37, x3, (arg3[3]), x22); + var x38: u32 = undefined; + fiatSecp256k1CmovznzU32(&x38, x3, (arg3[4]), x24); + var x39: u32 = undefined; + fiatSecp256k1CmovznzU32(&x39, x3, (arg3[5]), x26); + var x40: u32 = undefined; + fiatSecp256k1CmovznzU32(&x40, x3, (arg3[6]), x28); + var x41: u32 = undefined; + fiatSecp256k1CmovznzU32(&x41, x3, (arg3[7]), x30); + var x42: u32 = undefined; + fiatSecp256k1CmovznzU32(&x42, x3, (arg3[8]), x32); + var x43: u32 = undefined; + fiatSecp256k1CmovznzU32(&x43, x3, (arg4[0]), (arg5[0])); + var x44: u32 = undefined; + fiatSecp256k1CmovznzU32(&x44, x3, (arg4[1]), (arg5[1])); + var x45: u32 = undefined; + fiatSecp256k1CmovznzU32(&x45, x3, (arg4[2]), (arg5[2])); + var x46: u32 = undefined; + fiatSecp256k1CmovznzU32(&x46, x3, (arg4[3]), (arg5[3])); + var x47: u32 = undefined; + fiatSecp256k1CmovznzU32(&x47, x3, (arg4[4]), (arg5[4])); + var x48: u32 = undefined; + fiatSecp256k1CmovznzU32(&x48, x3, (arg4[5]), (arg5[5])); + var x49: u32 = undefined; + fiatSecp256k1CmovznzU32(&x49, x3, (arg4[6]), (arg5[6])); + var x50: u32 = undefined; + fiatSecp256k1CmovznzU32(&x50, x3, (arg4[7]), (arg5[7])); + var x51: u32 = undefined; + var x52: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x51, &x52, 0x0, x43, x43); + var x53: u32 = undefined; + var x54: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x53, &x54, x52, x44, x44); + var x55: u32 = undefined; + var x56: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x55, &x56, x54, x45, x45); + var x57: u32 = undefined; + var x58: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x57, &x58, x56, x46, x46); + var x59: u32 = undefined; + var x60: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x59, &x60, x58, x47, x47); + var x61: u32 = undefined; + var x62: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x61, &x62, x60, x48, x48); + var x63: u32 = undefined; + var x64: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x63, &x64, x62, x49, x49); + var x65: u32 = undefined; + var x66: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x65, &x66, x64, x50, x50); + var x67: u32 = undefined; + var x68: u1 = undefined; + fiatSecp256k1SubborrowxU32(&x67, &x68, 0x0, x51, 0xfffffc2f); + var x69: u32 = undefined; + var x70: u1 = undefined; + fiatSecp256k1SubborrowxU32(&x69, &x70, x68, x53, 0xfffffffe); + var x71: u32 = undefined; + var x72: u1 = undefined; + fiatSecp256k1SubborrowxU32(&x71, &x72, x70, x55, 0xffffffff); + var x73: u32 = undefined; + var x74: u1 = undefined; + fiatSecp256k1SubborrowxU32(&x73, &x74, x72, x57, 0xffffffff); + var x75: u32 = undefined; + var x76: u1 = undefined; + fiatSecp256k1SubborrowxU32(&x75, &x76, x74, x59, 0xffffffff); + var x77: u32 = undefined; + var x78: u1 = undefined; + fiatSecp256k1SubborrowxU32(&x77, &x78, x76, x61, 0xffffffff); + var x79: u32 = undefined; + var x80: u1 = undefined; + fiatSecp256k1SubborrowxU32(&x79, &x80, x78, x63, 0xffffffff); + var x81: u32 = undefined; + var x82: u1 = undefined; + fiatSecp256k1SubborrowxU32(&x81, &x82, x80, x65, 0xffffffff); + var x83: u32 = undefined; + var x84: u1 = undefined; + fiatSecp256k1SubborrowxU32(&x83, &x84, x82, @intCast(u32, x66), @intCast(u32, 0x0)); + const x85: u32 = (arg4[7]); + const x86: u32 = (arg4[6]); + const x87: u32 = (arg4[5]); + const x88: u32 = (arg4[4]); + const x89: u32 = (arg4[3]); + const x90: u32 = (arg4[2]); + const x91: u32 = (arg4[1]); + const x92: u32 = (arg4[0]); + var x93: u32 = undefined; + var x94: u1 = undefined; + fiatSecp256k1SubborrowxU32(&x93, &x94, 0x0, @intCast(u32, 0x0), x92); + var x95: u32 = undefined; + var x96: u1 = undefined; + fiatSecp256k1SubborrowxU32(&x95, &x96, x94, @intCast(u32, 0x0), x91); + var x97: u32 = undefined; + var x98: u1 = undefined; + fiatSecp256k1SubborrowxU32(&x97, &x98, x96, @intCast(u32, 0x0), x90); + var x99: u32 = undefined; + var x100: u1 = undefined; + fiatSecp256k1SubborrowxU32(&x99, &x100, x98, @intCast(u32, 0x0), x89); + var x101: u32 = undefined; + var x102: u1 = undefined; + fiatSecp256k1SubborrowxU32(&x101, &x102, x100, @intCast(u32, 0x0), x88); + var x103: u32 = undefined; + var x104: u1 = undefined; + fiatSecp256k1SubborrowxU32(&x103, &x104, x102, @intCast(u32, 0x0), x87); + var x105: u32 = undefined; + var x106: u1 = undefined; + fiatSecp256k1SubborrowxU32(&x105, &x106, x104, @intCast(u32, 0x0), x86); + var x107: u32 = undefined; + var x108: u1 = undefined; + fiatSecp256k1SubborrowxU32(&x107, &x108, x106, @intCast(u32, 0x0), x85); + var x109: u32 = undefined; + fiatSecp256k1CmovznzU32(&x109, x108, @intCast(u32, 0x0), 0xffffffff); + var x110: u32 = undefined; + var x111: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x110, &x111, 0x0, x93, (x109 & 0xfffffc2f)); + var x112: u32 = undefined; + var x113: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x112, &x113, x111, x95, (x109 & 0xfffffffe)); + var x114: u32 = undefined; + var x115: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x114, &x115, x113, x97, x109); + var x116: u32 = undefined; + var x117: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x116, &x117, x115, x99, x109); + var x118: u32 = undefined; + var x119: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x118, &x119, x117, x101, x109); + var x120: u32 = undefined; + var x121: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x120, &x121, x119, x103, x109); + var x122: u32 = undefined; + var x123: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x122, &x123, x121, x105, x109); + var x124: u32 = undefined; + var x125: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x124, &x125, x123, x107, x109); + var x126: u32 = undefined; + fiatSecp256k1CmovznzU32(&x126, x3, (arg5[0]), x110); + var x127: u32 = undefined; + fiatSecp256k1CmovznzU32(&x127, x3, (arg5[1]), x112); + var x128: u32 = undefined; + fiatSecp256k1CmovznzU32(&x128, x3, (arg5[2]), x114); + var x129: u32 = undefined; + fiatSecp256k1CmovznzU32(&x129, x3, (arg5[3]), x116); + var x130: u32 = undefined; + fiatSecp256k1CmovznzU32(&x130, x3, (arg5[4]), x118); + var x131: u32 = undefined; + fiatSecp256k1CmovznzU32(&x131, x3, (arg5[5]), x120); + var x132: u32 = undefined; + fiatSecp256k1CmovznzU32(&x132, x3, (arg5[6]), x122); + var x133: u32 = undefined; + fiatSecp256k1CmovznzU32(&x133, x3, (arg5[7]), x124); + const x134: u1 = @intCast(u1, (x34 & @intCast(u32, 0x1))); + var x135: u32 = undefined; + fiatSecp256k1CmovznzU32(&x135, x134, @intCast(u32, 0x0), x7); + var x136: u32 = undefined; + fiatSecp256k1CmovznzU32(&x136, x134, @intCast(u32, 0x0), x8); + var x137: u32 = undefined; + fiatSecp256k1CmovznzU32(&x137, x134, @intCast(u32, 0x0), x9); + var x138: u32 = undefined; + fiatSecp256k1CmovznzU32(&x138, x134, @intCast(u32, 0x0), x10); + var x139: u32 = undefined; + fiatSecp256k1CmovznzU32(&x139, x134, @intCast(u32, 0x0), x11); + var x140: u32 = undefined; + fiatSecp256k1CmovznzU32(&x140, x134, @intCast(u32, 0x0), x12); + var x141: u32 = undefined; + fiatSecp256k1CmovznzU32(&x141, x134, @intCast(u32, 0x0), x13); + var x142: u32 = undefined; + fiatSecp256k1CmovznzU32(&x142, x134, @intCast(u32, 0x0), x14); + var x143: u32 = undefined; + fiatSecp256k1CmovznzU32(&x143, x134, @intCast(u32, 0x0), x15); + var x144: u32 = undefined; + var x145: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x144, &x145, 0x0, x34, x135); + var x146: u32 = undefined; + var x147: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x146, &x147, x145, x35, x136); + var x148: u32 = undefined; + var x149: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x148, &x149, x147, x36, x137); + var x150: u32 = undefined; + var x151: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x150, &x151, x149, x37, x138); + var x152: u32 = undefined; + var x153: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x152, &x153, x151, x38, x139); + var x154: u32 = undefined; + var x155: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x154, &x155, x153, x39, x140); + var x156: u32 = undefined; + var x157: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x156, &x157, x155, x40, x141); + var x158: u32 = undefined; + var x159: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x158, &x159, x157, x41, x142); + var x160: u32 = undefined; + var x161: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x160, &x161, x159, x42, x143); + var x162: u32 = undefined; + fiatSecp256k1CmovznzU32(&x162, x134, @intCast(u32, 0x0), x43); + var x163: u32 = undefined; + fiatSecp256k1CmovznzU32(&x163, x134, @intCast(u32, 0x0), x44); + var x164: u32 = undefined; + fiatSecp256k1CmovznzU32(&x164, x134, @intCast(u32, 0x0), x45); + var x165: u32 = undefined; + fiatSecp256k1CmovznzU32(&x165, x134, @intCast(u32, 0x0), x46); + var x166: u32 = undefined; + fiatSecp256k1CmovznzU32(&x166, x134, @intCast(u32, 0x0), x47); + var x167: u32 = undefined; + fiatSecp256k1CmovznzU32(&x167, x134, @intCast(u32, 0x0), x48); + var x168: u32 = undefined; + fiatSecp256k1CmovznzU32(&x168, x134, @intCast(u32, 0x0), x49); + var x169: u32 = undefined; + fiatSecp256k1CmovznzU32(&x169, x134, @intCast(u32, 0x0), x50); + var x170: u32 = undefined; + var x171: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x170, &x171, 0x0, x126, x162); + var x172: u32 = undefined; + var x173: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x172, &x173, x171, x127, x163); + var x174: u32 = undefined; + var x175: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x174, &x175, x173, x128, x164); + var x176: u32 = undefined; + var x177: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x176, &x177, x175, x129, x165); + var x178: u32 = undefined; + var x179: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x178, &x179, x177, x130, x166); + var x180: u32 = undefined; + var x181: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x180, &x181, x179, x131, x167); + var x182: u32 = undefined; + var x183: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x182, &x183, x181, x132, x168); + var x184: u32 = undefined; + var x185: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x184, &x185, x183, x133, x169); + var x186: u32 = undefined; + var x187: u1 = undefined; + fiatSecp256k1SubborrowxU32(&x186, &x187, 0x0, x170, 0xfffffc2f); + var x188: u32 = undefined; + var x189: u1 = undefined; + fiatSecp256k1SubborrowxU32(&x188, &x189, x187, x172, 0xfffffffe); + var x190: u32 = undefined; + var x191: u1 = undefined; + fiatSecp256k1SubborrowxU32(&x190, &x191, x189, x174, 0xffffffff); + var x192: u32 = undefined; + var x193: u1 = undefined; + fiatSecp256k1SubborrowxU32(&x192, &x193, x191, x176, 0xffffffff); + var x194: u32 = undefined; + var x195: u1 = undefined; + fiatSecp256k1SubborrowxU32(&x194, &x195, x193, x178, 0xffffffff); + var x196: u32 = undefined; + var x197: u1 = undefined; + fiatSecp256k1SubborrowxU32(&x196, &x197, x195, x180, 0xffffffff); + var x198: u32 = undefined; + var x199: u1 = undefined; + fiatSecp256k1SubborrowxU32(&x198, &x199, x197, x182, 0xffffffff); + var x200: u32 = undefined; + var x201: u1 = undefined; + fiatSecp256k1SubborrowxU32(&x200, &x201, x199, x184, 0xffffffff); + var x202: u32 = undefined; + var x203: u1 = undefined; + fiatSecp256k1SubborrowxU32(&x202, &x203, x201, @intCast(u32, x185), @intCast(u32, 0x0)); + var x204: u32 = undefined; + var x205: u1 = undefined; + fiatSecp256k1AddcarryxU32(&x204, &x205, 0x0, x6, @intCast(u32, 0x1)); + const x206: u32 = ((x144 >> 1) | ((x146 << 31) & 0xffffffff)); + const x207: u32 = ((x146 >> 1) | ((x148 << 31) & 0xffffffff)); + const x208: u32 = ((x148 >> 1) | ((x150 << 31) & 0xffffffff)); + const x209: u32 = ((x150 >> 1) | ((x152 << 31) & 0xffffffff)); + const x210: u32 = ((x152 >> 1) | ((x154 << 31) & 0xffffffff)); + const x211: u32 = ((x154 >> 1) | ((x156 << 31) & 0xffffffff)); + const x212: u32 = ((x156 >> 1) | ((x158 << 31) & 0xffffffff)); + const x213: u32 = ((x158 >> 1) | ((x160 << 31) & 0xffffffff)); + const x214: u32 = ((x160 & 0x80000000) | (x160 >> 1)); + var x215: u32 = undefined; + fiatSecp256k1CmovznzU32(&x215, x84, x67, x51); + var x216: u32 = undefined; + fiatSecp256k1CmovznzU32(&x216, x84, x69, x53); + var x217: u32 = undefined; + fiatSecp256k1CmovznzU32(&x217, x84, x71, x55); + var x218: u32 = undefined; + fiatSecp256k1CmovznzU32(&x218, x84, x73, x57); + var x219: u32 = undefined; + fiatSecp256k1CmovznzU32(&x219, x84, x75, x59); + var x220: u32 = undefined; + fiatSecp256k1CmovznzU32(&x220, x84, x77, x61); + var x221: u32 = undefined; + fiatSecp256k1CmovznzU32(&x221, x84, x79, x63); + var x222: u32 = undefined; + fiatSecp256k1CmovznzU32(&x222, x84, x81, x65); + var x223: u32 = undefined; + fiatSecp256k1CmovznzU32(&x223, x203, x186, x170); + var x224: u32 = undefined; + fiatSecp256k1CmovznzU32(&x224, x203, x188, x172); + var x225: u32 = undefined; + fiatSecp256k1CmovznzU32(&x225, x203, x190, x174); + var x226: u32 = undefined; + fiatSecp256k1CmovznzU32(&x226, x203, x192, x176); + var x227: u32 = undefined; + fiatSecp256k1CmovznzU32(&x227, x203, x194, x178); + var x228: u32 = undefined; + fiatSecp256k1CmovznzU32(&x228, x203, x196, x180); + var x229: u32 = undefined; + fiatSecp256k1CmovznzU32(&x229, x203, x198, x182); + var x230: u32 = undefined; + fiatSecp256k1CmovznzU32(&x230, x203, x200, x184); + out1.* = x204; + out2[0] = x7; + out2[1] = x8; + out2[2] = x9; + out2[3] = x10; + out2[4] = x11; + out2[5] = x12; + out2[6] = x13; + out2[7] = x14; + out2[8] = x15; + out3[0] = x206; + out3[1] = x207; + out3[2] = x208; + out3[3] = x209; + out3[4] = x210; + out3[5] = x211; + out3[6] = x212; + out3[7] = x213; + out3[8] = x214; + out4[0] = x215; + out4[1] = x216; + out4[2] = x217; + out4[3] = x218; + out4[4] = x219; + out4[5] = x220; + out4[6] = x221; + out4[7] = x222; + out5[0] = x223; + out5[1] = x224; + out5[2] = x225; + out5[3] = x226; + out5[4] = x227; + out5[5] = x228; + out5[6] = x229; + out5[7] = x230; +} + +/// The function fiatSecp256k1DivstepPrecomp returns the precomputed value for Bernstein-Yang-inversion (in montgomery form). +/// Postconditions: +/// eval (from_montgomery out1) = ⌊(m - 1) / 2⌋^(if (log2 m) + 1 < 46 then ⌊(49 * ((log2 m) + 1) + 80) / 17⌋ else ⌊(49 * ((log2 m) + 1) + 57) / 17⌋) +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff], [0x0 ~> 0xffffffff]] +pub fn fiatSecp256k1DivstepPrecomp(out1: *[8]u32) void { + out1[0] = 0x31525e0a; + out1[1] = 0xf201a418; + out1[2] = 0xcd648d85; + out1[3] = 0x9953f9dd; + out1[4] = 0x3db210a9; + out1[5] = 0xe8602946; + out1[6] = 0x4b03709; + out1[7] = 0x24fb8a31; +} + diff --git a/fiat-zig/src/secp256k1_64.zig b/fiat-zig/src/secp256k1_64.zig new file mode 100644 index 0000000000..9041efdec7 --- /dev/null +++ b/fiat-zig/src/secp256k1_64.zig @@ -0,0 +1,1938 @@ +/// Autogenerated: 'src/ExtractionOCaml/word_by_word_montgomery' --lang Zig --internal-static --public-function-case camelCase --private-function-case camelCase secp256k1 64 '2^256 - 2^32 - 977' mul square add sub opp from_montgomery to_montgomery nonzero selectznz to_bytes from_bytes one msat divstep divstep_precomp +/// curve description: secp256k1 +/// machine_wordsize = 64 (from "64") +/// requested operations: mul, square, add, sub, opp, from_montgomery, to_montgomery, nonzero, selectznz, to_bytes, from_bytes, one, msat, divstep, divstep_precomp +/// m = 0xfffffffffffffffffffffffffffffffffffffffffffffffffffffffefffffc2f (from "2^256 - 2^32 - 977") +/// +/// NOTE: In addition to the bounds specified above each function, all +/// functions synthesized for this Montgomery arithmetic require the +/// input to be strictly less than the prime modulus (m), and also +/// require the input to be in the unique saturated representation. +/// All functions also ensure that these two properties are true of +/// return values. +/// +/// Computed values: +/// eval z = z[0] + (z[1] << 64) + (z[2] << 128) + (z[3] << 192) +/// bytes_eval z = z[0] + (z[1] << 8) + (z[2] << 16) + (z[3] << 24) + (z[4] << 32) + (z[5] << 40) + (z[6] << 48) + (z[7] << 56) + (z[8] << 64) + (z[9] << 72) + (z[10] << 80) + (z[11] << 88) + (z[12] << 96) + (z[13] << 104) + (z[14] << 112) + (z[15] << 120) + (z[16] << 128) + (z[17] << 136) + (z[18] << 144) + (z[19] << 152) + (z[20] << 160) + (z[21] << 168) + (z[22] << 176) + (z[23] << 184) + (z[24] << 192) + (z[25] << 200) + (z[26] << 208) + (z[27] << 216) + (z[28] << 224) + (z[29] << 232) + (z[30] << 240) + (z[31] << 248) + + +/// The function fiatSecp256k1AddcarryxU64 is an addition with carry. +/// Postconditions: +/// out1 = (arg1 + arg2 + arg3) mod 2^64 +/// out2 = ⌊(arg1 + arg2 + arg3) / 2^64⌋ +/// +/// Input Bounds: +/// arg1: [0x0 ~> 0x1] +/// arg2: [0x0 ~> 0xffffffffffffffff] +/// arg3: [0x0 ~> 0xffffffffffffffff] +/// Output Bounds: +/// out1: [0x0 ~> 0xffffffffffffffff] +/// out2: [0x0 ~> 0x1] +fn fiatSecp256k1AddcarryxU64(out1: *u64, out2: *u1, arg1: u1, arg2: u64, arg3: u64) callconv(.Inline) void { + const x1: u128 = ((@intCast(u128, arg1) + @intCast(u128, arg2)) + @intCast(u128, arg3)); + const x2: u64 = @intCast(u64, (x1 & @intCast(u128, 0xffffffffffffffff))); + const x3: u1 = @intCast(u1, (x1 >> 64)); + out1.* = x2; + out2.* = x3; +} + +/// The function fiatSecp256k1SubborrowxU64 is a subtraction with borrow. +/// Postconditions: +/// out1 = (-arg1 + arg2 + -arg3) mod 2^64 +/// out2 = -⌊(-arg1 + arg2 + -arg3) / 2^64⌋ +/// +/// Input Bounds: +/// arg1: [0x0 ~> 0x1] +/// arg2: [0x0 ~> 0xffffffffffffffff] +/// arg3: [0x0 ~> 0xffffffffffffffff] +/// Output Bounds: +/// out1: [0x0 ~> 0xffffffffffffffff] +/// out2: [0x0 ~> 0x1] +fn fiatSecp256k1SubborrowxU64(out1: *u64, out2: *u1, arg1: u1, arg2: u64, arg3: u64) callconv(.Inline) void { + const x1: i128 = ((@intCast(i128, arg2) - @intCast(i128, arg1)) - @intCast(i128, arg3)); + const x2: i1 = @intCast(i1, (x1 >> 64)); + const x3: u64 = @intCast(u64, (x1 & @intCast(i128, 0xffffffffffffffff))); + out1.* = x3; + out2.* = @intCast(u1, (@intCast(i2, 0x0) - @intCast(i2, x2))); +} + +/// The function fiatSecp256k1MulxU64 is a multiplication, returning the full double-width result. +/// Postconditions: +/// out1 = (arg1 * arg2) mod 2^64 +/// out2 = ⌊arg1 * arg2 / 2^64⌋ +/// +/// Input Bounds: +/// arg1: [0x0 ~> 0xffffffffffffffff] +/// arg2: [0x0 ~> 0xffffffffffffffff] +/// Output Bounds: +/// out1: [0x0 ~> 0xffffffffffffffff] +/// out2: [0x0 ~> 0xffffffffffffffff] +fn fiatSecp256k1MulxU64(out1: *u64, out2: *u64, arg1: u64, arg2: u64) callconv(.Inline) void { + const x1: u128 = (@intCast(u128, arg1) * @intCast(u128, arg2)); + const x2: u64 = @intCast(u64, (x1 & @intCast(u128, 0xffffffffffffffff))); + const x3: u64 = @intCast(u64, (x1 >> 64)); + out1.* = x2; + out2.* = x3; +} + +/// The function fiatSecp256k1CmovznzU64 is a single-word conditional move. +/// Postconditions: +/// out1 = (if arg1 = 0 then arg2 else arg3) +/// +/// Input Bounds: +/// arg1: [0x0 ~> 0x1] +/// arg2: [0x0 ~> 0xffffffffffffffff] +/// arg3: [0x0 ~> 0xffffffffffffffff] +/// Output Bounds: +/// out1: [0x0 ~> 0xffffffffffffffff] +fn fiatSecp256k1CmovznzU64(out1: *u64, arg1: u1, arg2: u64, arg3: u64) callconv(.Inline) void { + const x1: u1 = (~(~arg1)); + const x2: u64 = @intCast(u64, (@intCast(i128, @intCast(i1, (@intCast(i2, 0x0) - @intCast(i2, x1)))) & @intCast(i128, 0xffffffffffffffff))); + const x3: u64 = ((x2 & arg3) | ((~x2) & arg2)); + out1.* = x3; +} + +/// The function fiatSecp256k1Mul multiplies two field elements in the Montgomery domain. +/// Preconditions: +/// 0 ≤ eval arg1 < m +/// 0 ≤ eval arg2 < m +/// Postconditions: +/// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg2)) mod m +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +pub fn fiatSecp256k1Mul(out1: *[4]u64, arg1: [4]u64, arg2: [4]u64) void { + const x1: u64 = (arg1[1]); + const x2: u64 = (arg1[2]); + const x3: u64 = (arg1[3]); + const x4: u64 = (arg1[0]); + var x5: u64 = undefined; + var x6: u64 = undefined; + fiatSecp256k1MulxU64(&x5, &x6, x4, (arg2[3])); + var x7: u64 = undefined; + var x8: u64 = undefined; + fiatSecp256k1MulxU64(&x7, &x8, x4, (arg2[2])); + var x9: u64 = undefined; + var x10: u64 = undefined; + fiatSecp256k1MulxU64(&x9, &x10, x4, (arg2[1])); + var x11: u64 = undefined; + var x12: u64 = undefined; + fiatSecp256k1MulxU64(&x11, &x12, x4, (arg2[0])); + var x13: u64 = undefined; + var x14: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x13, &x14, 0x0, x12, x9); + var x15: u64 = undefined; + var x16: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x15, &x16, x14, x10, x7); + var x17: u64 = undefined; + var x18: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x17, &x18, x16, x8, x5); + const x19: u64 = (@intCast(u64, x18) + x6); + var x20: u64 = undefined; + var x21: u64 = undefined; + fiatSecp256k1MulxU64(&x20, &x21, x11, 0xd838091dd2253531); + var x22: u64 = undefined; + var x23: u64 = undefined; + fiatSecp256k1MulxU64(&x22, &x23, x20, 0xffffffffffffffff); + var x24: u64 = undefined; + var x25: u64 = undefined; + fiatSecp256k1MulxU64(&x24, &x25, x20, 0xffffffffffffffff); + var x26: u64 = undefined; + var x27: u64 = undefined; + fiatSecp256k1MulxU64(&x26, &x27, x20, 0xffffffffffffffff); + var x28: u64 = undefined; + var x29: u64 = undefined; + fiatSecp256k1MulxU64(&x28, &x29, x20, 0xfffffffefffffc2f); + var x30: u64 = undefined; + var x31: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x30, &x31, 0x0, x29, x26); + var x32: u64 = undefined; + var x33: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x32, &x33, x31, x27, x24); + var x34: u64 = undefined; + var x35: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x34, &x35, x33, x25, x22); + const x36: u64 = (@intCast(u64, x35) + x23); + var x37: u64 = undefined; + var x38: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x37, &x38, 0x0, x11, x28); + var x39: u64 = undefined; + var x40: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x39, &x40, x38, x13, x30); + var x41: u64 = undefined; + var x42: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x41, &x42, x40, x15, x32); + var x43: u64 = undefined; + var x44: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x43, &x44, x42, x17, x34); + var x45: u64 = undefined; + var x46: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x45, &x46, x44, x19, x36); + var x47: u64 = undefined; + var x48: u64 = undefined; + fiatSecp256k1MulxU64(&x47, &x48, x1, (arg2[3])); + var x49: u64 = undefined; + var x50: u64 = undefined; + fiatSecp256k1MulxU64(&x49, &x50, x1, (arg2[2])); + var x51: u64 = undefined; + var x52: u64 = undefined; + fiatSecp256k1MulxU64(&x51, &x52, x1, (arg2[1])); + var x53: u64 = undefined; + var x54: u64 = undefined; + fiatSecp256k1MulxU64(&x53, &x54, x1, (arg2[0])); + var x55: u64 = undefined; + var x56: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x55, &x56, 0x0, x54, x51); + var x57: u64 = undefined; + var x58: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x57, &x58, x56, x52, x49); + var x59: u64 = undefined; + var x60: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x59, &x60, x58, x50, x47); + const x61: u64 = (@intCast(u64, x60) + x48); + var x62: u64 = undefined; + var x63: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x62, &x63, 0x0, x39, x53); + var x64: u64 = undefined; + var x65: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x64, &x65, x63, x41, x55); + var x66: u64 = undefined; + var x67: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x66, &x67, x65, x43, x57); + var x68: u64 = undefined; + var x69: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x68, &x69, x67, x45, x59); + var x70: u64 = undefined; + var x71: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x70, &x71, x69, @intCast(u64, x46), x61); + var x72: u64 = undefined; + var x73: u64 = undefined; + fiatSecp256k1MulxU64(&x72, &x73, x62, 0xd838091dd2253531); + var x74: u64 = undefined; + var x75: u64 = undefined; + fiatSecp256k1MulxU64(&x74, &x75, x72, 0xffffffffffffffff); + var x76: u64 = undefined; + var x77: u64 = undefined; + fiatSecp256k1MulxU64(&x76, &x77, x72, 0xffffffffffffffff); + var x78: u64 = undefined; + var x79: u64 = undefined; + fiatSecp256k1MulxU64(&x78, &x79, x72, 0xffffffffffffffff); + var x80: u64 = undefined; + var x81: u64 = undefined; + fiatSecp256k1MulxU64(&x80, &x81, x72, 0xfffffffefffffc2f); + var x82: u64 = undefined; + var x83: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x82, &x83, 0x0, x81, x78); + var x84: u64 = undefined; + var x85: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x84, &x85, x83, x79, x76); + var x86: u64 = undefined; + var x87: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x86, &x87, x85, x77, x74); + const x88: u64 = (@intCast(u64, x87) + x75); + var x89: u64 = undefined; + var x90: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x89, &x90, 0x0, x62, x80); + var x91: u64 = undefined; + var x92: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x91, &x92, x90, x64, x82); + var x93: u64 = undefined; + var x94: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x93, &x94, x92, x66, x84); + var x95: u64 = undefined; + var x96: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x95, &x96, x94, x68, x86); + var x97: u64 = undefined; + var x98: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x97, &x98, x96, x70, x88); + const x99: u64 = (@intCast(u64, x98) + @intCast(u64, x71)); + var x100: u64 = undefined; + var x101: u64 = undefined; + fiatSecp256k1MulxU64(&x100, &x101, x2, (arg2[3])); + var x102: u64 = undefined; + var x103: u64 = undefined; + fiatSecp256k1MulxU64(&x102, &x103, x2, (arg2[2])); + var x104: u64 = undefined; + var x105: u64 = undefined; + fiatSecp256k1MulxU64(&x104, &x105, x2, (arg2[1])); + var x106: u64 = undefined; + var x107: u64 = undefined; + fiatSecp256k1MulxU64(&x106, &x107, x2, (arg2[0])); + var x108: u64 = undefined; + var x109: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x108, &x109, 0x0, x107, x104); + var x110: u64 = undefined; + var x111: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x110, &x111, x109, x105, x102); + var x112: u64 = undefined; + var x113: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x112, &x113, x111, x103, x100); + const x114: u64 = (@intCast(u64, x113) + x101); + var x115: u64 = undefined; + var x116: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x115, &x116, 0x0, x91, x106); + var x117: u64 = undefined; + var x118: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x117, &x118, x116, x93, x108); + var x119: u64 = undefined; + var x120: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x119, &x120, x118, x95, x110); + var x121: u64 = undefined; + var x122: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x121, &x122, x120, x97, x112); + var x123: u64 = undefined; + var x124: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x123, &x124, x122, x99, x114); + var x125: u64 = undefined; + var x126: u64 = undefined; + fiatSecp256k1MulxU64(&x125, &x126, x115, 0xd838091dd2253531); + var x127: u64 = undefined; + var x128: u64 = undefined; + fiatSecp256k1MulxU64(&x127, &x128, x125, 0xffffffffffffffff); + var x129: u64 = undefined; + var x130: u64 = undefined; + fiatSecp256k1MulxU64(&x129, &x130, x125, 0xffffffffffffffff); + var x131: u64 = undefined; + var x132: u64 = undefined; + fiatSecp256k1MulxU64(&x131, &x132, x125, 0xffffffffffffffff); + var x133: u64 = undefined; + var x134: u64 = undefined; + fiatSecp256k1MulxU64(&x133, &x134, x125, 0xfffffffefffffc2f); + var x135: u64 = undefined; + var x136: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x135, &x136, 0x0, x134, x131); + var x137: u64 = undefined; + var x138: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x137, &x138, x136, x132, x129); + var x139: u64 = undefined; + var x140: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x139, &x140, x138, x130, x127); + const x141: u64 = (@intCast(u64, x140) + x128); + var x142: u64 = undefined; + var x143: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x142, &x143, 0x0, x115, x133); + var x144: u64 = undefined; + var x145: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x144, &x145, x143, x117, x135); + var x146: u64 = undefined; + var x147: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x146, &x147, x145, x119, x137); + var x148: u64 = undefined; + var x149: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x148, &x149, x147, x121, x139); + var x150: u64 = undefined; + var x151: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x150, &x151, x149, x123, x141); + const x152: u64 = (@intCast(u64, x151) + @intCast(u64, x124)); + var x153: u64 = undefined; + var x154: u64 = undefined; + fiatSecp256k1MulxU64(&x153, &x154, x3, (arg2[3])); + var x155: u64 = undefined; + var x156: u64 = undefined; + fiatSecp256k1MulxU64(&x155, &x156, x3, (arg2[2])); + var x157: u64 = undefined; + var x158: u64 = undefined; + fiatSecp256k1MulxU64(&x157, &x158, x3, (arg2[1])); + var x159: u64 = undefined; + var x160: u64 = undefined; + fiatSecp256k1MulxU64(&x159, &x160, x3, (arg2[0])); + var x161: u64 = undefined; + var x162: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x161, &x162, 0x0, x160, x157); + var x163: u64 = undefined; + var x164: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x163, &x164, x162, x158, x155); + var x165: u64 = undefined; + var x166: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x165, &x166, x164, x156, x153); + const x167: u64 = (@intCast(u64, x166) + x154); + var x168: u64 = undefined; + var x169: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x168, &x169, 0x0, x144, x159); + var x170: u64 = undefined; + var x171: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x170, &x171, x169, x146, x161); + var x172: u64 = undefined; + var x173: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x172, &x173, x171, x148, x163); + var x174: u64 = undefined; + var x175: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x174, &x175, x173, x150, x165); + var x176: u64 = undefined; + var x177: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x176, &x177, x175, x152, x167); + var x178: u64 = undefined; + var x179: u64 = undefined; + fiatSecp256k1MulxU64(&x178, &x179, x168, 0xd838091dd2253531); + var x180: u64 = undefined; + var x181: u64 = undefined; + fiatSecp256k1MulxU64(&x180, &x181, x178, 0xffffffffffffffff); + var x182: u64 = undefined; + var x183: u64 = undefined; + fiatSecp256k1MulxU64(&x182, &x183, x178, 0xffffffffffffffff); + var x184: u64 = undefined; + var x185: u64 = undefined; + fiatSecp256k1MulxU64(&x184, &x185, x178, 0xffffffffffffffff); + var x186: u64 = undefined; + var x187: u64 = undefined; + fiatSecp256k1MulxU64(&x186, &x187, x178, 0xfffffffefffffc2f); + var x188: u64 = undefined; + var x189: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x188, &x189, 0x0, x187, x184); + var x190: u64 = undefined; + var x191: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x190, &x191, x189, x185, x182); + var x192: u64 = undefined; + var x193: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x192, &x193, x191, x183, x180); + const x194: u64 = (@intCast(u64, x193) + x181); + var x195: u64 = undefined; + var x196: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x195, &x196, 0x0, x168, x186); + var x197: u64 = undefined; + var x198: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x197, &x198, x196, x170, x188); + var x199: u64 = undefined; + var x200: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x199, &x200, x198, x172, x190); + var x201: u64 = undefined; + var x202: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x201, &x202, x200, x174, x192); + var x203: u64 = undefined; + var x204: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x203, &x204, x202, x176, x194); + const x205: u64 = (@intCast(u64, x204) + @intCast(u64, x177)); + var x206: u64 = undefined; + var x207: u1 = undefined; + fiatSecp256k1SubborrowxU64(&x206, &x207, 0x0, x197, 0xfffffffefffffc2f); + var x208: u64 = undefined; + var x209: u1 = undefined; + fiatSecp256k1SubborrowxU64(&x208, &x209, x207, x199, 0xffffffffffffffff); + var x210: u64 = undefined; + var x211: u1 = undefined; + fiatSecp256k1SubborrowxU64(&x210, &x211, x209, x201, 0xffffffffffffffff); + var x212: u64 = undefined; + var x213: u1 = undefined; + fiatSecp256k1SubborrowxU64(&x212, &x213, x211, x203, 0xffffffffffffffff); + var x214: u64 = undefined; + var x215: u1 = undefined; + fiatSecp256k1SubborrowxU64(&x214, &x215, x213, x205, @intCast(u64, 0x0)); + var x216: u64 = undefined; + fiatSecp256k1CmovznzU64(&x216, x215, x206, x197); + var x217: u64 = undefined; + fiatSecp256k1CmovznzU64(&x217, x215, x208, x199); + var x218: u64 = undefined; + fiatSecp256k1CmovznzU64(&x218, x215, x210, x201); + var x219: u64 = undefined; + fiatSecp256k1CmovznzU64(&x219, x215, x212, x203); + out1[0] = x216; + out1[1] = x217; + out1[2] = x218; + out1[3] = x219; +} + +/// The function fiatSecp256k1Square squares a field element in the Montgomery domain. +/// Preconditions: +/// 0 ≤ eval arg1 < m +/// Postconditions: +/// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) * eval (from_montgomery arg1)) mod m +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +pub fn fiatSecp256k1Square(out1: *[4]u64, arg1: [4]u64) void { + const x1: u64 = (arg1[1]); + const x2: u64 = (arg1[2]); + const x3: u64 = (arg1[3]); + const x4: u64 = (arg1[0]); + var x5: u64 = undefined; + var x6: u64 = undefined; + fiatSecp256k1MulxU64(&x5, &x6, x4, (arg1[3])); + var x7: u64 = undefined; + var x8: u64 = undefined; + fiatSecp256k1MulxU64(&x7, &x8, x4, (arg1[2])); + var x9: u64 = undefined; + var x10: u64 = undefined; + fiatSecp256k1MulxU64(&x9, &x10, x4, (arg1[1])); + var x11: u64 = undefined; + var x12: u64 = undefined; + fiatSecp256k1MulxU64(&x11, &x12, x4, (arg1[0])); + var x13: u64 = undefined; + var x14: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x13, &x14, 0x0, x12, x9); + var x15: u64 = undefined; + var x16: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x15, &x16, x14, x10, x7); + var x17: u64 = undefined; + var x18: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x17, &x18, x16, x8, x5); + const x19: u64 = (@intCast(u64, x18) + x6); + var x20: u64 = undefined; + var x21: u64 = undefined; + fiatSecp256k1MulxU64(&x20, &x21, x11, 0xd838091dd2253531); + var x22: u64 = undefined; + var x23: u64 = undefined; + fiatSecp256k1MulxU64(&x22, &x23, x20, 0xffffffffffffffff); + var x24: u64 = undefined; + var x25: u64 = undefined; + fiatSecp256k1MulxU64(&x24, &x25, x20, 0xffffffffffffffff); + var x26: u64 = undefined; + var x27: u64 = undefined; + fiatSecp256k1MulxU64(&x26, &x27, x20, 0xffffffffffffffff); + var x28: u64 = undefined; + var x29: u64 = undefined; + fiatSecp256k1MulxU64(&x28, &x29, x20, 0xfffffffefffffc2f); + var x30: u64 = undefined; + var x31: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x30, &x31, 0x0, x29, x26); + var x32: u64 = undefined; + var x33: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x32, &x33, x31, x27, x24); + var x34: u64 = undefined; + var x35: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x34, &x35, x33, x25, x22); + const x36: u64 = (@intCast(u64, x35) + x23); + var x37: u64 = undefined; + var x38: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x37, &x38, 0x0, x11, x28); + var x39: u64 = undefined; + var x40: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x39, &x40, x38, x13, x30); + var x41: u64 = undefined; + var x42: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x41, &x42, x40, x15, x32); + var x43: u64 = undefined; + var x44: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x43, &x44, x42, x17, x34); + var x45: u64 = undefined; + var x46: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x45, &x46, x44, x19, x36); + var x47: u64 = undefined; + var x48: u64 = undefined; + fiatSecp256k1MulxU64(&x47, &x48, x1, (arg1[3])); + var x49: u64 = undefined; + var x50: u64 = undefined; + fiatSecp256k1MulxU64(&x49, &x50, x1, (arg1[2])); + var x51: u64 = undefined; + var x52: u64 = undefined; + fiatSecp256k1MulxU64(&x51, &x52, x1, (arg1[1])); + var x53: u64 = undefined; + var x54: u64 = undefined; + fiatSecp256k1MulxU64(&x53, &x54, x1, (arg1[0])); + var x55: u64 = undefined; + var x56: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x55, &x56, 0x0, x54, x51); + var x57: u64 = undefined; + var x58: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x57, &x58, x56, x52, x49); + var x59: u64 = undefined; + var x60: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x59, &x60, x58, x50, x47); + const x61: u64 = (@intCast(u64, x60) + x48); + var x62: u64 = undefined; + var x63: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x62, &x63, 0x0, x39, x53); + var x64: u64 = undefined; + var x65: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x64, &x65, x63, x41, x55); + var x66: u64 = undefined; + var x67: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x66, &x67, x65, x43, x57); + var x68: u64 = undefined; + var x69: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x68, &x69, x67, x45, x59); + var x70: u64 = undefined; + var x71: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x70, &x71, x69, @intCast(u64, x46), x61); + var x72: u64 = undefined; + var x73: u64 = undefined; + fiatSecp256k1MulxU64(&x72, &x73, x62, 0xd838091dd2253531); + var x74: u64 = undefined; + var x75: u64 = undefined; + fiatSecp256k1MulxU64(&x74, &x75, x72, 0xffffffffffffffff); + var x76: u64 = undefined; + var x77: u64 = undefined; + fiatSecp256k1MulxU64(&x76, &x77, x72, 0xffffffffffffffff); + var x78: u64 = undefined; + var x79: u64 = undefined; + fiatSecp256k1MulxU64(&x78, &x79, x72, 0xffffffffffffffff); + var x80: u64 = undefined; + var x81: u64 = undefined; + fiatSecp256k1MulxU64(&x80, &x81, x72, 0xfffffffefffffc2f); + var x82: u64 = undefined; + var x83: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x82, &x83, 0x0, x81, x78); + var x84: u64 = undefined; + var x85: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x84, &x85, x83, x79, x76); + var x86: u64 = undefined; + var x87: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x86, &x87, x85, x77, x74); + const x88: u64 = (@intCast(u64, x87) + x75); + var x89: u64 = undefined; + var x90: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x89, &x90, 0x0, x62, x80); + var x91: u64 = undefined; + var x92: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x91, &x92, x90, x64, x82); + var x93: u64 = undefined; + var x94: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x93, &x94, x92, x66, x84); + var x95: u64 = undefined; + var x96: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x95, &x96, x94, x68, x86); + var x97: u64 = undefined; + var x98: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x97, &x98, x96, x70, x88); + const x99: u64 = (@intCast(u64, x98) + @intCast(u64, x71)); + var x100: u64 = undefined; + var x101: u64 = undefined; + fiatSecp256k1MulxU64(&x100, &x101, x2, (arg1[3])); + var x102: u64 = undefined; + var x103: u64 = undefined; + fiatSecp256k1MulxU64(&x102, &x103, x2, (arg1[2])); + var x104: u64 = undefined; + var x105: u64 = undefined; + fiatSecp256k1MulxU64(&x104, &x105, x2, (arg1[1])); + var x106: u64 = undefined; + var x107: u64 = undefined; + fiatSecp256k1MulxU64(&x106, &x107, x2, (arg1[0])); + var x108: u64 = undefined; + var x109: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x108, &x109, 0x0, x107, x104); + var x110: u64 = undefined; + var x111: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x110, &x111, x109, x105, x102); + var x112: u64 = undefined; + var x113: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x112, &x113, x111, x103, x100); + const x114: u64 = (@intCast(u64, x113) + x101); + var x115: u64 = undefined; + var x116: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x115, &x116, 0x0, x91, x106); + var x117: u64 = undefined; + var x118: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x117, &x118, x116, x93, x108); + var x119: u64 = undefined; + var x120: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x119, &x120, x118, x95, x110); + var x121: u64 = undefined; + var x122: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x121, &x122, x120, x97, x112); + var x123: u64 = undefined; + var x124: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x123, &x124, x122, x99, x114); + var x125: u64 = undefined; + var x126: u64 = undefined; + fiatSecp256k1MulxU64(&x125, &x126, x115, 0xd838091dd2253531); + var x127: u64 = undefined; + var x128: u64 = undefined; + fiatSecp256k1MulxU64(&x127, &x128, x125, 0xffffffffffffffff); + var x129: u64 = undefined; + var x130: u64 = undefined; + fiatSecp256k1MulxU64(&x129, &x130, x125, 0xffffffffffffffff); + var x131: u64 = undefined; + var x132: u64 = undefined; + fiatSecp256k1MulxU64(&x131, &x132, x125, 0xffffffffffffffff); + var x133: u64 = undefined; + var x134: u64 = undefined; + fiatSecp256k1MulxU64(&x133, &x134, x125, 0xfffffffefffffc2f); + var x135: u64 = undefined; + var x136: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x135, &x136, 0x0, x134, x131); + var x137: u64 = undefined; + var x138: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x137, &x138, x136, x132, x129); + var x139: u64 = undefined; + var x140: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x139, &x140, x138, x130, x127); + const x141: u64 = (@intCast(u64, x140) + x128); + var x142: u64 = undefined; + var x143: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x142, &x143, 0x0, x115, x133); + var x144: u64 = undefined; + var x145: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x144, &x145, x143, x117, x135); + var x146: u64 = undefined; + var x147: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x146, &x147, x145, x119, x137); + var x148: u64 = undefined; + var x149: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x148, &x149, x147, x121, x139); + var x150: u64 = undefined; + var x151: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x150, &x151, x149, x123, x141); + const x152: u64 = (@intCast(u64, x151) + @intCast(u64, x124)); + var x153: u64 = undefined; + var x154: u64 = undefined; + fiatSecp256k1MulxU64(&x153, &x154, x3, (arg1[3])); + var x155: u64 = undefined; + var x156: u64 = undefined; + fiatSecp256k1MulxU64(&x155, &x156, x3, (arg1[2])); + var x157: u64 = undefined; + var x158: u64 = undefined; + fiatSecp256k1MulxU64(&x157, &x158, x3, (arg1[1])); + var x159: u64 = undefined; + var x160: u64 = undefined; + fiatSecp256k1MulxU64(&x159, &x160, x3, (arg1[0])); + var x161: u64 = undefined; + var x162: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x161, &x162, 0x0, x160, x157); + var x163: u64 = undefined; + var x164: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x163, &x164, x162, x158, x155); + var x165: u64 = undefined; + var x166: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x165, &x166, x164, x156, x153); + const x167: u64 = (@intCast(u64, x166) + x154); + var x168: u64 = undefined; + var x169: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x168, &x169, 0x0, x144, x159); + var x170: u64 = undefined; + var x171: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x170, &x171, x169, x146, x161); + var x172: u64 = undefined; + var x173: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x172, &x173, x171, x148, x163); + var x174: u64 = undefined; + var x175: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x174, &x175, x173, x150, x165); + var x176: u64 = undefined; + var x177: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x176, &x177, x175, x152, x167); + var x178: u64 = undefined; + var x179: u64 = undefined; + fiatSecp256k1MulxU64(&x178, &x179, x168, 0xd838091dd2253531); + var x180: u64 = undefined; + var x181: u64 = undefined; + fiatSecp256k1MulxU64(&x180, &x181, x178, 0xffffffffffffffff); + var x182: u64 = undefined; + var x183: u64 = undefined; + fiatSecp256k1MulxU64(&x182, &x183, x178, 0xffffffffffffffff); + var x184: u64 = undefined; + var x185: u64 = undefined; + fiatSecp256k1MulxU64(&x184, &x185, x178, 0xffffffffffffffff); + var x186: u64 = undefined; + var x187: u64 = undefined; + fiatSecp256k1MulxU64(&x186, &x187, x178, 0xfffffffefffffc2f); + var x188: u64 = undefined; + var x189: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x188, &x189, 0x0, x187, x184); + var x190: u64 = undefined; + var x191: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x190, &x191, x189, x185, x182); + var x192: u64 = undefined; + var x193: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x192, &x193, x191, x183, x180); + const x194: u64 = (@intCast(u64, x193) + x181); + var x195: u64 = undefined; + var x196: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x195, &x196, 0x0, x168, x186); + var x197: u64 = undefined; + var x198: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x197, &x198, x196, x170, x188); + var x199: u64 = undefined; + var x200: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x199, &x200, x198, x172, x190); + var x201: u64 = undefined; + var x202: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x201, &x202, x200, x174, x192); + var x203: u64 = undefined; + var x204: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x203, &x204, x202, x176, x194); + const x205: u64 = (@intCast(u64, x204) + @intCast(u64, x177)); + var x206: u64 = undefined; + var x207: u1 = undefined; + fiatSecp256k1SubborrowxU64(&x206, &x207, 0x0, x197, 0xfffffffefffffc2f); + var x208: u64 = undefined; + var x209: u1 = undefined; + fiatSecp256k1SubborrowxU64(&x208, &x209, x207, x199, 0xffffffffffffffff); + var x210: u64 = undefined; + var x211: u1 = undefined; + fiatSecp256k1SubborrowxU64(&x210, &x211, x209, x201, 0xffffffffffffffff); + var x212: u64 = undefined; + var x213: u1 = undefined; + fiatSecp256k1SubborrowxU64(&x212, &x213, x211, x203, 0xffffffffffffffff); + var x214: u64 = undefined; + var x215: u1 = undefined; + fiatSecp256k1SubborrowxU64(&x214, &x215, x213, x205, @intCast(u64, 0x0)); + var x216: u64 = undefined; + fiatSecp256k1CmovznzU64(&x216, x215, x206, x197); + var x217: u64 = undefined; + fiatSecp256k1CmovznzU64(&x217, x215, x208, x199); + var x218: u64 = undefined; + fiatSecp256k1CmovznzU64(&x218, x215, x210, x201); + var x219: u64 = undefined; + fiatSecp256k1CmovznzU64(&x219, x215, x212, x203); + out1[0] = x216; + out1[1] = x217; + out1[2] = x218; + out1[3] = x219; +} + +/// The function fiatSecp256k1Add adds two field elements in the Montgomery domain. +/// Preconditions: +/// 0 ≤ eval arg1 < m +/// 0 ≤ eval arg2 < m +/// Postconditions: +/// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) + eval (from_montgomery arg2)) mod m +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +pub fn fiatSecp256k1Add(out1: *[4]u64, arg1: [4]u64, arg2: [4]u64) void { + var x1: u64 = undefined; + var x2: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x1, &x2, 0x0, (arg1[0]), (arg2[0])); + var x3: u64 = undefined; + var x4: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x3, &x4, x2, (arg1[1]), (arg2[1])); + var x5: u64 = undefined; + var x6: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x5, &x6, x4, (arg1[2]), (arg2[2])); + var x7: u64 = undefined; + var x8: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x7, &x8, x6, (arg1[3]), (arg2[3])); + var x9: u64 = undefined; + var x10: u1 = undefined; + fiatSecp256k1SubborrowxU64(&x9, &x10, 0x0, x1, 0xfffffffefffffc2f); + var x11: u64 = undefined; + var x12: u1 = undefined; + fiatSecp256k1SubborrowxU64(&x11, &x12, x10, x3, 0xffffffffffffffff); + var x13: u64 = undefined; + var x14: u1 = undefined; + fiatSecp256k1SubborrowxU64(&x13, &x14, x12, x5, 0xffffffffffffffff); + var x15: u64 = undefined; + var x16: u1 = undefined; + fiatSecp256k1SubborrowxU64(&x15, &x16, x14, x7, 0xffffffffffffffff); + var x17: u64 = undefined; + var x18: u1 = undefined; + fiatSecp256k1SubborrowxU64(&x17, &x18, x16, @intCast(u64, x8), @intCast(u64, 0x0)); + var x19: u64 = undefined; + fiatSecp256k1CmovznzU64(&x19, x18, x9, x1); + var x20: u64 = undefined; + fiatSecp256k1CmovznzU64(&x20, x18, x11, x3); + var x21: u64 = undefined; + fiatSecp256k1CmovznzU64(&x21, x18, x13, x5); + var x22: u64 = undefined; + fiatSecp256k1CmovznzU64(&x22, x18, x15, x7); + out1[0] = x19; + out1[1] = x20; + out1[2] = x21; + out1[3] = x22; +} + +/// The function fiatSecp256k1Sub subtracts two field elements in the Montgomery domain. +/// Preconditions: +/// 0 ≤ eval arg1 < m +/// 0 ≤ eval arg2 < m +/// Postconditions: +/// eval (from_montgomery out1) mod m = (eval (from_montgomery arg1) - eval (from_montgomery arg2)) mod m +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +pub fn fiatSecp256k1Sub(out1: *[4]u64, arg1: [4]u64, arg2: [4]u64) void { + var x1: u64 = undefined; + var x2: u1 = undefined; + fiatSecp256k1SubborrowxU64(&x1, &x2, 0x0, (arg1[0]), (arg2[0])); + var x3: u64 = undefined; + var x4: u1 = undefined; + fiatSecp256k1SubborrowxU64(&x3, &x4, x2, (arg1[1]), (arg2[1])); + var x5: u64 = undefined; + var x6: u1 = undefined; + fiatSecp256k1SubborrowxU64(&x5, &x6, x4, (arg1[2]), (arg2[2])); + var x7: u64 = undefined; + var x8: u1 = undefined; + fiatSecp256k1SubborrowxU64(&x7, &x8, x6, (arg1[3]), (arg2[3])); + var x9: u64 = undefined; + fiatSecp256k1CmovznzU64(&x9, x8, @intCast(u64, 0x0), 0xffffffffffffffff); + var x10: u64 = undefined; + var x11: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x10, &x11, 0x0, x1, (x9 & 0xfffffffefffffc2f)); + var x12: u64 = undefined; + var x13: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x12, &x13, x11, x3, x9); + var x14: u64 = undefined; + var x15: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x14, &x15, x13, x5, x9); + var x16: u64 = undefined; + var x17: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x16, &x17, x15, x7, x9); + out1[0] = x10; + out1[1] = x12; + out1[2] = x14; + out1[3] = x16; +} + +/// The function fiatSecp256k1Opp negates a field element in the Montgomery domain. +/// Preconditions: +/// 0 ≤ eval arg1 < m +/// Postconditions: +/// eval (from_montgomery out1) mod m = -eval (from_montgomery arg1) mod m +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +pub fn fiatSecp256k1Opp(out1: *[4]u64, arg1: [4]u64) void { + var x1: u64 = undefined; + var x2: u1 = undefined; + fiatSecp256k1SubborrowxU64(&x1, &x2, 0x0, @intCast(u64, 0x0), (arg1[0])); + var x3: u64 = undefined; + var x4: u1 = undefined; + fiatSecp256k1SubborrowxU64(&x3, &x4, x2, @intCast(u64, 0x0), (arg1[1])); + var x5: u64 = undefined; + var x6: u1 = undefined; + fiatSecp256k1SubborrowxU64(&x5, &x6, x4, @intCast(u64, 0x0), (arg1[2])); + var x7: u64 = undefined; + var x8: u1 = undefined; + fiatSecp256k1SubborrowxU64(&x7, &x8, x6, @intCast(u64, 0x0), (arg1[3])); + var x9: u64 = undefined; + fiatSecp256k1CmovznzU64(&x9, x8, @intCast(u64, 0x0), 0xffffffffffffffff); + var x10: u64 = undefined; + var x11: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x10, &x11, 0x0, x1, (x9 & 0xfffffffefffffc2f)); + var x12: u64 = undefined; + var x13: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x12, &x13, x11, x3, x9); + var x14: u64 = undefined; + var x15: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x14, &x15, x13, x5, x9); + var x16: u64 = undefined; + var x17: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x16, &x17, x15, x7, x9); + out1[0] = x10; + out1[1] = x12; + out1[2] = x14; + out1[3] = x16; +} + +/// The function fiatSecp256k1FromMontgomery translates a field element out of the Montgomery domain. +/// Preconditions: +/// 0 ≤ eval arg1 < m +/// Postconditions: +/// eval out1 mod m = (eval arg1 * ((2^64)⁻¹ mod m)^4) mod m +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +pub fn fiatSecp256k1FromMontgomery(out1: *[4]u64, arg1: [4]u64) void { + const x1: u64 = (arg1[0]); + var x2: u64 = undefined; + var x3: u64 = undefined; + fiatSecp256k1MulxU64(&x2, &x3, x1, 0xd838091dd2253531); + var x4: u64 = undefined; + var x5: u64 = undefined; + fiatSecp256k1MulxU64(&x4, &x5, x2, 0xffffffffffffffff); + var x6: u64 = undefined; + var x7: u64 = undefined; + fiatSecp256k1MulxU64(&x6, &x7, x2, 0xffffffffffffffff); + var x8: u64 = undefined; + var x9: u64 = undefined; + fiatSecp256k1MulxU64(&x8, &x9, x2, 0xffffffffffffffff); + var x10: u64 = undefined; + var x11: u64 = undefined; + fiatSecp256k1MulxU64(&x10, &x11, x2, 0xfffffffefffffc2f); + var x12: u64 = undefined; + var x13: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x12, &x13, 0x0, x11, x8); + var x14: u64 = undefined; + var x15: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x14, &x15, x13, x9, x6); + var x16: u64 = undefined; + var x17: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x16, &x17, x15, x7, x4); + var x18: u64 = undefined; + var x19: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x18, &x19, 0x0, x1, x10); + var x20: u64 = undefined; + var x21: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x20, &x21, x19, @intCast(u64, 0x0), x12); + var x22: u64 = undefined; + var x23: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x22, &x23, x21, @intCast(u64, 0x0), x14); + var x24: u64 = undefined; + var x25: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x24, &x25, x23, @intCast(u64, 0x0), x16); + var x26: u64 = undefined; + var x27: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x26, &x27, x25, @intCast(u64, 0x0), (@intCast(u64, x17) + x5)); + var x28: u64 = undefined; + var x29: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x28, &x29, 0x0, x20, (arg1[1])); + var x30: u64 = undefined; + var x31: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x30, &x31, x29, x22, @intCast(u64, 0x0)); + var x32: u64 = undefined; + var x33: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x32, &x33, x31, x24, @intCast(u64, 0x0)); + var x34: u64 = undefined; + var x35: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x34, &x35, x33, x26, @intCast(u64, 0x0)); + var x36: u64 = undefined; + var x37: u64 = undefined; + fiatSecp256k1MulxU64(&x36, &x37, x28, 0xd838091dd2253531); + var x38: u64 = undefined; + var x39: u64 = undefined; + fiatSecp256k1MulxU64(&x38, &x39, x36, 0xffffffffffffffff); + var x40: u64 = undefined; + var x41: u64 = undefined; + fiatSecp256k1MulxU64(&x40, &x41, x36, 0xffffffffffffffff); + var x42: u64 = undefined; + var x43: u64 = undefined; + fiatSecp256k1MulxU64(&x42, &x43, x36, 0xffffffffffffffff); + var x44: u64 = undefined; + var x45: u64 = undefined; + fiatSecp256k1MulxU64(&x44, &x45, x36, 0xfffffffefffffc2f); + var x46: u64 = undefined; + var x47: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x46, &x47, 0x0, x45, x42); + var x48: u64 = undefined; + var x49: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x48, &x49, x47, x43, x40); + var x50: u64 = undefined; + var x51: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x50, &x51, x49, x41, x38); + var x52: u64 = undefined; + var x53: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x52, &x53, 0x0, x28, x44); + var x54: u64 = undefined; + var x55: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x54, &x55, x53, x30, x46); + var x56: u64 = undefined; + var x57: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x56, &x57, x55, x32, x48); + var x58: u64 = undefined; + var x59: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x58, &x59, x57, x34, x50); + var x60: u64 = undefined; + var x61: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x60, &x61, x59, (@intCast(u64, x35) + @intCast(u64, x27)), (@intCast(u64, x51) + x39)); + var x62: u64 = undefined; + var x63: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x62, &x63, 0x0, x54, (arg1[2])); + var x64: u64 = undefined; + var x65: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x64, &x65, x63, x56, @intCast(u64, 0x0)); + var x66: u64 = undefined; + var x67: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x66, &x67, x65, x58, @intCast(u64, 0x0)); + var x68: u64 = undefined; + var x69: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x68, &x69, x67, x60, @intCast(u64, 0x0)); + var x70: u64 = undefined; + var x71: u64 = undefined; + fiatSecp256k1MulxU64(&x70, &x71, x62, 0xd838091dd2253531); + var x72: u64 = undefined; + var x73: u64 = undefined; + fiatSecp256k1MulxU64(&x72, &x73, x70, 0xffffffffffffffff); + var x74: u64 = undefined; + var x75: u64 = undefined; + fiatSecp256k1MulxU64(&x74, &x75, x70, 0xffffffffffffffff); + var x76: u64 = undefined; + var x77: u64 = undefined; + fiatSecp256k1MulxU64(&x76, &x77, x70, 0xffffffffffffffff); + var x78: u64 = undefined; + var x79: u64 = undefined; + fiatSecp256k1MulxU64(&x78, &x79, x70, 0xfffffffefffffc2f); + var x80: u64 = undefined; + var x81: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x80, &x81, 0x0, x79, x76); + var x82: u64 = undefined; + var x83: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x82, &x83, x81, x77, x74); + var x84: u64 = undefined; + var x85: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x84, &x85, x83, x75, x72); + var x86: u64 = undefined; + var x87: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x86, &x87, 0x0, x62, x78); + var x88: u64 = undefined; + var x89: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x88, &x89, x87, x64, x80); + var x90: u64 = undefined; + var x91: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x90, &x91, x89, x66, x82); + var x92: u64 = undefined; + var x93: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x92, &x93, x91, x68, x84); + var x94: u64 = undefined; + var x95: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x94, &x95, x93, (@intCast(u64, x69) + @intCast(u64, x61)), (@intCast(u64, x85) + x73)); + var x96: u64 = undefined; + var x97: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x96, &x97, 0x0, x88, (arg1[3])); + var x98: u64 = undefined; + var x99: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x98, &x99, x97, x90, @intCast(u64, 0x0)); + var x100: u64 = undefined; + var x101: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x100, &x101, x99, x92, @intCast(u64, 0x0)); + var x102: u64 = undefined; + var x103: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x102, &x103, x101, x94, @intCast(u64, 0x0)); + var x104: u64 = undefined; + var x105: u64 = undefined; + fiatSecp256k1MulxU64(&x104, &x105, x96, 0xd838091dd2253531); + var x106: u64 = undefined; + var x107: u64 = undefined; + fiatSecp256k1MulxU64(&x106, &x107, x104, 0xffffffffffffffff); + var x108: u64 = undefined; + var x109: u64 = undefined; + fiatSecp256k1MulxU64(&x108, &x109, x104, 0xffffffffffffffff); + var x110: u64 = undefined; + var x111: u64 = undefined; + fiatSecp256k1MulxU64(&x110, &x111, x104, 0xffffffffffffffff); + var x112: u64 = undefined; + var x113: u64 = undefined; + fiatSecp256k1MulxU64(&x112, &x113, x104, 0xfffffffefffffc2f); + var x114: u64 = undefined; + var x115: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x114, &x115, 0x0, x113, x110); + var x116: u64 = undefined; + var x117: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x116, &x117, x115, x111, x108); + var x118: u64 = undefined; + var x119: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x118, &x119, x117, x109, x106); + var x120: u64 = undefined; + var x121: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x120, &x121, 0x0, x96, x112); + var x122: u64 = undefined; + var x123: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x122, &x123, x121, x98, x114); + var x124: u64 = undefined; + var x125: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x124, &x125, x123, x100, x116); + var x126: u64 = undefined; + var x127: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x126, &x127, x125, x102, x118); + var x128: u64 = undefined; + var x129: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x128, &x129, x127, (@intCast(u64, x103) + @intCast(u64, x95)), (@intCast(u64, x119) + x107)); + var x130: u64 = undefined; + var x131: u1 = undefined; + fiatSecp256k1SubborrowxU64(&x130, &x131, 0x0, x122, 0xfffffffefffffc2f); + var x132: u64 = undefined; + var x133: u1 = undefined; + fiatSecp256k1SubborrowxU64(&x132, &x133, x131, x124, 0xffffffffffffffff); + var x134: u64 = undefined; + var x135: u1 = undefined; + fiatSecp256k1SubborrowxU64(&x134, &x135, x133, x126, 0xffffffffffffffff); + var x136: u64 = undefined; + var x137: u1 = undefined; + fiatSecp256k1SubborrowxU64(&x136, &x137, x135, x128, 0xffffffffffffffff); + var x138: u64 = undefined; + var x139: u1 = undefined; + fiatSecp256k1SubborrowxU64(&x138, &x139, x137, @intCast(u64, x129), @intCast(u64, 0x0)); + var x140: u64 = undefined; + fiatSecp256k1CmovznzU64(&x140, x139, x130, x122); + var x141: u64 = undefined; + fiatSecp256k1CmovznzU64(&x141, x139, x132, x124); + var x142: u64 = undefined; + fiatSecp256k1CmovznzU64(&x142, x139, x134, x126); + var x143: u64 = undefined; + fiatSecp256k1CmovznzU64(&x143, x139, x136, x128); + out1[0] = x140; + out1[1] = x141; + out1[2] = x142; + out1[3] = x143; +} + +/// The function fiatSecp256k1ToMontgomery translates a field element into the Montgomery domain. +/// Preconditions: +/// 0 ≤ eval arg1 < m +/// Postconditions: +/// eval (from_montgomery out1) mod m = eval arg1 mod m +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +pub fn fiatSecp256k1ToMontgomery(out1: *[4]u64, arg1: [4]u64) void { + const x1: u64 = (arg1[1]); + const x2: u64 = (arg1[2]); + const x3: u64 = (arg1[3]); + const x4: u64 = (arg1[0]); + var x5: u64 = undefined; + var x6: u64 = undefined; + fiatSecp256k1MulxU64(&x5, &x6, x4, 0x7a2000e90a1); + var x7: u64 = undefined; + var x8: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x7, &x8, 0x0, x6, x4); + var x9: u64 = undefined; + var x10: u64 = undefined; + fiatSecp256k1MulxU64(&x9, &x10, x5, 0xd838091dd2253531); + var x11: u64 = undefined; + var x12: u64 = undefined; + fiatSecp256k1MulxU64(&x11, &x12, x9, 0xffffffffffffffff); + var x13: u64 = undefined; + var x14: u64 = undefined; + fiatSecp256k1MulxU64(&x13, &x14, x9, 0xffffffffffffffff); + var x15: u64 = undefined; + var x16: u64 = undefined; + fiatSecp256k1MulxU64(&x15, &x16, x9, 0xffffffffffffffff); + var x17: u64 = undefined; + var x18: u64 = undefined; + fiatSecp256k1MulxU64(&x17, &x18, x9, 0xfffffffefffffc2f); + var x19: u64 = undefined; + var x20: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x19, &x20, 0x0, x18, x15); + var x21: u64 = undefined; + var x22: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x21, &x22, x20, x16, x13); + var x23: u64 = undefined; + var x24: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x23, &x24, x22, x14, x11); + var x25: u64 = undefined; + var x26: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x25, &x26, 0x0, x5, x17); + var x27: u64 = undefined; + var x28: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x27, &x28, x26, x7, x19); + var x29: u64 = undefined; + var x30: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x29, &x30, x28, @intCast(u64, x8), x21); + var x31: u64 = undefined; + var x32: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x31, &x32, x30, @intCast(u64, 0x0), x23); + var x33: u64 = undefined; + var x34: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x33, &x34, x32, @intCast(u64, 0x0), (@intCast(u64, x24) + x12)); + var x35: u64 = undefined; + var x36: u64 = undefined; + fiatSecp256k1MulxU64(&x35, &x36, x1, 0x7a2000e90a1); + var x37: u64 = undefined; + var x38: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x37, &x38, 0x0, x36, x1); + var x39: u64 = undefined; + var x40: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x39, &x40, 0x0, x27, x35); + var x41: u64 = undefined; + var x42: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x41, &x42, x40, x29, x37); + var x43: u64 = undefined; + var x44: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x43, &x44, x42, x31, @intCast(u64, x38)); + var x45: u64 = undefined; + var x46: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x45, &x46, x44, x33, @intCast(u64, 0x0)); + var x47: u64 = undefined; + var x48: u64 = undefined; + fiatSecp256k1MulxU64(&x47, &x48, x39, 0xd838091dd2253531); + var x49: u64 = undefined; + var x50: u64 = undefined; + fiatSecp256k1MulxU64(&x49, &x50, x47, 0xffffffffffffffff); + var x51: u64 = undefined; + var x52: u64 = undefined; + fiatSecp256k1MulxU64(&x51, &x52, x47, 0xffffffffffffffff); + var x53: u64 = undefined; + var x54: u64 = undefined; + fiatSecp256k1MulxU64(&x53, &x54, x47, 0xffffffffffffffff); + var x55: u64 = undefined; + var x56: u64 = undefined; + fiatSecp256k1MulxU64(&x55, &x56, x47, 0xfffffffefffffc2f); + var x57: u64 = undefined; + var x58: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x57, &x58, 0x0, x56, x53); + var x59: u64 = undefined; + var x60: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x59, &x60, x58, x54, x51); + var x61: u64 = undefined; + var x62: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x61, &x62, x60, x52, x49); + var x63: u64 = undefined; + var x64: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x63, &x64, 0x0, x39, x55); + var x65: u64 = undefined; + var x66: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x65, &x66, x64, x41, x57); + var x67: u64 = undefined; + var x68: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x67, &x68, x66, x43, x59); + var x69: u64 = undefined; + var x70: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x69, &x70, x68, x45, x61); + var x71: u64 = undefined; + var x72: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x71, &x72, x70, (@intCast(u64, x46) + @intCast(u64, x34)), (@intCast(u64, x62) + x50)); + var x73: u64 = undefined; + var x74: u64 = undefined; + fiatSecp256k1MulxU64(&x73, &x74, x2, 0x7a2000e90a1); + var x75: u64 = undefined; + var x76: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x75, &x76, 0x0, x74, x2); + var x77: u64 = undefined; + var x78: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x77, &x78, 0x0, x65, x73); + var x79: u64 = undefined; + var x80: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x79, &x80, x78, x67, x75); + var x81: u64 = undefined; + var x82: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x81, &x82, x80, x69, @intCast(u64, x76)); + var x83: u64 = undefined; + var x84: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x83, &x84, x82, x71, @intCast(u64, 0x0)); + var x85: u64 = undefined; + var x86: u64 = undefined; + fiatSecp256k1MulxU64(&x85, &x86, x77, 0xd838091dd2253531); + var x87: u64 = undefined; + var x88: u64 = undefined; + fiatSecp256k1MulxU64(&x87, &x88, x85, 0xffffffffffffffff); + var x89: u64 = undefined; + var x90: u64 = undefined; + fiatSecp256k1MulxU64(&x89, &x90, x85, 0xffffffffffffffff); + var x91: u64 = undefined; + var x92: u64 = undefined; + fiatSecp256k1MulxU64(&x91, &x92, x85, 0xffffffffffffffff); + var x93: u64 = undefined; + var x94: u64 = undefined; + fiatSecp256k1MulxU64(&x93, &x94, x85, 0xfffffffefffffc2f); + var x95: u64 = undefined; + var x96: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x95, &x96, 0x0, x94, x91); + var x97: u64 = undefined; + var x98: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x97, &x98, x96, x92, x89); + var x99: u64 = undefined; + var x100: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x99, &x100, x98, x90, x87); + var x101: u64 = undefined; + var x102: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x101, &x102, 0x0, x77, x93); + var x103: u64 = undefined; + var x104: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x103, &x104, x102, x79, x95); + var x105: u64 = undefined; + var x106: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x105, &x106, x104, x81, x97); + var x107: u64 = undefined; + var x108: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x107, &x108, x106, x83, x99); + var x109: u64 = undefined; + var x110: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x109, &x110, x108, (@intCast(u64, x84) + @intCast(u64, x72)), (@intCast(u64, x100) + x88)); + var x111: u64 = undefined; + var x112: u64 = undefined; + fiatSecp256k1MulxU64(&x111, &x112, x3, 0x7a2000e90a1); + var x113: u64 = undefined; + var x114: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x113, &x114, 0x0, x112, x3); + var x115: u64 = undefined; + var x116: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x115, &x116, 0x0, x103, x111); + var x117: u64 = undefined; + var x118: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x117, &x118, x116, x105, x113); + var x119: u64 = undefined; + var x120: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x119, &x120, x118, x107, @intCast(u64, x114)); + var x121: u64 = undefined; + var x122: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x121, &x122, x120, x109, @intCast(u64, 0x0)); + var x123: u64 = undefined; + var x124: u64 = undefined; + fiatSecp256k1MulxU64(&x123, &x124, x115, 0xd838091dd2253531); + var x125: u64 = undefined; + var x126: u64 = undefined; + fiatSecp256k1MulxU64(&x125, &x126, x123, 0xffffffffffffffff); + var x127: u64 = undefined; + var x128: u64 = undefined; + fiatSecp256k1MulxU64(&x127, &x128, x123, 0xffffffffffffffff); + var x129: u64 = undefined; + var x130: u64 = undefined; + fiatSecp256k1MulxU64(&x129, &x130, x123, 0xffffffffffffffff); + var x131: u64 = undefined; + var x132: u64 = undefined; + fiatSecp256k1MulxU64(&x131, &x132, x123, 0xfffffffefffffc2f); + var x133: u64 = undefined; + var x134: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x133, &x134, 0x0, x132, x129); + var x135: u64 = undefined; + var x136: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x135, &x136, x134, x130, x127); + var x137: u64 = undefined; + var x138: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x137, &x138, x136, x128, x125); + var x139: u64 = undefined; + var x140: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x139, &x140, 0x0, x115, x131); + var x141: u64 = undefined; + var x142: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x141, &x142, x140, x117, x133); + var x143: u64 = undefined; + var x144: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x143, &x144, x142, x119, x135); + var x145: u64 = undefined; + var x146: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x145, &x146, x144, x121, x137); + var x147: u64 = undefined; + var x148: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x147, &x148, x146, (@intCast(u64, x122) + @intCast(u64, x110)), (@intCast(u64, x138) + x126)); + var x149: u64 = undefined; + var x150: u1 = undefined; + fiatSecp256k1SubborrowxU64(&x149, &x150, 0x0, x141, 0xfffffffefffffc2f); + var x151: u64 = undefined; + var x152: u1 = undefined; + fiatSecp256k1SubborrowxU64(&x151, &x152, x150, x143, 0xffffffffffffffff); + var x153: u64 = undefined; + var x154: u1 = undefined; + fiatSecp256k1SubborrowxU64(&x153, &x154, x152, x145, 0xffffffffffffffff); + var x155: u64 = undefined; + var x156: u1 = undefined; + fiatSecp256k1SubborrowxU64(&x155, &x156, x154, x147, 0xffffffffffffffff); + var x157: u64 = undefined; + var x158: u1 = undefined; + fiatSecp256k1SubborrowxU64(&x157, &x158, x156, @intCast(u64, x148), @intCast(u64, 0x0)); + var x159: u64 = undefined; + fiatSecp256k1CmovznzU64(&x159, x158, x149, x141); + var x160: u64 = undefined; + fiatSecp256k1CmovznzU64(&x160, x158, x151, x143); + var x161: u64 = undefined; + fiatSecp256k1CmovznzU64(&x161, x158, x153, x145); + var x162: u64 = undefined; + fiatSecp256k1CmovznzU64(&x162, x158, x155, x147); + out1[0] = x159; + out1[1] = x160; + out1[2] = x161; + out1[3] = x162; +} + +/// The function fiatSecp256k1Nonzero outputs a single non-zero word if the input is non-zero and zero otherwise. +/// Preconditions: +/// 0 ≤ eval arg1 < m +/// Postconditions: +/// out1 = 0 ↔ eval (from_montgomery arg1) mod m = 0 +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// Output Bounds: +/// out1: [0x0 ~> 0xffffffffffffffff] +pub fn fiatSecp256k1Nonzero(out1: *u64, arg1: [4]u64) void { + const x1: u64 = ((arg1[0]) | ((arg1[1]) | ((arg1[2]) | (arg1[3])))); + out1.* = x1; +} + +/// The function fiatSecp256k1Selectznz is a multi-limb conditional select. +/// Postconditions: +/// eval out1 = (if arg1 = 0 then eval arg2 else eval arg3) +/// +/// Input Bounds: +/// arg1: [0x0 ~> 0x1] +/// arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// arg3: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +pub fn fiatSecp256k1Selectznz(out1: *[4]u64, arg1: u1, arg2: [4]u64, arg3: [4]u64) void { + var x1: u64 = undefined; + fiatSecp256k1CmovznzU64(&x1, arg1, (arg2[0]), (arg3[0])); + var x2: u64 = undefined; + fiatSecp256k1CmovznzU64(&x2, arg1, (arg2[1]), (arg3[1])); + var x3: u64 = undefined; + fiatSecp256k1CmovznzU64(&x3, arg1, (arg2[2]), (arg3[2])); + var x4: u64 = undefined; + fiatSecp256k1CmovznzU64(&x4, arg1, (arg2[3]), (arg3[3])); + out1[0] = x1; + out1[1] = x2; + out1[2] = x3; + out1[3] = x4; +} + +/// The function fiatSecp256k1ToBytes serializes a field element NOT in the Montgomery domain to bytes in little-endian order. +/// Preconditions: +/// 0 ≤ eval arg1 < m +/// Postconditions: +/// out1 = map (λ x, ⌊((eval arg1 mod m) mod 2^(8 * (x + 1))) / 2^(8 * x)⌋) [0..31] +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff]] +pub fn fiatSecp256k1ToBytes(out1: *[32]u8, arg1: [4]u64) void { + const x1: u64 = (arg1[3]); + const x2: u64 = (arg1[2]); + const x3: u64 = (arg1[1]); + const x4: u64 = (arg1[0]); + const x5: u8 = @intCast(u8, (x4 & @intCast(u64, 0xff))); + const x6: u64 = (x4 >> 8); + const x7: u8 = @intCast(u8, (x6 & @intCast(u64, 0xff))); + const x8: u64 = (x6 >> 8); + const x9: u8 = @intCast(u8, (x8 & @intCast(u64, 0xff))); + const x10: u64 = (x8 >> 8); + const x11: u8 = @intCast(u8, (x10 & @intCast(u64, 0xff))); + const x12: u64 = (x10 >> 8); + const x13: u8 = @intCast(u8, (x12 & @intCast(u64, 0xff))); + const x14: u64 = (x12 >> 8); + const x15: u8 = @intCast(u8, (x14 & @intCast(u64, 0xff))); + const x16: u64 = (x14 >> 8); + const x17: u8 = @intCast(u8, (x16 & @intCast(u64, 0xff))); + const x18: u8 = @intCast(u8, (x16 >> 8)); + const x19: u8 = @intCast(u8, (x3 & @intCast(u64, 0xff))); + const x20: u64 = (x3 >> 8); + const x21: u8 = @intCast(u8, (x20 & @intCast(u64, 0xff))); + const x22: u64 = (x20 >> 8); + const x23: u8 = @intCast(u8, (x22 & @intCast(u64, 0xff))); + const x24: u64 = (x22 >> 8); + const x25: u8 = @intCast(u8, (x24 & @intCast(u64, 0xff))); + const x26: u64 = (x24 >> 8); + const x27: u8 = @intCast(u8, (x26 & @intCast(u64, 0xff))); + const x28: u64 = (x26 >> 8); + const x29: u8 = @intCast(u8, (x28 & @intCast(u64, 0xff))); + const x30: u64 = (x28 >> 8); + const x31: u8 = @intCast(u8, (x30 & @intCast(u64, 0xff))); + const x32: u8 = @intCast(u8, (x30 >> 8)); + const x33: u8 = @intCast(u8, (x2 & @intCast(u64, 0xff))); + const x34: u64 = (x2 >> 8); + const x35: u8 = @intCast(u8, (x34 & @intCast(u64, 0xff))); + const x36: u64 = (x34 >> 8); + const x37: u8 = @intCast(u8, (x36 & @intCast(u64, 0xff))); + const x38: u64 = (x36 >> 8); + const x39: u8 = @intCast(u8, (x38 & @intCast(u64, 0xff))); + const x40: u64 = (x38 >> 8); + const x41: u8 = @intCast(u8, (x40 & @intCast(u64, 0xff))); + const x42: u64 = (x40 >> 8); + const x43: u8 = @intCast(u8, (x42 & @intCast(u64, 0xff))); + const x44: u64 = (x42 >> 8); + const x45: u8 = @intCast(u8, (x44 & @intCast(u64, 0xff))); + const x46: u8 = @intCast(u8, (x44 >> 8)); + const x47: u8 = @intCast(u8, (x1 & @intCast(u64, 0xff))); + const x48: u64 = (x1 >> 8); + const x49: u8 = @intCast(u8, (x48 & @intCast(u64, 0xff))); + const x50: u64 = (x48 >> 8); + const x51: u8 = @intCast(u8, (x50 & @intCast(u64, 0xff))); + const x52: u64 = (x50 >> 8); + const x53: u8 = @intCast(u8, (x52 & @intCast(u64, 0xff))); + const x54: u64 = (x52 >> 8); + const x55: u8 = @intCast(u8, (x54 & @intCast(u64, 0xff))); + const x56: u64 = (x54 >> 8); + const x57: u8 = @intCast(u8, (x56 & @intCast(u64, 0xff))); + const x58: u64 = (x56 >> 8); + const x59: u8 = @intCast(u8, (x58 & @intCast(u64, 0xff))); + const x60: u8 = @intCast(u8, (x58 >> 8)); + out1[0] = x5; + out1[1] = x7; + out1[2] = x9; + out1[3] = x11; + out1[4] = x13; + out1[5] = x15; + out1[6] = x17; + out1[7] = x18; + out1[8] = x19; + out1[9] = x21; + out1[10] = x23; + out1[11] = x25; + out1[12] = x27; + out1[13] = x29; + out1[14] = x31; + out1[15] = x32; + out1[16] = x33; + out1[17] = x35; + out1[18] = x37; + out1[19] = x39; + out1[20] = x41; + out1[21] = x43; + out1[22] = x45; + out1[23] = x46; + out1[24] = x47; + out1[25] = x49; + out1[26] = x51; + out1[27] = x53; + out1[28] = x55; + out1[29] = x57; + out1[30] = x59; + out1[31] = x60; +} + +/// The function fiatSecp256k1FromBytes deserializes a field element NOT in the Montgomery domain from bytes in little-endian order. +/// Preconditions: +/// 0 ≤ bytes_eval arg1 < m +/// Postconditions: +/// eval out1 mod m = bytes_eval arg1 mod m +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// arg1: [[0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff], [0x0 ~> 0xff]] +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +pub fn fiatSecp256k1FromBytes(out1: *[4]u64, arg1: [32]u8) void { + const x1: u64 = (@intCast(u64, (arg1[31])) << 56); + const x2: u64 = (@intCast(u64, (arg1[30])) << 48); + const x3: u64 = (@intCast(u64, (arg1[29])) << 40); + const x4: u64 = (@intCast(u64, (arg1[28])) << 32); + const x5: u64 = (@intCast(u64, (arg1[27])) << 24); + const x6: u64 = (@intCast(u64, (arg1[26])) << 16); + const x7: u64 = (@intCast(u64, (arg1[25])) << 8); + const x8: u8 = (arg1[24]); + const x9: u64 = (@intCast(u64, (arg1[23])) << 56); + const x10: u64 = (@intCast(u64, (arg1[22])) << 48); + const x11: u64 = (@intCast(u64, (arg1[21])) << 40); + const x12: u64 = (@intCast(u64, (arg1[20])) << 32); + const x13: u64 = (@intCast(u64, (arg1[19])) << 24); + const x14: u64 = (@intCast(u64, (arg1[18])) << 16); + const x15: u64 = (@intCast(u64, (arg1[17])) << 8); + const x16: u8 = (arg1[16]); + const x17: u64 = (@intCast(u64, (arg1[15])) << 56); + const x18: u64 = (@intCast(u64, (arg1[14])) << 48); + const x19: u64 = (@intCast(u64, (arg1[13])) << 40); + const x20: u64 = (@intCast(u64, (arg1[12])) << 32); + const x21: u64 = (@intCast(u64, (arg1[11])) << 24); + const x22: u64 = (@intCast(u64, (arg1[10])) << 16); + const x23: u64 = (@intCast(u64, (arg1[9])) << 8); + const x24: u8 = (arg1[8]); + const x25: u64 = (@intCast(u64, (arg1[7])) << 56); + const x26: u64 = (@intCast(u64, (arg1[6])) << 48); + const x27: u64 = (@intCast(u64, (arg1[5])) << 40); + const x28: u64 = (@intCast(u64, (arg1[4])) << 32); + const x29: u64 = (@intCast(u64, (arg1[3])) << 24); + const x30: u64 = (@intCast(u64, (arg1[2])) << 16); + const x31: u64 = (@intCast(u64, (arg1[1])) << 8); + const x32: u8 = (arg1[0]); + const x33: u64 = (x31 + @intCast(u64, x32)); + const x34: u64 = (x30 + x33); + const x35: u64 = (x29 + x34); + const x36: u64 = (x28 + x35); + const x37: u64 = (x27 + x36); + const x38: u64 = (x26 + x37); + const x39: u64 = (x25 + x38); + const x40: u64 = (x23 + @intCast(u64, x24)); + const x41: u64 = (x22 + x40); + const x42: u64 = (x21 + x41); + const x43: u64 = (x20 + x42); + const x44: u64 = (x19 + x43); + const x45: u64 = (x18 + x44); + const x46: u64 = (x17 + x45); + const x47: u64 = (x15 + @intCast(u64, x16)); + const x48: u64 = (x14 + x47); + const x49: u64 = (x13 + x48); + const x50: u64 = (x12 + x49); + const x51: u64 = (x11 + x50); + const x52: u64 = (x10 + x51); + const x53: u64 = (x9 + x52); + const x54: u64 = (x7 + @intCast(u64, x8)); + const x55: u64 = (x6 + x54); + const x56: u64 = (x5 + x55); + const x57: u64 = (x4 + x56); + const x58: u64 = (x3 + x57); + const x59: u64 = (x2 + x58); + const x60: u64 = (x1 + x59); + out1[0] = x39; + out1[1] = x46; + out1[2] = x53; + out1[3] = x60; +} + +/// The function fiatSecp256k1SetOne returns the field element one in the Montgomery domain. +/// Postconditions: +/// eval (from_montgomery out1) mod m = 1 mod m +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +pub fn fiatSecp256k1SetOne(out1: *[4]u64) void { + out1[0] = 0x1000003d1; + out1[1] = @intCast(u64, 0x0); + out1[2] = @intCast(u64, 0x0); + out1[3] = @intCast(u64, 0x0); +} + +/// The function fiatSecp256k1Msat returns the saturated representation of the prime modulus. +/// Postconditions: +/// twos_complement_eval out1 = m +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +pub fn fiatSecp256k1Msat(out1: *[5]u64) void { + out1[0] = 0xfffffffefffffc2f; + out1[1] = 0xffffffffffffffff; + out1[2] = 0xffffffffffffffff; + out1[3] = 0xffffffffffffffff; + out1[4] = @intCast(u64, 0x0); +} + +/// The function fiatSecp256k1Divstep computes a divstep. +/// Preconditions: +/// 0 ≤ eval arg4 < m +/// 0 ≤ eval arg5 < m +/// Postconditions: +/// out1 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then 1 - arg1 else 1 + arg1) +/// twos_complement_eval out2 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then twos_complement_eval arg3 else twos_complement_eval arg2) +/// twos_complement_eval out3 = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then ⌊(twos_complement_eval arg3 - twos_complement_eval arg2) / 2⌋ else ⌊(twos_complement_eval arg3 + (twos_complement_eval arg3 mod 2) * twos_complement_eval arg2) / 2⌋) +/// eval (from_montgomery out4) mod m = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then (2 * eval (from_montgomery arg5)) mod m else (2 * eval (from_montgomery arg4)) mod m) +/// eval (from_montgomery out5) mod m = (if 0 < arg1 ∧ (twos_complement_eval arg3) is odd then (eval (from_montgomery arg4) - eval (from_montgomery arg4)) mod m else (eval (from_montgomery arg5) + (twos_complement_eval arg3 mod 2) * eval (from_montgomery arg4)) mod m) +/// 0 ≤ eval out5 < m +/// 0 ≤ eval out5 < m +/// 0 ≤ eval out2 < m +/// 0 ≤ eval out3 < m +/// +/// Input Bounds: +/// arg1: [0x0 ~> 0xffffffffffffffff] +/// arg2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// arg3: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// arg4: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// arg5: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// Output Bounds: +/// out1: [0x0 ~> 0xffffffffffffffff] +/// out2: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// out3: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// out4: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +/// out5: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +pub fn fiatSecp256k1Divstep(out1: *u64, out2: *[5]u64, out3: *[5]u64, out4: *[4]u64, out5: *[4]u64, arg1: u64, arg2: [5]u64, arg3: [5]u64, arg4: [4]u64, arg5: [4]u64) void { + var x1: u64 = undefined; + var x2: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x1, &x2, 0x0, (~arg1), @intCast(u64, 0x1)); + const x3: u1 = (@intCast(u1, (x1 >> 63)) & @intCast(u1, ((arg3[0]) & @intCast(u64, 0x1)))); + var x4: u64 = undefined; + var x5: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x4, &x5, 0x0, (~arg1), @intCast(u64, 0x1)); + var x6: u64 = undefined; + fiatSecp256k1CmovznzU64(&x6, x3, arg1, x4); + var x7: u64 = undefined; + fiatSecp256k1CmovznzU64(&x7, x3, (arg2[0]), (arg3[0])); + var x8: u64 = undefined; + fiatSecp256k1CmovznzU64(&x8, x3, (arg2[1]), (arg3[1])); + var x9: u64 = undefined; + fiatSecp256k1CmovznzU64(&x9, x3, (arg2[2]), (arg3[2])); + var x10: u64 = undefined; + fiatSecp256k1CmovznzU64(&x10, x3, (arg2[3]), (arg3[3])); + var x11: u64 = undefined; + fiatSecp256k1CmovznzU64(&x11, x3, (arg2[4]), (arg3[4])); + var x12: u64 = undefined; + var x13: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x12, &x13, 0x0, @intCast(u64, 0x1), (~(arg2[0]))); + var x14: u64 = undefined; + var x15: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x14, &x15, x13, @intCast(u64, 0x0), (~(arg2[1]))); + var x16: u64 = undefined; + var x17: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x16, &x17, x15, @intCast(u64, 0x0), (~(arg2[2]))); + var x18: u64 = undefined; + var x19: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x18, &x19, x17, @intCast(u64, 0x0), (~(arg2[3]))); + var x20: u64 = undefined; + var x21: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x20, &x21, x19, @intCast(u64, 0x0), (~(arg2[4]))); + var x22: u64 = undefined; + fiatSecp256k1CmovznzU64(&x22, x3, (arg3[0]), x12); + var x23: u64 = undefined; + fiatSecp256k1CmovznzU64(&x23, x3, (arg3[1]), x14); + var x24: u64 = undefined; + fiatSecp256k1CmovznzU64(&x24, x3, (arg3[2]), x16); + var x25: u64 = undefined; + fiatSecp256k1CmovznzU64(&x25, x3, (arg3[3]), x18); + var x26: u64 = undefined; + fiatSecp256k1CmovznzU64(&x26, x3, (arg3[4]), x20); + var x27: u64 = undefined; + fiatSecp256k1CmovznzU64(&x27, x3, (arg4[0]), (arg5[0])); + var x28: u64 = undefined; + fiatSecp256k1CmovznzU64(&x28, x3, (arg4[1]), (arg5[1])); + var x29: u64 = undefined; + fiatSecp256k1CmovznzU64(&x29, x3, (arg4[2]), (arg5[2])); + var x30: u64 = undefined; + fiatSecp256k1CmovznzU64(&x30, x3, (arg4[3]), (arg5[3])); + var x31: u64 = undefined; + var x32: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x31, &x32, 0x0, x27, x27); + var x33: u64 = undefined; + var x34: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x33, &x34, x32, x28, x28); + var x35: u64 = undefined; + var x36: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x35, &x36, x34, x29, x29); + var x37: u64 = undefined; + var x38: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x37, &x38, x36, x30, x30); + var x39: u64 = undefined; + var x40: u1 = undefined; + fiatSecp256k1SubborrowxU64(&x39, &x40, 0x0, x31, 0xfffffffefffffc2f); + var x41: u64 = undefined; + var x42: u1 = undefined; + fiatSecp256k1SubborrowxU64(&x41, &x42, x40, x33, 0xffffffffffffffff); + var x43: u64 = undefined; + var x44: u1 = undefined; + fiatSecp256k1SubborrowxU64(&x43, &x44, x42, x35, 0xffffffffffffffff); + var x45: u64 = undefined; + var x46: u1 = undefined; + fiatSecp256k1SubborrowxU64(&x45, &x46, x44, x37, 0xffffffffffffffff); + var x47: u64 = undefined; + var x48: u1 = undefined; + fiatSecp256k1SubborrowxU64(&x47, &x48, x46, @intCast(u64, x38), @intCast(u64, 0x0)); + const x49: u64 = (arg4[3]); + const x50: u64 = (arg4[2]); + const x51: u64 = (arg4[1]); + const x52: u64 = (arg4[0]); + var x53: u64 = undefined; + var x54: u1 = undefined; + fiatSecp256k1SubborrowxU64(&x53, &x54, 0x0, @intCast(u64, 0x0), x52); + var x55: u64 = undefined; + var x56: u1 = undefined; + fiatSecp256k1SubborrowxU64(&x55, &x56, x54, @intCast(u64, 0x0), x51); + var x57: u64 = undefined; + var x58: u1 = undefined; + fiatSecp256k1SubborrowxU64(&x57, &x58, x56, @intCast(u64, 0x0), x50); + var x59: u64 = undefined; + var x60: u1 = undefined; + fiatSecp256k1SubborrowxU64(&x59, &x60, x58, @intCast(u64, 0x0), x49); + var x61: u64 = undefined; + fiatSecp256k1CmovznzU64(&x61, x60, @intCast(u64, 0x0), 0xffffffffffffffff); + var x62: u64 = undefined; + var x63: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x62, &x63, 0x0, x53, (x61 & 0xfffffffefffffc2f)); + var x64: u64 = undefined; + var x65: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x64, &x65, x63, x55, x61); + var x66: u64 = undefined; + var x67: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x66, &x67, x65, x57, x61); + var x68: u64 = undefined; + var x69: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x68, &x69, x67, x59, x61); + var x70: u64 = undefined; + fiatSecp256k1CmovznzU64(&x70, x3, (arg5[0]), x62); + var x71: u64 = undefined; + fiatSecp256k1CmovznzU64(&x71, x3, (arg5[1]), x64); + var x72: u64 = undefined; + fiatSecp256k1CmovznzU64(&x72, x3, (arg5[2]), x66); + var x73: u64 = undefined; + fiatSecp256k1CmovznzU64(&x73, x3, (arg5[3]), x68); + const x74: u1 = @intCast(u1, (x22 & @intCast(u64, 0x1))); + var x75: u64 = undefined; + fiatSecp256k1CmovznzU64(&x75, x74, @intCast(u64, 0x0), x7); + var x76: u64 = undefined; + fiatSecp256k1CmovznzU64(&x76, x74, @intCast(u64, 0x0), x8); + var x77: u64 = undefined; + fiatSecp256k1CmovznzU64(&x77, x74, @intCast(u64, 0x0), x9); + var x78: u64 = undefined; + fiatSecp256k1CmovznzU64(&x78, x74, @intCast(u64, 0x0), x10); + var x79: u64 = undefined; + fiatSecp256k1CmovznzU64(&x79, x74, @intCast(u64, 0x0), x11); + var x80: u64 = undefined; + var x81: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x80, &x81, 0x0, x22, x75); + var x82: u64 = undefined; + var x83: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x82, &x83, x81, x23, x76); + var x84: u64 = undefined; + var x85: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x84, &x85, x83, x24, x77); + var x86: u64 = undefined; + var x87: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x86, &x87, x85, x25, x78); + var x88: u64 = undefined; + var x89: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x88, &x89, x87, x26, x79); + var x90: u64 = undefined; + fiatSecp256k1CmovznzU64(&x90, x74, @intCast(u64, 0x0), x27); + var x91: u64 = undefined; + fiatSecp256k1CmovznzU64(&x91, x74, @intCast(u64, 0x0), x28); + var x92: u64 = undefined; + fiatSecp256k1CmovznzU64(&x92, x74, @intCast(u64, 0x0), x29); + var x93: u64 = undefined; + fiatSecp256k1CmovznzU64(&x93, x74, @intCast(u64, 0x0), x30); + var x94: u64 = undefined; + var x95: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x94, &x95, 0x0, x70, x90); + var x96: u64 = undefined; + var x97: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x96, &x97, x95, x71, x91); + var x98: u64 = undefined; + var x99: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x98, &x99, x97, x72, x92); + var x100: u64 = undefined; + var x101: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x100, &x101, x99, x73, x93); + var x102: u64 = undefined; + var x103: u1 = undefined; + fiatSecp256k1SubborrowxU64(&x102, &x103, 0x0, x94, 0xfffffffefffffc2f); + var x104: u64 = undefined; + var x105: u1 = undefined; + fiatSecp256k1SubborrowxU64(&x104, &x105, x103, x96, 0xffffffffffffffff); + var x106: u64 = undefined; + var x107: u1 = undefined; + fiatSecp256k1SubborrowxU64(&x106, &x107, x105, x98, 0xffffffffffffffff); + var x108: u64 = undefined; + var x109: u1 = undefined; + fiatSecp256k1SubborrowxU64(&x108, &x109, x107, x100, 0xffffffffffffffff); + var x110: u64 = undefined; + var x111: u1 = undefined; + fiatSecp256k1SubborrowxU64(&x110, &x111, x109, @intCast(u64, x101), @intCast(u64, 0x0)); + var x112: u64 = undefined; + var x113: u1 = undefined; + fiatSecp256k1AddcarryxU64(&x112, &x113, 0x0, x6, @intCast(u64, 0x1)); + const x114: u64 = ((x80 >> 1) | ((x82 << 63) & 0xffffffffffffffff)); + const x115: u64 = ((x82 >> 1) | ((x84 << 63) & 0xffffffffffffffff)); + const x116: u64 = ((x84 >> 1) | ((x86 << 63) & 0xffffffffffffffff)); + const x117: u64 = ((x86 >> 1) | ((x88 << 63) & 0xffffffffffffffff)); + const x118: u64 = ((x88 & 0x8000000000000000) | (x88 >> 1)); + var x119: u64 = undefined; + fiatSecp256k1CmovznzU64(&x119, x48, x39, x31); + var x120: u64 = undefined; + fiatSecp256k1CmovznzU64(&x120, x48, x41, x33); + var x121: u64 = undefined; + fiatSecp256k1CmovznzU64(&x121, x48, x43, x35); + var x122: u64 = undefined; + fiatSecp256k1CmovznzU64(&x122, x48, x45, x37); + var x123: u64 = undefined; + fiatSecp256k1CmovznzU64(&x123, x111, x102, x94); + var x124: u64 = undefined; + fiatSecp256k1CmovznzU64(&x124, x111, x104, x96); + var x125: u64 = undefined; + fiatSecp256k1CmovznzU64(&x125, x111, x106, x98); + var x126: u64 = undefined; + fiatSecp256k1CmovznzU64(&x126, x111, x108, x100); + out1.* = x112; + out2[0] = x7; + out2[1] = x8; + out2[2] = x9; + out2[3] = x10; + out2[4] = x11; + out3[0] = x114; + out3[1] = x115; + out3[2] = x116; + out3[3] = x117; + out3[4] = x118; + out4[0] = x119; + out4[1] = x120; + out4[2] = x121; + out4[3] = x122; + out5[0] = x123; + out5[1] = x124; + out5[2] = x125; + out5[3] = x126; +} + +/// The function fiatSecp256k1DivstepPrecomp returns the precomputed value for Bernstein-Yang-inversion (in montgomery form). +/// Postconditions: +/// eval (from_montgomery out1) = ⌊(m - 1) / 2⌋^(if (log2 m) + 1 < 46 then ⌊(49 * ((log2 m) + 1) + 80) / 17⌋ else ⌊(49 * ((log2 m) + 1) + 57) / 17⌋) +/// 0 ≤ eval out1 < m +/// +/// Input Bounds: +/// Output Bounds: +/// out1: [[0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff], [0x0 ~> 0xffffffffffffffff]] +pub fn fiatSecp256k1DivstepPrecomp(out1: *[4]u64) void { + out1[0] = 0xf201a41831525e0a; + out1[1] = 0x9953f9ddcd648d85; + out1[2] = 0xe86029463db210a9; + out1[3] = 0x24fb8a3104b03709; +} + diff --git a/src/CLI.v b/src/CLI.v index aae24b6c82..d685413070 100644 --- a/src/CLI.v +++ b/src/CLI.v @@ -25,6 +25,7 @@ Require Import Crypto.Stringification.Rust. Require Import Crypto.Stringification.Go. Require Import Crypto.Stringification.Java. Require Import Crypto.Stringification.JSON. +Require Import Crypto.Stringification.Zig. Require Crypto.Util.Arg. Import ListNotations. Local Open Scope Z_scope. Local Open Scope string_scope. @@ -216,7 +217,8 @@ Module ForExtraction. ; ("Rust", Rust.OutputRustAPI) ; ("Go", Go.OutputGoAPI) ; ("Java", Java.OutputJavaAPI) - ; ("JSON", JSON.OutputJSONAPI)]. + ; ("JSON", JSON.OutputJSONAPI) + ; ("Zig", Zig.OutputZigAPI)]. Local Notation anon_argT := (string * Arg.spec * Arg.doc)%type (only parsing). Local Notation named_argT := (list Arg.key * Arg.spec * Arg.doc)%type (only parsing). diff --git a/src/Stringification/Zig.v b/src/Stringification/Zig.v new file mode 100644 index 0000000000..c27cfdc8a6 --- /dev/null +++ b/src/Stringification/Zig.v @@ -0,0 +1,291 @@ +From Coq Require Import ZArith.ZArith MSets.MSetPositive FSets.FMapPositive + Strings.String Strings.Ascii Bool.Bool Lists.List Strings.HexString. +From Crypto.Util Require Import + ListUtil + Strings.String Strings.Decimal Strings.Show + ZRange.Operations ZRange.Show + Option OptionList Bool.Equality. + +Require Import Crypto.Util.ZRange. + +From Crypto Require Import IR Stringification.Language AbstractInterpretation.ZRange. + +Import ListNotations. + +Local Open Scope zrange_scope. +Local Open Scope Z_scope. + +Import IR.Compilers.ToString. +Import Stringification.Language.Compilers. +Import Stringification.Language.Compilers.Options. +Import Stringification.Language.Compilers.ToString. +Import Stringification.Language.Compilers.ToString.int.Notations. + +Module Zig. + Definition comment_module_header_block := List.map (fun line => "/// " ++ line)%string. + Definition comment_block := List.map (fun line => "// " ++ line)%string. + + (* Zig natively supports any integer size between 0 and 4096 bits. + So, we never need to define our own types. *) + Definition int_type_to_string {language_naming_conventions : language_naming_conventions_opt} (t : ToString.int.type) : string := + (if int.is_unsigned t then "u" else "i") ++ Decimal.Z.to_string(ToString.int.bitwidth_of t). + + Definition primitive_type_to_string {language_naming_conventions : language_naming_conventions_opt} (private : bool) (prefix : string) (t : IR.type.primitive) + (r : option ToString.int.type) : string := + match t with + | IR.type.Zptr => "*" + | IR.type.Z => "" + end ++ match r with + | Some int_t => int_type_to_string int_t + | None => "ℤ" + end. + + (* Integer literal to string *) + Definition int_literal_to_string (prefix : string) (t : IR.type.primitive) (v : BinInt.Z) : string := + match t with + | IR.type.Z => HexString.of_Z v (* Zig can automatically figure out the size of integer literals *) + | IR.type.Zptr => "@compilerError(""literal address " ++ HexString.of_Z v ++ """);" + end. + + Import IR.Notations. + + Fixpoint arith_to_string + {language_naming_conventions : language_naming_conventions_opt} (internal_private : bool) + (prefix : string) {t} (e : IR.arith_expr t) : string + := let special_name_ty name ty := ToString.format_special_function_name_ty internal_private prefix name ty in + let special_name name bw := ToString.format_special_function_name internal_private prefix name false(*unsigned*) bw in + match e with + (* integer literals *) + | (IR.literal v @@@ _) => int_literal_to_string prefix IR.type.Z v + (* array dereference *) + | (IR.List_nth n @@@ IR.Var _ v) => "(" ++ v ++ "[" ++ Decimal.Z.to_string (Z.of_nat n) ++ "])" + (* (de)referencing *) + | (IR.Addr @@@ IR.Var _ v) => "&" ++ v + | (IR.Dereference @@@ e) => "( " ++ arith_to_string internal_private prefix e ++ ".* )" + (* bitwise operations *) + | (IR.Z_shiftr offset @@@ e) => + "(" ++ arith_to_string internal_private prefix e ++ " >> " ++ Decimal.Z.to_string offset ++ ")" + | (IR.Z_shiftl offset @@@ e) => + "(" ++ arith_to_string internal_private prefix e ++ " << " ++ Decimal.Z.to_string offset ++ ")" + | (IR.Z_land @@@ (e1, e2)) => + "(" ++ arith_to_string internal_private prefix e1 ++ " & " ++ arith_to_string internal_private prefix e2 ++ ")" + | (IR.Z_lor @@@ (e1, e2)) => + "(" ++ arith_to_string internal_private prefix e1 ++ " | " ++ arith_to_string internal_private prefix e2 ++ ")" + | (IR.Z_lxor @@@ (e1, e2)) => + "(" ++ arith_to_string internal_private prefix e1 ++ " ^ " ++ arith_to_string internal_private prefix e2 ++ ")" + | (IR.Z_lnot _ @@@ e) => "(~" ++ arith_to_string internal_private prefix e ++ ")" + (* arithmetic operations *) + | (IR.Z_add @@@ (x1, x2)) => + "(" ++ arith_to_string internal_private prefix x1 ++ " + " ++ arith_to_string internal_private prefix x2 ++ ")" + | (IR.Z_mul @@@ (x1, x2)) => + "(" ++ arith_to_string internal_private prefix x1 ++ " * " ++ arith_to_string internal_private prefix x2 ++ ")" + | (IR.Z_sub @@@ (x1, x2)) => + "(" ++ arith_to_string internal_private prefix x1 ++ " - " ++ arith_to_string internal_private prefix x2 ++ ")" + | (IR.Z_bneg @@@ e) => "(~" ++ arith_to_string internal_private prefix e ++ ")" + | (IR.Z_mul_split lg2s @@@ args) => + special_name "mulx" lg2s ++ "(" ++ arith_to_string internal_private prefix args ++ ")" + | (IR.Z_add_with_get_carry lg2s @@@ args) => + special_name "addcarryx" lg2s ++ "(" ++ arith_to_string internal_private prefix args ++ ")" + | (IR.Z_sub_with_get_borrow lg2s @@@ args) => + special_name "subborrowx" lg2s ++ "(" ++ arith_to_string internal_private prefix args ++ ")" + | (IR.Z_zselect ty @@@ args) => + special_name_ty "cmovznz" ty ++ "(" ++ arith_to_string internal_private prefix args ++ ")" + | (IR.Z_value_barrier ty @@@ args) => + special_name_ty "value_barrier" ty ++ "(" ++ arith_to_string internal_private prefix args ++ ")" + | (IR.Z_static_cast int_t @@@ e) => + "@intCast(" ++ primitive_type_to_string internal_private prefix IR.type.Z (Some int_t) ++ ", " ++ arith_to_string internal_private prefix e ++ ")" + | IR.Var _ v => v + | IR.Pair A B a b => arith_to_string internal_private prefix a ++ ", " ++ arith_to_string internal_private prefix b + | (IR.Z_add_modulo @@@ (x1, x2, x3)) => "@compilerError(""addmodulo"");" + | (IR.List_nth _ @@@ _) + | (IR.Addr @@@ _) + | (IR.Z_add @@@ _) + | (IR.Z_mul @@@ _) + | (IR.Z_sub @@@ _) + | (IR.Z_land @@@ _) + | (IR.Z_lor @@@ _) + | (IR.Z_lxor @@@ _) + | (IR.Z_add_modulo @@@ _) => "@compilerError(""bad_arg"");" + | IR.TT => "@compilerError(""tt"");" + end%string%Cexpr. + + Definition stmt_to_string + {language_naming_conventions : language_naming_conventions_opt} (internal_private : bool) + (prefix : string) (e : IR.stmt) : string := + match e with + | IR.Call val => arith_to_string internal_private prefix val ++ ";" + | IR.Assign true t sz name val => + (* local non-mutable declaration with initialization *) + "const " ++ name ++ ": " ++ primitive_type_to_string internal_private prefix t sz ++ " = " ++ arith_to_string internal_private prefix val ++ ";" + | IR.Assign false _ sz name val => + (* code : name ++ " = " ++ arith_to_string internal_private prefix val ++ ";" *) + "@compilerError(""trying to assign value to non-mutable variable"");" + | IR.AssignZPtr name sz val => + name ++ ".* = " ++ arith_to_string internal_private prefix val ++ ";" + | IR.DeclareVar t sz name => + "var " ++ name ++ ": " ++ primitive_type_to_string internal_private prefix t sz ++ " = undefined;" + | IR.Comment lines _ => + String.concat String.NewLine (comment_block (ToString.preprocess_comment_block lines)) + | IR.AssignNth name n val => + name ++ "[" ++ Decimal.Z.to_string (Z.of_nat n) ++ "] = " ++ arith_to_string internal_private prefix val ++ ";" + end. + + Definition to_strings {language_naming_conventions : language_naming_conventions_opt} (internal_private : bool) (prefix : string) (e : IR.expr) : list string := + List.map (stmt_to_string internal_private prefix) e. + + Import Rewriter.Language.Language.Compilers Crypto.Language.API.Compilers IR.OfPHOAS. + Local Notation tZ := (base.type.type_base base.type.Z). + + Inductive Mode := In | Out. + + Fixpoint to_base_arg_list {language_naming_conventions : language_naming_conventions_opt} (internal_private : bool) (prefix : string) (mode : Mode) {t} : ToString.OfPHOAS.base_var_data t -> list string := + match t return base_var_data t -> _ with + | tZ => + let typ := match mode with In => IR.type.Z | Out => IR.type.Zptr end in + fun '(n, is_ptr, r) => [n ++ ": " ++ primitive_type_to_string internal_private prefix typ r] + | base.type.prod A B => + fun '(va, vb) => (to_base_arg_list internal_private prefix mode va ++ to_base_arg_list internal_private prefix mode vb)%list + | base.type.list tZ => + fun '(n, r, len) => + match mode with + | In => (* arrays for inputs are immutable *) + [ n ++ ": " ++ + "[" ++ Decimal.Z.to_string (Z.of_nat len) ++ "]" ++ primitive_type_to_string internal_private prefix IR.type.Z r ] + | Out => (* arrays for outputs are mutable *) + [ n ++ ": " ++ + "*[" ++ Decimal.Z.to_string (Z.of_nat len) ++ "]" ++ primitive_type_to_string internal_private prefix IR.type.Z r ] + end + | base.type.list _ => fun _ => ["@compilerError(""complex list"");"] + | base.type.option _ => fun _ => ["@compilerError(""option"");"] + | base.type.unit => fun _ => ["@compilerError(""unit"");"] + | base.type.type_base t => fun _ => ["@compilerError(""" ++ show false t ++ """);"]%string + end%string. + + Definition to_arg_list {language_naming_conventions : language_naming_conventions_opt} (internal_private : bool) (prefix : string) (mode : Mode) {t} : var_data t -> list string := + match t return var_data t -> _ with + | type.base t => to_base_arg_list internal_private prefix mode + | type.arrow _ _ => fun _ => ["@compilerError(""arrow"");"] + end%string. + + Fixpoint to_arg_list_for_each_lhs_of_arrow {language_naming_conventions : language_naming_conventions_opt} (internal_private : bool) (prefix : string) {t} : type.for_each_lhs_of_arrow var_data t -> list string + := match t return type.for_each_lhs_of_arrow var_data t -> _ with + | type.base t => fun _ => nil + | type.arrow s d + => fun '(x, xs) + => to_arg_list internal_private prefix In x ++ to_arg_list_for_each_lhs_of_arrow internal_private prefix xs + end%list. + + (** * Language-specific numeric conversions to be passed to the PHOAS -> IR translation *) + + Definition Zig_bin_op_natural_output + : IR.Z_binop -> ToString.int.type * ToString.int.type -> ToString.int.type + := fun idc '(t1, t2) + => ToString.int.union t1 t2. + + Definition Zig_bin_op_casts + : IR.Z_binop -> option ToString.int.type -> ToString.int.type * ToString.int.type -> option ToString.int.type * (option ToString.int.type * option ToString.int.type) + := fun idc desired_type '(t1, t2) + => match desired_type with + | Some desired_type + => let ct := ToString.int.union t1 t2 in + let desired_type' := Some (ToString.int.union ct desired_type) in + (Some desired_type, + (get_Zcast_up_if_needed desired_type' (Some t1), + get_Zcast_up_if_needed desired_type' (Some t2))) + | None => (None, (None, None)) + end. + + Definition Zig_un_op_casts + : IR.Z_unop -> option ToString.int.type -> ToString.int.type -> option ToString.int.type * option ToString.int.type + := fun idc desired_type t + => match idc with + | IR.Z_shiftr offset + => + let t' := ToString.int.union_zrange r[0~>2^offset]%zrange t in + ((** We cast the result down to the specified type, if needed *) + get_Zcast_down_if_needed desired_type (Some t'), + (** We cast the argument up to a large enough type *) + get_Zcast_up_if_needed (Some t') (Some t)) + | IR.Z_shiftl offset + => + let rpre_out := match desired_type with + | Some rout => Some (ToString.int.union_zrange r[0~>2^offset] (ToString.int.unsigned_counterpart_of rout)) + | None => Some (ToString.int.of_zrange_relaxed r[0~>2^offset]%zrange) + end in + ((** We cast the result down to the specified type, if needed *) + get_Zcast_down_if_needed desired_type rpre_out, + (** We cast the argument up to a large enough type *) + get_Zcast_up_if_needed rpre_out (Some t)) + | IR.Z_lnot ty + => ( + get_Zcast_down_if_needed desired_type (Some ty), + (** always cast to the width of the type, unless we are already exactly that type (which the machinery in IR handles *) + Some ty) + | Z_bneg + => ((* bneg is !, i.e., takes the argument to 1 if its not zero, and to zero if it is zero; so we don't ever need to cast *) + None, None) + end. + + Local Instance ZigLanguageCasts : LanguageCasts := + {| bin_op_natural_output := Zig_bin_op_natural_output + ; bin_op_casts := Zig_bin_op_casts + ; un_op_casts := Zig_un_op_casts + ; upcast_on_assignment := true + ; upcast_on_funcall := true + ; explicit_pointer_variables := false + |}. + + Definition to_function_lines {language_naming_conventions : language_naming_conventions_opt} (internal_private : bool) (private : bool) (prefix : string) (name : string) + {t} + (f : type.for_each_lhs_of_arrow var_data t * var_data (type.base (type.final_codomain t)) * IR.expr) + : list string := + let '(args, rets, body) := f in + ((if private then "fn " else "pub fn ") ++ name ++ + "(" ++ String.concat ", " (to_arg_list internal_private prefix Out rets ++ to_arg_list_for_each_lhs_of_arrow internal_private prefix args) ++ + ")" ++ (if private then " callconv(.Inline) " else " ") ++ "void {")%string :: (List.map (fun s => " " ++ s)%string (to_strings internal_private prefix body)) ++ ["}"%string]%list. + + (** In Zig, there is no munging of return arguments (they remain + passed by pointers), so all variables are live *) + Local Instance : consider_retargs_live_opt := fun _ _ _ => true. + Local Instance : rename_dead_opt := fun s => s. + (** No need to lift declarations to the top *) + Local Instance : lift_declarations_opt := false. + + Definition ToFunctionLines + {relax_zrange : relax_zrange_opt} + {language_naming_conventions : language_naming_conventions_opt} + (machine_wordsize : Z) + (do_bounds_check : bool) (internal_private : bool) (private : bool) (prefix : string) (name : string) + {t} + (e : API.Expr t) + (comment : type.for_each_lhs_of_arrow var_data t -> var_data (type.base (type.final_codomain t)) -> list string) + (name_list : option (list string)) + (inbounds : type.for_each_lhs_of_arrow Compilers.ZRange.type.option.interp t) + (outbounds : Compilers.ZRange.type.base.option.interp (type.final_codomain t)) + : (list string * ToString.ident_infos) + string := + match ExprOfPHOAS do_bounds_check e name_list inbounds with + | inl (indata, outdata, f) => + inl (((List.map (fun s => if (String.length s =? 0)%nat then "///" else ("/// " ++ s))%string (comment indata outdata)) + ++ ["/// Input Bounds:"%string] + ++ List.map (fun v => "/// "%string ++ v)%string (input_bounds_to_string indata inbounds) + ++ ["/// Output Bounds:"%string] + ++ List.map (fun v => "/// "%string ++ v)%string (bound_to_string outdata outbounds) + ++ to_function_lines internal_private private prefix name (indata, outdata, f))%list, + IR.ident_infos.collect_infos f) + | inr nil => + inr ("Unknown internal error in converting " ++ name ++ " to Zig")%string + | inr [err] => + inr ("Error in converting " ++ name ++ " to Zig:" ++ String.NewLine ++ err)%string + | inr errs => + inr ("Errors in converting " ++ name ++ " to Zig:" ++ String.NewLine ++ String.concat String.NewLine errs)%string + end. + + Definition OutputZigAPI : ToString.OutputLanguageAPI := + {| ToString.comment_block := comment_block; + ToString.comment_file_header_block := comment_module_header_block; + ToString.ToFunctionLines := @ToFunctionLines; + ToString.header := fun _ _ _ _ _ _ _ _ => []; + ToString.footer := fun _ _ _ _ _ _ _ _ => []; + ToString.strip_special_infos machine_wordsize infos := infos |}. + +End Zig.