void ellipse(big x,big z,int r,big x1,big z1,big x2,big z2)
{ /* calculate point r.P(x,z) on curve */
int k,rr;
k=1;
rr=r;
copy(x,x1);
copy(z,z1);
nres_modadd(x1,z1,s1);
nres_modsub(x1,z1,d1);
duplication(s1,d1,x2,z2); /* generate 2.P */
while ((rr/=2)>1) k*=2;
while (k>0)
{ /* use binary method */
nres_modadd(x1,z1,s1); /* form sums and differences */
nres_modsub(x1,z1,d1); /* x+z and x-z for P1 and P2 */
nres_modadd(x2,z2,s2);
nres_modsub(x2,z2,d2);
if ((r&k)==0)
{ /* double P(x1,z1) mP to 2mP */
addition(x,z,s1,d1,s2,d2,x2,z2);
duplication(s1,d1,x1,z1);
}
else
{ /* double P(x2,z2) (m+1)P to (2m+2)P */
addition(x,z,s1,d1,s2,d2,x1,z1);
duplication(s2,d2,x2,z2);
}
k/=2;
}
}
BOOL zzn2_qr(_MIPD_ zzn2 *u)
{
int j;
#ifdef MR_OS_THREADS
miracl *mr_mip=get_mip();
#endif
if (mr_mip->ERNUM) return FALSE;
if (zzn2_iszero(u)) return TRUE;
if (size(u->b)==0) return TRUE;
if (mr_mip->qnr==-1 && size(u->a)==0) return TRUE;
MR_IN(203)
nres_modmult(_MIPP_ u->b,u->b,mr_mip->w1);
if (mr_mip->qnr==-2) nres_modadd(_MIPP_ mr_mip->w1,mr_mip->w1,mr_mip->w1);
nres_modmult(_MIPP_ u->a,u->a,mr_mip->w2);
nres_modadd(_MIPP_ mr_mip->w1,mr_mip->w2,mr_mip->w1);
redc(_MIPP_ mr_mip->w1,mr_mip->w1);
j=jack(_MIPP_ mr_mip->w1,mr_mip->modulus);
MR_OUT
if (j==1) return TRUE;
return FALSE;
}
void zzn2_add(_MIPD_ zzn2 *x,zzn2 *y,zzn2 *w)
{
#ifdef MR_OS_THREADS
miracl *mr_mip=get_mip();
#endif
if (mr_mip->ERNUM) return;
#ifdef MR_COUNT_OPS
fpaq++;
#endif
MR_IN(159)
nres_modadd(_MIPP_ x->a,y->a,w->a);
nres_modadd(_MIPP_ x->b,y->b,w->b);
MR_OUT
}
void zzn3_add(_MIPD_ zzn3 *x,zzn3 *y,zzn3 *w)
{
#ifdef MR_OS_THREADS
miracl *mr_mip=get_mip();
#endif
if (mr_mip->ERNUM) return;
MR_IN(180)
nres_modadd(_MIPP_ x->a,y->a,w->a);
nres_modadd(_MIPP_ x->b,y->b,w->b);
nres_modadd(_MIPP_ x->c,y->c,w->c);
MR_OUT
}
void zzn2_txd(_MIPD_ zzn2 *u)
{ /* divide w by t^2 where x^2-t is irreducible polynomial for ZZn4
for p=5 mod 8 t=sqrt(sqrt(-2)), qnr=-2
for p=3 mod 8 t=sqrt(1+sqrt(-1)), qnr=-1
for p=7 mod 8 and p=2,3 mod 5 t=sqrt(2+sqrt(-1)), qnr=-1 */
zzn2 t;
#ifdef MR_OS_THREADS
miracl *mr_mip=get_mip();
#endif
if (mr_mip->ERNUM) return;
MR_IN(197)
t.a=mr_mip->w3;
t.b=mr_mip->w4;
switch (mr_mip->pmod8)
{
case 5:
copy(u->b,t.a);
nres_div2(_MIPP_ u->a,t.b);
nres_negate(_MIPP_ t.b,t.b);
zzn2_copy(&t,u);
break;
case 3:
nres_modadd(_MIPP_ u->a,u->b,t.a);
nres_modsub(_MIPP_ u->b,u->a,t.b);
zzn2_div2(_MIPP_ &t);
zzn2_copy(&t,u);
break;
case 7:
nres_modadd(_MIPP_ u->a,u->a,t.a);
nres_modadd(_MIPP_ t.a,u->b,t.a);
nres_modadd(_MIPP_ u->b,u->b,t.b);
nres_modsub(_MIPP_ t.b,u->a,t.b);
zzn2_div5(_MIPP_ &t);
zzn2_copy(&t,u);
/*
nres_modadd(_MIPP_ u->a,u->b,t.a);
nres_modadd(_MIPP_ t.a,u->b,t.a);
nres_modsub(_MIPP_ u->b,u->a,t.b);
zzn2_div3(_MIPP_ &t);
zzn2_copy(&t,u);
*/
break;
default: break;
}
MR_OUT
}
void zzn3_inv(_MIPD_ zzn3 *w)
{
#ifdef MR_OS_THREADS
miracl *mr_mip=get_mip();
#endif
if (mr_mip->ERNUM) return;
MR_IN(187)
nres_modmult(_MIPP_ w->a,w->a,mr_mip->w1);
nres_modmult(_MIPP_ w->b,w->c,mr_mip->w2);
nres_premult(_MIPP_ mr_mip->w2,mr_mip->cnr,mr_mip->w2);
nres_modsub(_MIPP_ mr_mip->w1,mr_mip->w2,mr_mip->w3);
nres_modmult(_MIPP_ w->c,w->c,mr_mip->w1);
nres_modmult(_MIPP_ w->a,w->b,mr_mip->w2);
nres_premult(_MIPP_ mr_mip->w1,mr_mip->cnr,mr_mip->w1);
nres_modsub(_MIPP_ mr_mip->w2,mr_mip->w1,mr_mip->w4);
nres_negate(_MIPP_ mr_mip->w4,mr_mip->w4);
nres_modmult(_MIPP_ w->b,w->b,mr_mip->w1);
nres_modmult(_MIPP_ w->a,w->c,mr_mip->w2);
nres_modsub(_MIPP_ mr_mip->w1,mr_mip->w2,mr_mip->w5);
nres_modmult(_MIPP_ w->b,mr_mip->w5,mr_mip->w1);
nres_modmult(_MIPP_ w->c,mr_mip->w4,mr_mip->w2);
nres_modadd(_MIPP_ mr_mip->w2,mr_mip->w1,mr_mip->w2);
nres_premult(_MIPP_ mr_mip->w2,mr_mip->cnr,mr_mip->w2);
nres_modmult(_MIPP_ w->a,mr_mip->w3,mr_mip->w1);
nres_modadd(_MIPP_ mr_mip->w1,mr_mip->w2,mr_mip->w1);
copy(mr_mip->w3,w->a);
copy(mr_mip->w4,w->b);
copy(mr_mip->w5,w->c);
redc(_MIPP_ mr_mip->w1,mr_mip->w6);
invmodp(_MIPP_ mr_mip->w6,mr_mip->modulus,mr_mip->w6);
nres(_MIPP_ mr_mip->w6,mr_mip->w6);
nres_modmult(_MIPP_ w->a,mr_mip->w6,w->a);
nres_modmult(_MIPP_ w->b,mr_mip->w6,w->b);
nres_modmult(_MIPP_ w->c,mr_mip->w6,w->c);
MR_OUT
}
void zzn2_sadd(_MIPD_ zzn2 *x,big y,zzn2 *w)
{
#ifdef MR_OS_THREADS
miracl *mr_mip=get_mip();
#endif
if (mr_mip->ERNUM) return;
MR_IN(169)
nres_modadd(_MIPP_ x->a,y,w->a);
MR_OUT
}
void duplication(big sum,big diff,big x,big z)
{ /* double a point on the curve P(x,z)=2.P(x1,z1) */
nres_modmult(sum,sum,t);
nres_modmult(diff,diff,z);
nres_modmult(t,z,x); /* x = sum^2.diff^2 */
nres_modsub(t,z,t); /* t = sum^2-diff^2 */
nres_modmult(ak,t,w);
nres_modadd(z,w,z); /* z = ak*t +diff^2 */
nres_modmult(z,t,z); /* z = z.t */
}
void addition(big xd,big zd,big sm1,big df1,big sm2,big df2,big x,big z)
{ /* add two points on the curve P(x,z)=P(x1,z1)+P(x2,z2) *
* given their difference P(xd,zd) */
nres_modmult(df2,sm1,x);
nres_modmult(df1,sm2,z);
nres_modadd(z,x,t);
nres_modsub(z,x,z);
nres_modmult(t,t,x);
nres_modmult(x,zd,x); /* x = zd.[df1.sm2+sm1.df2]^2 */
nres_modmult(z,z,z);
nres_modmult(z,xd,z); /* z = xd.[df1.sm2-sm1.df2]^2 */
}
void zzn2_add(_MIPD_ zzn2 *x,zzn2 *y,zzn2 *w)
{
#ifdef MR_OS_THREADS
miracl *mr_mip=get_mip();
#endif
if (mr_mip->ERNUM) return;
MR_IN(159)
#ifdef P64_1271
#ifdef MR_COUNT_OPS
fpa+=2;
#endif
modadd(x->a->w,y->a->w,w->a->w);
modadd(x->b->w,y->b->w,w->b->w);
w->a->len=2;
w->b->len=2;
#else
nres_modadd(_MIPP_ x->a,y->a,w->a);
nres_modadd(_MIPP_ x->b,y->b,w->b);
#endif
MR_OUT
}
void zzn2_mul(_MIPD_ zzn2 *x,zzn2 *y,zzn2 *w)
{
#ifdef MR_OS_THREADS
miracl *mr_mip=get_mip();
#endif
if (mr_mip->ERNUM) return;
if (x==y) {zzn2_sqr(_MIPP_ x,w); return; }
MR_IN(162)
/* Uses w1, w2, and w5 */
if (zzn2_iszero(x) || zzn2_iszero(y)) zzn2_zero(w);
else
{
#ifdef MR_COUNT_OPS
fpmq++;
#endif
#ifndef MR_NO_LAZY_REDUCTION
if (x->a->len!=0 && x->b->len!=0 && y->a->len!=0 && y->b->len!=0)
nres_lazy(_MIPP_ x->a,x->b,y->a,y->b,w->a,w->b);
else
{
#endif
nres_modmult(_MIPP_ x->a,y->a,mr_mip->w1);
nres_modmult(_MIPP_ x->b,y->b,mr_mip->w2);
nres_modadd(_MIPP_ x->a,x->b,mr_mip->w5);
nres_modadd(_MIPP_ y->a,y->b,w->b);
nres_modmult(_MIPP_ w->b,mr_mip->w5,w->b);
nres_modsub(_MIPP_ w->b,mr_mip->w1,w->b);
nres_modsub(_MIPP_ w->b,mr_mip->w2,w->b);
nres_modsub(_MIPP_ mr_mip->w1,mr_mip->w2,w->a);
if (mr_mip->qnr==-2)
nres_modsub(_MIPP_ w->a,mr_mip->w2,w->a);
#ifndef MR_NO_LAZY_REDUCTION
}
#endif
}
MR_OUT
}
void zzn2_timesi(_MIPD_ zzn2 *u)
{
#ifdef MR_OS_THREADS
miracl *mr_mip=get_mip();
#endif
if (mr_mip->ERNUM) return;
MR_IN(164)
copy(u->a,mr_mip->w1);
nres_negate(_MIPP_ u->b,u->a);
if (mr_mip->qnr==-2)
nres_modadd(_MIPP_ u->a,u->a,u->a);
copy(mr_mip->w1,u->b);
MR_OUT
}
/*
void zzn2_print(_MIPD_ char *label, zzn2 *x)
{
char s1[1024], s2[1024];
big a, b;
#ifdef MR_STATIC
char mem_big[MR_BIG_RESERVE(2)];
memset(mem_big, 0, MR_BIG_RESERVE(2));
a=mirvar_mem(_MIPP_ mem_big,0);
b=mirvar_mem(_MIPP_ mem_big,1);
#else
a = mirvar(_MIPP_ 0);
b = mirvar(_MIPP_ 0);
#endif
redc(_MIPP_ x->a, a); otstr(_MIPP_ a, s1);
redc(_MIPP_ x->b, b); otstr(_MIPP_ b, s2);
printf("%s: [%s,%s]\n", label, s1, s2);
#ifndef MR_STATIC
mr_free(a); mr_free(b);
#endif
}
static void nres_print(_MIPD_ char *label, big x)
{
char s[1024];
big a;
#ifdef MR_STATIC
char mem_big[MR_BIG_RESERVE(1)];
memset(mem_big, 0, MR_BIG_RESERVE(1));
a=mirvar_mem(_MIPP_ mem_big,0);
#else
a = mirvar(_MIPP_ 0);
#endif
redc(_MIPP_ x, a);
otstr(_MIPP_ a, s);
printf("%s: %s\n", label, s);
#ifndef MR_STATIC
mr_free(a);
#endif
}
*/
void zzn2_inv(_MIPD_ zzn2 *w)
{
#ifdef MR_OS_THREADS
miracl *mr_mip=get_mip();
#endif
if (mr_mip->ERNUM) return;
MR_IN(163)
nres_modmult(_MIPP_ w->a,w->a,mr_mip->w1);
nres_modmult(_MIPP_ w->b,w->b,mr_mip->w2);
nres_modadd(_MIPP_ mr_mip->w1,mr_mip->w2,mr_mip->w1);
if (mr_mip->qnr==-2)
nres_modadd(_MIPP_ mr_mip->w1,mr_mip->w2,mr_mip->w1);
redc(_MIPP_ mr_mip->w1,mr_mip->w6);
invmodp(_MIPP_ mr_mip->w6,mr_mip->modulus,mr_mip->w6);
nres(_MIPP_ mr_mip->w6,mr_mip->w6);
nres_modmult(_MIPP_ w->a,mr_mip->w6,w->a);
nres_negate(_MIPP_ mr_mip->w6,mr_mip->w6);
nres_modmult(_MIPP_ w->b,mr_mip->w6,w->b);
MR_OUT
}
void fast_tate_pairing(_MIPD_ zzn2 *Qx,zzn2 *Qy,epoint *P,big T,big fr,big delta,zzn4 *w,zzn4* res)
{
int i,j,nb;
zzn2 Ax,Ay,Az,Qz;
zzn Px,Py;
#ifndef MR_STATIC
char *mem=memalloc(_MIPP_ 10);
#else
char mem[MR_BIG_RESERVE(10)];
memset(mem,0,MR_BIG_RESERVE(10));
#endif
#ifdef MR_COUNT_OPS
fpa=fpc=fpx=0;
#endif
Ax.a=mirvar_mem(_MIPP_ mem,0);
Ax.b=mirvar_mem(_MIPP_ mem,1);
Ay.a=mirvar_mem(_MIPP_ mem,2);
Ay.b=mirvar_mem(_MIPP_ mem,3);
Az.a=mirvar_mem(_MIPP_ mem,4);
Az.b=mirvar_mem(_MIPP_ mem,5);
Qz.a=mirvar_mem(_MIPP_ mem,6);
Qz.b=mirvar_mem(_MIPP_ mem,7);
Px=mirvar_mem(_MIPP_ mem,8);
Py=mirvar_mem(_MIPP_ mem,9);
copy(P->X,Px);
copy(P->Y,Py);
nres_modadd(_MIPP_ Px,Px,Px); /* removes a factor of 2 from g() */
nres_modadd(_MIPP_ Py,Py,Py);
zzn2_from_int(_MIPP_ 1,&Qz);
zzn2_copy(Qx,&Ax);
zzn2_copy(Qy,&Ay);
zzn2_copy(&Qz,&Az);
zzn4_from_int(_MIPP_ 1,res);
/* Simple Miller loop */
nb=logb2(_MIPP_ T);
for (i=nb-2; i>=0; i--)
{
zzn4_mul(_MIPP_ res,res,res);
g(_MIPP_ &Ax,&Ay,&Az,&Ax,&Ay,&Az,Px,Py,w);
zzn4_mul(_MIPP_ res,w,res);
if (mr_testbit(_MIPP_ T,i))
{
g(_MIPP_ &Ax,&Ay,&Az,Qx,Qy,&Qz,Px,Py,w);
zzn4_mul(_MIPP_ res,w,res);
}
}
#ifdef MR_COUNT_OPS
printf("Millers loop Cost\n");
printf("fpc= %d\n",fpc);
printf("fpa= %d\n",fpa);
printf("fpx= %d\n",fpx);
fpa=fpc=fpx=0;
#endif
zzn4_copy(res,w);
zzn4_powq(_MIPP_ fr,w);
zzn4_powq(_MIPP_ fr,w);
zzn4_inv(_MIPP_ res);
zzn4_mul(_MIPP_ res,w,res); /* ^(p*p-1) */
res->unitary=TRUE;
zzn4_mul(_MIPP_ res,res,res);
zzn4_copy(res,w);
zzn4_mul(_MIPP_ res,res,res);
zzn4_mul(_MIPP_ res,res,res);
zzn4_mul(_MIPP_ res,res,res);
zzn4_mul(_MIPP_ res,res,res);
zzn4_mul(_MIPP_ res,w,res); /* res=powu(res,CF) for CF=34 */
#ifndef MR_STATIC
memkill(_MIPP_ mem,10);
#else
memset(mem,0,MR_BIG_RESERVE(10));
#endif
}
int main()
{ /* factoring program using Lenstras Elliptic Curve method */
int phase,m,k,nc,iv,pos,btch,u,v;
long i,p,pa,interval;
big q,x,z,a,x1,z1,x2,z2,xt,zt,n,fvw;
static big fu[1+MULT/2];
static BOOL cp[1+MULT/2];
mip=mirsys(30,0);
q=mirvar(0);
x=mirvar(0);
z=mirvar(0);
a=mirvar(0);
x1=mirvar(0);
z1=mirvar(0);
x2=mirvar(0);
z2=mirvar(0);
n=mirvar(0);
t=mirvar(0);
s1=mirvar(0);
d1=mirvar(0);
s2=mirvar(0);
d2=mirvar(0);
ak=mirvar(0);
xt=mirvar(0);
zt=mirvar(0);
fvw=mirvar(0);
w=mirvar(0);
gprime(LIMIT1);
for (m=1;m<=MULT/2;m+=2)
if (igcd(MULT,m)==1)
{
fu[m]=mirvar(0);
cp[m]=TRUE;
}
else cp[m]=FALSE;
printf("input number to be factored\n");
cinnum(n,stdin);
if (isprime(n))
{
printf("this number is prime!\n");
return 0;
}
prepare_monty(n);
for (nc=1,k=6;k<100;k++)
{ /* try a new curve */
/* generating an elliptic curve */
u=k*k-5;
v=4*k;
convert(u,x); nres(x,x);
convert(v,z); nres(z,z);
nres_modsub(z,x,a); /* a=v-u */
copy(x,t);
nres_modmult(x,x,x);
nres_modmult(x,t,x); /* x=u^3 */
copy(z,t);
nres_modmult(z,z,z);
nres_modmult(z,t,z); /* z=v^3 */
copy(a,t);
nres_modmult(t,t,t);
nres_modmult(t,a,t); /* t=(v-u)^3 */
convert(3*u,a); nres(a,a);
convert(v,ak); nres(ak,ak);
nres_modadd(a,ak,a);
nres_modmult(t,a,t); /* t=(v-u)^3.(3u+v) */
convert(u,a); nres(a,a);
copy(a,ak);
nres_modmult(a,a,a);
nres_modmult(a,ak,a); /* a=u^3 */
convert(v,ak); nres(ak,ak);
nres_modmult(a,ak,a); /* a=u^3.v */
nres_premult(a,16,a);
nres_moddiv(t,a,ak); /* ak=(v-u)^3.(3u+v)/16u^3v */
nc++;
phase=1;
p=0;
i=0;
btch=50;
printf("phase 1 - trying all primes less than %d\n",LIMIT1);
printf("prime= %8ld",p);
forever
{ /* main loop */
if (phase==1)
{
p=mip->PRIMES[i];
if (mip->PRIMES[i+1]==0)
{ /* now change gear */
phase=2;
printf("\nphase 2 - trying last prime less than %ld\n",
LIMIT2);
printf("prime= %8ld",p);
copy(x,xt);
copy(z,zt);
nres_modadd(x,z,s2);
nres_modsub(x,z,d2); /* P = (s2,d2) */
duplication(s2,d2,x,z);
nres_modadd(x,z,s1);
nres_modsub(x,z,d1); /* 2.P = (s1,d1) */
nres_moddiv(x1,z1,fu[1]); /* fu[1] = x1/z1 */
addition(x1,z1,s1,d1,s2,d2,x2,z2); /* 3.P = (x2,z2) */
for (m=5;m<=MULT/2;m+=2)
{ /* calculate m.P = (x,z) and store fu[m] = x/z */
nres_modadd(x2,z2,s2);
nres_modsub(x2,z2,d2);
addition(x1,z1,s2,d2,s1,d1,x,z);
copy(x2,x1);
copy(z2,z1);
copy(x,x2);
copy(z,z2);
if (!cp[m]) continue;
copy(z2,fu[m]);
nres_moddiv(x2,fu[m],fu[m]);
}
ellipse(xt,zt,MULT,x,z,x2,z2);
nres_modadd(x,z,xt);
nres_modsub(x,z,zt); /* MULT.P = (xt,zt) */
iv=(int)(p/MULT);
if (p%MULT>MULT/2) iv++;
interval=(long)iv*MULT;
p=interval+1;
ellipse(x,z,iv,x1,z1,x2,z2); /* (x1,z1) = iv.MULT.P */
nres_moddiv(x1,z1,fvw); /* fvw = x1/z1 */
nres_modsub(fvw,fu[p%MULT],q);
marks(interval);
btch*=100;
i++;
continue;
}
pa=p;
while ((LIMIT1/p) > pa) pa*=p;
ellipse(x,z,(int)pa,x1,z1,x2,z2);
copy(x1,x);
copy(z1,z);
copy(z,q);
}
else
{ /* phase 2 - looking for last large prime factor of (p+1+d) */
p+=2;
pos=(int)(p%MULT);
if (pos>MULT/2)
{ /* increment giant step */
iv++;
interval=(long)iv*MULT;
p=interval+1;
marks(interval);
pos=1;
nres_moddiv(x2,z2,fvw);
nres_modadd(x2,z2,s2);
nres_modsub(x2,z2,d2);
addition(x1,z1,s2,d2,xt,zt,x,z);
copy(x2,x1);
copy(z2,z1);
copy(x,x2);
copy(z,z2);
}
if (!cp[pos]) continue;
/* if neither interval +/- pos is prime, don't bother */
if (!plus[pos] && !minus[pos]) continue;
nres_modsub(fvw,fu[pos],t);
nres_modmult(q,t,q);
}
if (i++%btch==0)
{ /* try for a solution */
printf("\b\b\b\b\b\b\b\b%8ld",p);
fflush(stdout);
egcd(q,n,t);
if (size(t)==1)
{
if (p>LIMIT2) break;
else continue;
}
if (compare(t,n)==0)
{
printf("\ndegenerate case");
break;
}
printf("\nfactors are\n");
if (isprime(t)) printf("prime factor ");
else printf("composite factor ");
cotnum(t,stdout);
divide(n,t,n);
if (isprime(n)) printf("prime factor ");
else printf("composite factor ");
cotnum(n,stdout);
return 0;
}
}
if (nc>NCURVES) break;
printf("\ntrying a different curve %d\n",nc);
}
printf("\nfailed to factor\n");
return 0;
}
void zzn3_mul(_MIPD_ zzn3 *x,zzn3 *y,zzn3 *w)
{
#ifdef MR_OS_THREADS
miracl *mr_mip=get_mip();
#endif
if (mr_mip->ERNUM) return;
MR_IN(186)
if (x==y)
{ /* Chung-Hasan SQR2 */
nres_modmult(_MIPP_ x->a,x->a,mr_mip->w1);
nres_modmult(_MIPP_ x->b,x->c,mr_mip->w2);
nres_modadd(_MIPP_ mr_mip->w2,mr_mip->w2,mr_mip->w2);
nres_modmult(_MIPP_ x->c,x->c,mr_mip->w3);
nres_modmult(_MIPP_ x->a,x->b,mr_mip->w4);
nres_modadd(_MIPP_ mr_mip->w4,mr_mip->w4,mr_mip->w4);
nres_modadd(_MIPP_ x->a,x->b,mr_mip->w5);
nres_modadd(_MIPP_ mr_mip->w5,x->c,w->c);
nres_modmult(_MIPP_ w->c,w->c,w->c);
nres_premult(_MIPP_ mr_mip->w2,mr_mip->cnr,w->a);
nres_modadd(_MIPP_ mr_mip->w1,w->a,w->a);
nres_premult(_MIPP_ mr_mip->w3,mr_mip->cnr,w->b);
nres_modadd(_MIPP_ mr_mip->w4,w->b,w->b);
nres_modsub(_MIPP_ w->c,mr_mip->w1,w->c);
nres_modsub(_MIPP_ w->c,mr_mip->w2,w->c);
nres_modsub(_MIPP_ w->c,mr_mip->w3,w->c);
nres_modsub(_MIPP_ w->c,mr_mip->w4,w->c);
}
else
{
nres_modmult(_MIPP_ x->a,y->a,mr_mip->w1); /* Z0 */
nres_modmult(_MIPP_ x->b,y->b,mr_mip->w2); /* Z2 */
nres_modmult(_MIPP_ x->c,y->c,mr_mip->w3); /* Z4 */
nres_modadd(_MIPP_ x->a,x->b,mr_mip->w4);
nres_modadd(_MIPP_ y->a,y->b,mr_mip->w5);
nres_modmult(_MIPP_ mr_mip->w4,mr_mip->w5,mr_mip->w6); /* Z1 */
nres_modsub(_MIPP_ mr_mip->w6,mr_mip->w1,mr_mip->w6);
nres_modsub(_MIPP_ mr_mip->w6,mr_mip->w2,mr_mip->w6);
nres_modadd(_MIPP_ x->b,x->c,mr_mip->w4);
nres_modadd(_MIPP_ y->b,y->c,mr_mip->w5);
nres_modmult(_MIPP_ mr_mip->w4,mr_mip->w5,w->b); /* Z3 */
nres_modadd(_MIPP_ x->a,x->c,mr_mip->w4);
nres_modadd(_MIPP_ y->a,y->c,mr_mip->w5);
nres_modsub(_MIPP_ w->b,mr_mip->w2,w->b);
nres_modsub(_MIPP_ w->b,mr_mip->w3,w->b);
nres_premult(_MIPP_ w->b,mr_mip->cnr,w->a);
nres_modmult(_MIPP_ mr_mip->w4,mr_mip->w5,mr_mip->w4);
nres_modadd(_MIPP_ mr_mip->w2,mr_mip->w4,mr_mip->w2);
nres_modsub(_MIPP_ mr_mip->w2,mr_mip->w1,mr_mip->w2);
nres_modsub(_MIPP_ mr_mip->w2,mr_mip->w3,w->c);
nres_modadd(_MIPP_ w->a,mr_mip->w1,w->a);
nres_premult(_MIPP_ mr_mip->w3,mr_mip->cnr,w->b);
nres_modadd(_MIPP_ w->b,mr_mip->w6,w->b);
}
MR_OUT
}
