// Point doubling; See http://hyperelliptic.org/EFD/g1p/auto-montgom-xz.html#doubling-mdbl-1987-m
void xz_ge_double(felem xout, felem zout, const felem xin)
{
static const felem fone = {1};
felem xx1, t0, t1, t2;
fsquare_times(xx1, xin, 1);
fcopy(t0, fone);
fdifference_backwards(t0, xx1);
fsquare_times(xout, t0, 1);
fscalar_product(t1, xin, 486662);
fsum(t1, xx1);
fsum(t1, fone);
fmul(t2, xin, t1);
fscalar_product(zout, t2, 4);
}
/* Input: Q, Q', Q-Q'
* Output: 2Q, Q+Q'
*
* x2 z3: long form
* x3 z3: long form
* x z: short form, destroyed
* xprime zprime: short form, destroyed
* qmqp: short form, preserved
*/
void fmonty(felem *x2, felem *z2, /* output 2Q */
felem *x3, felem *z3, /* output Q + Q' */
felem *x, felem *z, /* input Q */
felem *xprime, felem *zprime, /* input Q' */
const felem *qmqp /* input Q - Q' */) {
felem origx[10], origxprime[10], zzz[19], xx[19], zz[19], xxprime[19],
zzprime[19], zzzprime[19], xxxprime[19];
memcpy(origx, x, 10 * sizeof(felem));
fsum(x, z);
fdifference(z, origx); /* does x - z */
memcpy(origxprime, xprime, sizeof(felem) * 10);
fsum(xprime, zprime);
fdifference(zprime, origxprime);
fproduct(xxprime, xprime, z);
fproduct(zzprime, x, zprime);
freduce_degree(xxprime);
freduce_coefficients(xxprime);
freduce_degree(zzprime);
freduce_coefficients(zzprime);
memcpy(origxprime, xxprime, sizeof(felem) * 10);
fsum(xxprime, zzprime);
fdifference(zzprime, origxprime);
fsquare(xxxprime, xxprime);
fsquare(zzzprime, zzprime);
fproduct(zzprime, zzzprime, qmqp);
freduce_degree(zzprime);
freduce_coefficients(zzprime);
memcpy(x3, xxxprime, sizeof(felem) * 10);
memcpy(z3, zzprime, sizeof(felem) * 10);
fsquare(xx, x);
fsquare(zz, z);
fproduct(x2, xx, zz);
freduce_degree(x2);
freduce_coefficients(x2);
fdifference(zz, xx); /* does zz = xx - zz */
memset(zzz + 10, 0, sizeof(felem) * 9);
fscalar_product(zzz, zz, 121665);
freduce_degree(zzz);
freduce_coefficients(zzz);
fsum(zzz, xx);
fproduct(z2, zz, zzz);
freduce_degree(z2);
freduce_coefficients(z2);
}
