mask_t serialize_montgomery ( struct p448_t* b, const struct montgomery_t* a, const struct p448_t* sbz ) { mask_t L4, L5, L6; struct p448_t L0, L1, L2, L3; p448_mul ( &L3, &a->z0, &a->zd ); p448_sub ( &L1, &L3, &a->xd ); p448_bias ( &L1, 2 ); IF32( p448_weak_reduce( &L1 ) ); p448_mul ( &L3, &a->za, &L1 ); p448_mul ( &L2, &a->z0, &a->xd ); p448_sub ( &L1, &L2, &a->zd ); p448_bias ( &L1, 2 ); IF32( p448_weak_reduce( &L1 ) ); p448_mul ( &L0, &a->xa, &L1 ); p448_add ( &L2, &L0, &L3 ); p448_sub ( &L1, &L3, &L0 ); p448_bias ( &L1, 2 ); IF32( p448_weak_reduce( &L1 ) ); p448_mul ( &L3, &L1, &L2 ); p448_copy ( &L2, &a->z0 ); p448_addw ( &L2, 1 ); p448_sqr ( &L1, &L2 ); p448_mulw ( &L2, &L1, 39082 ); p448_neg ( &L1, &L2 ); p448_add ( &L2, &a->z0, &a->z0 ); p448_bias ( &L2, 1 ); p448_add ( &L0, &L2, &L2 ); p448_add ( &L2, &L0, &L1 ); IF32( p448_weak_reduce( &L2 ) ); p448_mul ( &L0, &a->xd, &L2 ); L5 = p448_is_zero( &a->zd ); L6 = - L5; p448_mask ( &L1, &L0, L5 ); p448_add ( &L2, &L1, &a->zd ); L4 = ~ L5; p448_mul ( &L1, sbz, &L3 ); p448_addw ( &L1, L6 ); p448_mul ( &L3, &L2, &L1 ); p448_mul ( &L1, &L3, &L2 ); p448_mul ( &L2, &L3, &a->xd ); p448_mul ( &L3, &L1, &L2 ); p448_isr ( &L0, &L3 ); p448_mul ( &L2, &L1, &L0 ); p448_sqr ( &L1, &L0 ); p448_mul ( &L0, &L3, &L1 ); p448_mask ( b, &L2, L4 ); p448_subw ( &L0, 1 ); p448_bias ( &L0, 1 ); L5 = p448_is_zero( &L0 ); L4 = p448_is_zero( sbz ); return L5 | L4; }
mask_t serialize_montgomery(struct p448_t* b, const struct montgomery_t* a, const struct p448_t* sbz) { mask_t L0, L1, L2; struct p448_t L3, L4, L5, L6; p448_mul(&L6, &a->z0, &a->zd); p448_sub(&L4, &L6, &a->xd); p448_bias(&L4, 2); p448_mul(&L6, &a->za, &L4); p448_mul(&L5, &a->z0, &a->xd); p448_sub(&L4, &L5, &a->zd); p448_bias(&L4, 2); p448_mul(&L3, &a->xa, &L4); p448_add(&L5, &L3, &L6); p448_sub(&L4, &L6, &L3); p448_bias(&L4, 2); p448_mul(&L6, &L4, &L5); p448_copy(&L5, &a->z0); p448_addw(&L5, 1); p448_sqr(&L4, &L5); p448_mulw(&L5, &L4, 39082); p448_neg(&L4, &L5); p448_add(&L3, &a->z0, &a->z0); p448_bias(&L3, 1); p448_add(&L5, &L3, &L3); p448_add(&L3, &L5, &L4); p448_mul(&L5, &a->xd, &L3); L1 = p448_is_zero(&a->zd); L2 = -L1; p448_mask(&L4, &L5, L1); p448_add(&L5, &L4, &a->zd); L0 = ~L1; p448_mul(&L4, sbz, &L6); p448_addw(&L4, L2); p448_mul(&L6, &L5, &L4); p448_mul(&L4, &L6, &L5); p448_mul(&L5, &L6, &a->xd); p448_mul(&L6, &L4, &L5); p448_isr(&L3, &L6); p448_mul(&L5, &L4, &L3); p448_sqr(&L4, &L3); p448_mul(&L3, &L6, &L4); p448_mask(b, &L5, L0); p448_subw(&L3, 1); p448_bias(&L3, 1); L1 = p448_is_zero(&L3); L0 = p448_is_zero(sbz); return L1 | L0; }